It's all just (encrypted) data
Give me packets. Don't screw with them.
A single paragraph slipped into yesterday's net neutrality guidelines suggests they don't quite deliver the consumer protections that many people think. Guidelines published yesterday by the Body of European Regulators of Electronic Communications (BEREC), which stretched to 45 pages [PDF] declared that ISPs would be forbidden …
"I guess you work for the crap pushing industries, this appears to be yet another reason for out from the stupid EU and another good reason for not have a dummy phone."
I can't even understand that post.
But this doesn't stop YOU doing anything. It merely stops ISP's tinkering with data en-route. Which is what the above poster says.
You're still free to ad-block, websites are still free to demand you watch ads (as horrendous as that is, it's up to them to learn the lesson and change) but your ISP isn't able to subvert that website's ads with its own - in effect stealing the website's revenue for itself - or block them for you automatically.
But there's nothing stopping you running AdBlock.
Compare and contrast to a world where the ISP modifies all your webpages as they come in and replaces your favourite charity's ads with ones for its ISP services, or whoever had paid it more than the charity to do so.
In an all-encrypted world, Adblock only works at the endpoint too. Again, AdBlock will still work. But people won't be reading your pages and modifying them on the fly with malware ads without you knowing.
What's "stupid" about approach I'm not even able to comprehend.
I guess you work for the crap pushing industries,
Hmm. i don't see how what he said comes near to justifying this response. Pray elucidate.
this appears to be yet another reason for out from the stupid EU and another good reason for not have a dummy phone.
I don't see how this comes in, either.
I, personally, have adblockers on all my personal stuff. Including my smartphone, as there are adblockers available for iPhones. Aren't there adblockers available for Android? If not, why not? If so, then turn on the adblocker and kill the ads you don't like. Set your system to block ads, or anything else, that you don't want. Many is the site which has complained about my use of adblockers. Many is the site which I have declined to visit following their complaint about my use of adblockers. Some sites I know to use a tolerable (to me) advertising policy. I whitelist those sites in my various adblockers. I do _not_ want to have to go to my ISPs (all of them, home, business, personal mobile, business mobile) to whitelist (or blacklist) sites. I want to be able to decide for myself. This means that adblocking at the ISP level is not something I'd like. Let me decide which, if any, ads I let through. Me. Not my ISP(s). Me.
And the same goes for anything else on the internet. No, I don't want 'parental controls' enforced by my ISP. No, I don't want to be 'saved' from porn/political stuff/facebook/whatever; I am perfectly capable of 'saving' myself, thanks. And any 'parental controls' in place should be, and are, set up by me using local settings at my router. Most definitely not by my ISP(s).
If this represents a problem for anyone, then that/those person(s) can bite me. Don't be surprised if I bite back. Or if I feed him/her/them to Redrum the Attack Chihuahua.
If we're talking about anti-EU minded people here then trust me: I'm a big part of that. But please be careful not to let your negativity or cynicism to get the best of you. As bad as I think the EU is it doesn't mean that everything they do is bad per definition as well. That's just plain out nonsense.
And I think this is a good thing to happen. No, I do not condone child abuse material or any other related abusive crap that's out there. But here's the thing: just because a provide blocks it doesn't mean that it'll "just" go away. Blocking these things is like putting your head in the sand: see no evil, hear no evil...
I hope that this move might help get providers to work together amongst themselves and law enforcement agencies to actually put a stop to all this. That would be so much better than just blocking this mess and pretend as if nothing happened.
And if you don't believe me ask BREIN: they tried to block the Pirate Bay in all of the Netherlands (granted: at a time where most people were already using alternatives, agencies like BREIN aren't exactly aware of recent events) but the end result was nill. Now, several years later, said blockade is now also gone and the Pirate Bay is still pretty much alive.
"I hope that this move might help get providers to work together amongst themselves and law enforcement agencies to actually put a stop to all this. That would be so much better than just blocking this mess and pretend as if nothing happened."
How are they ever going to do that when most of the material comes from sovereign countries that won't give them the time of day (or are even actively trying to undermine them as a hostile power)?
The message was that central action, e.g. by the ISP to offer a blocking service was prohibited, so let the kiddie porn and bandwidth wasting rubbish flow. Not what some want or need as they may not be able to roll their own DIY blocking as a local service. OK, you and some others can bully for you.
If the ISP can, (it is still not clear from my reading of the article) offer such blocking as available, opt in options then the damage will be limited. Maybe this phrase from the account is being misread by me; Many modern devices do not allow client-side blocking, including almost everything running on the Android platform. End quote.
That sound like a issue for some folks to me or can such bandwidth hogging rubbish be blocked before it burns through an allowance?
I am never if favour of removing options where they would otherwise be legal, that is but for a bar on having such options.
Please see the word options, it is important.
If the ISP can, (it is still not clear from my reading of the article) offer such blocking as available, opt in options ...
I don't see that offering such a service, as a customer selected option would be a problem. What is a problem is where a provider arbitrarily filters traffic, without the knowledge/approval of the user - typically to force users onto certain services to the benefit of the service provider.
Functionally, if a user asks the provider to apply some sort of filtering (eg the kiddie porn filter) then that is no different in functionality or effect on the end user than the end user doing it locally - it's just more efficient for the provider to do it. But that is only if the end user asks for it, or is at some point given a clear "would you like this ?" option and is free to turn it off.
As a comparison, my landline phone provider intercepts my phone calls which is illegal in the UK - but they are doing because I asked them by turning on the answering machine service they have as an option. So it's functionally (almost) the same as me having my own answering machine.
How far down the chain do these rules/guidelines apply? I'm just thinking about places where I use public WiFi (Cafe NerroBucks, Evil Beef Clown, etc.) who operate family-friendly content filtering. Will they be obliged to lift those restrictions so that I'm free to look at pictures of women without their vests on?
'Will they be obliged to lift those restrictions so that I'm free to look at pictures of women without their vests on?'
VEST! I think she should keep it on too.
I think it's their Wi-Fi so they'll continue to manage the system the way their company policy dictates on matters such as these.
I think it's their Wi-Fi so they'll continue to manage the system the way their company policy dictates on matters such as these.
I doubt this argument works for an ISP, so why would it work for someone offering Wifi to customers? Doesn't appear that there's any exemptions specified because you're selling Wifi instead of wired.
"I doubt this argument works for an ISP, so why would it work for someone offering Wifi to customers?"
I think the drawing line is when a business is SELLING Internet access. Once money's involved, buyer/seller ground rules go into effect. The cafe doing free WiFi on the side isn't providing the access for a living, so they can set limits.
As for selling WiFi, that tends to happen when the access is at a premium. Airlines and airports come to mind. These rules may have an effect on the way they provide service (selling it may mean they can't stop their customers from accessing, say, porno sites, especially through a VPN or other encrypted tunnel that leaves them blind).
> ...free WiFi on the side isn't providing the access for a living...
If the "free" WiFi is conditional on your buying something (coffee, sandwich, whatever), it's part of the business transaction, so the rules will apply.
And maybe the the rules would apply to genuinely free WiFi anyway.
"If the "free" WiFi is conditional on your buying something (coffee, sandwich, whatever), it's part of the business transaction, so the rules will apply."
But since when has that kind of rule applied? In fact, how can they police it? I don't recall any shop of that kind hiding their access points behind a password that only shows on the receipt, seeing as two of its noted uses are keeping customers distracted while waiting in line and providing an avenue for Apple Pay/Android Pay should they accept it. Both require access PRE-purchase.
"Terminal equipment-based restrictions put in place by the end-user are not targeted by the Regulation."
So just have an option on the router to turn on blocking for the local network. Slightly annoying that the bandwidth is still wasted shipping adverts etc to your local network, but doesn't require adblock on every device.
It's only easy to solve if the user is willing to take control of their end. They can use OpenDNS and many other services as well as direct local filters. The problem, as the article points out, is that many devices don't allow user control. That people willingly chose such a device is beyond me, but it's their choice to make. Subsequently complaining about the consequences of that choice is a bit off in my opinion.
Obviously a lot of people don't want to deal with such technicalities. Fair enough. But if they simply demand it, there will soon be lots of commercial and free offerings ready to meet their needs.
What if my ISP / Mobile provider offers an optional service (and by default switched off), say at £0.01 cost, to do my blocking for me?
So that's a paid for service I specifically request. A fairly small tweak to what 3 offer.
I block via hosts on all devices, but then I'm a Reg reader and I know how to do it. Many people have no idea that you can, and would not be able to even if they did. 3 might not be able to be quite as specific / allow personal whitelists etc but it is a massive benefit to many people, a idiot idea to completely disallow it on point of NN principle.
"What if my ISP / Mobile provider offers an optional service (and by default switched off), say at £0.01 cost, to do my blocking for me?"
My reading of the article is that they've thought of that and ruled it out. They seem quite careful to emphasise that the consumer can do it even if the ISP can't, and then they list three exceptions to the rule that ISPs can't, none of which are the option you describe.
So I think the article (and Mr Hanff) have it right and the rules really, really need a paragraph (d) saying it is OK if the customer specifically requests it.
And like many other commentards, I reckon I probably *could* implement it myself if I had the time and energy, but I'd rather pay someone else to think it all out and maintain it and then flick the switch for my line. (Your mileage may vary. It depends on your ISP.)
The IWF watchlist might be covered by (a) but there's lots of perfectly legal 18+ material that non-techy parents might prefer to be filtered out by someone with a clue. Likewise, ad-blocking might be covered by (b) but any ISP offering the option would have to argue that out in court against people with very deep pockets.
Someone further up had the idea of offering better routers to consumers and then claiming that the filtering was being done at the consumer premises. Yes, but that still places the burden on the end-user to maintain the filtering ruleset because the ISP can't make it a point-and-click option without getting sued for offering filtering as a service.
It would be much easier to have an option (d) allowing ISPs to offer filtering packages to customers.
The IWF watchlist might be covered by (a)
As far as I understand it, it is not. The IWF is a voluntary scheme. No ISP is forced by legislation to block child abuse images. Exemption (a) only seems to cover things the ISP is forced to do by law, like honouring a court order or complying with a specific piece of legislation.
Would this also apply to mobile telcos filtering adult content? Or someone like The Cloud filtering on it's wifi (it could easily be argued that the Cloud is acting as an ISP)?
Personally, I would say there should be a (d) option, allowing an ISP to offer filtering services, but:
* They must only be enabled at the specific request of the customer, not by default, buried in T&Cs or opt-in-by-default on a form etc.
* They may charge for the filters if they wish, but may not offer discounts for taking the option (to stop them basically forcing customers into it by charging huge sums for their service but discounting down to nothing if you accept filtering)
Er, eh?
How on earth did we get from a basic question of packet prioritisation to talking about the entirely separate subject of content filtering?
My money says that this has been added by the anti-neutrality people when they realised that they weren't getting their way, with the expectation that it would create a catch-22 in the new legislation - thereby negating it.
And thus it should be.
1) Don't mess with my Internet. I pay for access not for what the state or an ISP determines to be appropriate, allowed or suitable.
2) Don't throttle my Internet, I pay for access, I determine what should have priority. Not you.
3) Don't port block... Advertise the service as port 80, 443, 21, 23, 25 etc. only. Are you an Inter-network service provider or something else?
4) Tell the fucking truth in your advertising, don't quote the best possible speeds obtainable from someone plugged into your exchange MUX with a fucking cable.
5) Parents should be raising and protecting their children, not the state, not ISP's.
6) Child abuse has been happening since there were children, denying access to child porn does not stop it. It only forces it further underground making it harder to find the real nasty bastards out there.
</rant>
1) It's not your internet. It's the ISP's network. You pay for access to their network and any interconnections they may have. They are liable for your usage, so you have to abide by their rules. That doesn't mean that they can violate your rights (like free speech), but there have to be rules. Or ISPs get a free ride, regardless of how users use their networks. One or the other.
2) Again, you pay for access. If you are paying for usage, that's a different story. Almost no one pays for usage. Also, you don't have any priority attached to your packets. It's a shared network, so there will be congestion and ISPs must deal with it to stay in business.
3) In general, you're correct. But port blocking is a best practice used to prevent specific attacks due. Think of the SQL Slammer worms or similar.
4) There are always disclaimers about "speeds up to" X. They have to include those, since there are no service guarantees and most of the services to which you would connect aren't within their autonomous system, like Google, Apple, etc. You're barking up the wrong tree if you think they can give you a number other than what they already do.
5) I agree with this completely.
6) I would take this a step further to say that there are already plenty of laws and punishments for child abuse. Electronic content controls are a waste of resources with which the state or the ISP should not bother. It goes into the same shit pile as DRM for me.
> 1) It's not your internet. It's the ISP's network.
The sign above the door say "Internet Service Provider" therefore they should be providing an "Internet Service". It doesn't say "My Network Service Provider, plus any bits of the Internet that I feel like granting you access too"...
But caveat emptor: they don't guarantee the access or the rates, frankly because they have no control outside their own network. Plus there's always that adage: "No one's above THE LAW," so if there are laws about what ISPs can and can't do, they MUST obey them or face fines and/or consequences to their license. And a provider to the public usually can't provide without a license.
It's like with roads. Sure, it's YOUR car, but it's usually NOT your road.
The sign above the door say "Internet Service Provider" therefore they should be providing an "Internet Service". It doesn't say "My Network Service Provider, plus any bits of the Internet that I feel like granting you access too"...
It's not about what they feel. It's about what they can and cannot control. These Net Neutrality rules will effectively prevent ISPs from managing their networks. That means the Internet becomes the Wild West again, in terms of DoS/DDoS attacks and the other scum-sucking worms/trojans that used to plague us all.
This is one area that I have some very specific expertise over the last 20 years and it will become a huge clusterfuck as written.
Er, no. *You* get real. Try and imagine that you are one of the several-nines-percent of the population who can't implement blocking by firing up emacs and hacking a few scripts on their router.
Just because something is arguably legal in some ountry or other does not mean that I don't want to block it, the bottleneck between my ISP and my CP equipment is the logical place to do the blocking, and the professional IT staff at my ISP are the logical people to give the job to.
"Just because something is arguably legal in some ountry or other does not mean that I don't want to block it, the bottleneck between my ISP and my CP equipment is the logical place to do the blocking, and the professional IT staff at my ISP are the logical people to give the job to."
But the catch is that blocking tech is dual-use. You're running into a Goose-and-Gander problem that makes it all-or-nothing, with the consequence being you lose either way. It's like with the car. It has good and bad things part and parcel. In this case, we choose to accept both rather than reject both and go back to horses. Here, it becomes a case of either accepting the consequences or getting off the Internet.
I would expect so. Basically, ISPs aren't allowed to manage their networks with these rules.
I have been saying this from the beginning of the Net Neutrality debate. These rules cripple the ISP to have no options for dealing with network issues that happen as part of daily operations. I expect this to include any queueing, traffic shaping, traffic policing, Diffserv, DOS/DDOS mitigation, et al. As I would expect, the rules will provide the big ISPs more ammunition to eliminate smaller competition like we see in other heavily regulated industries.
This runs afoul of the Hazlitt rule for "Economics in One Lesson": you must consider the short-term and long-term impact. Bureaucrat-issued regulations virtually never consider both.
Basically, ISPs aren't allowed to manage their networks with these rules
Clauses b & c in the paragraph quoted in the article would seem to contradict your conclusion.
ISPs are not always stopped from doing this, they're just stopped when it doesn't fit into one of the categories they specify (and the first one relating to national legislation would seem to allow for even further wiggle room depending on how far national governments want to take things).
"This runs afoul of the Hazlitt rule for "Economics in One Lesson": you must consider the short-term and long-term impact. Bureaucrat-issued regulations virtually never consider both."
People beholden to other people usually don't have a choice in the matter. Most investors don't like to wait, and voters have a pretty short cycle combined with long memories of grievances. Long-term gain is lost on people who balk at the short-term pain.
"It makes far more sense from a privacy and security perspective to be able to manage all these devices from a single point and an ISP service is a sensible approach because it blocks these risks before they ever reach the customer's home network," added Hanff.
And if the device is used on another connection that isn't filtered?
Managing each device might be more of a hassle but it's still better than merely securing the connection that the device is uses most frequently if we're talking about devices that won't always be using the same connection.
Why has Hanff changed his tune from 2008 after the Phorm trials when he was busy proclaiming that consent from both sender and recipient was needed to make any interception legal?
"Why has Hanff changed his tune from 2008 after the Phorm trials when he was busy proclaiming that consent from both sender and recipient was needed to make any interception legal?"
Perhaps because blocking is different from snooping. In the latter case, either sender or recipient may be unaware that there is anything going on.
I haven't changed my tune - the two scenarios are completely different.
In the Phorm situation, citizens' communications were being intercepted, copied, scanned and then the content of those scans used to profile individuals behaviour. It was active surveillance over which the citizen had zero choice or control.
In the adblocking scenario, communications are scanned for specific patterns which only match advertising code. The content of the comms is not copied and used for profiling behaviour and the citizens has to opt in to the service (if they don't their comms bypass the tech).
Another big difference between the two is in the Phorm case, all parties in the communication were likely to object to the interception. However, in the adblocking case, publishers have a vested interest in not consenting to the activity because they benefit from the ads being blocked.
With the privacy and security issues surrounding programmatic ads and privacy being a fundamental right under European Law (Article 8 of the Charter of Fundamental Rights of the European Union) it is absurd to suggest that publishers should have a veto over a citizen's choice to block ads.
Furthermore, I haven't changed my tune - I have not stated that RIPA doesn't apply in the adblocking case - I have been actively lobbying to have EU Law changed to remove the all party consent requirement for situations where ISP customers have explicitly requested a service (opt in) and I still fully support the prohibition of arbitrary blocking imposed by the ISP without the explicit opt in consent of the customer.
I find it amusing that some people think I need reminding of what I wrote - I don't, I wrote it. I also find it strange that certain people think I have no right to have a different opinion in different situations - the Phorm case and the adblocking scenario are opposites in many respects and it is entirely my right to have a different opinion on both scenarios.
it is absurd to suggest that publishers should have a veto over a citizen's choice to block ads
I don't think anybody is suggesting that.
What is being suggested however is that getting the network operator involved in the process is a bad idea, and one that will be unnecessarily invasive and inefficient given the alternatives available.
The likes of ad-block plus is presumably run locally without the involvement of 3rd parties and without the need for any company having direct knowledge of where you've been or what you're currently doing.
Why then should the prerequisite for the network operator to see your traffic be changed to fit the need for blocking anything? Would blocking at the router not be a better alternative, since like the ad-block plus solution this would prevent the need to make your communications viewable to 3rd parties?
"What is being suggested however is that getting the network operator involved in the process is a bad idea, and one that will be unnecessarily invasive and inefficient given the alternatives available."
What alternatives are there for clueless users who can nonetheless be zombied without their knowledge? This has implications for everyone else, too.
Perhaps I should have phrased things more carefully. What I was intending to refer to was the part of the process that involves the transit of communications on systems outside the local network being used by the end user.
Such 'clueless users' would presumably be content to simply use the router provided by the ISP.
There is nothing to stop the ISP from setting up their equipment to stop adverts at the router level, and any information generated by the blocking need never leave the router or be sent back to the ISP (nor would there be any need for the ISP to either intercept or analyse traffic passing through their network).
In any case it might be worth noting this:
http://www.threemediacentre.co.uk/news/2016/shine-announcement.aspx
From the blog entry:
Our objective in working with Shine is not to eliminate mobile advertising, which is often interesting and beneficial to our customers, but to give customers more control, choice and greater transparency over what they receive.
To me personally that sounds very similar to the sorts of things Facebook have been coming out with recently.
Shine seems to be another type of Phorm, just dressed up differently.
Indeed, the only place to ensure no unwanted connections are made, is at the connecting device, since there is no way to predict when it is going to connect to a compromised network.
If illegal content is hosted that is something for the courts.
The broken ad system is a marketplace problem so it has to be solved in/by the parties in the marketplace (advertisers, publishers, and consumers).
There's still room for regulating the distribution of invasive adware: for example if adware is invasive to privacy, courts could issue fines and takedown orders to the shops responsible, and servers taken. Consumer protection can take many forms, but Internet traffic prioritizatin does not seem to be the best tool for that particulat job.
Malicious usage can always be addressed - either as breach of service terms, or under the law.
I agree with free distribution of content and the freedom to peruse it, and an open market vs. the quagmire government regulated Internet traffic control.
"There's still room for regulating the distribution of invasive adware: for example if adware is invasive to privacy, courts could issue fines and takedown orders to the shops responsible, and servers taken."
How do they do that when the shops responsible are not beholden to your laws, because they're located in another country?
"Malicious usage can always be addressed - either as breach of service terms, or under the law."
Not when sovereignty gets in the way.
If they do, the only way to get around it is to use an ISP that doesn't proxy (and by your admission, there aren't any). Since the ISP can filter you right at the entry point, there's no other way to evade it. It's easy to guard traffic when there's only one way in or out.
Once upon a time, I used Open DNS and set up my router to use 208.67.222.222 and 208.67.220.220 for all devices in my home. I was able to block things that *I* did not like from my children. I did not need a "filter" from the Government, who would block anything a lawyer or friendly dictator wanted or a dodgy US corporate that would block a nipple before an assault rifle.
My children grew up using computers largely unsupervised. I only recall one question as to why I blocked a particular item. If either of them figured how to get around this, they did it very discreetly which is good enough for me.
For a long time now ISPs seem to have liked to supply routers where users have no control over anything. Defaults are good but we need to be able to override. My children are young adults and in their own homes. I don't need to set a DNS range any more. If I do, it will have to be on individual devices. One day, I might have grandchildren and they will probably have their own devices. Will I have to manually enter it onto their machines when they come round?
Let me choose my own DNS for my own devices from the router which I have paid for too.
"Let me choose my own DNS for my own devices from the router which I have paid for too."
You're in the distinct minority, then. Most Internet users couldn't tell DNS from WWW but have heard the terms before, putting them into that oh-so-dangerous category: people "with a little knowledge". What makes them dangerous is that a little knowledge makes them prone to trying to do things they really don't know enough about: as a result breaking things. And since they're clueless about it, they just thing the Internet broke and start calling for help.
Since these kinds of people outnumber you AND can produce incidents like getting zombied that can get the ISP in trouble for things like failure of due diligence, guess what the ISP has to do to cover its butt?