EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal

Ryan Stoner ryanstoner7 at gmail.com
Wed Mar 29 11:34:50 UTC 2017

All if you are in a tizzy over a policy that's been dead for a while.


Ryan Stoner

On Mar 29, 2017 6:26 AM, "Rich Kulawiec" <rsk at gsp.org> wrote:

On Wed, Mar 29, 2017 at 05:48:11AM -0500, Mike Hammett wrote:
> What is lost if AT&T or Comcast sells my anonymized usage habits?

They're NOT anonymized.  Aren't you paying attention?

Anonymization -- *real* anonymization -- is hard.  Hard means expensive.
It also reduces the sale price of the data.  There is no reason for any
of these companies to spend the required money in order to sell the data
for less than they could get otherwise.  Why should they reduce their
obscene profits?  (a) Nobody's going to make them and (b) most people
are as ignorant as you are and therefore aren't demanding it.

It's much easier and more profitable to *claim* that the data is anonymized,
maybe make a token (and worthless) gesture at making it so, and laugh all
the way to the bank.

And let me note that in passing that even if -- and this is a very faint
"if" --  they're really anonymizing your data, it's not anonymized
at the point of collection.  Sooner or later, someone with access --
whether authorized or not -- will tap into that.  Of course they will,
it's far too valuable to be ignored indefinitely.  Maybe it'll be an
insider operation, maybe it'll be just one person, maybe it'll be outside
attackers, maybe it'll be an intelligence or law enforcement agency.

The point is that these data collection operations are obvious,
high-value targets, therefore they WILL be attacked, and given the
thoroughly miserable history of the security postures in play, they
WILL be attacked succcessfully.  So even if you're foolish and naive
enough to believe the professional spokesliars at AT&T and Comcast,
you should always keep in mind that this data will *not* be confined to
those operations.  It will be for sale, in raw unredacted form, on the
darknet to anyone who can pay and/or it will be loaded into the data
warehouses of any agency that chooses to acquire it.


More information about the NANOG mailing list