Two simple rules for most large ISPs. 1. If they can see it, as long as they are not legally prohibited, they'll collect it. 2. If they can legally profit from that information, in any way, they will. Now, ther privacy policies will always include lots of nice sounding clauses, such as 'We don't see your personally identifiable information'. This of course allows them to sell 'anonymized' sets of that data, which sounds great , except as researchers have proven, it's pretty trivial to scoop up multiple, discrete anonymized data sets, and cross reference to identify individuals. Netflow data may not be as directly 'valuable' as other types of data, but it can be used in the blender too. Information is the currency of the realm. On Mon, May 15, 2023 at 7:00 PM Michael Thomas <mike@mtcc.com> wrote:
And maybe try to monetize it? I'm pretty sure that they can be compelled to do that, but do they do it for their own reasons too? Or is this way too much overhead to be doing en mass? (I vaguely recall that netflow, for example, can make routers unhappy if there is too much "flow").
Obviously this is likely to depend on local laws but since this is NANOG we can limit it to here.
Mike