And so what if it is? What's the downside here? ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Wednesday, March 29, 2017 6:24:31 AM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal On Wed, Mar 29, 2017 at 05:48:11AM -0500, Mike Hammett wrote:
What is lost if AT&T or Comcast sells my anonymized usage habits?
They're NOT anonymized. Aren't you paying attention? Anonymization -- *real* anonymization -- is hard. Hard means expensive. It also reduces the sale price of the data. There is no reason for any of these companies to spend the required money in order to sell the data for less than they could get otherwise. Why should they reduce their obscene profits? (a) Nobody's going to make them and (b) most people are as ignorant as you are and therefore aren't demanding it. It's much easier and more profitable to *claim* that the data is anonymized, maybe make a token (and worthless) gesture at making it so, and laugh all the way to the bank. And let me note that in passing that even if -- and this is a very faint "if" -- they're really anonymizing your data, it's not anonymized at the point of collection. Sooner or later, someone with access -- whether authorized or not -- will tap into that. Of course they will, it's far too valuable to be ignored indefinitely. Maybe it'll be an insider operation, maybe it'll be just one person, maybe it'll be outside attackers, maybe it'll be an intelligence or law enforcement agency. The point is that these data collection operations are obvious, high-value targets, therefore they WILL be attacked, and given the thoroughly miserable history of the security postures in play, they WILL be attacked succcessfully. So even if you're foolish and naive enough to believe the professional spokesliars at AT&T and Comcast, you should always keep in mind that this data will *not* be confined to those operations. It will be for sale, in raw unredacted form, on the darknet to anyone who can pay and/or it will be loaded into the data warehouses of any agency that chooses to acquire it. ---rsk