Does Big Brother know where you've been surfing?

Does Big Brother know where you've been surfing?

Summary: If you think no one will ever know about the Web sites you were surfing last night, guess again. It may not be your spouse, your boss or a cop - but there's growing interest in what sort of data your Internet Service Provider is collecting about your viewing habits.

SHARE:

If you think no one will ever know about the Web sites you were surfing last night, guess again. It may not be your spouse, your boss or a cop - but there's growing interest in what sort of data your Internet Service Provider is collecting about your viewing habits.

As for me, I just finished reading a very interesting piece by my former Washington Post colleague Rob Pegoraro, who wrote about "deep packet inspection." Given the technology that's out there, monitoring Web usage has grown beyond cookies on your computer to data scouring on your ISP's servers. Rob writes:

Peering inside the digital packets of data zipping across the Internet -- in real time, for tens of thousands of users at once -- was commercially impractical until recently. But the ceaseless march of processing power has made it feasible. Unsurprisingly, companies have been trying to turn this potential into profit. By tracking users' Web habits this closely, they can gain a much more detailed picture of their interests -- and then display precisely targeted, premium-priced ads. Equally unsurprising, these attempts have become a public-relations tar pit for Internet providers that experimented with this technology without giving users fair warning.

In a recent hearing on Capitol Hill, lawmakers asked dozens of providers if they had used deep packet inspection and most said they had not. But a couple, including Washington Post-owned Cable One, said it had tested it using a service provided by Redwood City-based NebuAd. Of course, everyone is saying that privacy has been respected and that personal and sensitive matters - emails, financial transactions and so on - were stripped from the data first. But how do we know? I mean, we don't even necessarily know if our usage patterns are being monitored.

I guess I already know I'm being watched. As a Gmail user, there are ads related to the topics in my e-mail conversations. And yet, I'm OK with that. But this data packet level of inspection is just so far out of my control that it's a bit unnerving. Case in point: If I don't like the Gmail ads, I can stop using Gmail and go another route for my mail services. I make that decision and I control it. In the case of deep packet inspection, my ISP holds the key - not me. Rob uses an excellent analogy in his column:

Tracking via cookies is the rough equivalent of a supermarket clerk noting that you spend a lot of time in Aisle 9 checking out cereal but never duck into Aisle 2 for frozen dinners. Deep packet inspection, by contrast, is more like the clerk following you to see which boxes of cereal you eyeballed -- and doing so at every store you visit, even those run by other companies.

I try to surf the Web without paranoia and, if anyone was tracking my usage, they'd probably think I'm on tech news overload or would wonder why on Earth an educated adult subscribes to ridiculously sophomoric YouTube vlogs. (Hey, it's the same reason I watch South Park - we all need a break, right?) I have no immediate problems with the idea of deep packet inspection. I think I would just like to know when and if it's happening. And I think I'd want the option to opt-out or at least be compensated in some way for the valuable advertising data I'm providing about myself.

A week for two in Hawaii would be nice but I'd probably settle for a discount on my monthly ISP bill.

Topics: Cloud, Browser, Collaboration, Google, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

31 comments
Log in or register to join the discussion
  • Golden Opportunity

    Do keep in mind that most of us have [b]lots[/b] of spare download bandwidth when you add up the whole day. Why not put it to use?

    Go ahead and randomly wget random sites to /dev/null. Run up hit statistics across the Net. Visit terrorist sites and become someone important to the United States Government!

    Poison their damn database to the point of uselessness.
    Yagotta B. Kidding
    • Tell us how you get on

      from your prison cell.

      "Oh the times, they are a changing."

      Who watches the watchers?
      fr0thy2
  • RE: Does Big Brother know where you've been surfing?

    It'd be easier if my ISP asked me which porn sites I was going to instead of doing the deep packet sniffing. I'd be glad to give them a list.
    Loverock Davidson
    • microsoft.com & msdn, plus some weird gothic stuff knowing you

      :P
      fr0thy2
      • Ok that was pretty funny :) (NT)

        ::
        Loverock Davidson
  • No news on the western front

    Surprise surprise. The overall concept of deep packet sniffing was discussed at a provider I worked for some 7 years ago. Luckily, there wasn't enough cheap processing power to do this stuff then.

    Now it's a different ballgame. Oh, and on the subject of google, you don't think that google can't log and track your redirects and exit pages from their sites, especially since they can identify a huge amount of people via the gmail cookies on their computers?

    Bozidar Spirovski
    http://www.shortinfosec.net
    Bozhidar
  • Sounds ripe for abuse.

    Time to do some war dialing for the really offensive stuff. Meanwhile when on your own computer, keep it G rated. It appears that spying is done commercially at first for advertising reasons then the state requests a dossier later.
    osreinstall
  • RE: Does Big Brother know where you've been surfing?

    Exactly right. The problem right now is a total lack of transparency. And if my ISP wants to snoop, they should pay me for it. I blogged on this in April, if posting URL is OK:

    http://cparente.wordpress.com/2008/04/07/the-more-things-change/
    teknofin
    • Trasparency

      What's wrong with ISPs seeking transparency from
      users? (unless you're doing something illegal)
      AzuMao
      • RE: Trasparency

        "<i>What's wrong with ISPs seeking transparency from
        users? (unless you're doing something illegal)</i><br><br>

        Whats wrong with us getting to look in your bedroom window, take pictures snd sell them, you btw get nothing from these pictures and no notice we are doing it....... (unless your doing something illegal)<br><br>It called invasion of privacy.
        devlin_X
        • Uh

          Because that's perverted?


          Anyways it works both ways.
          AzuMao
      • unless you're doing something illegal

        Ah yes--That argument.

        Why do we need privacy in ANY aspect of our lives "unless we are doing something illegal".

        I'm not doing anything illegal, but I still value my privacy. Yours is not the world I want to live in.
        IanSmithCA
        • Good question

          Care to answer it? (besides "just because")
          AzuMao
  • Your CPU might keep a record of everything that you do

    ISP's are not noted for their speed.Sending all of those files to my Internet Temp folder and recording my whereabouts while I duck virus is not a good thing.Hay----Maybe the Internet will change and things will get better---Naw---
    BALTHOR
  • RE: Does Big Brother know where you've been surfing?

    China is here Mr Burton!!
    mrfokker
  • RE: Does Big Brother know where you've been surfing?

    My private information is exactly that, <b>PRIVATE!!!! - DAM-IT!!!!</b> I c-a-n do without the Internet and will kill my account immediately if I find out Comcast resorts to this kind of thing. If you do Comcast, say good bye to my account! RFID, GPS in phones and cars, what the f**k next?!
    The Rifleman
    • Considering its Comcast....

      and unfortunately I'm a subscriber - im sure its somewhere in there Comcastic Terms and AUP that says that to provide a Comcastic experience, they MUST snoop and "retain a general log" of where you go. After all its in the interest of "better service" righT? *cue the evil laughter*

      *DISCLAIMER* The above is not official Comcast (aka ComcastiC) Policy - just a personal observation and conclusion from being a subscriber.
      JT82
  • Research on how to defeat DPI by adding noise

    "But this data packet level of inspection is just so far out of my control that it???s a bit unnerving." A research project to defeat DPI:
    http://sourceforge.net/projects/deeppacketads

    This program adds so much noise to your connection by searching for words from dictionaries -- if DPI information is noise and patterns aren't there, the information will be meaningless. No one will pay for it. If you want to search for one disease, run this to search for a medical dictionary of diseases, and the DPI will have meaningless info.
    scott1329
    • Steve Gibson...

      Steve Gibson spent weeks talking about how some of these work on his "Security Now!" podcast. See http://www.grc.com/securitynow.htm episodes 149 through 154. Knowing how they work, you can defeat them (as well as voice your displeasure with your ISP).

      Tracking from your ISP requires distinguishing between multiple users or computers behind a NAT router so ads targeted at you don't appear to your kids and vice versa. They have to do it in cooperation with your browser (via cookies, script, etc.) which you can thwart.
      mark.hill.smt
  • RE: Does Big Brother know where you've been surfing?

    I find it alarming that so much information on me can be gathered without my knowledge. I know my spending habits are an open book since I use credit cards. I know my basic daily routine can be looked at because of my energy usage patterns easily available by my energy provider. And I know my Email is scanned at work, with every keystroke I type having the ability to be ghosted by the company I work for.

    The level of intrusion we accept into our every day lives is perhaps a personal decision. However, the lack of control we have in deciding and even knowing who is looking at this information demands an internet-user "Bill of Rights". I do not want my spending habits out there for all to see. I do not want my daily routines to be a billboard for abusing me. In the exact same way I do not want my medical information broadcast, or my insurance information publicized.

    There's only an implication of privacy in my Email and ISP; there's a legal right to it when I talk to a doctor or lawyer. We should expect the same rights to opt-in or out of these programs before we are inducted volunteers to the whims of faceless corporations, hackers, or anyone else who can buy this information.

    Paraphrasing Ben Franklin:
    "If we restrict liberty to attain security we will lose them both."
    Bebedo