US Senate votes to allow ISPs to sell your internet history

Vote passed today at 50:48

Here's the details: https://www.privateinternetaccess.c...ules-let-isps-telecoms-sell-internet-history/

TLDR;

Despite widespread disapproval from constituents, S.J.Res 34 has passed the United States Senate with a vote of 50-48, with two absent votes. Earlier today, at 12:25 Eastern March 23, 2017, the US Senate voted on S.J.Res 34, and will use the Congressional Review Act to strip away broadband privacy protections that kept Internet Service Providers (ISPs) and telecoms from selling your internet history and app data usage to third parties. S.J.Res 34 was first introduced by 23 Republican Senators earlier this month and its blitz approval is a giant blow to privacy rights in the United States.

The resolution, which is now effectively half passed, will hand responsibility of broadband privacy regulation from the Federal Communications Commission (FCC) to the Federal Trade Commission (FTC) and disallow the FCC from making any rules protecting Internet privacy ever again.



So chances are it will also pass the House and become law...

 

[melty]

How do you use TOR right? I've never really used it as much more than a novelty, but it seems good to know, I guess...

 

[DeadwastePrime]

i'll make sure any louisiana representatives who vote for it are the candidates i dont vote for when they run for congress again

 

[Marvin]

Don't use public wi fi at a starbucks for your purchases either, common sense.

Anything involving money uses https, there's no risk to buying things over public wifi.

How do you use TOR right? I've never really used it as much more than a novelty, but it seems good to know, I guess...

As soon as you launch tor, turn off javascript. That's about it.

 

[Jewelsmakerguy]

Can we somehow vote to see the internet history of the entire US Senate? Fair is fair.

If Trump does approve (big if here), I don't think he'd discriminate between the public (many of who don't deserve it) and the Senate.

 

[AnOminous]

Anything involving money uses https, there's no risk to buying things over public wifi.

One of the more common attacks involving a man in the middle attack is a rollback attack, where the wifi access point breaks a more secure protocol in order to force the use of a less secure protocol that can more easily be breached.

You can use things like ForceTLS to ensure certain protocols are used at all times and refuse to do transactions without them, but I wouldn't assume you're safe just because you're using https. If someone controls the infrastructure between you and what you're connecting to, there are a number of ways of attacking it especially when it's not implemented well.

I'd recommend using separate bank accounts for anything involving serious amounts of money, with only money necessary for daily (including online) use kept in an account for that.

 

[Marvin]

One of the more common attacks involving a man in the middle attack is a rollback attack, where the wifi access point breaks a more secure protocol in order to force the use of a less secure protocol that can more easily be breached.

You can use things like ForceTLS to ensure certain protocols are used at all times and refuse to do transactions without them, but I wouldn't assume you're safe just because you're using https. If someone controls the infrastructure between you and what you're connecting to, there are a number of ways of attacking it especially when it's not implemented well.

MitM attacks haven't been a big deal for a long time.

It depends on what sort of service you're talking about. Like, major online retailers like Amazon and Ebay aren't going to be vulnerable to those sorts of attacks. You'd really need to have dropped the ball in configuring your server for those things to be an issue.

And at that point, if the service itself is sketchy enough, it doesn't matter whether you're accessing it via public wifi or not. You're much more likely to get screwed by them getting hacked directly, in all the time you use their service from home, than randomly using it one time when you're on vacation.

 

[AnOminous]

MitM attacks haven't been a big deal for a long time.

I'm unaware of them ceasing to exist some time recently. It's a simple fact that if you control part of the infrastructure in between source and destination you can do a lot of things, and that you shouldn't just blindly trust any random box you connect to.

Even currently, there are tons of apps susceptible to such attacks.
http://www.theinquirer.net/inquirer...s-are-vulnerable-to-man-in-the-middle-attacks

 

[TowinKarz]

You're only anonymous online to the degree that nobody cares to try and find out who you are. I don't go places I won't admit to going, because I know that if anyone looks hard enough, they're gonna find it.

 

[Marvin]

It's a simple fact that if you control part of the infrastructure in between source and destination you can do a lot of things, and that you shouldn't just blindly trust any random box you connect to.

Disagree. I wouldn't say you can do a lot of things. There are some things you can do, but not many, and the list of those things is dwindling. TLS makes MitM attacks much, much harder out of the box. The vulnerabilities still remaining are a result of outdated standards and weak keys, both of which are being addressed.

You shouldn't blindly trust any random box you connect to, but you should also have a realistic understanding of the risks.

Even currently, there are tons of apps susceptible to such attacks.
http://www.theinquirer.net/inquirer...s-are-vulnerable-to-man-in-the-middle-attacks

It's an interesting article, but they're pretty vague about the specifics of the cause. It sounds like Apple's existing API gives apps a lot of control in vetting connections, and those apps aren't bothering to, y'know, actually vet the connection.

 

[AnOminous]

Disagree. I wouldn't say you can do a lot of things. There are some things you can do, but not many, and the list of those things is dwindling. TLS makes MitM attacks much, much harder out of the box. The vulnerabilities still remaining are a result of outdated standards and weak keys, both of which are being addressed.

"Being addressed" and actually having been addressed are two different things.

It's sort of like saying buffer overflows are no big deal because we now are aware of them and there are well known ways to avoid them. They still crop up.

Outdated standards and weak keys are always going to be a thing. Today's state of the art is tomorrow's outdated standard.

 

[Marvin]

"Being addressed" and actually having been addressed are two different things.

It's sort of like saying buffer overflows are no big deal because we now are aware of them and there are well known ways to avoid them. They still crop up.

Outdated standards and weak keys are always going to be a thing. Today's state of the art is tomorrow's outdated standard.

The flaws regarding TLS have to do with legal issues regarding the export of cryptography. The US used to classify encryption above a certain strength as a "munition", so standards like TLS had to have two versions: a strong version for the domestic market and a weaker version for the international market.

Most TLS exploits have to do with tricking the TLS implementation into using one of the weak ciphers.

We no longer restrict export of cryptography, so this is mostly a historical anomaly. Or, hopefully, anyway. Maybe someone will try to pull a Clipper Chip 2.0?

 

[AnOminous]

We no longer restrict export of cryptography, so this is mostly a historical anomaly. Or, hopefully, anyway. Maybe someone will try to pull a Clipper Chip 2.0?

They seem to try something like it every few years. Maybe if Dianne Feinstein finally croaks and goes to Hell they'll stop.

 

[over and over]

idc. im not a degenerate doing illegal things all the time

 

[Ruin]

They seem to try something like it every few years. Maybe if Dianne Feinstein finally croaks and goes to Hell they'll stop.

There are very few politicians I loath more then Dianne Feinstein. She's one of the worst authoritarians in the senate of either political party.

 

[ZeCommissar]

Why would they want to sell my Tranny porn and dank warhammer memes?

Man people buy anything these days

 

[DZ 305]

https://www.govtrack.us/congress/vo..._feed&utm_source=govtrack/feed&utm_medium=rss

Here's the list of Representatives. Feel free to call your own! I'm gerrymandered to Hell here

 

[Null]

As an explanation, this bill moves ISPs out of the purview of the FCC, which dumb arabs like @Internet War Criminal fucking cum over. This is what he actively and aggressively pushes for whenever possible.

P.S.
https://www.privateinternetaccess.com/pages/browse-anonymously/kiwifar

 

[Internet War Criminal]

The internet is not a human right, it's a service that you buy and if you are not happy with the way that the company you are dealing with you can restrain yourself from engaging in free exchanges of goods for services with them. Or to use them, but also encrypt your own internet traffic through a VPN or other third party services that will encrypt and tunnel your traffic if you would prefer them not knowing your entire browser history.

Guess it takes a dumb Arab to explain free market capitalism 101

 

[DZ 305]

The internet is not a human right, it's a service that you buy and if you are not happy with the way that the company you are dealing with you can restrain yourself from engaging in free exchanges of goods for services with them. Or to use them, but also encrypt your own internet traffic through a VPN or other third party services that will encrypt and tunnel your traffic if you would prefer them not knowing your entire browser history.

Guess it takes a dumb Arab to explain free market capitalism 101

https://en.m.wikipedia.org/wiki/Natural_monopoly

House
# of Members
Average Contribution
Total Contributions
Democrats 170 $18,698 $3,178,693
Republicans 228 $19,500 $4,446,160

Senate
# of Members
Average Contribution
Total Contributions
Democrats 40 $29,292 $1,171,697
Republicans 47 $38,973 $1,831,737
Independents 1 $8,500 $8,500

Walden, Greg (R-OR) $164,100
Sanders, Bernie (D) $154,026
Thune, John (R-SD) $150,900
Blumenthal, Richard (D-CT) $131,500
Blunt, Roy (R-MO) $128,100
Schatz, Brian (D-HI) $120,300
Bennet, Michael F (D-CO) $114,260
Cruz, Ted (R-TX) $110,831
Schumer, Charles E (D-NY) $109,552
Pallone, Frank Jr (D-NJ) $108,200
Rubio, Marco (R-FL) $104,984
Ayotte, Kelly (R-NH) $100,650
Leahy, Patrick (D-VT) $100,550
Scalise, Steve (R-LA) $98,600
Ryan, Paul (R-WI) $96,455
Shimkus, John M (R-IL) $95,400
Portman, Rob (R-OH) $90,700
Moran, Jerry (R-KS) $89,400
Grassley, Chuck (R-IA) $88,550
McCain, John (R-AZ) $86,200

"It's OK when we do it"

 

[Calooby]

On the subject of online shopping I just get VISA gift cards and shit. If I'm going to have a bank account or something, I'm going to always deposit the money from said bank account, and have it in cash when I'm not using it for online transactions. Having thousands of dollars in a hackable account is dumb homie, common sense.