Watchdog finds dubious data gathering, illusory solicitations for consent The US Federal Trade Commission on Thursday said many internet service providers are sharing data about their customers, in defiance of expectations, and are failing to give subscribers adequate choices about whether or how their data is shared.…It’s ‘near-impossible to escape persistent surveillance’ by American ISPs, says FTC — The Register
I half suspected this years ago, when I first learned about things like DnsCrypt. I didn’t quite understand why one would want to encrypt/verify their DNS lookups. I’ve learned since then that some part of man-in-the-middle attacks is using DNS lookups to re-direct to malware websites. The encryption component on the other-hand is meant to prevent anyone from easily seeing the DNS referral/lookups being made from end-to-end. With a software service like dnscrypt-proxy, you are defining a DNS host you trust, but furthermore you are encrypting the lookup, making it marginally more private. Alleviating the need to run your own personal DNS, or maintain a local Hosts file where you keep the mapping of host/ip address yourself. Dnscrypt-proxy IS a local dns service, and relies on a network of volunteer dnscrypt-proxy hosts who do the referrals/lookups and send back the ip address for a given lookup query. Now think about a careless, predatory ISP who only wants to drive their infrastructure into the ground using year 2000 era Cable Modem technology. Rent-seeking at its finest. No investment in infrastructure, no attempt to replace copper with fibre optic. No. Just drive that old investment into the ground and raise the marginal return by any means necessary. Generally this is by having you sign up for triple-play/triple-pay schemes where they make you subscribe to cable TV channels you’ll never watch to get a better monthly subscription rate.
However what happens then when that well dries up? It’s not likely they’re getting people to drop their existing cable modem provider for another one, because most Cable providers are local monopolies. What to do? Well, most cable modems have their configurations burned into them at the factory. Default DNS server on your cable modem? Well that’s provisioned up at the head end, at the ISP using the provisioning directives built-in to the modem. Simple lookup (almost like DHCP), and you find the ISP’s dns server, and then the data collection begins. ISP is watching, monitoring, auditing, surveilling you like you were an enemy of the National Security Agency. Everything is logged, tagged, collated, collected and sold to idiots like Peter Thiel (of Palantir fame) or Robert Mercer (of Cambridge Analytica fame). These mercenary personal data collectors de-anonymize the vast stores of data collected on you and correlate A-L-L of it, to sell to other more shadowy users of your personal data. The circle of surveillance will target you for untold marketing, or worse, attacks against your personal computer on the ISP’s network. However, they don’t care, they just want more and more money.