Re: [EXTERNAL] Re: ISP data collection from home routers
On Thu, 24 Mar 2022, Mu wrote: [...] While I agree that many consumers don't place much value on their own data, resulting in them not particularly caring about that data, in my experience it often stems from ignorance of what can be done with that data (if they even know that the data is being collected in the first place). Once the implications of sharing specific data is known, my anecdata has shown that the average person will make some adjustments to their data-sharing habits. At the very least, an informed decision can be made. However, when it comes to intricate technical data from their home routers being hoarded, we can't really expect the average consumer to form an informed decision on the data being shared, can we? I don't think the default should be "collect as much as we can because they probably won't care" in the absence of an informed consumer. Regards, Mu [...] I discuss the relation between (sometimes unseen) data collection valuation and the decision to allow it at pages 1728-1745 (Part II sections B-D) of Regulating Mass Surveillance as Privacy Pollution: Learning from Environmental Impact Statements, 2015 U. Ill. L. Rev. 1713 (2015), availabe from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2400736 -Michael -- A. Michael Froomkin https://law.tm 305-284-4285 ssrn: bit.ly/1XlTJLz Laurie Silvers & Mitchell Rubenstein Distinguished Professor of Law Editor, Jotwell: The Journal of Things We Like (Lots), jotwell.com U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA It's hot here
Re: ISP data collection from home routers
yes, because otherwise the contention (it's a shared access media, after all) and RF channel bonding/allocation wouldn't work. Configuration depends on what the exact CMTS configuration is on your last mile coax segment. however it's also possible to have the cable MSO push an update to cablemodems which locks out a read-only diagnostics/info page that would otherwise be available. On Fri, 25 Mar 2022 at 13:47, Michael Thomas wrote: > > On 3/24/22 12:53 PM, Tom Beecher wrote: > > You don't even have to use their equipment. My provider at home is > > Charter / Spectrum. I own my own cable modem / router ,they have no > > equipment in my home. Their privacy policy is pretty standard. > > Essentially : > > - Anything they can see that I transmit they will collect. > > - Anything they can see when I use their apps , even if I'm not on > > their network, they will collect. > > - They will use that information for their technical and business > > reasons, whatever they want. > > - I am very limited in what I can request that they don't collect or use. > > > > None of this is new in the US. I think more people care about > > this than we think, but people don't really have an option to vote > > with their wallets. > > Even if you own your modem, the DOCSIS specs require that it be > completely controlled by the MSO, right? > > Mike > > >
Re: ISP data collection from home routers
" Most end users (at least in the US) don't have a choice as many jurisdictions have sold a franchise (monopoly) to one provider. Either they sign or they don't get internet." That's not true. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "PJ Capelli via NANOG" To: "Christian David" Cc: nanog@nanog.org Sent: Friday, March 25, 2022 10:04:56 AM Subject: Re: ISP data collection from home routers Most end users (at least in the US) don't have a choice as many jurisdictions have sold a franchise (monopoly) to one provider. Either they sign or they don't get internet. Perhaps 5G will broaden the number of providers end users can choose from, and not be forced into this kind of contract. But why do you think any ISP would agree to not collect this information? pj capelli pjcape...@pm.me No one can build you the bridge on which you, and only you, must cross the river of life - Nietzsche Sent with ProtonMail secure email. --- Original Message --- On Thursday, March 24th, 2022 at 1:11 PM, Christian David wrote: > I think that if the end user at signed contract agreed with this data > > collecting and also if there's a mechanism that the same user could deny > > the data collection, its look fine to me, there's compliant here in > > Brazil with LGPD (our variant from GDPR) and i think that users could > > see it as a "plus" cause the majority of ISPs don't have a service that > > inspect CPE WIFI's quality. > > Em 24/03/2022 14:00, Jay Hennigan escreveu: > > > On 3/24/22 06:26, Josh Luthman wrote: > > > > > I'm surprised we're having this discussion about an internet device > > > > > > that the customer is using to publicize all of their information on > > > > > > Facebook and Twitter. > > > > That's called informed consent. And Facebook and Twitter use TLS to > > > > protect the data in transit. > > > > > Consumers do not care enough about their privacy to the point where > > > > > > they are providing the information willingly. > > > > That's the point. The customer is providing information willingly when > > > > they post to social media. The ISP is collecting data without consent.
Re: ISP data collection from home routers
> > Even if you own your modem, the DOCSIS specs require that it be > completely controlled by the MSO, right? > Pretty sure that's correct, yes. On Fri, Mar 25, 2022 at 4:47 PM Michael Thomas wrote: > > On 3/24/22 12:53 PM, Tom Beecher wrote: > > You don't even have to use their equipment. My provider at home is > > Charter / Spectrum. I own my own cable modem / router ,they have no > > equipment in my home. Their privacy policy is pretty standard. > > Essentially : > > - Anything they can see that I transmit they will collect. > > - Anything they can see when I use their apps , even if I'm not on > > their network, they will collect. > > - They will use that information for their technical and business > > reasons, whatever they want. > > - I am very limited in what I can request that they don't collect or use. > > > > None of this is new in the US. I think more people care about > > this than we think, but people don't really have an option to vote > > with their wallets. > > Even if you own your modem, the DOCSIS specs require that it be > completely controlled by the MSO, right? > > Mike > > >
Re: ISP data collection from home routers
" They can easily profile you and know when you're at home, and when you're gone." And? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Giovane C. M. Moura via NANOG" To: "Josh Luthman" , "Lady Benjamin Cannon of Glencoe, ASCE" Cc: "North American Network Operators' Group" Sent: Thursday, March 24, 2022 9:04:06 AM Subject: Re: ISP data collection from home routers > Who cares about the SSID??? I don't remember the data model, but I remember that they retrieved data very often, multiple times a minute. (some ppl in the list may have access to this data and know it very well) They can easily profile you and know when you're at home, and when you're gone. Some people may find this interesting... To have a really meaningful discuss on the privacy implications, we would need to see the data model, and the frequency that they pool the data. /giovane
Re: ISP data collection from home routers
Sounds good to me. Solve the end-user problems, since they don't have the ability or care to do it themselves and doing so manually has too much latency and doesn't scale. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Giovane C. M. Moura via NANOG" To: "North American Network Operators' Group" Sent: Thursday, March 24, 2022 5:43:58 AM Subject: ISP data collection from home routers Hello there, Several years ago, a friend of mine was working for a large telco and his job was to detect which clients had the worst networking experience. To do that, the telco had this hadoop cluster, where it collected _tons_ of data from home users routers, and his job was to use ML to tell the signal from the noise. I remember seeing a sample csv from this data, which contained _thousands_ of data fields (features) from each client. I was _shocked_ by the amount of (meta)data they are able to pull from home routers. These even included your wifi network name _and_ password! (it's been several years since then). And home users are _completely_ unaware of this. So my question to you folks is: - What's the policy regulations on this? I don't remember the features (thousands) but I'm pretty sure you could some profiling with it. - Is anyone aware of any public discussion on this? I have never seen it. Thanks, Giovane Moura
Re: ISP data collection from home routers
On 3/24/22 12:53 PM, Tom Beecher wrote: You don't even have to use their equipment. My provider at home is Charter / Spectrum. I own my own cable modem / router ,they have no equipment in my home. Their privacy policy is pretty standard. Essentially : - Anything they can see that I transmit they will collect. - Anything they can see when I use their apps , even if I'm not on their network, they will collect. - They will use that information for their technical and business reasons, whatever they want. - I am very limited in what I can request that they don't collect or use. None of this is new in the US. I think more people care about this than we think, but people don't really have an option to vote with their wallets. Even if you own your modem, the DOCSIS specs require that it be completely controlled by the MSO, right? Mike
Re: ISP data collection from home routers
Not sure why they are different; most ISPs are not a pure play and can use that data for other aspects of their business that you may not have agreed to (e.g. Verizon FiOS feeding to Verizon Wireless). Comcast/NBC, etc. pj capelli pjcape...@pm.me No one can build you the bridge on which you, and only you, must cross the river of life - Nietzsche Sent with ProtonMail secure email. --- Original Message --- On Thursday, March 24th, 2022 at 10:24 AM, Kord Martin wrote: > On 2022-03-24 10:04 a.m., Giovane C. M. Moura via NANOG wrote: > > > They can easily profile you and know when you're at home, and when > > > > you're gone. Some people may find this interesting... > > > > To have a really meaningful discuss on the privacy implications, we > > > > would need to see the data model, and the frequency that they pool the > > > > data. > > Is your concern that ISPs have access to this information, or that it's > > something they could possibly be selling to a third party? Those are two > > completely different discussions. > > K signature.asc Description: OpenPGP digital signature
Re: ISP data collection from home routers
Most end users (at least in the US) don't have a choice as many jurisdictions have sold a franchise (monopoly) to one provider. Either they sign or they don't get internet. Perhaps 5G will broaden the number of providers end users can choose from, and not be forced into this kind of contract. But why do you think any ISP would agree to not collect this information? pj capelli pjcape...@pm.me No one can build you the bridge on which you, and only you, must cross the river of life - Nietzsche Sent with ProtonMail secure email. --- Original Message --- On Thursday, March 24th, 2022 at 1:11 PM, Christian David wrote: > I think that if the end user at signed contract agreed with this data > > collecting and also if there's a mechanism that the same user could deny > > the data collection, its look fine to me, there's compliant here in > > Brazil with LGPD (our variant from GDPR) and i think that users could > > see it as a "plus" cause the majority of ISPs don't have a service that > > inspect CPE WIFI's quality. > > Em 24/03/2022 14:00, Jay Hennigan escreveu: > > > On 3/24/22 06:26, Josh Luthman wrote: > > > > > I'm surprised we're having this discussion about an internet device > > > > > > that the customer is using to publicize all of their information on > > > > > > Facebook and Twitter. > > > > That's called informed consent. And Facebook and Twitter use TLS to > > > > protect the data in transit. > > > > > Consumers do not care enough about their privacy to the point where > > > > > > they are providing the information willingly. > > > > That's the point. The customer is providing information willingly when > > > > they post to social media. The ISP is collecting data without consent. signature.asc Description: OpenPGP digital signature
Re: ISP data collection from home routers
On 2022-03-24 10:04 a.m., Giovane C. M. Moura via NANOG wrote: They can easily profile you and know when you're at home, and when you're gone. Some people may find this interesting... To have a really meaningful discuss on the privacy implications, we would need to see the data model, and the frequency that they pool the data. Is your concern that ISPs have access to this information, or that it's something they could possibly be selling to a third party? Those are two completely different discussions. K
Re: ISP data collection from home routers
You're statement seems to imply that if someone publicizes certain personal data on Facebook that they shouldn't care about any other data being collected any other entity, do I have that right? While I agree that many consumers don't place much value on their own data, resulting in them not particularly caring about that data, in my experience it often stems from ignorance of what can be done with that data (if they even know that the data is being collected in the first place). Once the implications of sharing specific data is known, my anecdata has shown that the average person will make some adjustments to their data-sharing habits. At the very least, an informed decision can be made. However, when it comes to intricate technical data from their home routers being hoarded, we can't really expect the average consumer to form an informed decision on the data being shared, can we? I don't think the default should be "collect as much as we can because they probably won't care" in the absence of an informed consumer. Regards, Mu --- Original Message --- On Thursday, March 24th, 2022 at 9:26 AM, Josh Luthman wrote: > I'm surprised we're having this discussion about an internet device that the > customer is using to publicize all of their information on Facebook and > Twitter. Consumers do not care enough about their privacy to the point where > they are providing the information willingly. > >>Consumers should have legal say in how or wether their data are harvested and >>also sold. > > They do. https://www.fcc.gov/general/customer-privacy > > On Thu, Mar 24, 2022 at 9:12 AM Lady Benjamin Cannon of Glencoe, ASCE > wrote: > >> This is an enormous problem, see: >> https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect-troves-personal-data-users-have-few >> >> Consumers should have legal say in how or wether their data are harvested >> and also sold. >> >> Ms. Lady Benjamin PD Cannon of Glencoe, ASCE >> 6x7 Networks & 6x7 Telecom, LLC >> CEO >> l...@6by7.net >> "The only fully end-to-end encrypted global telecommunications company in >> the world.” >> >> FCC License KJ6FJJ >> >> Sent from my iPhone via RFC1149. >> >>> On Mar 24, 2022, at 3:44 AM, Giovane C. M. Moura via NANOG >>> wrote: >> >>> Hello there, >>> >>> Several years ago, a friend of mine was working for a large telco and his >>> job was to detect which clients had the worst networking experience. >>> >>> To do that, the telco had this hadoop cluster, where it collected _tons_ of >>> data from home users routers, and his job was to use ML to tell the signal >>> from the noise. >>> >>> I remember seeing a sample csv from this data, which contained _thousands_ >>> of data fields (features) from each client. >>> >>> I was _shocked_ by the amount of (meta)data they are able to pull from home >>> routers. These even included your wifi network name _and_ password! >>> (it's been several years since then). >>> >>> And home users are _completely_ unaware of this. >>> >>> So my question to you folks is: >>> >>> - What's the policy regulations on this? I don't remember the features >>> (thousands) but I'm pretty sure you could some profiling with it. >>> >>> - Is anyone aware of any public discussion on this? I have never seen it. >>> >>> Thanks, >>> >>> Giovane Moura
Re: ISP data collection from home routers
Hi Giovane On 24.03.22 11:43, Giovane C. M. Moura via NANOG wrote: Hello there, Several years ago, a friend of mine was working for a large telco and his job was to detect which clients had the worst networking experience. To do that, the telco had this hadoop cluster, where it collected _tons_ of data from home users routers, and his job was to use ML to tell the signal from the noise. I remember seeing a sample csv from this data, which contained _thousands_ of data fields (features) from each client. I was _shocked_ by the amount of (meta)data they are able to pull from home routers. These even included your wifi network name _and_ password! (it's been several years since then). Creepy. And the provided CPE usually sucks too, what a deal... I feel validated in preferring to use my own router at home. And home users are _completely_ unaware of this. So my question to you folks is: - What's the policy regulations on this? I don't remember the features (thousands) but I'm pretty sure you could some profiling with it. For the policies probably this is a good place to start if you are interested in US legislation (you didn't specify any location), as it's not federally regulated from what I gather: https://www.ncsl.org/research/telecommunications-and-information-technology/2019-privacy-legislation-related-to-internet-service-providers.aspx - Is anyone aware of any public discussion on this? I have never seen it. I remember reading some discussion around ISPs selling browsing behavior data that they collect from their subscribers in the tech press during Pai's term as the head of the FCC. It was probably on Ars Technica or Techdirt. Thanks, Giovane Moura Best, Joel -- Joel Busch, Network SWITCH Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 30, direct +41 44 268 16 58 https://switch.ch https://swit.ch/linkedin https://swit.ch/twitter
Re: ISP data collection from home routers
I think that if the end user at signed contract agreed with this data collecting and also if there's a mechanism that the same user could deny the data collection, its look fine to me, there's compliant here in Brazil with LGPD (our variant from GDPR) and i think that users could see it as a "plus" cause the majority of ISPs don't have a service that inspect CPE WIFI's quality. Em 24/03/2022 14:00, Jay Hennigan escreveu: On 3/24/22 06:26, Josh Luthman wrote: I'm surprised we're having this discussion about an internet device that the customer is using to publicize all of their information on Facebook and Twitter. That's called informed consent. And Facebook and Twitter use TLS to protect the data in transit. Consumers do not care enough about their privacy to the point where they are providing the information willingly. That's the point. The customer is providing information willingly when they post to social media. The ISP is collecting data without consent.
Re: ISP data collection from home routers
That link is more reflective of the FCC circa 2011. More recent actions taken by the FCC under Pai had weakened consumer protections for data collected by ISPs and was reflected in multiple news articles from 2017-2019. https://en.wikipedia.org/wiki/2017_Broadband_Consumer_Privacy_Proposal_repeal https://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0328/DOC-344116A1.pdf https://www.ftc.gov/news-events/news/press-releases/2019/08/ftc-revises-list-companies-subject-broadband-privacy-study Including this relatively recent article by the FTC. The same FTC tapped by the FCC as being the more responsible party for enforcing privacy protections for consumers. They are even saying that their privacy study showed very little protections for consumer data being harvested by ISPs with few options to restrict their use. https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect-troves-personal-data-users-have-few > On Mar 24, 2022, at 9:26 AM, Josh Luthman wrote: > > I'm surprised we're having this discussion about an internet device that the > customer is using to publicize all of their information on Facebook and > Twitter. Consumers do not care enough about their privacy to the point where > they are providing the information willingly. > > >Consumers should have legal say in how or wether their data are harvested > >and also sold. > > They do. https://www.fcc.gov/general/customer-privacy > > > On Thu, Mar 24, 2022 at 9:12 AM Lady Benjamin Cannon of Glencoe, ASCE > wrote: > This is an enormous problem, see: > https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect-troves-personal-data-users-have-few > > Consumers should have legal say in how or wether their data are harvested and > also sold. > > Ms. Lady Benjamin PD Cannon of Glencoe, ASCE > 6x7 Networks & 6x7 Telecom, LLC > CEO > l...@6by7.net > "The only fully end-to-end encrypted global telecommunications company in the > world.” > > FCC License KJ6FJJ > > Sent from my iPhone via RFC1149. > >> On Mar 24, 2022, at 3:44 AM, Giovane C. M. Moura via NANOG >> wrote: >> >> Hello there, >> >> Several years ago, a friend of mine was working for a large telco and his >> job was to detect which clients had the worst networking experience. >> >> To do that, the telco had this hadoop cluster, where it collected _tons_ of >> data from home users routers, and his job was to use ML to tell the signal >> from the noise. >> >> I remember seeing a sample csv from this data, which contained _thousands_ >> of data fields (features) from each client. >> >> I was _shocked_ by the amount of (meta)data they are able to pull from home >> routers. These even included your wifi network name _and_ password! >> (it's been several years since then). >> >> And home users are _completely_ unaware of this. >> >> So my question to you folks is: >> >> - What's the policy regulations on this? I don't remember the features >> (thousands) but I'm pretty sure you could some profiling with it. >> >> - Is anyone aware of any public discussion on this? I have never seen it. >> >> Thanks, >> >> Giovane Moura
Re: ISP data collection from home routers
View of traffic into the ISP with Netflow/etc is very different than all on my lan traffic. Tr-069 is bad news. On Thu, Mar 24, 2022, 15:53 Tom Beecher wrote: > You don't even have to use their equipment. My provider at home is Charter > / Spectrum. I own my own cable modem / router ,they have no equipment in > my home. Their privacy policy is pretty standard. > > Essentially : > - Anything they can see that I transmit they will collect. > - Anything they can see when I use their apps , even if I'm not on their > network, they will collect. > - They will use that information for their technical and business reasons, > whatever they want. > - I am very limited in what I can request that they don't collect or use. > > None of this is new in the US. I think more people care about this than we > think, but people don't really have an option to vote with their wallets. > > On Thu, Mar 24, 2022 at 6:45 AM Giovane C. M. Moura via NANOG < > nanog@nanog.org> wrote: > >> Hello there, >> >> Several years ago, a friend of mine was working for a large telco and >> his job was to detect which clients had the worst networking experience. >> >> To do that, the telco had this hadoop cluster, where it collected _tons_ >> of data from home users routers, and his job was to use ML to tell the >> signal from the noise. >> >> I remember seeing a sample csv from this data, which contained >> _thousands_ of data fields (features) from each client. >> >> I was _shocked_ by the amount of (meta)data they are able to pull from >> home routers. These even included your wifi network name _and_ password! >> (it's been several years since then). >> >> And home users are _completely_ unaware of this. >> >> So my question to you folks is: >> >> - What's the policy regulations on this? I don't remember the features >> (thousands) but I'm pretty sure you could some profiling with it. >> >> - Is anyone aware of any public discussion on this? I have never seen it. >> >> Thanks, >> >> Giovane Moura >> >
Re: ISP data collection from home routers
You don't even have to use their equipment. My provider at home is Charter / Spectrum. I own my own cable modem / router ,they have no equipment in my home. Their privacy policy is pretty standard. Essentially : - Anything they can see that I transmit they will collect. - Anything they can see when I use their apps , even if I'm not on their network, they will collect. - They will use that information for their technical and business reasons, whatever they want. - I am very limited in what I can request that they don't collect or use. None of this is new in the US. I think more people care about this than we think, but people don't really have an option to vote with their wallets. On Thu, Mar 24, 2022 at 6:45 AM Giovane C. M. Moura via NANOG < nanog@nanog.org> wrote: > Hello there, > > Several years ago, a friend of mine was working for a large telco and > his job was to detect which clients had the worst networking experience. > > To do that, the telco had this hadoop cluster, where it collected _tons_ > of data from home users routers, and his job was to use ML to tell the > signal from the noise. > > I remember seeing a sample csv from this data, which contained > _thousands_ of data fields (features) from each client. > > I was _shocked_ by the amount of (meta)data they are able to pull from > home routers. These even included your wifi network name _and_ password! > (it's been several years since then). > > And home users are _completely_ unaware of this. > > So my question to you folks is: > > - What's the policy regulations on this? I don't remember the features > (thousands) but I'm pretty sure you could some profiling with it. > > - Is anyone aware of any public discussion on this? I have never seen it. > > Thanks, > > Giovane Moura >
Re: ISP data collection from home routers
On 3/24/22 06:26, Josh Luthman wrote: I'm surprised we're having this discussion about an internet device that the customer is using to publicize all of their information on Facebook and Twitter. That's called informed consent. And Facebook and Twitter use TLS to protect the data in transit. Consumers do not care enough about their privacy to the point where they are providing the information willingly. That's the point. The customer is providing information willingly when they post to social media. The ISP is collecting data without consent. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
Re: ISP data collection from home routers
> On Mar 24, 2022, at 7:26 AM, Josh Luthman wrote: > > I'm surprised we're having this discussion about an internet device that the > customer is using to publicize all of their information on Facebook and > Twitter. Consumers do not care enough about their privacy to the point where > they are providing the information willingly. And that's the point; with Facebook and Twitter they are giving up their data willingly (granted they often barely (or don't at all) comprehend the amount and type of data, but there is at least nominal consent). With the routers, they have *zero* idea; even if the "consent" is buried in their terms to which they 'agreed', they have no idea. Anne -- Anne P. Mitchell, Attorney at Law CEO Get to the Inbox by SuretyMail Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute In-house Counsel: Mail Abuse Prevention System (MAPS) (Closed in 2004)
Re: ISP data collection from home routers
On Thu, Mar 24, 2022 at 10:04 AM Giovane C. M. Moura via NANOG < nanog@nanog.org> wrote: > > > Who cares about the SSID??? > > I don't remember the data model, but I remember that they retrieved data > very often, multiple times a minute. > > Please keep in mind that TR-069 (which in all likelihood is how the data you remember captured was captured) provides raw packet access to the customer side of the device. yes, this is a problem, yes it's certainly been/being abused. Yes the protocol is garbage and implementations are also garbage :( see the, at least 1, blackhat/defcon presentations about TR-069 problems. https://www.youtube.com/watch?v=XXhV7zpc6m8 https://www.geekzone.co.nz/forums.asp?forumid=49&topicid=214760&page_no=5 https://www.blackhatethicalhacking.com/news/multiple-backdoors-and-vulnerabilities-discovered-in-fiberhome-routers/ there's really no reason at all to have this exposed as it is :(
Re: ISP data collection from home routers
On Thu, Mar 24, 2022 at 09:26:31AM -0400, Josh Luthman wrote: > I'm surprised we're having this discussion about an internet device that > the customer is using to publicize all of their information on Facebook and > Twitter. Consumers do not care enough about their privacy to the point > where they are providing the information willingly. So your theory is that just because YOU have Facebook and you're fine sharing information (/don't care/whatever), that *I* have to suffer that fate as well? Perhaps you hadn't noticed, but there's a very active business in the form of VPN's, DNS-over-HTTPS, and other privacy-enhancing technologies that seem to indicate that people do have an interest in privacy and limiting the amount of ISP monetization of their data that can go on. Just because some people might be fine with their data being leaked does not mean that everyone is fine with it. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
Re: ISP data collection from home routers
Who cares about the SSID??? I don't remember the data model, but I remember that they retrieved data very often, multiple times a minute. (some ppl in the list may have access to this data and know it very well) They can easily profile you and know when you're at home, and when you're gone. Some people may find this interesting... To have a really meaningful discuss on the privacy implications, we would need to see the data model, and the frequency that they pool the data. /giovane
Re: ISP data collection from home routers
Friends only Facebook? Do you think Facebook, the company with the data, cares if you have a particular flag set??? Who cares about the SSID??? On Thu, Mar 24, 2022 at 9:40 AM Lady Benjamin Cannon of Glencoe, ASCE < l...@6by7.net> wrote: > Without disagreeing that privacy concerns in general are rapidly becoming > extinct with generations… > > Surely you are not suggesting that my friends-only Facebook profile is > somehow publishing my WiFi SSID? > > (For example) > > Ms. Lady Benjamin PD Cannon of Glencoe, ASCE > 6x7 Networks & 6x7 Telecom, LLC > CEO > l...@6by7.net > "The only fully end-to-end encrypted global telecommunications company > in the world.” > > FCC License KJ6FJJ > > Sent from my iPhone via RFC1149. > > On Mar 24, 2022, at 6:26 AM, Josh Luthman > wrote: > > > I'm surprised we're having this discussion about an internet device that > the customer is using to publicize all of their information on Facebook and > Twitter. Consumers do not care enough about their privacy to the point > where they are providing the information willingly. > > >Consumers should have legal say in how or wether their data are harvested > and also sold. > > They do. https://www.fcc.gov/general/customer-privacy > > > On Thu, Mar 24, 2022 at 9:12 AM Lady Benjamin Cannon of Glencoe, ASCE < > l...@6by7.net> wrote: > >> This is an enormous problem, see: >> https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect-troves-personal-data-users-have-few >> >> Consumers should have legal say in how or wether their data are harvested >> and also sold. >> >> Ms. Lady Benjamin PD Cannon of Glencoe, ASCE >> 6x7 Networks & 6x7 Telecom, LLC >> CEO >> l...@6by7.net >> "The only fully end-to-end encrypted global telecommunications company >> in the world.” >> >> FCC License KJ6FJJ >> >> Sent from my iPhone via RFC1149. >> >> On Mar 24, 2022, at 3:44 AM, Giovane C. M. Moura via NANOG < >> nanog@nanog.org> wrote: >> >> Hello there, >> >> Several years ago, a friend of mine was working for a large telco and his >> job was to detect which clients had the worst networking experience. >> >> To do that, the telco had this hadoop cluster, where it collected _tons_ >> of data from home users routers, and his job was to use ML to tell the >> signal from the noise. >> >> I remember seeing a sample csv from this data, which contained >> _thousands_ of data fields (features) from each client. >> >> I was _shocked_ by the amount of (meta)data they are able to pull from >> home routers. These even included your wifi network name _and_ password! >> (it's been several years since then). >> >> And home users are _completely_ unaware of this. >> >> So my question to you folks is: >> >> - What's the policy regulations on this? I don't remember the features >> (thousands) but I'm pretty sure you could some profiling with it. >> >> - Is anyone aware of any public discussion on this? I have never seen it. >> >> Thanks, >> >> Giovane Moura >> >>
Re: ISP data collection from home routers
Without disagreeing that privacy concerns in general are rapidly becoming extinct with generations… Surely you are not suggesting that my friends-only Facebook profile is somehow publishing my WiFi SSID? (For example) Ms. Lady Benjamin PD Cannon of Glencoe, ASCE 6x7 Networks & 6x7 Telecom, LLC CEO l...@6by7.net "The only fully end-to-end encrypted global telecommunications company in the world.” FCC License KJ6FJJ Sent from my iPhone via RFC1149. > On Mar 24, 2022, at 6:26 AM, Josh Luthman wrote: > > > I'm surprised we're having this discussion about an internet device that the > customer is using to publicize all of their information on Facebook and > Twitter. Consumers do not care enough about their privacy to the point where > they are providing the information willingly. > > >Consumers should have legal say in how or wether their data are harvested > >and also sold. > > They do. https://www.fcc.gov/general/customer-privacy > > >> On Thu, Mar 24, 2022 at 9:12 AM Lady Benjamin Cannon of Glencoe, ASCE >> wrote: >> This is an enormous problem, see: >> https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect-troves-personal-data-users-have-few >> >> Consumers should have legal say in how or wether their data are harvested >> and also sold. >> >> Ms. Lady Benjamin PD Cannon of Glencoe, ASCE >> 6x7 Networks & 6x7 Telecom, LLC >> CEO >> l...@6by7.net >> "The only fully end-to-end encrypted global telecommunications company in >> the world.” >> >> FCC License KJ6FJJ >> >> Sent from my iPhone via RFC1149. >> On Mar 24, 2022, at 3:44 AM, Giovane C. M. Moura via NANOG wrote: >>> Hello there, >>> >>> Several years ago, a friend of mine was working for a large telco and his >>> job was to detect which clients had the worst networking experience. >>> >>> To do that, the telco had this hadoop cluster, where it collected _tons_ of >>> data from home users routers, and his job was to use ML to tell the signal >>> from the noise. >>> >>> I remember seeing a sample csv from this data, which contained _thousands_ >>> of data fields (features) from each client. >>> >>> I was _shocked_ by the amount of (meta)data they are able to pull from home >>> routers. These even included your wifi network name _and_ password! >>> (it's been several years since then). >>> >>> And home users are _completely_ unaware of this. >>> >>> So my question to you folks is: >>> >>> - What's the policy regulations on this? I don't remember the features >>> (thousands) but I'm pretty sure you could some profiling with it. >>> >>> - Is anyone aware of any public discussion on this? I have never seen it. >>> >>> Thanks, >>> >>> Giovane Moura
Re: ISP data collection from home routers
I'm surprised we're having this discussion about an internet device that the customer is using to publicize all of their information on Facebook and Twitter. Consumers do not care enough about their privacy to the point where they are providing the information willingly. >Consumers should have legal say in how or wether their data are harvested and also sold. They do. https://www.fcc.gov/general/customer-privacy On Thu, Mar 24, 2022 at 9:12 AM Lady Benjamin Cannon of Glencoe, ASCE < l...@6by7.net> wrote: > This is an enormous problem, see: > https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect-troves-personal-data-users-have-few > > Consumers should have legal say in how or wether their data are harvested > and also sold. > > Ms. Lady Benjamin PD Cannon of Glencoe, ASCE > 6x7 Networks & 6x7 Telecom, LLC > CEO > l...@6by7.net > "The only fully end-to-end encrypted global telecommunications company > in the world.” > > FCC License KJ6FJJ > > Sent from my iPhone via RFC1149. > > On Mar 24, 2022, at 3:44 AM, Giovane C. M. Moura via NANOG < > nanog@nanog.org> wrote: > > Hello there, > > Several years ago, a friend of mine was working for a large telco and his > job was to detect which clients had the worst networking experience. > > To do that, the telco had this hadoop cluster, where it collected _tons_ > of data from home users routers, and his job was to use ML to tell the > signal from the noise. > > I remember seeing a sample csv from this data, which contained _thousands_ > of data fields (features) from each client. > > I was _shocked_ by the amount of (meta)data they are able to pull from > home routers. These even included your wifi network name _and_ password! > (it's been several years since then). > > And home users are _completely_ unaware of this. > > So my question to you folks is: > > - What's the policy regulations on this? I don't remember the features > (thousands) but I'm pretty sure you could some profiling with it. > > - Is anyone aware of any public discussion on this? I have never seen it. > > Thanks, > > Giovane Moura > >
Re: ISP data collection from home routers
This is an enormous problem, see: https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect-troves-personal-data-users-have-few Consumers should have legal say in how or wether their data are harvested and also sold. Ms. Lady Benjamin PD Cannon of Glencoe, ASCE 6x7 Networks & 6x7 Telecom, LLC CEO l...@6by7.net "The only fully end-to-end encrypted global telecommunications company in the world.” FCC License KJ6FJJ Sent from my iPhone via RFC1149. > On Mar 24, 2022, at 3:44 AM, Giovane C. M. Moura via NANOG > wrote: > > Hello there, > > Several years ago, a friend of mine was working for a large telco and his job > was to detect which clients had the worst networking experience. > > To do that, the telco had this hadoop cluster, where it collected _tons_ of > data from home users routers, and his job was to use ML to tell the signal > from the noise. > > I remember seeing a sample csv from this data, which contained _thousands_ of > data fields (features) from each client. > > I was _shocked_ by the amount of (meta)data they are able to pull from home > routers. These even included your wifi network name _and_ password! > (it's been several years since then). > > And home users are _completely_ unaware of this. > > So my question to you folks is: > > - What's the policy regulations on this? I don't remember the features > (thousands) but I'm pretty sure you could some profiling with it. > > - Is anyone aware of any public discussion on this? I have never seen it. > > Thanks, > > Giovane Moura
RE: ISP data collection from home routers
It sounds like the kind of data you can retrieve through TR-069. To be able to use it, you have to either log on to the router and set the TR-069 server, or push out the setting via DHCP, which means you need to have layer 2 access to the device. This limits the ability to apply/change the setting. Yes, there is a scary amount of data you can collect, including the wifi name and password. You can also push out settings to the devices, which is the main purpose. If a customer calls up and says their wifi isn't working, you can reset the password for them and get them to try again rather than trying to talk them through how to do it themselves. -Original Message- From: NANOG On Behalf Of Giovane C. M. Moura via NANOG Sent: Thursday, 24 March 2022 9:44 PM To: North American Network Operators' Group Subject: ISP data collection from home routers Hello there, Several years ago, a friend of mine was working for a large telco and his job was to detect which clients had the worst networking experience. To do that, the telco had this hadoop cluster, where it collected _tons_ of data from home users routers, and his job was to use ML to tell the signal from the noise. I remember seeing a sample csv from this data, which contained _thousands_ of data fields (features) from each client. I was _shocked_ by the amount of (meta)data they are able to pull from home routers. These even included your wifi network name _and_ password! (it's been several years since then). And home users are _completely_ unaware of this. So my question to you folks is: - What's the policy regulations on this? I don't remember the features (thousands) but I'm pretty sure you could some profiling with it. - Is anyone aware of any public discussion on this? I have never seen it. Thanks, Giovane Moura