NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ NNSquad ] Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)
- To: nnsquad@nnsquad.org
- Subject: [ NNSquad ] Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)
- From: "David P. Reed" <dpreed@reed.com>
- Date: Fri, 09 Oct 2009 21:53:40 -0400
I don't see where Comcast is being transparent about *how* they do this,
or giving customers a chance to opt-in or -out.
If I send a lot of email, why does that make me a "bot"? Maybe I just
send a lot of email.
If the contents of my communications are being "scanned", why is that
legal? Why does Comcast care?
I might choose (if it were explained to me what was happening and what
the risks are to my privacy or being accused of a crime or hauled off as
a "suspected child pornographer" because I sent pictures of my naked
child) to have this service, or not.
But to be honest, in most markets, Comcast is the only real choice, and
imposing their "features" on me might not be what I want, even if they
"market" it as a *good thing*. If there were serious competition
(multiple providers, and no special "franchise" deals with local
governments that block new competitors, perhaps customers would have a
choice. However, most do not have other choice for highspeed Internet,
except Hobson's: "take that or nothing at all").
I'm really not impressed by these moves by Comcast. Livingood already
sent out an email saying that they redirect DNS service to a service
that sends certain names to hosts that do not have those names
registered, but which will respond with advertising-only websites.
This is not the way the Internet is designed to work.
Comcast supposedly cleaned up its act. Now it's backsliding - forcing
secret and invasive services on customers. On day one, they will "love
it" (especially in the Comcast-authored press release).
[ I am personally willing to give Comcast the benefit of the
doubt for the moment on this project and see where it leads.
It could potentially be useful, but it would also be easy for
Comcast to overplay its hand.
A number of possible issues:
- How intrusive will monitoring be? Will packet payloads be scanned?
If so, this likely is immediately a serious privacy problem.
- How often will their scanning operations trigger firewall
or other protective alerts that users already have
installed?
- False positives? Non-evil bots and other innocent
applications falsely categorized as evil bots?
- Legit e-mail sending daemons categorized as spam senders?
Notifications: The implication is that they plan a browser pop
up. That may mean interfering directly with the TCP/IP
stream. True, this shouldn't happen frequently to any given
user for such security notices, but once Comcast has such a
capability (if that is indeed their methodology) the
inclination to use it for other less critical purposes as well
could be strong.
I think the success of this project will depend largely on how
transparent Comcast is about exactly what they're doing and
how they react to any problems that their system may cause.
If Comcast takes a "We can't tell you exactly what we're doing
because that would reveal too much to the bad guys" approach
then we potentially could have a significant dilemma on our
hands.
-- Lauren Weinstein
NNSquad Moderator ]