http://www.christopher-parsons.com/blog/technology/analysis-ipoque-dpi-and-copyright/
http://www.christopher-parsons.com/blog/technology/analysis-ipoque-dpi-and-encryption/
http://www.christopher-parsons.com/blog/technology/analysis-ipoque-dpi-and-bandwidth-management/

Looking CRTC submissions, it isn’t immediately apparent to me that ISPs have particularly detailed consumer logs. ISPs have a tendency to aggregate data sets, with most individuated alerts about network uses coming up when something ‘weird’ appears (e.g. when a computer attached the network is infested with hostile code and starts spamming the network, that activity is seen and the computer removed from the network until the issue is cleared up). Don’t get me wrong – if we read whitepapers from actual DPI vendors we can see that there is the potential to do really unpleasant things, including *very* detailed user tracking. The concern is that, once these devices are in place, third-parties will be able to exert influence and have ISPs actually begin tracking users in a very granular fashion. This is an entirely justified and legitimate worry, but isn’t one that necessarily follows from inserting any old DPI appliance in a network – certain vendors’ products can do this easily, others cannot.

As a note: in terms of encrypted traffic it is possible for many DPI appliances to identify what program is attempting to establish a connection based on the initial exchange of packets between programs. This is one of the key ways that Skype is identified, as well as some P2P protocols. In these cases, there is a heuristic analysis of packet sizes and transmissions – if this analysis is performed and an appliance applies its rulesets without creating a consumer profile (X customer used Skype on days A,B,C,D,etc) has there been an infringement on the consumer’s privacy? (This is an open question – I’m not trying to be rhetorical, just trying to open up a bit what we mean by ‘privacy’ in these discussions.)

Please take a CISCO CCNA course before saying things like “WTF??? How the hell can inspecting a packet help you take an IPv4 address and put it on an IPv6 network without modifying the contents of the packet? And I thought you just said in point 6 you don’t inspect the content? How do you even know it’s an IPv4 packet then?”
The 4 bits of an IP packet (in the header, not the DATA portion of the packet) tells you what version of IP protocol is being used. If you say that reading thoes 4 bits is a privacy violation you might be more concerned to know every router will read further into the packet to decide where to forward that packet… if you take the header of an IPV4 packet, and rip it off, and exchange it with a header with ’similar’ information, but using 128bit addresses and changing the first 4 bits to 0110… you performed some level of packet inspection and created a IPV4-IPV6 router. I am sorry you feel the internet is a giant privacy concern to you and that your pornz have been slowed. Also sending a packet with the reset bit set in the header is only impersonating the ISP’s own IP address (which they would also own the product) to the other ISP.

Instead of being confused and wrong, please get some real world education. We have a great university in Waterloo, you probably already know that because you also got drunk at a Sandvine recruiting event where you heard about that “database product” and came to your own drunken suspicions.

Sadly shepd you are embarrasing my hometown as well. Using shortforms as STFU, WTF etc. just take away any credibility you build.

The internet was never designed to be last mile to last mile. It was designed to connect in a “mesh”. Instead of mopeing about DPI you should be more concerned about the monopolies owning the last mile of network. Call group telecoms old number… press 1 for sales and get rogers… 2 for support and get Bell. Rogers owns GT. Charter communications filed for chapter 11. Bell has filed a tarrif for “Usage based billing” in which they will be billing wholesale DSL ISPs for Data usage on the last mile. ISPs still pay for the data usage to their transit providers. Congestion during peak hours means an internet provider may not be able to provide resonable VOIP experience unless other non real-time protocols are managed.

If your post office was overloaded but could prioritize bills and cheques over junk mail, would you not want that so the bills and cheques arrived on time… also keeping in mind the junk mail keeps the post office from losing billions of dollars a year.

http://www.p2pnet.net/story/21212

The “content caching” you’re talking about doesn’t capture user data, it only caches the static elements of a popular site’s webpage, and that kind of stuff, and retaining it on geographically dispersed servers, with the intention of speeding up all the instances of that page being called. It’s got nothing to do with the users that access them. (Other names for this are “content delivery” and “content distribution service”.)

“Every ISP in the world has the capability in their network to single out a user and monitor their traffic”

The “capability” to do this comes from procedures they need to perform, and not from any mechanism that is in place and waiting to be used on “everybody” on the fly. Monitoring is done, by law and court order only, when cause has been presented (complaints, police investigation, etc.). Anything else would currently not be legal in Canada (not sure about the US now, where the Patriot Act seems to have perverted everything).

The provider needs to actually intercept data packets from and to the user in question (using the right packet headers), and copy and forward those packets to a computer, which would assemble and “recreate” what the user would be getting from them. They need to know who they’re looking for first, and sort his activities to find and reconstruct what they’re looking for. That’s how they trace child porn traffic for the RCMP.

“…what is the specific privacy loss?”

DPI equipment inspects each packet, logs content types and all packet headers, and keeps a record of individual user activity summaries. These summaries make it much easier to retrieve those packets that are still in cache, and it has been discussed that the packet caching (which I erroneously thought you were talking about before) be done for longer periods of time, thereby raising the question that our personal activities and privacy would no longer be considered as important as things like delivering countless “targetted” ads, or suing copyright infringers, while using the spin “finding child predators” as an incentive to overlook the all the other obvious implications.

DPI takes away the “dumb pipe” quality of a provider, as it saves individually-targetted and specific information on not only a network’s paying customers, but on those whose traffic needs to peer with that network. DPI takes away the “anonymity” of the current packet transfer protocol by IDENTIFYING EACH USER it collects logs on, and by INTERCEPTING TRAFFIC to do so.

The privacy issues are endless.
And, by the very definition of what DPI does, it should be considered a violation of current privacy law.

Sandvine seem to be saying that obfusaction prevents traffic management.
Um – crap.
Traffic management is required for QOS and QOS only.
If some of the traffic wants to masquerade as different port utilisation then iut will either miss out on obtaining better QOS or be included in QOS by accident.

And actually – he is quite incorrect about being able to obtain the result by dpi.
128 bit encryption with fake headers bouncing of a remote proxy through a pvc is impossible to read – and I dont care what your patent claims mr sandvine group. It just cant be done.

But I tell you what – you write a paper that tells the truth – i.e: American protectionist FUD distribiution has forced the global internet community to experiment with new methods enabling discrete private data streams to make sure that when the commercially filetered internet does arrive in 2012, those individuals that havbe mastered the ART of CDMA type TCP-IP layer overlay with disparate ad-hoc on demand chaos based random routing – will still be able to cruise the net quite comfortably without being traced.

And Sandvine – if you dont join the team – you become part of the problem. And if you’re part of the problem, well then no-one is actually going to give you the solution. So I guess, the academics have been right all alone – surprise surprise surprise (gomer pyle accent). We do have a need for Internet 2.
Damn – I really did think that government would come to its senses.

Everyone – load PVC’s – take aim at neutral virtual proxy and fire.

Sesame Street today was brought to you by the letter i as in invisible, the R as in you’re wRong and letter S as in “duck Sucker” (any “A fist full of Dynamite” fans out there ?

Ask shepd, who seems to think public vs private is a big deal.

“Content caching is done on the fly, doesn’t interfere with the service (actually improves it), doesn’t examine the data packets (just caches them), and the content is dumped as soon as it’s no longer required by the USER (no retention when done).”

It’s not dumped when the user’s done with it. That’s the whole point of caching. It’s retained for a certain amount of time, in case the same person (or someone else) requests it soon afterward.

“If they could “see” anything, groups like the RIAA would be totally badgering the providers for a “front row seat”, to see and record all the copyright infringements “as they go by”.”

This is nonsense. Every ISP in the world has the capability in their network to single out a user and monitor their traffic. They have to, it’s the law. With a court order, the police can require an ISP to monitor any given user’s Internet traffic, and get all of it. So if the idea is that DPI is giving privacy-impairing capabilities to ISPs that they don’t already have, then it’s wrong. And the RIAA doesn’t need this capability to figure out who is copying files (they just get on the P2P network).

So again, what is the specific privacy loss?

What difference should it make if the network itself is private?!
(Not that most actually aren’t anyway, or wouldn’t exist without public money, but…)
The USER DATA isn’t owned by the provider, who’s getting paid to transfer it.
___________________________________

“The privacy implications seem very stretched to me, though. Isn’t content caching a far more invasive feature of ISPs?”

No, it’s not.
Content caching is done on the fly, doesn’t interfere with the service (actually improves it), doesn’t examine the data packets (just caches them), and the content is dumped as soon as it’s no longer required by the USER (no retention when done). Compare content caching to the RAM chips in your computer.

DPI digs into the packets, interferes with the flow, and records information on them.
This information is retained for set periods of time, or “permanently” in some cases.
Why do you think there’s so much discussion from police forces and other interests about legalizing DPI??
Some are completely drooling over the amount of information they would have access to that wouldn’t have normally been kept by the providers.

“Of course they see the content.”

No, they don’t.
The content you transfer is dismantled at the transmission user’s end into smaller data packets, and reassembled at the receiving user’s end.

Normal equipment doesn’t exactly “see” anything, nor does it assemble the packets it caches into a “viewable” form at the provider end. Nor does the provider know what packets belong to a specific transfer or user. Providers would need to pick out a specific user, sort only those packets into their respective transfer clusters, and reassemble it the way a computer reassembles it at the user end, in order to “see” anything. Providers wouldn’t have the time, desire, or incentive to rig that kind of thing up. That’s essentially what makes a provider a “dumb pipe”. DPI would change that significantly.

If they could “see” anything, groups like the RIAA would be totally badgering the providers for a “front row seat”, to see and record all the copyright infringements “as they go by”.

Providers are supposed to be “dumb pipes”.
They’re not going to be allowed to open data packets to determine their contents, if we, collectively, can help it at all!
Content control by the ISPs, as well as loss of user privacy, would be two of the many negative results if we don’t.

The privacy implications seem very stretched to me, though. Isn’t content caching a far more invasive feature of ISPs? Why does nobody care about caching? Is it simply because people don’t like DPI (it makes BitTorrent slow) and do like content caching (it makes the web much faster)?

We’re complaining about programs ’seeing’ our content. Of course they see the content. Routers have to copy those bits all over the place to get them to the destination; they can’t copy it without ’seeing’ it. Caching is far worse because it leaves the bits in one place where they can be inspected after the fact. DPI is just a bunch of heuristics that makes decisions based on certain properties of the data. What are the specific privacy concerns there?

The trouble with DPI is, it sees EVERYTHING going IN and coming OUT of that provider’s network.
Even networks that wouldn’t be using DPI would still have to peer with those that would be.

Even “opting out”, if such an option was offered by networks that use it, would need to be done with EVERY DPI-USING PROVIDER ON THE PLANET, in order to effectively opt out of the practice. Even if that choice was honoured by each provider, your traffic would still have to line up with everyone else’s and pass through these DPI units. (Your service would still be degraded, by default, by a factor times the number of DPI units it needs to pass through.)

This essentially makes DPI totally “public”, and should be absolutely illegal.

This is a very strange definition of public. Usually the distinction has to do with ownership. If I allow someone use of my property by contract, and I don’t abide by the terms of the contract, then this is a tortious conduct. I haven’t read that closely any ISP customer agreements, but if ISP’s behaviour contradicts what’s in the agreement then I’m sure it wouldn’t be hard to get a lawyer to take on the class action suit.

“If I funnel my BitTorrent traffic through VPN, or my sole net usage is transferring data loads over VPN, guess what kind of traffic the DPI would mark on an egress port of my router?”

I would call it VPN traffic, no matter what you are doing. DPI is impossible on tunneled IPSec traffic, unless your DPI engine knows something the information security profession doesn’t.

BitTorrent over VPN would be crap, though.

“No, shepd is right here. Why? Becouse you simply can’t generalize ‘IPv4′ is not a data content.”

I’m not sure why the definition matters. The point is that networks cannot support IPv6 tunneling without ‘inspecting’ what comes after IPv4 headers. If you insist on creating a bright-line network rule of “don’t read what comes after a packet’s layer 3 header”, then the ISATAP RFC becomes illegal to implement.

> Bell and Rogers using DPI is private usage. It happens on their own privately-owned networks, which customers have paid
> for the right to put their traffic on.

1. Customer is the one who designates the use of type, content, priority and timing of his communication over the internet. Noone has the right to stomp upon his right of free decision. So NO, DPI usage is not matter of ISP deciding whether to use it or not. Customer must give him right to do so first. If he does not, its use is public use (= without knowing customer, his opinion, and using it thus on all the traffic).

2. Show me, where customer gives its ISP the right to manipulate his/her own originated/destined traffic, in the agreement between customer and ISP.

3. Customer is the one who comes to ISP with demand. Network wouldnt be there without people interrested to use it; they drive it. Without customer demand, the ISP can pack up and go away, it is useless, at least as a business. So: Customer is the one who primarily decides, NOT ISP.

>> “In my opinion, nothing is a bigger hog than work VPNs.”
>
> That’s a pretty ill-informed opinion. If I’m active on BitTorrent, I’m using about 10-20 times the bandwidth as when I’m
> active on my work VPN connection.

VPNs *may* be fair much more hogs; it depends on technology usage. If I funnel my BitTorrent traffic through VPN, or my sole net usage is transferring data loads over VPN, guess what kind of traffic the DPI would mark on an egress port of my router?

So, neither you nor shepd are right on this point. However, if customer decides to prioritize certain traffic, ISP has no right to thwart such his decision by giving it. ISP must stay network usage-agnostic (a.k.a. “best effort” model), at least in their own network, unless they both have agreed upon something else. See point 1 in my reply above.

>> “And I thought you just said in point 6 you don’t inspect the content? How do you even know it’s an IPv4 packet then?”
>
> This is just being obtuse. The IP header isn’t the content. If you disallow inspection of IP headers, then the Internet might
> not work so well. I’m not sure if you really don’t know how ISATAP works or if you’re just pretending for the sake of being
> argumentative.

No, shepd is right here. Why? Becouse you simply can’t generalize ‘IPv4′ is not a data content. It again may be, depending on use. Guess what will happen if I’ll create an IPSec connection in tunneling mode? The original IPv4 header is part of data payload. What will happen if my application packs an IPv4 header as a means of app-driven routing information? Again, this is content. So: anything *data* is content, part of it is just being marked ‘header’ for purpose of specific program handling (routing decision, manipulation/marking, logging, etc.). In this sense, it is no different than anything that follows header.
And no, do not object this is just wording. This is definition. If you have more exact one, go ahead and beat it.

Bell and Rogers using DPI is private usage. It happens on their own privately-owned networks, which customers have paid for the right to put their traffic on.

“In my opinion, nothing is a bigger hog than work VPNs.”

That’s a pretty ill-informed opinion. If I’m active on BitTorrent, I’m using about 10-20 times the bandwidth as when I’m active on my work VPN connection.

“And I thought you just said in point 6 you don’t inspect the content? How do you even know it’s an IPv4 packet then?”

This is just being obtuse. The IP header isn’t the content. If you disallow inspection of IP headers, then the Internet might not work so well. I’m not sure if you really don’t know how ISATAP works or if you’re just pretending for the sake of being argumentative.

All Sandvine submitted was a commercial.

An attempt to get attention using the tax payers regulatory website to submit a commercial that lacks in substance.

Maybe P2Pnet.net should use the CRTC as a commercial avenue as well. After all P2PNet is Canadian also.