DPI is GOOD for you: ‘Um – crap’
p2pnet news view Freedom | P2P:- “I’m flabbergasted.”
That’s p2pnet contributor Tom Koltai, an Australian economist who’s also run ISP operations in his time.
What was it that took his breath away?
The declaration that, according to Canadian ‘Traffic Optimization’ company Sandvine, DPI (Deep Privacy Invasion) is essential to broadband networks as we understand them.
“Sandvine seems to be saying obfusaction prevents traffic management,” Tom says in a comment post to our story, yesterday, which kicked off with »»»
DPI, Deep Privacy Invasion (or Deep Packet Inspection) is the tool used by disgracedbehavioural targeting firm Phorm on behalf of giant UK provider BT, as well as other companies.
British government approval of the technology has gotten it into a costly and politically disastrous lawsuit with the European Commission.
In Canada, its use inspired the federal privacy commissioner to launch an anti-DPI site which states clearly and unequivocally:
Deep packet inspection is just one seemingly neutral technological application that can have a significant impact on privacy rights and other basic civil liberties, especially as market forces, the enthusiasm of technologists and the influence of national security interests grow stronger.
DPI is employed by a company called Sandvine, based in Waterloo, Ontario, and which has now submitted a CRTC filing on Network Management (TPN2008-19 Review of Internet Traffic Management Practices of Internet Service Providers) in which it claims “DPI is necessary,” says Sandvine Fluff in a dslreports comment post.
In it, “DPI is necessary for the identification of traffic today because the historically-used ‘honour-based’ port system of application classification no longer works,” says Sandvine.
“Essentially, some application developers have either intentionally or unintentionally designed their applications to obfuscate the identity of the application. Today, DPI technology represents the only effective way to accurately identify different types of applications. ”
Really?
“Um – crap,” posted Tom. Traffic management is required for QOS [quality of service], “and QOS only”.
If, “some of the traffic wants to masquerade as different port utilisation, it will either miss out on obtaining better QOS, or be included in QOS by accident,” he states, saying Sandvine is, “quite incorrect about being able to obtain the result by DPI”.
Tom goes on »»»
128 bit encryption with fake headers bouncing of a remote proxy through a PVC is impossible to read — and I don’t care what your patent claims, Mr Sandvine Group.
It just can’t be done.
But I tell you what: you write a paper that tells the truth, ie: American protectionist FUD distribution has forced the global internet community to experiment with new methods enabling discrete private data streams to make sure that when the commercially filtered internet does arrive in 2012, individuals who’ve mastered the ART of CDMA type TCP-IP layer overlay with disparate ad hoc on-demand chaos based random routing, will still be able to cruise the Net quite comfortably without being traced.
And Sandvine —- if you don’t join the team, you become part of the problem. And if you’re part of the problem, well then, no-one is actually going to give you the solution.
So I guess the academics have been right all along, surprise surprise surprise (gomer pyle accent).
We do have a need for Internet 2.
Damn – I really did think government would come to its senses.
Everyone —- load PVCs, take aim at neutral virtual proxy and fire.
Sesame Street today was brought to you by the letter i as in invisible, the R as in you’re wRong and letter S as in “duck Sucker” (any “A fist full of Dynamite” fans out there ?
Stay tuned.
May, 2009
Use free p2pnet newsfeeds for your site. It’s really easy! Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
May 2nd, 2009 at 12:45 pm
Obviously DPI needs to go away, meanwhile what do you mean by PVCs??
Im not familar with the term, (yeah i know its lame) but i am trying to
learn all i can to keep my privacy intact! google is bad enough as is
I damn sure dont want DPI, what’s mine is mine, they dont have any right
to look at what I’m doing on the web, in my home, or wherever !!!
May 2nd, 2009 at 3:03 pm
Boy, what an utter load of male bovine excreta from Sandvine.
May 2nd, 2009 at 3:34 pm
Uh, okay, time for me to be how I usually am (smirk):
If “128 bit encryption with fake headers bouncing of a remote proxy through a PVC is impossible to read — and I don’t care what your patent claims, Mr Sandvine Group.”, then DPI is (wait for it) just another over-hyped product/technology which ultimately doesn’t live up to it’s expectations. In this case, DPI is pretty much futile, in that whatever it can’t read should immediately be built into a p2p (or privacy) type app, which is then GPL’ed.
I get really suspicious and dissapointed when I see people talking about how DPI needs to “go away” simply because of it’s potentially-odious consequences related to privacy. Don’t you think copyright fetishists thinks p2p technology should “go away?”
Luddite bullshit which blames the tools (much less seeks for the State to suppress them) smacks of Valenti’s “VCR == Boston Strangler” type stuff, and, personally, makes me have serious doubts as to why I support the p2p scene.
“Blame the tools” == no.
The solution to “privacy concerns” isn’t some kind of micro-regulated “managed” network where the State gets to ban stuff (EVEN if it’s “for our own good”). The solution is better p2p/privacy-related apps.
Oh wait, my bad — that’d actually mean we MEAN it when we say all that stuff about “innovation” and “Internet Freedom” and all the buzzwords “our side” trots out whenever we protest copyright law or stuff like that.
If it “can’t be done”, then they’re just another Clouseau (sounds pretty damn likely.)
If it CAN be done, then the solution isn’t to ban or suppress the technology in any way, but to “up the ante” by creating BETTER apps.
And, as far as the “commercial filtered Internet” — uhhh, you REALLY think that’s a concern there, Tom?
I’m probably as cynical as the rest of you guys in relation to our corporate Overlords, but Y’know what? Feeding into alarmist crap just contributes to that all-too-common problem where we have a lack of perspective, coupled with defeatism.
So we best clean our OWN psycological house before we start agitating that “seemingly neutral” technologies that we just don’t happen to like.
May 2nd, 2009 at 4:01 pm
I just found a really interesting link and quotation.
Before we go any further along this Luddite, tool-hating, shortsighted bullshit I’ve seen happening (using loaded terms like “seemingly neutral” to describe DPI simply because somebody claims it could maybe possibly pose some privacy concerns), read this: It’s by John Phillip Sousa, and it encapsulates just the kind of short-range “Ban it because it annoys me” reaction I’m talking about:
——————–
John Philips Sousa, 1906, The Menace of Mechanical Music
http://www.phonozoic.net/n0155.htm
“For the life of me I am puzzled to know why the powerful corporations controlling these playing and talking machines are so totally blind to the moral and ethical questions involved. Could anything be more blamable, as a matter of principle, than to take an artist’s composition, reproduce it a thousandfold on their machines, and deny him all participation in the large financial returns, by hiding back of the diaphanous pretense that in the guise of a disk or roll, his composition is not his property?
“Do they not realize that if the accredited composers, who have come into vogue by reason of merit and labor, are refused a just reward for their efforts, a condition is almost sure to arise where all incentive to further creative work is lacking, and compositions will no longer flow from their pens; or where they will be compelled to refrain from publishing their compositions at all, and control them in manuscript? What, then, of the playing and talking machines?”
May 2nd, 2009 at 5:39 pm
More good info.
As per usual (and I’m not blaming any specific person) the panic-bandwagon done left without me again
Some rules of thumb:
1. If it’s over-hyped, then it’s not as big a “threat”.
2. Moral panic related to some mysterious “They” is never a good thing. Ultimately, there IS no “they” — just a bunch of “we”, various factions of whom are trying to do various things, with more or less success at any given time. THIS is why perspective is important.
3. Buzzwords are the root of moral panic: whenever you look into something, it’s much more complicated, nuanced, and guaranteed to not be as monolithic as our soundbyte-culture would like us to believe. We SHOULD have been tipped off by Koltai’s statement questioning (or outright denying) Sandvine’s claims about it’s product’s efficacy, but somehow we weren’t.
Go to the link, read the stuff, and learn something about what you’re panicking about:
http://notquiteunhinged.blogspot.com/2009/03/demystifying-dpi.html
Y’know, you’d THINK p2p advocates wouldn’t be sucked in by loaded terminology like “seemingly-neutral technologies” and suchlike.
You’d THINK we’d all be “grown-up” enough to at least try to provide substantive information to fuel our debates, but that’s not what I’ve been seeing lately. Lately, I’m seeing a rising tide of panic, doomsaying, and calls for government to make entire technologies “go away” simply because they might, kinda, sorta, somehow impact your privacy.
Well like I said, copyright monopolists would desperately our ability to transfer files to “just go away”, because they figure us having that ability impacts their monopoly-concerns. Sorry, I don’t really see that much of a difference. I saw a version of this same “debate” happen when I was involved with the Ham Radio scene back in the 1990s.
Y’see, cellphones at the time tended to use a particular slice of spectrum up around 800 Mhz. Well, people — being whiny, panicky and short-sighted like they tend to be in these cases — succumbed to a moral panic about how somebody might be listening in on “their” conversations.
Y’know what the “solution” was?
Mandatory crippling of scanners and other recievers, with the result that they also performed poorly around the various harmonics of said frequencies. Predictably, a thriving “modding”-scene sprang up with people figuring out how to “correct” the 800 Mhz. block (sometimes by snipping a single wire.)
Y’know why they did that? The principle of the thing — JUST like (for instance) how p2p advocates complain about DRM restrictions.
So yeah, the hysteria, moral panic, and downright, “Valenti-ness” of the reactions to DPI is just dissapointing to me, because to some degree I’ve seen it before.
(Hint: Cellphones and cordless telephones now encorporate various forms of encryption right out of the box, and no longer even USE the frequency range effected by the 800 Mhz ban — BUT THE BAN IS STILL THERE.
Yeah, I’m weird.
Flame on
May 2nd, 2009 at 5:51 pm
Hey Henry:
IMO, Deep Privacy Invasion isn’t over-hyped: it’s under-hyped. It’s bad enough as an ‘advertising’ tool, but it has the potential for a great many other uses.
That DPI has been around for a while but has only just caught the public eye doesn’t make it any less dangerous. The same could be said for ‘traffic management’.
When you’ve been to notquiteunhinged, go here http://www.p2pnet.net/story/19819 and for other opinions, choose one or more of the people posting on the new Canadian Privacy Commission site, purpose-built to supply information on DPI.
You can even add a comment yourself.
Cheers!
May 2nd, 2009 at 6:06 pm
Jon:
Thanks for the response. Don’t mind me — I’m just in one of my “moods”
“That DPI has been around for a while but has only just caught the public eye doesn’t make it any less dangerous. The same could be said for ‘traffic management’.:
So DPI is “dangerous”?
What about p2p? The problem — and you didn’t really address this in your response — is that we’re seeing whole technologies lumped together, and demonized because they might potentially have “bad uses”. Oh goody, so we find ourselves on the RIAA’s side now.
As for commenting on policy blogs and stuff, nah.
1. I’m not Canadian — you guys have to take your legal battles on yourselves.
2. Having said that, I just think scare-mongering is a bad approach, and most of what I’ve been seeing lately (not just here mind you) is becoming that level of discourse. Look back at the “swine flu” thread to see what I mean.
My point remains:
Either Koltai is right that Sandvine is overstating the effectiveness of their product, or he’s wrong.
Either way, creating some kind of scare-scenario about the uses to which a particular technology “might” be put — is just a recipe for disaster.
What’s next? Calls to ban email as a method for combatting Spam?
I don’t buy it.
May 2nd, 2009 at 6:42 pm
Henry:
It isn’t just Canada. It’s the UK and the US of A. For the moment. And it isn’t scare-mongering. It’s paying attention.
“Either way, creating some kind of scare-scenario about the uses to which a particular technology “might” be put — is just a recipe for disaster.”
For me, there’s nothing sudden about this, and there’s no ‘might’. It’s happening. DPI is another element of something I’ve been writing about for years — the invasion of privacy by dedicated advertising companies such as Google, Yahoo, Fa$ebook, et al, with Microsoft in the wings.
The same danger exists from all of them: they invade your privacy, scoop your data and with the right (wrong, in other words) incentives, can be persuaded to hand details you’d rather keep to yourself to people you’d rather not have them, all the while throwing up their hands and claiming they had no choice.
Cheers!
May 2nd, 2009 at 7:41 pm
@Henry:
“If it CAN be done, then the solution isn’t to ban or suppress the technology in any way, but to “up the ante” by creating BETTER apps.”
There’s a problem with your “parallel” here.
You can’t simply compare the issue of “allowing DPI” to some “you can’t outlaw technology, like they tried with the VCR” argument.
DPI is not exactly a new form of technology.
It’s not like some brand new device being offered for general consumption that is being perceived by certain industries as giving people resources that would threaten their business model (like they thought with the VCR). It’s an exploitation of a currently-used technology (network service) in order to INTERCEPT ITS TRAFFIC before it gets to be transferred to where it’s going, determine its contents, log actual user activity, and to make decisions on what to do with the results. The “interests” that always want to outlaw any technology usually complain that provides “competing resources” TO THE USERS of that technology.
Whether the CURRENT models of DPI really do or don’t work that well does not enhance your parallel either.
Bear in mind, there is no way for users to “counter” this interception, as it’s designed to happen at the provider level. DPI may not be able to open all the packets now, but if we relax about that, thinking we can fall back on encryption and other methods, we open the door to giving ISPs the okay to have this hardware on the trunk lines, slowing down ALL transfers, and develop the means to open ALL packets later.
“Better apps” won’t help anyone at that point.
The only way to compete with this would be to build our own networks.
Even if we could do that, there are already laws in place that forbid it.
Nope. It’s not the same argument as “banning new technology” as far as I’m concerned.
It’s a question of not only how much latitude we think providers need and deserve in regards to our personal business, but also a question of what we’re paying them to do, only to have them degrade that with an activity that gives no value to its customers, more value to those that would abuse them, and theatens to remove a few of the most useful qualities of the Internet – the very “anonymity” in its usage and the free flow of information being a couple of examples.
The VCR didn’t threaten to cripple the television.
And, it didn’t threaten to sabotage the networks that transmitted television, or gather “3rd party data” to be exploited or capitalized on by television’s users, or used against the privacy or propriety of the networks. The only similarity that exists in these 2 scenarios is that the VCR was “inline” with the TV, like DPI is with a network. But, the signal it “intercepted” was already at its final destination, was not being used afterward by anyone else, and didn’t contain anything that affected anyone else anyway. And, the VCR didn’t interfere with other TV users’ service.
The comparison of “VCR versus Network Protocol”, might come closer to a parallel of “independent new technologies”. Both offered new ground in communication, I suppose. P2P is simply the use of various applications that exist because of network technology, therefore “P2P versus Network” doesn’t hold water either.
Anything that connects inline with a network can only be a “network device”, like switches, routers, etc. We don’t object to new forms of switching and routing, because they promote the transfer of network protocol. DPI doesn’t promote transfers, it interferes with them, and therefore by its own design alone, should not be an acceptable form of network device.
DPI is not something being introduced with any real public benefit in mind, or plausible explanation of why it would be necessary or beneficial to anyone else except those who want to spy on users. The need to spy is a dubious one, at best, and it seems to be a very bad idea to accept that activity from just anybody and performed freely on everybody.
May 2nd, 2009 at 8:09 pm
Hoo Boy… all I wanted to say is that DPI has been round for years. In fact I remember trying to sort my incoming packets based on the header data in 1994 – directing users to a cache box depending on port request.
(Mind you in 1994 it was pretty easy. User traffic was predominantly HTTP, SMTP, FTP and the hackers Telnet – so it was relatively easy).
By 1998 I was using an Alteon Switch to provide QOS to our corporate customers between 9:00 am and 5:00 pm.
There are to my knowledege several companies offering DPI created QOS to customers to differentiate their offering from others. This is good. This is what commerce is all about.
For Sandvine to claim that they have “discovered” that ports are no longer an honest representation of internet traffic is welll, I consider it one of those “DUH” moments…. “Hey guys, we can get some Publicity off this….. and maybe pick-up a contract or two.
Without going deep technical, I will say that port masking, has been around since hackers have existed and is how the majority of
virii, malware and spam bots are installed and controlled.
Why is this news ?
Oh – its news because because its a slow news day.
What I will say is that masking a packets real intent prior to creating a Private Virtual Circuit (PVC) or IPTunnel is easy and in this day and age should be done by all software for all private communications.
It’s like – no-one would consider putting a letter in an envelope – addressing it and then mailing it without sealing shut the flap – would they? So why do we send the equivalent unencrypted – clearly identified as private in plain text over the internet for anyone to read via email?
It’s got me beat.
I guess, at the beginning there wasnt an echelon. There werent Phishing scams, there werent Clickbank scams, and there werent 174 fake ed2k servers and over 200 fake seeders that required academics to devise a method of obfuscation and tunnelling and recognising fake server activity.
But all of this academic stuff is actually not really intended to stop DPI for file sharers. It is intended to continue development of “The Net” as unfortunately with Mobile Phones now the most used connecting device – IPV4 address space is close to broken. Therefore I comfortably predict – study IPv6, get comfortable with it, master it and continue browsing (DPI effect free) for many years to come……..
Tom
May 2nd, 2009 at 8:55 pm
It would be nice if we could simply let the providers do whatever the hell they want, while simultaneously shifting to something else, but in the end, it will still be the providers and corporate interests running the show the way we’re going.
Collectively, they’ll still “break” IPv6 the way IPv4 already is.
Everything that gets put into place gets reverse engineered in the end.
Providers will still claim the need to control it all, and other methods to open all packets will emerge.
And, providers and the other usual players will continue to challenge and “break” all consumer protection mechanisms as an additional measure to keep the corporates in charge.
DPI, throttling, and all sorts of corporate practices in this industry should all be challenged right now.
No other course of action will reclaim what we’ve already lost, let alone keep what we may lose later.
May 2nd, 2009 at 9:34 pm
Well, we have a tool – its called the Net.
Various “Blackouts” have been held to get the message across – unfortunately – not very successfully.
I think we should have a No Entertainment day. Where everyone in the world voluntarilly does not read, watch or listen to any media from any corporate entity.
i.e.: You may go to the theatre – IF it is a movie created by an independant producer. You may listen to a radio station IF it is a small locally owned station, you can buy a newspaper IF it is an independent newspaper.
You can browse the web IF you dont go to NYTimes, CNBC, MSN etc etc. In other words – why dont we show the “powers that be” that we dont want their version of eyeball control.
I think voting with “their” pockets has been the only way that the little people have ever coerced big business into listenting.
One days loss of revenues (globally) shoud impact the Big Business end of town to the tune of around 12 billion dollars in lost advertising and subsequent flow through – so how about it Jon – shall we organise a “No Big Corporation Media Allowed day” ? (NBCMA)
I really think the Internet Community needs to stop “bitching” about how unfair it all is and actually do something about it. But it has to be done in German, French, Farsi, Korean, Chinese, Hungarian as well as English.
We need people to start blogging about it if it is to occur.
Just an idea….
May 2nd, 2009 at 11:20 pm
The need to spy is a dubious one, at best, and it seems to be a very bad idea to accept that activity from just anybody and performed freely on everybody.
It’s like – no-one would consider putting a letter in an envelope – addressing it and then mailing it without sealing shut the flap – would they? So why do we send the equivalent unencrypted – clearly identified as private in plain text over the internet for anyone to read via email?
May 2nd, 2009 at 11:27 pm
Clicked go before i was done……..
These points made by D.A. and Tom only tend to make me think that I’m correct NOT to like the idea of DPI.
Granted my first post was brief and knee-jerk, but like i said what’s mine is mine, they dont have any right
to look at what I’m doing on the web, in my home, or wherever !!!
May 3rd, 2009 at 7:44 am
The real culprit is the ISP, who without the consent of its users, invited Phorm to monitor its users’ communication. The users assumed the ISP would maintain confidence and protect their communication against inspection. So, really, Phorm is simply a manufacturer/provider of communication inspections technology, and not actually the one with whom users should have a grievance. Either the users should ditch ISPs who invite Phorm in (difficult if users have no choice), or there should be regulation of ISPs to ensure they adhere to their users’ expectations of confidence – especially if they wish to preserve their common carrier status. Either an ISP inspects, reacts to, filters, or affects users’ communication and becomes liable for them, or it doesn’t. So, this is primarily an ISP regulation issue.
May 3rd, 2009 at 10:23 am
“The real culprit is the ISP”
This would seem to be the common denominator.
A truly ethical ISP (anyone heard of any lately?) would reject proposals from the “NebuAds” and “Phorms” of the world, or anyone else who would have them install DPI at the main door, and we wouldn’t be having this discussion.
Interestingly enough, if you look at DPI from the “network management” angle, you wonder why an ISP would even want to touch it. With the tasks DPI is supposed to perform, it can’t possibly do all that without slowing the flow of traffic passing through.
Then there’s the “liability” issue.
With DPI installed, wouldn’t that automatically make a provider the target for infinite demands from all sorts of “interested parties” for information it would yield? And, would DPI not open the door for the provider to be blamed for facilitating copyright infringement and other things, as they would appear to have the means to “know what they’re allowing” to be transferred through their network? “Safe Harbour”, by definition, would seem to be something the ISPs would stand to lose with DPI.
May 3rd, 2009 at 11:18 am
Crosbie says, “Either the users should ditch ISPs who invite Phorm in (difficult if users have no choice), or there should be regulation of ISPs to ensure they adhere to their users’ expectations of confidence – especially if they wish to preserve their common carrier status.”
That’s the half of it. However, IMO, companies such as NebuAd and Phorm still comprise the other, equally important, half. They’re dangerous not so much because they produce the technology (although that’s bad), but because they’re expert sophists and marketeers successfully promoting the concept to technically ignorant and ethically marred government bureaucrats, as well as the ever-gullible public at large, that Deep Privacy Invasion is not only acceptable, but desirable.
Henry suggests, “Go to the link, read the stuff, and learn something about what you’re panicking about: http://notquiteunhinged.blogspot.com/2009/03/demystifying-dpi.html“. There, the anonymous blogger states of traffic shaping, “I’ve justified this in the past and won’t attempt to do so again here,” and then goes to very considerable pains to excuse DPI.
But notquiteunhinged isn’t promoting a technology. He is in effect promoting a progression of ideas: that it’s OK to gather information and data, and then market them to anyone with the money to pay for their reuse in ways, and for purposes, the original owners haven’t agreed to, and without their explicit permission.
The major movie and music studios claim people who share with each other are thieves of corporate ‘product’. They’re not. But it plays well in the lamescream media.
The companies Phorm, et al, sell to, are, however, thieves, and in the strictest sense of the word: they use DPI to score something which doesn’t belong to them, and which wasn’t freely given to them. And Phorm, et al, are aiding and abetting — and promoting.
Crosbie is quite right: steer well clear of companies which use DPI — if you can identify them. Meanwhile, do every thing you can to discourage the idea that there’s anything good or legitimate about DPI used as a tool to mine data without the knowledge or consent of their owners, or the companies which develop and make technologies purpose-designed to do that.
Moreover, DO promote the thought that companies which insist they have a right to make and market DPI technologies do so only if their products include an up-front opt-in function in bold, black, type, with a detailed, easily accessible, description of precisely what the technologies do, how they do it, and the people who use it.
And Crosbie is also correct in suggesting, “there should be regulation of ISPs to ensure they adhere to their users’ expectations of confidence – especially if they wish to preserve their common carrier status”.
Google, Fa$ebook, etc, are cases — and laws — unto themselves, and just as dangerous, if not more so.
Cheers!
May 3rd, 2009 at 11:35 am
We are talking about “dangerous” and “ideas” and I would like to add a comment.
I arrived at P2PNet via Google and come here once in a while in much the same way people read The National Enquirer, and IMHO this site is itself dangerous.
Mr Newton is a technically ignorant person who writes about things about which he has no knowledge or experience.
Mr Emrich says “creating some kind of scare-scenario about the uses to which a particular technology “might” be put — is just a recipe for disaster. What’s next? Calls to ban email as a method for combatting Spam?” Mr Fitch says “Phorm is simply a manufacturer/provider of communication inspections technology, and not actually the one with whom users should have a grievance.”
They are both correct and that is all that needs to be said. Google and Facebook are simply companies which offer services for which they want to be paid, and there is nothing wrong with that.
Everything else is merely Mr Newton shooting off his mouth.
May 3rd, 2009 at 12:30 pm
Thank our lucky stars for people like Matthew!
If it weren’t for informative posts like that, we may never fully realize how dangerous P2Pnet is (and in particular, in comparison to such things as Google, Facebook and DPI!), and how we’re being hookwinked by a technical illiterate!
I’m sure I speak for many that you’ve enlightened in your travels when I say, thanks, Matthew, for straightening me out on all that! Man, I’ve been such a fool!…
: P
(…And ya wonder why sites like this exist!)
May 3rd, 2009 at 12:31 pm
Well, in addition to understanding the technicalities, there’s also politics, spin, and informing the public as what is going on, what the motives are, who the players are, and why this should be of great concern to them. That is Jon’s expertise, and I think he’s doing a great job.
If the users of ISPs aren’t aware of a problem, then they aren’t going to vote with their feet or their wallet. The geeks are fine, they’ll just use tunnelling, but the power to keep everyone on the straight and narrow (especially mercenary and unscrupulous corporations) comes from the people en masse.
May 3rd, 2009 at 1:30 pm
“Mr Newton is a technically ignorant person who writes about things about which he has no knowledge or experience.”
Well DAMN, if Jon knows less about this stuff than me, I’m screwed!!
thanks so much for shining light on the scam I’ve been buying into here.
So now move along everybody, nothin to see here……………RIGHT
May 3rd, 2009 at 2:36 pm
@Mathew.
You said:
“and IMHO this site is itself dangerous. ”
I agree with you. This site is dangerous.
It is dangerous to make people aware.
It is dangerous to have a place to speak about current happenings
It is dangerous to be able to reach an audience and show them trends going on that affect:
their rights to privacy, the ISP game of monetization for ever possible cent, the ISP-media game, the lobbying going on in parliament by the telco cartels, media cartels, and leeches like DPI companies trying to profit off the backs of hard working people by saying its necessary (when its not), excreta, excreta.
Its very dangerous.
Even Sandvine can’t get away with tossing a propaganda commercial at the CRTC w/o it being noticed.
Mathew, you are correct.
You can view just how correct you are & dangerous an online community, and an online awareness campaign can be here:
http://www.michaelgeist.ca/content/view/2918/196/
“Kady O’Malley at Macleans notes that last week Conservative Senator Marjorie LeBreton was asked about the thousands of Canadians who have expressed their concern with Bill C-10 through a Facebook group. Her response?
Honourable senators, I have been asked about Facebook before. I never look at Facebook because I do not understand the technology. I think the concept is dangerous.”
You wouldn’t happen to be in Gov would you?
May 3rd, 2009 at 5:59 pm
I’m a day late to the story, but wanted to chime in that Henry had a good point – there is a very real need for various parties who advocate against DPI to really work through what Packet Inspection appliances have done, historically, so that their arguments against DPI are as precise as possible. Packet Inspection isn’t new, and it’s not likely to be going away any time soon – perimeter defences for networks are essential for mitigating spam and viruses (and rely on Medium Packet Inspection).
I’m in no way an expert in the various discussions surrounding DPI (though I try to follow the network neutrality, privacy, and communications infrastructure debates), but I have put together a paper that attempts to clarify the lineage of DPI devices and (briefly) suggest that DPI can be understood as a surveillance tool that is different from prior packet inspection technologies (found here: http://tinyurl.com/d6d4a9). From a privacy perspective (which is where I sit in relation to the deployment of DPI), it’s important for privacy advocates to understand that approaching the issue from a principle-based approach is fraught with problems at legal, theoretical, and practical levels. The complexities of developing a principle-based approach is one of the reasons why many contemporary privacy scholars (myself included) have opted for a ‘problem-based’ approach to identifying privacy infringements. What, exactly, do most advocates mean when they say that their privacy is ‘violated’? I don’t think that a clear position comes out in the advocate position (maybe it does, and I’m just not aware of it) – they appear to allude to a fundamental right to privacy, while pointing to specific instances as ‘violations’ of that right. The worry with principled approaches is that they are challenged to fully capture what we mean when we say something is private, and equally challenged to capture contextualized social norms of privacy (e.g. streetview in the US versus Japan, bodily privacy in differing cultures, etc etc).
DPI, as I read it, is problematic on the basis of what it can potentially be used for widespread, and is currently being used for specific, alteration of communications flows. I’m not referring to just the throttling P2P traffic, but also the alteration of webpages (e.g. Roger’s insertion of messages on webpages) and tracking of individual behaviours and then injecting particular, very relevent, ads to individuals. If we operate on the assumption that communicative privacy is required for a democracy and individual alike to thrive, then the capacity to (almost) invisibly manipulate communications in real time has a debilitating effect on generating authentic discourse. Privacy, in this sense, acts as an umbrella concept, of one that is used to shelter other ‘core’ principles and values, such as autonomy, liberty, and freedom. Without the umbrella, other central values are at risk, and threaten both the individual and individual through compromising the digital communications networks we are so reliant on for discourse and deliberation.
Sandvine is routinely involved in trying to sell their product – it’s what they do – but I think what is most telling isn’t what vendors say, but what the ISPs’ representatives say. When I talked to a Bell representative recently, and asked whether it mattered to Bell that throttling BitTorrent might affect the dissemination of information, the reps response was “they choose that business model, and now they get to live with the consequences of choosing it” (paraphrased). Is the technology itself inherently ‘bad’? I’m not comfortable with that. Are particular uses of the technology ‘bad’? Undoubtably.
The question becomes (as I read it): ‘how do we, as a society, mediate bad uses of technologies?’ Unfortunately, I haven’t figured out a real answer to that yet…
May 3rd, 2009 at 10:52 pm
Well, Christopher, I don’t think what that Bell rep said was “telling” at all.
-=“they choose that business model, and now they get to live with the consequences of choosing it”=-
What “consequences”, Christopher?
The “consequence” that people resent what Bell is doing?
The “consequence” that Bell is ramming it down the throat to customers that aren’t even Bell customers?
The “consequence” that Bell can do what ever the hell it wants to, and gets away with it since there is no real competition?
Same with Rogers. What “consequence”?
The “consequence” of their customer resenting them for invading their browsing with web spam injections and a throttle?
What “consequence” do they face, Christopher?
None. Where is the customer going to go?
When telecom is cut up in a way that no two cable ISP’s can compete in the same area, what “consequences” are there? Will the customer jump from DPI’d Bell to DPI’d Rogers?
Rogers DPI is more evil than Bell’s DPI (or vice-versa)? What’s the choice?
Its a scam Christopher, there is zero choice and zero consequence to the ISP. Don’t let the spin from Bell drunken your thoughts.
Once you realize that, Christopher, the question is no longer: “The question becomes (as I read it): ‘how do we, as a society, mediate bad uses of technologies?’”.
It becomes: ‘how can we do, as a society, prevent the monopolization by a few telco’s who live with no consequence, no real competition, and flaunt the CRTC’s own orders?’
If there was an alternative non-DPI’d ISP people would jump to them, fast.
Sandvine and the gang know this as well. They are playing dumb.
The whole game here is additional revenue streams. How can we milk the system and the customers for everything and anything.
The customers will like it and take it. There is no consequence. Get that make believe crap out of your head.
BTW, Christopher, I read your blog from time to time. Its pretty good. Keep up the good work, but don’t get blinded by spin.
May 3rd, 2009 at 11:38 pm
Hi M2,
Sorry – I wasn’t suggesting that I approved of the position, but trying to communicate that Bell (maybe other telcos, I don’t know) have taken a stance that if a business uses a P2P distribution model, as opposed to direct downloads, that ‘there may be consequences.’ The consequences that I was referring to were to businesses that have chosen that model, as opposed to consumers who have chosen to use P2P (though I expect that Bell’s logic would likely carry over to consumers as well). You’re right to note that there are few consequences on ISPs from a consumer-level, given the (relative) impotence of consumer to choose a non-DPI using ISP.
I see real problems with the position that some businesses/individuals face ‘consequences’ for using a P2P model – such a carte blanche throttling of P2P (or any other delivery system) using DPI as one of the ‘bad’ uses of DPI I alluded to. Regulation should optimally come in to adjudicate what is, and isn’t, an acceptable use of DPI – I don’t know where, precisely, that line would lie or what should be included in a network regulation policy (I’m not a policy wonk…yet *grin*). I think that we agree that there is a very real issue with the deployment of DPI along wholesale lines; it threatens to undermine the ability of smaller ISPs to offer competitive rates and policies, and (ideally) we’ll see the CRTC find in favor of the Canadian consumer. At the moment, especially with Bell forcing caps plus DPI ’solutions’ on third-parties, the DSL competition is being killed. That’s just not right.
Consumers are, as you rightly note, in a terrible situation. Even if they use encryption to avoid most DPI-related analysis, they immediately lose their anonymity (given that encrypted traffic sets off a host of alarms with various national security agencies). There is a lot about extra revenue streams that DPI can be used for, and that’s an issue as well. Again, you’re dead right to note this – I have looked into how some of Bell’s mobile infrastructure can be integrated with DPI appliances for targetted and geo-locational advertising and it scares the crap out of me.
I guess what I want to focus on (perhaps naively) is that the technology, in and of itself, isn’t necessarily bad – it’s the uses of the technology that are normally seen as ‘bad’. I don’t think that it’s actually likely/possible to stop the creation of DPI appliances, but I think we *can* regulate their use. Maybe I’m just being overly optimistic
Thanks for taking an interest in some of the things that I write – be sure to whack me over the head if I seem to falling into ’spin-land’!
May 4th, 2009 at 12:09 am
Christopher, thanks for not ripping me a new one. It wasn’t harsh, but didn’t know how you would take it. hehe
Finish your phd, get into policy and make waves… I like what I read. We all need our future politicians/policy makers to be more involved like you are.
I agree there should be clear measures in place saying what can and can’t be done. Now if the time. The way its going now, and the way its set-up to run is: Do it, see if you can get away with it, carte blanche. Worry about the consequences of what you block, inject, spam, collect, or censor at a later date via months of CRTC filings and rulings. Then force it on customers that are not yours and start the process all over again.
That’s our system.
…and if ever I see your name around in the years to come, I’ll remind you about “spin-land”
BTW: For others who may want to see Christophers blog, its here:
http://www.christopher-parsons.com/blog/
I first stumbled on his blog when he put that mess of a CRTC filing together (PDF), outlining the telco’s stance. Worth looking at to seeing what new..
I’m kind of glad Christopher is looking and reading alternative media sites. But its not like you will find these news items in the mainstream media either.
+1 Christopher.
Then again, I hear/see many US and some Canadian lawyers and politicians reading this site as well.
May 4th, 2009 at 12:47 am
@Chris:
I’m with M2.
You need to recognize when something like this is being spun around.
Another example of that has been reflected in your Bell buddy’s speech:
“Is the technology itself inherently ‘bad’?”
This implies that we should “consider the uses” before “condemning the technology”, when, in fact, DPI is nothing more than a “network device” with a specific set of purposes, and not some new, separate technology. And, it’s the designed purposes that are in conflict with the principles of both smooth network operation and the very user anonymity that is characteristic of the present Internet.
DPI’s purposes are clear:
One primary purpose is to intercept traffic – all incoming and outgoing provider traffic. This would include traffic peered to and from other providers (whether they’re using DPI or not, and regardless of any user “opt-out” schemes).
Another primary purpose is to inspect the data packets to determine things like content type, origin, destination, and whether any “enhancements” (read “interference tasks”) are to be performed because of the findings. Results are sorted and logged by whatever criteria the provider sets it to, thereby saving a fairly detailed outline of traffic activity that reflects actual individual users and usage, rather than just anonymous data packets.
The final primary purpose is to take actions on those packets based on what was discovered. Among these available actions (but not limited to them) would be: A) limit the speed at which the packet transfers to its destination (throttle); B) record all similar packets being transfered between this origin and destination (scary point of contention); C) send a reset packet (sabotage the transfer); D) change the
packet (corrupt it/add to it/take something away), according to set directions (set by provider); and E) allow the packet to continue as it was intended.
Other purposes for DPI hardware would generally be derived from the same 3 root purposes, above. The end result is, simply put, nothing more than spying. ISPs haven’t offered any reasonable explanation as to why there would be a need to do any of this, and there doesn’t seem to be any benefit in it all for the users.
The second purpose I outlined above described content inspection and logging the results in a user-identifiable format.
This is the stuff companies like NebuAd and Phorm want from the ISPs in order to drive their “targetted ad” bots they intend to set on us. It’s also stuff that would be demanded from a variety of interests claiming the assumed right to use it, and willing to use the courts to get it, if necessary (police, private investigators, RIAA/MPAA/any other MAFIAA).
As was said earlier, we need to avoid judgement out of panic.
I say, let’s not overlook the facts in our efforts in that regard.
DPI is not a new technology.
It’s nothing more than an exploitation of existing technology, in the guise of a “network device” that actually interferes with smooth network operation by delaying its normal transfers, and does absolutely nothing to promote smooth network operation. It’s only purpose is to spy. And, as we already know, the actual uses of any spy resource always seem to be 1% positive, and 99% negative. Whatever, the balance really is, the ends never justify the means.
May 4th, 2009 at 1:39 am
Hi DA,
You (just like M2) raise good points. I’ll try to address a few, given the limited information that I’ve gleaned from my research and CRTC disclosures (neither of which lead to comprehensive understandings of all facets of DPI deployments).
You wrote, “This implies that we should “consider the uses” before “condemning the technology”, when, in fact, DPI is nothing more than a “network device” with a specific set of purposes, and not some new, separate technology. ”
You’re dead on, and I didn’t mean to suggest that it was an entirely new technology – it’s an evolution of networking technology that has been around for a long, long time. This said, I do see DPI as a different in its capacity to interrogate packets in ways that were previously extremely (computationally) expensive, and able to do so in a systemic fashion. It’s that change in capacity that I see as warranting a real look at what this iteration of networking devices can do – not all, of course, are made the same. I guess that I might rephrase it from ‘technology’ to ‘iteration of networking devices’ – ‘technology’ was just a linguistically more helpful shorthand *grin*
You wrote, “Results are sorted and logged by whatever criteria the provider sets it to, thereby saving a fairly detailed outline of traffic activity that reflects actual individual users and usage, rather than just anonymous data packets.”
You’re correct that results are sorted in some fashion, and logging of some sort takes place. How ‘detailed’ the outline of traffic is is unclear – from the CRTC filings it’s challenging to see just how granularly ISPs are actually watching our data traffic. Many DPI appliances DO allow for detailed logging, but again we get into a situation where ISPs really don’t want to be holding on to more data than they feel they need to. Where ISPs do seem to collect particularly detailed logs, it seems like its for law enforcement (e.g. CALEA requirements) or other third-party interests. I worry about these interests taking an interest into DPI deployments, and exercising their influence to have the appliances configured for ‘non-ISP’ purposes.
All this said, I’m not totally clear WHAT is being collected, how it is stored, and for how long. Any of these detailed logs have been filed in confidence; while I can imagine what they might hold, I don’t know for certain, and so apply the principle of charity. Maybe I shouldn’t, but it’s part of my academic training.
You wrote, “Other purposes for DPI hardware would generally be derived from the same 3 root purposes, above. The end result is, simply put, nothing more than spying.”
I’m uncomfortable with the latter part of that – I worry that with the definition, as provided, that ’spying’ gets applied to other seemingly ‘benevolent’ network appliances. I totally understand the stance you’re coming from, and it’s a worry that I persistently have with DPI, but what, exactly, is meant by ’spying’? I don’t mean to be a pain (really!), it’s just that expansive definitions of surveillance are something that worry me. Intuitively, I would agree (and think most would) that too much systemic analysis of data traffic is a ‘bad’ thing, but I’m not sure where I draw a line between appropriate analysis for network operations and a step-to-far-into-spying. I guess I want a definition of ’surveillance’ and ’spying’ relate to not just DPI, but also to how credit records are examined, what constituted data-mining, etc etc. Maybe I’m just looking for too much from a definition, and should constrain ’surveillance’ words to specific moments of examiniation, but I’m a bit uncomfortable with that.
I guess, generally, I can see some benefits to the technology/evolution of network devices. This said, whether or not those benefits are important enough to overshadow the potentially harmful issues with DPI is a matter that should be openly debated (such as it is here).
I think that, from a privacy position, that DPI is scary, scary stuff. It’s why I submit things to the CRTC against its use, and why I try to get the attention of politicians, etc so that they know how opposed to its potential uses I am. At the same time, I try to present information as I understand it along with my arguments, so that whomever is on the other end can reach their own conclusions – I’m in agreement that we need to avoid judgement out of panic, and instead should be engaged in judgement that is informed with information from all sides of the discussion. This means that we need to see what benefits the technology might bring, along with its problems, as well as ask whether or not we need to be investing time and money in better filtering technologies versus better systems of transmitting light down fiber-optic cables/generally expanding capacity (as a broad example).
May 4th, 2009 at 2:26 am
This is fascinating to watch: Simply because I’m not buying into our latest fun little moral panic (and, moreover, actually dared to call it what it is), I’ve provoked sermonizing.
DA: Don’t take this the wrong way — I agree with a hell of a lot of what you say (especially when you just repeat the stuff I just said about “corporate personhood”, like you did in the other thread.) But you’re paranoid, and you resort to browbeating, and that’s just sad.
First Matty — because all he did was fail to particpate in the paranoid “echo-chamber” stuff some participants here at p2p love so much — and you accuse him of “trolling.” Sorry, but just because somebody punched holes in your beliefs or countered your arguments doesn’t mean they’re a “troll.” That’s the first part that dismays me.
Then we get the reaction to this. I bothered to check outside sources (instead of just “me-tooing” like everybody else seems to have done of late), and it descends to this level.
Then Koltai shows up (Hi, Tom!), clarifies what he was originally trying to say (that DPI is, essentially nothing new, and he was just saying that Sandvine was over-stating their capabilities), and yet, somehow, we continue to go all black-helicopter about it.
Stupid. Bone-chillingly dumb, and I’m going to keep calling people out on that, even when they happen to say otherstuff with which I agree.
Bottom line: DPI is no more “dangerous” in principle than any other form of traffic-monitoring, and if you’re so paranoid about some myterious “they” knowing stuff, then refuse to use any system engaged in any sort of logging whatsoever.
Oops, that’d require you never to log on again.
There’s a difference between “being concerned about privacy” and “let’s all put on our tinfoil hats and go completely apeshit about something we don’t really understand all that well.” I’m seeing the latter, and I have been for awhile now.
1. If somebody takes a dissenting view, DA or somebody accuses them of “trolling”. Therefore, we’ve become an insular little tribe who just reiterate the same ideas over and over. Koltai makes a legitimate point that DPI isn’t really anything radically new, and we’re all treated to the worst sort of bullshit as a result.
Case in point, any statement of THIS type: “Whether the CURRENT models of DPI really do or don’t work that well does not enhance your parallel either.”
So, ultimately, we’re NOT really even discussing what DPI “actually is”, or “what it can REALLY DO”. No, instead, we’re gonna engage in the fallacy of the slippery slope. You know what that is, DA? It’s a rhetorical technique whereby someone sidesteps things like critical thinking, simply by asserting that something WILL lead to something else.
” This article needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (March 2009)
In debate or rhetoric, a slippery slope (also the thin edge of the wedge or the camel’s nose) is a classical informal fallacy. A slippery slope argument states that a relatively small first step inevitably leads to a chain of related events culminating in some significant impact, much like an object given a small push over the edge of a slope sliding all the way to the bottom.[1] The fallacious sense of “slippery slope” is often used synonymously with continuum fallacy, in that it ignores the possibility of middle ground and assumes a discrete transition from category A to category B.”
http://en.wikipedia.org/wiki/Slippery_slope
Shameful, DA, just shameful.
So, if Providers are “allowed” the technical means to, say, prioritize particular uses (like streaming video or other stuff that requires low-latency), or otherwise deal with network congestion, it’ll inevitably means that Orwell’s worst nightmare has come true.
Sorry, but it’s batshit insanity like that which serves to discredit real concerns.
To quote a portion of the Notquiteunhinged.blogspot.com thing I linked earlier:
“Now as to the privacy concerns. A traditional caching server stores content in its complete form. If you have access to the hard drive, you have access to all of the data on it in readable format. On a Steelhead? It doesn’t store things as files, it only recognizes those blocks and they are scattered all over the hard drive. To open a file, you have to find all of the blocks (they aren’t associated in any way), assemble them in the correct order and then open the file. In practical terms, this is impossible to do. In this instance, DPI technology is more secure than traditional caching.”
Now either that’s true, or it’s false. Remember kids, we’re talking about what DPI and traffic shaping and stuff REALLY ARE, not whatever your most paranoid black-helicopter pessimism can dream up. All the rest of it — from “let’s have a media blackout day!”, to “Big Brother is watching you”, to “somebody needs to blog about it before it’s too late!”, is ultimately futile unless we’re actually willing to
1. Do some research on the topic (beyond the new-media equivalent of a headline, or single blog post.)
2. Use multiple sources.
3. Be very careful about accusing opponents of “trolling”, lest the definition of “troll” devolve into “a troll is someone who doesn’t agree with the particular groupthink exhibited on a particular blog.”.
4. Try to avoid sloppy argument whenever possible.
And “Ottawa Gal”: Just a tip here, and feel free to think whatever you want:
Posting stuff like: “I agree this site is dangerous. It’s Dangerous to make people aware” doesn’t make you look cool or “dedicated”, any more than those guys who screamed “Ron Paul” a lot at the rallies.
That’s all I’m gonna say about this, and feel free to consider me some kind of traitor or whatever, just because I can’t work myself into the same level of frothing, Tinfoil-hat paranoia and “troll-hunting” as you’d all like.
Trust me, I’ll continue posting, and calling “bullshit” whenever I see the need.
I trust you’ll all do likewise.
May 4th, 2009 at 2:47 am
Jon:
“But notquiteunhinged isn’t promoting a technology. He is in effect promoting a progression of ideas: that it’s OK to gather information and data, and then market them to anyone with the money to pay for their reuse in ways, and for purposes, the original owners haven’t agreed to, and without their explicit permission.”
Uh, no, in the article I cited, he’s doing no such thing.
He’s clarifying how a particular technology works, and answering common objections raised to it.
Sorry, but I see no difference between that, and p2p advocates like us, clarifying concerns related to, say, the level of kiddie porn etc on p2 networks.
It’s a sad day when we get to the point where it’s not actually about “the content of the idea” — whether it’s true or not, and instead, rely on whether it came from what we call the “right” sources. Sorry, but my objections to the RIAA is that they’re lying, monopolistic scumbags. I havent shattered my entire collection of 33 rpm records simply because they happen to conform to the RIAA equalization curve (something the RIAA created to enhance interoperability among different manufacturer’s machines, by the way — interesting history.)
Whether Notquiteunhinged has an “agenda” or not isn’t as important as whether what he says is correct, and you know that.
Or are we now to the point where anything goes, just so it’s pro-p2p/anti-corporate/as paranoid as we can make it?
Bullshit. I came down hard on “Sam I Am” for constantly “misunderstanding” p2p advocates in the worst possible way, and being completely indifferent to facts, and I’m more than willing to do that to you guys, too.
You want more evidence that the tone of the DPI debate isn’t leading anywhere good?
Ottawa Gal.
To Matthew: “You wouldn’t happen to be in Gov would you?”
Nice way to make a question substitute for argument, baby.
Real classy.
May 4th, 2009 at 4:48 am
You think I’m overstating the case here?
Follow this Wikipedia link:
http://en.wikipedia.org/wiki/Pana_Wave
Now, the Pana-wave folks exemplify exactly how a legitimate concern/question (possible effects of electromagnetism on the human body/brain/nervous system etc.) turns into something batshit psychotic primarily because the people involved
A. Didn’t actually bother to read up on the subject very well (probably because they were motivated by soundbytes, half-truths, sensationalism, and paranaoia)
And
B. Proceeded to go basically psychotic as a result.
Now call me any names you want, accuse me of just being a “troll” (since I didn’t get on this particular paranoia/defeatism train with Y’all), or react however you want to, but the reactions and thinking that I’ve seen exhibited on this and the swine-flu thread indicates to me that at least some of the readership/participants here on p2pnet are perilously close to the edge.
1. Accusing someone of being a “troll” simply because he disputed the notion that the swine-flu outbreak/hiv are automatically bioweapons outbreaks (because it obviously MUST be, since we’re 3l33t and ‘in the know’ — read: paranoid.)
2. “Whether the current implimentaitons of DPI are capable of….” (Slippery slope, anyone?)
So we’re supposed to base real-world policy and decisions NOT on the capabilities of real-world technologies, or even on credible extrapolation FROM such technologies, but on whatever worst-case scenario we can come up with starting from the fact that the “motives” for using such a technology are bad.
(Sorry, but this smacks of the bullshit non-debate over whether to ban bit-torrent or not, because it has “non-infringing uses”.)
3. “Ooh, Google knows my search habits!” Boo hoo, so does the credit-card company whenever you make a purchase.
So do stores when you buy stuff (whether you pay in cash or not.) It’s called “inventory tracking”. That mysterious all-powerful “they” knows exactly how many cans of tuna you bought, what brand it was, and is probably tracking your tuna-usage as we speak. Oh heaven forfend!
Maybe it’s just me: I have too many relatives who were involved in the White-power/survivalist/militia movement back in the 1980s and 90s, and I’ve studied up on the massive “duck and cover” brain-rape back during the Cold War. Maybe automatically assuming malevolent motives whenever a new techology is deployed and dreaming up the most dystopian endgame related to it IS a good policy.
I just thought at least some of us knew better, is all.
My bad.
May 4th, 2009 at 5:57 am
From a natural rights perspective on the privacy of communications, a privacy violation occurs if an invader obtains and exploits unauthorised access to private communication between certain parties. A private communication is one in which those communicating have a reasonable expectation of privacy, and where this expectation is generally obvious to non-privy parties. Any individual that is privy has a natural right to make any other party privy, and so authorise their access.
Though greatly simplifying the Internet, in the case of an ISP, this is an intermediary party that ferries communication between two other parties, the client browser and the web server. The ISP may well be a chain of such communications providers. All such communications providers are naturally privy to the communications between client and server. Therefore, they do not invade the privacy of client and server should they observe, analyse, and exploit the communication. However, being a corporation providing a communications service, the ISP can be regulated to treat the communication they convey in confidence, i.e. as if they were not privy to it and thus could not inspect it (save its routing and QoS requirements), nor authorise access to any other party, nor interfere with its integrity.
It is in breaking its communicants’ confidence that the ISP offends. There has likely been an assumption that the ISP was supposed to treat client/server communication as though they were not privy to it.
Unfortunately, there is pressure from the state to inspect private communications, and thus a predisposition to look kindly upon any commercial venture that provides such technology, facilities, and even trials it. This is also supported by lobbying from advertisers and publishers (copyright enforcement).
Solution? Improve the regulation of ISPs in treating their customers’ communications as if the ISP is not privy to them. Additionally or alternatively, foster more competition between ISPs such that the market is able to select between ISPs who are able to warrant confidence vs those who will exploit DPI. Failing both of those, greater public awareness of the issues will incline people toward technologies that encrypt their communications by default.
May 4th, 2009 at 7:43 am
“It is in breaking its communicants’ confidence that the ISP offends. There has likely been an assumption that the ISP was supposed to treat client/server communication as though they were not privy to it.”
The key word there is “assumption”, Crosbie, and you above everybody else here should know that what people “assume” and how things actually work are often two radically different things. Let’s go back to your previous statement:
“From a natural rights perspective on the privacy of communications, a privacy violation occurs if an invader obtains and exploits unauthorised access to private communication between certain parties. A private communication is one in which those communicating have a reasonable expectation of privacy, and where this expectation is generally obvious to non-privy parties. Any individual that is privy has a natural right to make any other party privy, and so authorise their access.”
So where’s your “concern?”
Merely by using their service, you’ve granted at least an implicit “consent” for such actions. Any “assumptions” you’ve made can either be correct or mistaken. I’d personally say that failing to use at least pgp keys or some other form of encryption on what you consider “sensitive” data is YOUR fault, not the ISP.
But that’s not what we’re talking about here.
This debate about net neutrality, DPI, and all of it revolves around several misunderstanding on BOTH sides of the issue.
1. First, the entire “issue” of Network Neutrality was invented in it’s current form by a guy named Tim Wu, and basically boils down to the notion that all packets should be treated identically. But Y’know what? They’re not. The underlying misunderstanding behind the “debate” about Net Neutrality and DPI boils down to “a packet is a packet is a packet”.
Which is, of course, completely false. A particular packet could be part of an ftp transfer, while another one could be part of a streaming-video presentation like on Youtube or something. This is really important to understand, because if you don’t, you won’t be answering the right question, or considering the right issues when confronted with stuff like DPI or traffic-shaping.
Some applications require tighter packet-timing, less jitter, etc. etc. If they don’t get it, they tend to “lag” and be pretty much useless for what they’re supposed to do. (You’ve seen that, when Youtube or some other video-site just freezes up, or when an audio stream spends a lot of time ‘buffering’.)
So, essentially, what the big evil bogeyman known as “traffic-shaping” does is to have a certain part of the network “know” what kind of packet it is, and thus, how fast it needs to get there. That’s it. The entire topic is — in a real sense — based on a fatal misunderstanding of how stuff works, how various applications deal with the data they are transferring.
What’s doubly ironic about that fact is that “Net Neutrality” activists KNOW that.
They KNOW full well that packets aren’t all equivalent, and that all applications aren’t interchangeable, but they still advocate State intervention to force everybody to treat them as if they were.
Observe that, according to Wikipedia, the guy who INVENTED the whole topic tacitly acknowledge that it’s a figment of our collective imagination, in that:
“Tim Wu, though a proponent of network neutrality, claims[39] that the current Internet is not neutral as, “among all applications”, its implementation of best effort generally favors file transfer and other non-time sensitive traffic over real-time communications.”
http://en.wikipedia.org/wiki/Network_neutrality#Mixed_and_other_views_on_net_neutrality
I’ll go further than that, in that I’ll say that even if some form of packet-agnosticism IS rammed down our collective throats by the government (and we all know how effective governments are at such things), The Net STILL won’t be “neutral” in any meaningful sense of the term.
Why?
Google can afford ass-loads of server farms and t1 lines, and I can’t. Thus, Google has a HELL of a lot larger “Digital Footprint” than I could ever hope to have even IF our respective packets are treated identically.
Or how about the fact that (barring stuff like the Internet Archive) people still have to pay for hosting and storage and stuff?
That’s STILL giving preference to those who can pay.
Arguing anything else is just shortsighted, and blatantly dumb.
Realistically, the only way to ever achieve a genuinely “neutral” network would be:
A. No difference between upstream and downstream transfer rates. (The amount of up-stream transfer bottlenecks the hell out of people’s potential usage, and they don’t even notice it.)
B. No “tiered pricing” as to storage, or bandwidth.
Barring those two conditions (which are fundamentally impossible short of global fiber optic networking even up to the so-called “last mile”) the Net will NEVER be “Neutral”, and packets will NEVER all be the same “speed”.
I’m pretty damn low-tech, but I learned this rather elementary lesson back in the late 1990s by playing with something called “Radio Destiny Broadcaster”. It was basically a really early streaming-media app, and, lo and behold, I was only ever able to get a maximum of two listeners because at the time I had a rather shaky 33.6 line (supposed to be 56k, but it never even got close because our local phone-lines were shitty.)
So that takes care of the technical side of it. (It’s complete hype, and any sort of law mandating equivalency among all packets irrespective of application is stupid.)
Now as to the “who’s involved” — how ’bout Microsoft and Google (two corporate behemoths which, in a lot of other cases, don’t exactly live up to the “we’re not evil” mantra.
And let’s also not forget that ultimately what “Net Neutrality” advocates are urging, is that the State micro-manage “permitted” uses of the Net, by essentially mandating what providers are “allowed” to do — and thus, what uses are technically feasible.
But hey, if you want shitty-quality video, the stagnation of VOIP, and extremely-laggy surgery-at-a-distance just because “a packet is a packet is a packet”, then by all means get the government to ban stuff like DPI.
Like I said, actually read up on stuff instead of just me-tooing each other all the time, because whether you realize it or not, you’re being played on this one.
May 4th, 2009 at 7:59 am
Bram Cohen’s quote is really salient here:
“I most definitely do not want the Internet to become like television where there’s actual censorship… however it is very difficult to actually create network neutrality laws which don’t result in an absurdity like making it so that ISPs can’t drop spam or stop… (hacker) attacks.”
The problem is that with any sort of packet-agnosticism, such an “absurdity” is completely unavoidable.
This is also why I mentioned the 800-mhz. Scanner thing: just like here, you had “privacy advocates” with a fatally-unsound understanding of how the technology involved (radio) works, agitating for Government “intervention”, instead of doing what THEY should have done to safeguard their (or their customers’) privacy. The Cell carriers could have built some sort of encryption into the thing from square one, but since they didn’t, the resulting governmental action — which was also touted as a ‘compromise’ between the interests of scanner-users and Cellphone users — ended up hamfisted and just plain dumb.
And going all black-hellicopter and assuming that the ONLY reason for stuff like traffic-shaping and DPI is that “they want to spy on you” is just insane. Like I said, what’s next? A law mandating that sites not be permitted to keep logs of any kind, simply because they might sorta be potentially of concern?
“Being aware” and being psycho-paranoid are two different things, folks.
I first noticed this tendency back in the “flash cookies” discussion. Jon (even though he’s not as techie as some of us) was actually being the most reasonable, while DA and several others read every sinister thing they could come up with into what were essentially tiny little textfiles (4k, in a lot of cases.)
When I saw it again in the Swine-flu thread, it was a little dismaying.
But when I see it recurring over and over in the DPI/Net Neutrality discussions, it’s just damned sad.
The Net has NEVER been a “level playing-field”, and no government-enforced mandatory packet-agnosticism micromanagement bullshit is going to change that fact.
May 4th, 2009 at 8:09 am
Bottom line: Should any entity be free to use your personal and private information / data in any way whatsoever, for any purpose, without your explicit permission?
Not in my humble opinion.
Cheers!
May 4th, 2009 at 8:59 am
“So where’s your ‘concern?’”
I am concerned that there exists a free market for ISPs, i.e. that it is possible to select ISPs that don’t censor, modify, or constrain communication for any purpose other than communication efficiency.
I have commented quite a few times against ‘network neutrality’ regulation. Here’s one such exchange from 2007: http://www.hyperorg.com/blogger/2007/10/08/isenberg-on-the-history-of-net-neutrality/
I’ve blogged on the matter here:
http://www.digitalproductions.co.uk/index.php?id=125
Believe it or not, but my first comment here was prompted in recognition that you could do with some support, i.e. that you were right to inspect the emotively packaged arguments a little more deeply, and even to call them into question.
May 4th, 2009 at 9:11 am
“Bottom line: Should any entity be free to use your personal and private information / data in any way whatsoever, for any purpose, without your explicit permission?”
The bottom line in my book is that any individual has a natural right to, but corporations can and should be regulated (legally constrained to be socially responsible – if permitted to exist at all).
It is important to distinguish between natural and unnatural entities in all this. At the moment the immortal corporation is privileged above the human being. It should actually be the other way around. The dystopia of humans being subject to rule by robot overlords is upon us – people have simply failed to realise that those ‘robots’ are corporations, entities that aren’t human and are in fact immortal psychopaths (see http://www.commondreams.org/views04/0218-01.htm ).
May 4th, 2009 at 9:28 am
“The bottom line in my book is that any individual has a natural right to …
… so long as it’s not for actual or potentially harmful purposes.
Cheers!
May 4th, 2009 at 10:43 am
“… so long as it’s not for actual or potentially harmful purposes.”
That is implied – though not necessarily obviously, I’ll admit.
My point is that an individual’s cultural liberty is not subject to permission from a privileged other (whether corporation or individual). It is natural freedom circumscribed only by natural right.
Therefore we must be careful to distinguish between ‘harm’ as monopoly infringement, and ‘harm’ as rights violation, i.e. impairment of the truth, invasion of someone’s privacy, or endangerment of their life.
For individuals’ uses of personal data obtained in conversation we have the informal regulation of etiquette and consequential opprobrium (lifetime repercussions for reputation). However, as we see with http://www.StopPhoulPlay.com, it is trivial to create corporations that can defame individuals without consequence. This is an example of why, unlike individuals, corporations should be regulated (in speech against individuals among other things).
May 4th, 2009 at 11:54 am
“Bottom line: Should any entity be free to use your personal and private information / data in any way whatsoever, for any purpose, without your explicit permission?”
No, the bottom line is whether you want the State to micro-manage what applications are permitted.
This really isn’t an issue where corporate-watchdog type thinking is answering the right question.
1. Where does your “personal and private data” stop, and your “public and social” data begin?
This is an important — and very nuanced — question, because how you answer this dictates a lot about what is to be permitted to happen on the Net.
For instance, let’s assume an admittedly extreme interpretation of IP law which states that people “own” their writings, even if such writings appear somewhere like here (what you might call a “public” forum.)
Now let’s further say that I — for whatever reason — stop liking p2pnet, and want the posts that I “own” stricken from your blog.
Guess what, Jon — at best, that’s going to rip large holes in the integrity of your blog, in that I’ve submitted articles, you’ve generated other ones by quoting stuff I said in comment threads, etc.
It’s also going to deprive a lot of what OTHER people said of the required context, in that with my posts missing, THEIR replies aren’t going to make sense anymore.
Extreme example? Not really, since the equivalent happens everytime a website is forced to comply with a DMCA takedown notice, or engages in “cease and desist” censorship.
So, acknowledging that the DMCA is basically a bad law, and that it’s application doesn’t really make the Internet better (pretty much a given, I’d figure), then I have to ask again: why are so many people here so jazzed about Net Neutrality/anti-DPI legislation? Having the Sate micromanage the Net is just a bad idea all the way around.
Moreover, what IS your “personal and private data”, anyway?
Search terms entered into a search engine? (After all, if your complaint is that “they” know stuff about your search habits, then the textual strings which end up in those funny “odd search terms” lists represent an agregious violation of privacy in and of themselves.
But that’s not even what we’re talking about in this thread. DA claims that the only possible use or motive for things like “Deep” packet inspection (beyond the headers) is as a tool for “spying”. Koltai — the guy who originally prompted this thread in the first place — has clarified the fact that packet-inspection and other types of “smart” networking have been around for years and that DPI isn’t something radically new. HIS main problem was that Sandvine was lying about their capabilities (much like Clusseau, as I said in my original post here.)
Somehow, that debate deteriorated into a “get the government to ban DPI” discussion, and piggy-backed onto the corporate watchdog thing.
Well pardon me, but this is yet another case where the proposed “cure” is infinitely worse than the disease.
Matty had it right when he said that any issues with GM food did NOT rest with the technology itself (Genetic engineering), but rather with how that technology was used. I *thought* (mistakenly, as it turns out) that advocates of p2p technology and/or copyright reform would “get” this, but I guess not.
I figured that we were all aware of what can happen when the State tries to “fix” a problem (war on drugs, Iraq, etc. etc.)
But I guess not.
Bottom line: the whole non-issue of “Net Neutrality” is a fake “war” by some of our Corporate overlords (Google and Microsoft) against others (the telecom corporations). Whoever “wins”, you won’t get what you want:
1. If the Net Neutrality folks win, you’ll get the predictable Governmental response to stuff: bureaucratic and hamfisted. (Oh wait, my bad — they did such a great job with the DeCSS thing). You’ll also get a network where the *supposedly* good principle of packet-agnosticism is applied in such a way that certain applications are mandated to suck, or rendered impossible entirely.
Google will STILL have a bigger digital footprint than you, paid hosting will STILL be better than free in many cases, and over it all, and yo’ll have firmly established the principle of government as final arbiter on what’s permitted to happen online.
2. If the telco companies win, then they might make some paid services faster (but thanks to the upstream/downstream bottleneck I mentioend earlier) you already have that, now. I dare anybody here to try this: either buy a domain name, or use one of those URL-redirect services. Point it at your home machine, and run a web server.
I’ll bet that your connectivity is downright scrawny in comparison to Google.
The “net Neutrality” folks want you to believe that we’re headed back to the days before interoperability (IE, Prodigy users couldn’t connect to Compuserve), and that the only way we can stave that off is by having the State to force packet agnosticism, without regard to HOW the packets in question are to be used. (Tele-surgery vs. FTP. for example.)
Everything else is window-dressing and hype.
If you’re REALLY concerned about “your personal and private data”, then take the responsibility and initiative YOURSELVES, by encrypting sensitive data on your end. Because Y’know what? You have ABSOLUTELY NO CONTROL over it at any other point in the chain.
May 4th, 2009 at 11:57 am
@Henry:
You say some of us (particularly me, by the looks of it)…
- are too quick to panic
- haven’t done enough research into the topic
- are guilty of nothing more than “brow beating” each other
- being “shameful”, “stupid”, and a whole bunch of other negative adjectives
…while writing all of what you just posted?!?
Now, THAT’S shameful, given the intellect you usually display, even when you often do decide to get just as “passionate”!
Granted, I’m certainly not the poster boy for consistently good conduct.
But, Geez! You’re needlessly attacking EVERYBODY, and need to get back into “reason mode”.
You should know by now I generally appreciate your contributions and enjoy many of your rants.
You commented on the other thread (re: Swine Flu), yet, if you bother to go back and look, you’ll see it got straightented out. And, if you do so, don’t be too quick to take credit for sparking any of the apologies that were made on that page. Matty and I are obviously both free thinking human beings, who merely had a similar impass as the one you and I had some time back. (Note: you also made a serious error when you said I was arguing in favour of the “military caused this” conspiracy theory. I actually wasn’t, but you didn’t read that, and confessed to not reading everything.)
Not everything is a conspiracy theory, Henry.
Even for me.
Not everyone commenting is “low tech”, as you say you are.
I’m definitely “very tech”.
And, not everyone is guilty of failing to do the research and/or check facts.
Especially me.
Not every argument is a bad one, either.
Try to lighten up.
One illustration:
“Case in point, any statement of THIS type: “Whether the CURRENT models of DPI really do or don’t work that well does not enhance your parallel either.”…So, ultimately, we’re NOT really even discussing what DPI “actually is”, or “what it can REALLY DO”. No, instead, we’re gonna engage in the fallacy of the slippery slope.”
I was merely saying that your parallel wasn’t helped by the reasoning that “DPI probably doesn’t work anyway”. I certainly DID go on about what DPI is and can do. I’m surprised you didn’t see that.
It’s not simply a matter of applying the “slippery slope” principle anyway.
If its use was accepted, DPI would be installed at a commanding place – at the gates of all participating providers, affecting ALL traffic peering with them as well, whether the peers use it or not. We would be less likely to be able to have it removed, should some of our concerns prove to be justified. And, providers haven’t exactly been completely forthcoming about this practice, or the need of it, even though it will effectively mean we will have to accept a delay on all data transfers. (The way I see it, that doesn’t do much to discourage “tin hat analysis”.)
That’s not a classic “slippery slope” scenario to many of us.
There is a proposed global effect here, and we can do NOTHING about it after installing it at the provider level.
You can encrypt all you want, and the equipment may never be able to read it for the next 5 years. But the packets will still be delayed, degrading the service all over the place, without a plausible explanation, as its use becomes more common and “accepted”.
There’s nothing wrong with being proactive about something that, by its own definition, has GLOBAL implications, and does pose a real threat in the wrong hands – which appear to be the same hands you and I talked about having serious misgivings about before. And, we would most likely not get a second chance to dispute it once it’s in use.
May 4th, 2009 at 12:10 pm
Okay, DA didn’t like my VCR metaphor (even though that was also a case where lobbyists pestered the Government to get something they didn’t like banned. — no similarity whatsoever, there.)
Let’s try another one.
One in Meatspace, there’s an organization which deals with “packets” every day.
Or is that packages? And envelopes. Yes, friends, it’s your friendly post-office (and UPS, and Fedex, and etc.)
Now, they’ve had “traffic shaping” for decades, in the form of “you pay more, and it gets there faster.”
Has this somehow destroyed the “open nature of the postal system?”
Funny, but I kinda think it’s a great idea that my Wife’s insulin is “permitted” to arrive sooner if such is needed.
But maybe I’m wrong. Maybe the State should step in and mandate single-rate, single-priority mail.
After all, not everybody can AFFORD to pay to get their stuff their faster.
(Must mean that regular mail never actually gets there, huh?)
Now somebody’ll probably object that there’s no similarity whatsoever between ISPs and the postal system.
Except for the “safe harbor” provision that states that the mails aren’t “responsible” for the type of communications that go through them.
Suure.
Yeah Phorm was a shit company and what they did was nasty.
But blaming DPI and traffic-shaping for Phorm is just exactly like blaming email (the tool) for those penis enlargement ads, or HTML for pop-up advertising.
And urging State intervention is equally dumb as getting the state to ban email or popups.
As for privacy:
If somebody’s taking unauthorized pictures through my front window, it’s an invasion of privacy.
But what if they’re using binoculars from across the road?
What about a satelite view of my house on Google Maps?
Where do you draw the line?
Important and complex issues here that NOBODY seems to want to touch.
May 4th, 2009 at 12:37 pm
DA:
1. Yeah, I’m intense.
But there’s a reason behind it, and I am still in “reason mode” whether you want to believe that or not.
What’s all this crap about if I “bother” to go back and read the swine-flu thing? The mere fact you were so willing to throw the troll-switch on Matty was enough to indicate, at the very least, closed-mindedness on that issue. Given that you followed it up with a sermon about how you “used to have” Matty’s presumed “faith in the system”, and it just adds up to condescending bullshit no matter how you slice it.
Now as to whether you squared it, that’s your issue. MY concern — and I stand by it — is that the same thing happened here:
I can’t read the worst implications into EVERYTHING, which isn’t a conspiracy-theory so much as just blatant cynicism on your part, I gotta say. You tell me to “lighten up” in one breath and then start flag-waving about how DPI has “global implications” the next?
Your response stated that it was immaterial whether “current implimentations” of DPI were capable of leading to your doomsday scenario because it — in principle, by your own statement – COULD concievably lead to it, in future implementations.
Evidence (other than the slippery slope I mentioned?)
And none of you have stated anything at all in regard to the way you expect Governments to solve this “problem”.
I submit that any such “solution”, by the very nature of regulation itself — is bound to be hamhanded, inflexible, and poorly-targeted.
And no, I didn’t call anyone stupid, dumb, or batshit insane.
I described particular statements as stupid, dumb, and “batshit insanity.”
I also described it as really short-sighted, primarily because in the case of Net Neutrality/a ban on DPI, the proposed “solution” is infinitely worse than the supposed problem.
Lemme quote your reply:
“It’s not simply a matter of applying the “slippery slope” principle anyway.
If its use was accepted, DPI would be installed at a commanding place – at the gates of all participating providers, affecting ALL traffic peering with them as well, whether the peers use it or not. We would be less likely to be able to have it removed, should some of our concerns prove to be justified. And, providers haven’t exactly been completely forthcoming about this practice, or the need of it, even though it will effectively mean we will have to accept a delay on all data transfers. (The way I see it, that doesn’t do much to discourage “tin hat analysis”.)
That’s not a classic “slippery slope” scenario to many of us.
There is a proposed global effect here, and we can do NOTHING about it after installing it at the provider level.
You can encrypt all you want, and the equipment may never be able to read it for the next 5 years. But the packets will still be delayed, degrading the service all over the place, without a plausible explanation, as its use becomes more common and “accepted”.”
So how hard is it to “turn off” bad laws, hmm? Also given the fact that lawmakers tend to not be particularly tech-savvy (understatement of the millenium?), a law mandating packet-agnostic networks would be extremely hard — if not impossible — to correct.
As for “degraded performance all over the place”, enforced net neutrality and a ban on traffic-shaping (for whatever reason) would concentrate the “degraded services” to those which are time-sensitive, such as streaming video and remote stuff like telesurgery, AND put the State in a position to mandate how fast/slow packets are “permitted” to travel.
Bad idea all around.
3. Yes, you DID go into detail about what DPI is/can do — but always with the presumption that the sole reason for it’s implimentation was as a spy technology or screwjob of some kind. Relevant quote there:
““Other purposes for DPI hardware would generally be derived from the same 3 root purposes, above. The end result is, simply put, nothing more than spying.”
You’re concerned about DPI being used to “spy” on your packets, but somehow in favor of regulations which explicitly empower the State to do exactly that (to enforce “neutrality.”) Sure, cause we all know that Governments have a way better record on this than the corporations they create.
Tell “Ottawa Gal” to lighten up.
If I’ve been too intense on this one, sorry about that — but when you whip out accusations of trolling in regard to dissenting viewpoint it’s gonna piss me off, and when you advocate that the State “fix” something that’s not even remotely a problem based on the explicitly stated view that the only possible use for the technology in question is a nefarious one, it’s just not cool.
I mean, the cronyism involved in corporate sponsorship of Net Neutrality should be at LEAST as concernful (is that even a word) as the hypothetical specter of a “tiered Internet”, doncha think?
Peace out, Y’all.
May 4th, 2009 at 12:53 pm
Christopher Parsons == Smart:
“I’m uncomfortable with the latter part of that – I worry that with the definition, as provided, that ’spying’ gets applied to other seemingly ‘benevolent’ network appliances. I totally understand the stance you’re coming from, and it’s a worry that I persistently have with DPI, but what, exactly, is meant by ’spying’? I don’t mean to be a pain (really!), it’s just that expansive definitions of surveillance are something that worry me. Intuitively, I would agree (and think most would) that too much systemic analysis of data traffic is a ‘bad’ thing, but I’m not sure where I draw a line between appropriate analysis for network operations and a step-to-far-into-spying. I guess I want a definition of ’surveillance’ and ’spying’ relate to not just DPI, but also to how credit records are examined, what constituted data-mining, etc etc. Maybe I’m just looking for too much from a definition, and should constrain ’surveillance’ words to specific moments of examiniation, but I’m a bit uncomfortable with that.”
“Too much from a definition” is EXACTLY what we need before we start advocating for Government intervention to “stop” the potential threat of DPI or packet-inspection or whatever. In short, we need to know what we’re adovcating against.
As far as the insertion of stuff into webpages via DPI, hackers have been doing that via other means (look at how they vandalized the RIAA webpages.) Does this automatically make cross-site scripting some kind of big “threat” that needs to “go away” by means of a government ban?
THAT’S what concerns me — not some hypothetical Orwellian endgame scenario based on the idea that “they” only deploy this type of thing for nefarious reasons, using the supposed “legitimate” uses as cover for their evil evil plots. And Y’know what? Ottawa Gal and N2 give me a helluva lot of evidence that the hype-factor is really high on this.
You guy’s reaction to “Matthew” was disheartening as well.
So it’s cool if DA and Matty decided to “play nice” over on the swine-flu thread, but it’s NOT cool that DA went into troll-smash mode so quickly, and it’s not cool that Ottawa Gal accused “Matthew” of being a Government stooge simply because he questioned Jon Newton’s tech-savvyness.
May 4th, 2009 at 12:58 pm
ISPs need DPI to manage user traffic so that a bunch of abusers won’t suckup all available bandwith causing bad experience to the rest. There’s no two ways about it. One simple statistics, heavy P2P users, which is less than 20% of total sub base is consuming more than 80% of total bandwidth. Almost every consumer ISP statistics shows that P2P is consuming more than 60% or their total bandwidth usage at all time. ISPs can’t be upgrading their infra forever for these subscribers who are not paying any cents more than normal users. After all, an ISP is a business to make profit.
So, if we want to make a discussion, let’s focus on how ISPs use DPI, rather than whether theyshould use DPI or not. The bitter truth is they have no other choice.
May 4th, 2009 at 1:04 pm
interesting..
“and it’s not cool that Ottawa Gal accused “Matthew”
Did she accuse? Really?
Or did she throw his garbage right back in his face?
Or are you making stuff up?
I saw something else.
Obviously, you saw an accusation of some type.
May 4th, 2009 at 1:30 pm
I’m the notquiteunhinged guy Henry linked to earlier. Thanks for the props Henry! I was wondering why the sudden interest in that post.
To clarify: I have no horse in this race. I only have my experience working for a private company and managing networks. I am in 100% agreement with Tom Sawyer’s comment (May 4th, 2009 at 12:58 pm).
Like it or not, traffic shaping is an essential part of keeping networks operational. Without it, many net links would have crashed a long time ago.
DPI is not necessarily shaping and shaping isn’t necessarily DPI. (you can shape on port alone) Sometimes DPI is necessary for shaping to determine what application is being used because port numbers and headers are not always complete or relevant. (and Jon, DPI was the focus of the post. I’ve focused on shaping before in other posts. Don’t conflate the two.)
“He is in effect promoting a progression of ideas: that it’s OK to gather information and data, and then market them to anyone with the money to pay for their reuse in ways, and for purposes, the original owners haven’t agreed to, and without their explicit permission.”
No I am not. I said nothing about the marketing of data. Actually I specifically stated that such data is very short lived, and is not likely viewed by any human.
The only point I am promoting is that using DPI to shape traffic is an essential part of network management. Anything else would result in network anarchy with frequent outages. So if we want a ban on shaping in any guise, then be prepared for the consequences.
If you understand those consequences (multiple resource not found errors) than by all means, go ahead, get governments to ban shaping technologies on public connections. Be my guest. I really don’t care.
May 4th, 2009 at 1:44 pm
I think your stance on this whole thing is just as “over the top” as anyone else’s you’re criticizing, Henry.
You’re saying people are being “paranoid” or “reactionary”, while at the same time seem to curiously spending a good deal of energy trying to “shut everyone down” for voicing their concerns. And, at least stop dredging up matters that were between others that were actually resolved, that you already admit to not reading through anyway.
What you’re doing right now is the equivalent of the “troll-smash mode” you so righteously accuse me of practicing.
At least put some things into perspective:
1) No body flamed Christopher.
2) OG’s remark (and mine) to “Matthew” was warranted even under your own standards – he just made these curious troll-like comments, and didn’t qualify any of it with even a reason. And, I don’t mean links… just a reasonable explanation of why any of it was said. If anything, our bothering to even acknowledge Matthew on that should have served as an “invitation” to qualify it. (Which would have at least clarified whether he was a troll or not.)
3) Just because you don’t see the implications some here do, doesn’t make them less worthy, particularly when some proof of what’s being said is already there. For instance, you don’t see the “global” aspect of DPI, even though it’s one of things that should be glowingly obvious, given how it needs to be employed. That’s not my problem, or the problem of anyone else who does see it.
4) Anything that, by design, promotes surveillance or monitoring is considered “spy equipment”. It’s the raw truth, whether the stuff has admirable purposes or not. Nobody here wrote that one, and it’s not appropriate to flame anyone or call them “paranoid” for being concerned about the possible abuses, particularly when those that would use it haven’t given anyone a very good reason to trust them at this point. You can’t just label everything a “tin foil hat, paranoid-dillusional conspiracy theory”. That’s just nuts.
5) Do you really think Tom Koltai, someone who has experience in network operation, doesn’t know the what the realities of such a network applicance are, and is just guilty of some kind of “fear-mongering”?
6) Ask yourself, “Should “freedom of innovation” include freedom to stifle, exploit, or harm in any other way, existing subscribed technology and services that are in place and for which they are already drawing revenue?” (Bear in mind, providers don’t “own” the data they’re proposing to “manage”.)
7) Can’t we all… just get along?
: )
May 4th, 2009 at 1:54 pm
M2:
Psychotic says “whaaaat?” (THIS is why I’m not impressed by the level of discourse here of late).
What “garbage” was she throwing back, other than to browbeat him about how he was right because “it’s DANGEROUS to make people aware”? Sorry to tell you this, M2, but her “response” wasn’t particularly informative, and your reaction just confirmed my original thinking on this topic.
DA:
“@Henry:
I’m sorry if I contributed to upsetting you.
Hopefully, you’ve found the last posts to be a little more intelligent, and can see where our minds were at.
As mentioned above, you probably don’t have to think too far back to remember we had a similar experience which proved to have a similar cause (we were both “right”, just talking about two unrelated principles).”
Y’know, that happened here, too:
I mention:
1. Valenti lobbying to have the VCR banned because of it’s potential “harm” to his clients’ interests.
2. Scanner manufacturers being forced to lock out entire frequency-ranges (and degrade functionality at harmonics related to that frequency range) based on ill-founded, over-hyped jabbering by a bunch of ill-informed “privacy advocates” being manipulated by cellular corporations.
3. Hamfisted Bureaucratic over-reaction to something that wasn’t that big of a “problem” in the first place.
Meanwhile, YOU are talking about:
1. “Global impacts” which you postulate would follow inevitably from broad usage of DPI.
2. The presumed “fact” that DPI MUST only have “bad” uses, and isn’t/can’t be deployed for anything else.
3. Telling me to “lighten up”, after having gone all snotty at “Matthew” (because he agreed with aspects of what I — and Crosbie — said at different points, and kinda sneered at Jon while doing it.)
Yeah, we ARE talking about “two different principles”.
The only difference here is: I’m talking about technologies that DO exist, and laws that HAVE been passed, and you’re postulating a doomsday-scenario.
A mandatory block on certain frequency-ranges didn’t do a damn bit of good in regard to cellphone/cordless-phone users’ privacy. THAT was solved by means of base-to-handset encryption and steadily-increasing frequency ranges — but importantly, the law didn’t change to account for that fact, because — as we all know — “the law” is tortuously slow, AND SHOULD BE in many cases.
Valenti’s “concerns” about the consumer VCR proved to be unfounded.
Even ADVOCATES of Net Neutrality/opponents of DPI admit that mandating such things would lead to all sorts of “absurdity” (because doing so would also ban a lot of *good* implementations as well.
So yeah, goddamn RIGHT I’m “intense” on this.
I got “intense” when I heard Lessig’s stupid notions about how a “harmful to minors” tag should be mandatory in HTML, and sites that don’t comply with it’s use should be blocked. (Some advocate of “Internet Freedom” there, huh.)
I get REALLY “intense” when people advocate “solving” something that’s not anywhere near a real problem.
May 4th, 2009 at 2:17 pm
@Catelli
“DPI was the focus of the post. I’ve focused on shaping before in other posts. Don’t conflate the two.”
Sorry. I mentioned it because you did.
Also, I apologise if I misinterpreted you. To me, the tenor of your post came across as being in favour of DPI.
Cheers!
May 4th, 2009 at 2:55 pm
If this is a dupicate, I apologise. My last attempt appears to have been eaten.
@Jon
I am in favour of DPI, it has tremendous application in data acceleration technologies. Anything that can make a T1 circuit act like a 10 Mb circuit is gold in my books.
DPI also has some application in shaping technologies.
DPI is to shaping as ethernet is to TCP/IP. You don’t need it, but properly used it adds value.
Otherwise we’d all be on token ring…
May 4th, 2009 at 4:24 pm
Henry, your use of the post office/UPS parrallel was BS, does the post office rip your shit open to find out whats in it, to then better make sure of how its handled/prioritized??? Do they open the wifes insulin to see what it is??
NOPE they look at the addressing labels ect on the OUTSIDE to make sure it gets where its needed, when its needed.
So, how can DEEP PACKET INSPECTION compare?? Sorry but you need to chill!
May 4th, 2009 at 4:25 pm
And feel free to flame me like everyone else here, I’m fairly new out here, but I’m not gonna hide from alternate opinions!!
May 4th, 2009 at 7:43 pm
DA:
1. “That you don’t see the GLOBAL implications….”
Sure I do: the urban-legend that was circulating about the FEMA work-camps in the event of a national disaster, had bad implications too
And, yes, that was sarcasm – but I stand by it.
The “global” implications you’re talking about basically boil down to this:
“Premise A: it’s theoretically possible that if a particular technology is ‘permitted’ it’ll be put to bad uses.
“Therefore, it should be banned.”
That’s it: you don’t like the (hypothetical) notion that DPI could be used to spy on your packets (ignoring the fact that there’s myriad other technologies which achieve the same thing. Ignoring the fact that it’s even ridiculously simple to set up a “look-alike” website on a slightly different domain-name (taking advantage of identical-looking characters from other alphabets) as a means of identity-theft.
Ignoring the fact that it’s already possible via server-side scripting to “inject” stuff onto webpages.
Ignoring all of that (which you’ve failed to mention or acknowledge yet again — thanks so much), you instead continue to opperate from the premise that because DPI and traffic-shaping *could possibly* be used in a bad way, that automatically means they *will* be used in that way, and thus, the solution is *government involvement*.
That’s where my thing about Valenti lobbying to get the VCR banned came in.
And that’s where my cellphone-vs.-scanners thing came in.
But nobody seems to want to think about that.
And N01UNO:
“Henry, your use of the post office/UPS parrallel was BS, does the post office rip your shit open to find out whats in it, to then better make sure of how its handled/prioritized??? Do they open the wifes insulin to see what it is??
NOPE they look at the addressing labels ect on the OUTSIDE to make sure it gets where its needed, when its needed.
So, how can DEEP PACKET INSPECTION compare?? Sorry but you need to chill”
Yeah, the post office/UPS will “rip open your shit” to see if it’s explosives or anthrax.
They also routinely run “your” packages through ex-ray machines to make sure that you’re not sending a letterbomb.
My point here is:
1. DPI and traffic-shaping aren’t anything radically new, and DO have “legitimate” uses. (We should all understand the strawman involved in banning something simply because it *might* be used for illegal purposes or etc, right? Or does the fact that *some* peoplel link to copyright-monopolized material via Torrent files mean that Torrent files were DESIGNED specifically for doing so?
So that’s my first quibble — the inherent double-standard here, simply because DPI and traffic-shaping are technologies *YOU* don’t happen to like. Admit it.
2. My second quibble is: p2p/copyfighters SHOULD also be really suspicious of government “doing something”, even to “fix” a percieved problem, if for no other reason than that we’ve seen the type of thing they usually do. (Hinit: War on Drugs, War on Terror, etc. etc.
But we’ll just ignore that, too, because in THIS case, contrary to all historical precedent and everything we already know about how government works and “solves problems” — THIS time, they’ll get it “right”, and not over-regulate, or misunderstand the question.
Sure — that’s how we copyright terms that are de-facto perpetual while still being “limited” on paper. (The Eldred decision.)
3. Let’s also ignore the fact that, like I said before, even the guy who CAME UP WITH the “Net Neutrality” thing admits that poorly-worded legislation would lead to what he calls “absurdities”, and ban a whole swath of useful stuff like spam-blockers.
Because that’s what you’ve been doing so far, all the while concentrating on “global impacts” you basically pulled out of thin air.
Packet-agnosticism is a bad idea (which is why different levels of packet-inspection exist at all.)
Government regulators tend to be — at best — pretty clunky. Or are we — de facto “outlaws” that many of us are — now supposed to magically trust to the wisdom of regulations LOBBIED by corporate giants (Google and Microsoft) against OTHER corporate giants (the telecom companies.)?
“Have to chill” — yeah, sure I do.
On one side you raise the specter of a myriad of “micro-nets” where interoperability costs extra, if it’s allowed at all (the Compuserve Vs. Prodigy paradigm). Bad step backward, IF it was actually implimented, which is nowhere near likely to happen.
Your proposed solution: government “doing something” to mandate potentially “good” technologies out of existence, to prevent something that’s exceedingly unlikely to even happen.
Right.
Hey, Catelli:
Great to see you here! Don’t mind me — some of us do this kind of thing pretty frequently.
May 4th, 2009 at 8:54 pm
And yes, DA, we CAN all “just get along”
(BTW: If you don’t like my intensity, why were you and Surfer and such cheering me on during those verbal “beat-downs” I used to give our ol’ pal “Sam”? So you ended up on the whip-end of my skepticism related to “Net Neutrality.” Big deal.
Walk it off.
It’s not like I didn’t understand your concerns. It’s more like: I “get” it, but as far as I can tell, Net Neutrality/anti-DPI folks are answering the wrong question. It’s like when Southerners reacted badly to the “Federal Tyranny” involved in enforcement of the “equal protection” clause during the Civil Rights movement. They *thought* it was about “State’s Rights” and the separation of powers, when they were *really( defending what amounted to a localized system of de-facto apartheid.
I hope we’re actually “hearing” each other at this point.
May 4th, 2009 at 9:11 pm
DPI doesn’t rip open a packet. That information is already there in the clear. To extend the post office analogy:
Using the Internet is like using the post office. But each word of your letter is on a separate piece of paper in a clear plastic envelope. Anyone that looks can see that word. No opening of the envelope is required. All addressing information is included on each and every envelope as well as a numbering tag. The route (or the sorter) used for each envelope could be different, but all envelopes get to the destination.
Everything that is sent is in the clear. No ripping or destruction required.
Banning DPI doesn’t increase security. Your information is in the clear, available to be read by anyone that just looks at it. Just because DPI wasn’t used in the past by ISPs didn’t mean that the data was that more secure. They just weren’t looking.
A tree that falls in the forest still makes a sound, regardless of whether someone was there to hear it or not.
May 4th, 2009 at 9:13 pm
“A tree that falls in the forest still makes a sound …”
Can you prove that conclusively?
Cheers!
May 4th, 2009 at 10:09 pm
Jon:
“Can you prove that conclusively?”
At this point, I can’t even prove my own existence conclusively (even to myself!)
To everybody: one of the things I genuinely love about p2pnet, is that we can all feel free to “play rough” from time to time, and not get all weird about it. I may play “rougher” than some, but that’s just me. Don’t take it personally.
Jon used to call me up (yeah,he has my phone number!) after the squabbles with “Sam”, and tell me to get him out of my vision (because I do tend to be obsessive to the point of crazy at times — DA, like I said, we really ARE “kindred spirits” in a lot of ways.)
Catelli said:
“DPI doesn’t rip open a packet. That information is already there in the clear. To extend the post office analogy:
Using the Internet is like using the post office. But each word of your letter is on a separate piece of paper in a clear plastic envelope. Anyone that looks can see that word. No opening of the envelope is required. All addressing information is included on each and every envelope as well as a numbering tag. The route (or the sorter) used for each envelope could be different, but all envelopes get to the destination.
Everything that is sent is in the clear. No ripping or destruction required.
Banning DPI doesn’t increase security. Your information is in the clear, available to be read by anyone that just looks at it. Just because DPI wasn’t used in the past by ISPs didn’t mean that the data was that more secure. They just weren’t looking.”
And n0uino said (way back at the beginning of this debacle):
“Obviously DPI needs to go away, meanwhile what do you mean by PVCs??
Im not familar with the term, (yeah i know its lame) but i am trying to
learn all i can to keep my privacy intact! google is bad enough as is
I damn sure dont want DPI, what’s mine is mine, they dont have any right
to look at what I’m doing on the web, in my home, or wherever !!!”
Oh Boo ho, poor you — “they” (somebody, somewhere, maybe) can see what you’re doing online.
Google is “bad enough” because they use user-data for targeted advertising?
Why all the paranoia about the “privacy threat” posed by DPI, but not the one posed by the mere existence of logging of ANY KIND?
And why no big (corporate-sponsored) fake-grassroots movement urging that all forms of logging/caching be banned?
The “Net Neutrality”/anti-DPI thing is just another instance of “Astroturf” — a puppet-show orchestrated by Google and Microsoft, with the DOJ just right behind, because you just know that an increased governmental role over how packets are permitted to be used benefits them immensely.
The “patriot act” was pitched as a solution to a threat with “global impact”, too — or did that go down the memory-hole, too?
May 4th, 2009 at 11:53 pm
@ Henry, nobody at my house is offended by your comments, I understand my lack of understanding on alot of issues.
BTW i dont recall saying I want the bloody gov’t to fix this problem either, I understand that the packets we put out have to be checked for QOS, destination and source. Thats not a problem IMHO, but it looks to me like if they can get what they NEED to properly handle the packets and get them where they go from the low surface level then thats all they should be looking at. I DONT WANT targeted adds based on what I’m doing out here, and if we look at this WHOLE DPI system honestly, it does look like the potential for ABUSE by gov’t is in fact there.
Side note, by being involved in this “heated discussion” I have been looking at what data I can about DPI and am learning alot,
I thank everyone whos been involved for that, including you Henry, for making me think and helping me LEARN!!
And I think Jon will agree with me that is at least a part of what sites like this, are for!
May 5th, 2009 at 12:53 am
N01uno:
Your welcome, if I did help you learn. That’s what’s good about sites and discussions like this.
And my concern wasn’t whether anybody was “offended by my comments”.
But remember that you did — back in the first post — state that DPI should “go away” — without actually understanding what it was/how it worked etc. It’s really dangerous to claim that “something needs to be done” without an accurate understanding of the facts of the case from ALL sides. That way, after hearing all sides of the issue, you can decide how to proceed, and what to support.
My problem with the DPI discussion is the same as I have with the whole “net Neutrality” thing, AND the people who supported Bush’s proto-fascist bullshit on the grounds that it “made us safer”: it’s not that the people supporting those things don’t have legitimate concerns — it’s that they advocate really bad solutions to those concerns.
Now Jon has “yawned” at me over in another thread (which I figure means that I have evidently beat this discussion to death with a hatchet, in my typically obsessive fashion. Frankly, I was glad to do it, because there needs to be at least ONE dissenting voice at all times — even if such “dissent” later turns out to be ill-founded or incorrect.
It keeps the groupthink down.
I still genuinely want to know why people thought it was interesting/fun to watch me rip into Sam, but then they get all precious about it, when I give them a tiny fraction of what HE got. I really want to know that.
Catelli:
Thanks for jumping into the discussion, dude — you and the computer-science major are probably the most directly knowledgeable about this topic.
May 5th, 2009 at 2:11 am
Jon:
“Also, I apologise if I misinterpreted you. To me, the tenor of your post came across as being in favour of DPI.”
Catalli:
“The only point I am promoting is that using DPI to shape traffic is an essential part of network management. Anything else would result in network anarchy with frequent outages. So if we want a ban on shaping in any guise, then be prepared for the consequences.
If you understand those consequences (multiple resource not found errors) than by all means, go ahead, get governments to ban shaping technologies on public connections. Be my guest. I really don’t care.”
I don’t know if he’s “in favor” of it, so much as stating that — at least in some form — it’s required to keep the network functional at all.
Turning that into a claim that he’s “in favor” of DPI is like claiming that if you get gangrene and doctors have to remove your leg, they’re automatically “in favor” of amputation.
Or (to use a more timely example) that those who say women should have access to legal abortions so they don’t end up dead from back-alley proceedures are somehow “in favor” of abortion.
Just a clarification for Y’all
Bye, Y’all!