Charter Watcher

Charter lies about a lot more than just privacy

A couple of months ago I saw a commercial for Charter Communications which featured a man in a suit sitting at a computer talking about fiber optics. He explained that Verizon was getting a lot of publicity of their FIOS service, but maintained that Charter had been using fiber optics for years, insinuating that the services were equal in terms of speed and reliability. Then he pretended to type. Not only can Charter not hire competent executives or managers, but they can’t even get an actor to type convincingly on cue.

It bothered me even then that Charter would lie so boldly. Of course they use fiber optics in their network, as does virtually every company with more than a half dozen servers. Heck, my third bedroom has some fiber in play for my personal servers, and I’ve been using fiber to connect my music hardware for almost a decade. Does that put my technology on par with Charter’s? With Verizon’s? Since I use fiber too, can I now go on television and promise to deliver the exact same thing that these companies do?

Of course the answer is no, but that doesn’t stop Charter from comparing their decades-old cable technology to Verizon’s cutting-edge FIOS. It’s so blatant that even Forbes did a piece on it.

From the article:

Mike Weaver in Watauga, Texas, saw an ad from Charter Communications Inc. that talked about “advanced fiber optics,” and was disappointed when he realized that the cable company isn’t drawing fiber to the home. He wants the faster Internet speeds provided by FiOS, he said.

Charter spokeswoman Anita Lamont said the intent behind the current ads, which say the company has been using fiber for the last 10 years, “is to reassure current Charter customers that they too have fiber optic technology bringing their homes to life.”

Mike saw the same commercial I saw. In it Charter obviously compares their fiber optic network to Verizon’s, which indicates that Charter too offers fiber to the doorstep. According to Anita Lamont, this commercial is intended to do just that. Charter knows that the vast majority of customers won’t know that the fiber optic being touted in their commercials only refers to that in use in their datacenters. Charter knows that the majority of their customers won’t call them on their BS when they see a plain old coaxial cable strung across their backyard. Charter thinks that they can lie with impunity, and that no one will do anything about it. That is how much they think of you and I as customers.

So why is it surprising when they employ the same techniques in dealing with privacy? Charter’s standard procedure is to lie, bend the truth, and spread misinformation. We all know that they don’t have the same fiber optic network as Verizon, and we all know that they won’t protect our privacy.

But that isn’t going to stop them from lying through their teeth about it. There’s money to be made, and the truth is the only thing left standing in the way. Somebody call Ted Schremp. There’s BS that needs to be spread.

NebuAD is as bad as we thought

It seems like everyone has a recent article on NebuAD’s technology, which was once thought to be simple deep packet inspection only. As it turns out, NebuAD is actually conducting browser hijacks and modifying packets. The legality of this kind of thing isn’t really questionable. NebuAD is actively engaged in criminal activity.

From the article at eWeek:

According to a new technical report (PDF) by Free Press and Public Knowledge, NebuAd uses special equipment that “monitors, intercepts and modifies the contents of Internet packets” as consumers go online. The report found that NebuAd inserts extra hidden code into users’ Web browsers that was not sent by the Web site being visited.

In turn, the code directs the browser to another site not requested or even seen by the consumer, where more hidden code is downloaded and executed to add more tracking cookies. Using the secretly collected information, NebuAd serves up ads based on the user’s browsing habits.

There have been concerns that NebuAD might modify packets or inject script. This comes on the heels of a report last week showing how a company providing the same kind of wiretapping in England is actually crashing people’s browsers. I wonder what the penalties are for modifying copyrighted content, spying illegally on users, then crashing a user’s browser. I guess it’ll all depend on how much cash Charter brings to the upcoming hearings.

What interests me even more about this revelation is that it completely negates NebuAD’s previous statements on anonymity. Even if Charter is handing NebuAD completely anonymous lumps of raw data, stripped of sensitive subjects and identifiable information, NebuAD can just use this data to redirect you to one of their sites in order to load your browser up full of additional tracking software not hindered by Charter’s anonymity attempts. With a few tracking cookies and a bit of javascript now and again NebuAD could conceivably build a personal dossier on every Charter customer, complete with names, emails, association, interests, and lifestyle choices.

From the article at Wired:

NebuAd has conceded that its boxes peer deep into internet packets to pull out URLs and search terms in order to classify each user’s interests. That profile is then used deliver tailored ads on various partner websites.

Wait a minute. Didn’t Charter’s Ted Schremp, senior vice president of product management and strategy, definitively say that this system did not use deep packet inspection? Why yes, he did, in an interview with CNET here. The exact quote, in fact, was:

“The enhanced advertising solution does not utilize deep packet inspection. It looks at URL level information only. That’s another point of misinformation on the Net.”

Misinformation? I guess you would know better than anyone else about that, Mr. Schremp. The only thing customers can be 100% sure about is the unending stream of complete and utter BS coming out of both Charter and NebuAD. Misinformation exists because it has been used as a tool by both of these companies to obfuscate the true nature of the technology being employed. Slowly but surely, however, the truth is coming out. And it’s not pretty, especially for NebuAD. They’ve been counting on their program running quietly behind the scenes and under the radar.

From the article at MediaPost:

NebuAd said in a statement Wednesday that it was “disappointed with the misleading characterization” of its company in the report. NebuAd stated that its technology is no different from that of other ad networks. “Similar to most ad networks, we place cookies on users’ machines … All ad networks use a small piece of code that is temporary and operates only within the security framework of the browser to invoke the placement of ad network cookies. The code NebuAd uses is no different, and is clearly demarcated outside of and does not modify any publisher code.”

These people are delusional. Their technology is “no different from that of other ad networks”?! Maybe the fact that their advertising is based on a constant stream of my personal information passing through their system makes it different. Maybe their access to each and every packet which comes or goes from my house makes it different. Maybe their injecting javascript and redirects into sites owned by other people makes it different. Maybe the fact that they refuse to disclose their technology makes it different. Maybe their lack of patents makes it different. Maybe the fact that it is nowhere near “anonymous” makes it different.

Sure, NebuAD uses a cookie just like every other advertising company out there, but there’s a lot more than just a cookie in play here. There are evil men (and women) working hard to profit from the personal lives of you and I. They’re willing to spy on us, wiretap us, and monitor our every communication to make a buck, and in the end the only thing we can be completely sure that we’re getting out of the deal is crashed browsers, stolen identities, broken websites, and violations of our right to free association.

Exactly what do we have to do to stop companies like NebuAD from spreading such terrible practices into the world? It really makes you wonder how some of these people live with themselves.

Confirmed: Charter is listening

Mediapost has an article this morning that showed up in Google Finance about Charter’s delay in selling our personal information to NebuAD. It seems like concerns over privacy may be partly to blame, but a quote from a Charter rep is the most telling part of this story.

From the article:

A Charter spokesperson attributed the delay to technology issues. “It will happen when we’re technologically ready,” the spokesperson told Online Media Daily.

This doesn’t surprise me either. As I’ve talked about before, Charter doesn’t have the slightest clue how this is going to work. Charter customers will tell you how bad their network is in general, with outages being far too common and complete hackery on the part of techs and admins being par for the course. Let’s not forget the thousands of email accounts which had all of their data erased back in January. This is what makes Charter’s wiretapping program so terrible. These people can hardly keep their own subscribers online and functional, and yet they want to dedicate their resources to something which, if done poorly, will have vast privacy implications to more than three million Americans. And you can bet your bottom dollar that if Charter does this, it will in fact be done poorly.

If you’re a Charter stockholder you might want to start getting concerned now too. Not only will this program likely lead to a pretty significant drop in subscribers, it will eventually give way to some horribly huge lawsuits. Imagine how many zeros are going to be in the checks paid out to people who have reporters knock on their doors based on information being captured by Charter. It happened to AOL with their “anonymous” customer information, and there’s a 100% chance that Charter will leak private data at some point through this program. Meanwhile Charter is just barely rebounding from having been delisted from Nasdaq, and when this program blows up in their face I’m sure their stock will once again crumble.

It’s good to see that Google Finance is picking up on the story, and I expect to see more financial publications taking it on as details unfold. Anytime a company is making decisions which severely threaten the financial well being of not only the company, but that of every customer which the company serves, it’s a safe bet that the market folks will take an interest.

Charter starts to feel the heat

An article in the East Oregonian discusses Charter’s plans to begin wiretapping its customers, and explains why Charter has yet to flip the on switch just yet. After posting up several articles where Charter vice president Ted Schremp contradicts himself in explaining the technology, and further learning that NebuAD’s hardware doesn’t even function according to their own patents, I somehow believed that they weren’t starting yet due to sheer incompetence. Apparently they’ve gotten past the fact that they themselves have no clue how the technology works and can’t coherently explain it to the public though. Their holdup isn’t technical though, you see; it’s legal.

From the article:

Charter’s proposal, however, caught the attention of two U.S. House members. Massachusetts Democrat Rep. Edward J. Markey and Texas Republican Rep. Joe Barton sent a letter expressing serious concerns about the plan to Charter President and Chief Executive Officer Neil Smit.

Markey is the chairman of the House Subcommittee on Telecommunications and the Internet and Barton is a ranking member on the House Committee on Energy and Commerce.

The lawmakers told Smit Charter’s plan to collect information about its customers’ Web-related habits without their prior consent “raises substantial questions related to Section 631″ of the federal Communications Act.

Charter spokeswoman Anita Lamont said Smit and the two lawmakers and their staff held a “low key” meeting this week. She said Charter hasn’t decided anything for certain and hasn’t moved forward with its plan to pilot the program this month.

I like the idea of a “low key” meeting which halts the progress of completely illegal and anti-customer programs. Congressional hearings are coming up very soon, and I expect to hear some of the things Markey and Barton said behind closed doors aired in public.

A few of the things Congress needs to address are:

• Why doesn’t this program require an opt-in as opposed to an opt-out?
• If the law requires all “enhancements” which collect data to benefit the customer, do Charter’s outright lies about this program being beneficial fall under illegal and/or misleading statements?
• What about the “chilling effect” with this program? If a person who knows they’re being monitored does not feel comfortable alerting their psychiatrist on a tapped telephone or Internet connection and later goes on to kill twenty people, does the company which instituted the monitoring bear some liability?
• Charter and NebuAD have been using very different language in explaining this program in several different ways. Congress needs to get clearly-understandable technical documentation on this program in the hands of the public.
• What is NebuAD’s legal responsibility with data purchased from Charter? They’ve expressed intent to sell it to other companies, for instance. Can they really do that?
• What are the legal ramifications for Charter if and when this data is made available to the public? We all know it’s only a matter of time before anyone who wants it will have access to several gigs of Charter customer click stream. What happens then?
• Does this program have any future intentions, such as detecting copyright infringement or supplying warrantless data on civilians to the U.S. Government?

The good news is that Charter’s program has been halted, presumably by the efforts of Markey and Barton. I’m sure they’ll send a couple of slick executives with trunks loaded with stacks of cash to ensure that Congress sees things their way. Maybe we’ll get lucky though, and Charter will suffer a setback that isn’t predicated on their being run by the best team of retarded monkeys ever to run a communications company into the ground.

How Charter and the federal government monitor you

I had the most interesting conversation with a Charter employee on Thursday. A couple of weeks ago I was speaking with Carla Conner, who is Charter’s customer care advocate for government issues. After explaining my concerns, a task made difficult by her lack of technical background, I asked to be escalated to her boss. Several weeks and a half-dozen phone calls later, I finally got a telephone call from a fellow named Michael Perisho, whose title I do not yet know.

I told Mike how Charter’s program would be invasive to privacy, that there were concerns with information being sold to third party advertising companies, that customers would be chilled from using their Internet access to conduct sensitive business knowing that they were monitored, that Charter’s misleading speech on the program was abusive to the public trust, and that American citizens had a right to be free from monitoring without a court order. What he said next absolutely floored me.

Charter Communications, and all other ISP’s, have monitoring hardware supplied by the United States federal government which maintains a records of what sites a customer visits. He explained in detail how smaller ISP’s which may not have the money to implement the technology themselves get it done for them by the government. He went on to explain that certain websites and material gets flagged and automatically turned over to the feds, which I assume is done without a warrant. He then went a step further, describing how at times the government will visit some specific and targeted web sites with an unknown IP address to check up on Charter to ensure that the system works, fining those ISPs which do not capture or report the traffic.

The Fourth Amendment to the United States Constitution states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Our founding fathers could not possibly have envisioned the rise of the Internet. They had no concept of an ISP. They did, however, account for every shred of personal property a person could own in their time. Their person, houses, papers, effects; one can surely categorize one’s own email inbox, bookmarks, and surfing habits as being among one’s personal papers or effects. The obvious conclusion is that a government organization attempting to gather data on an Internet user must have a warrant, if we’re to believe that the Constitution has any standing. The question is, when Charter and other ISP’s are installing their data retention hardware and colluding with the federal government to monitor your traffic, are they doing so in a manner which is consistent with United States law? If so, is the law which grants them access to such information consistent with the Constitution? Finally, why would Michael Perisho, when confronted with a broad line of questioning regarding Charter’s new advertising program, choose to start discussing Charter’s government-mandated monitoring instead?

Charter’s intention to pair up with NebuAD to monitor customers for the purposes of increasing advertising revenue is a major violation of both personal and consumer privacy. Charter’s collusion with the federal government to turn over information about a customer based on their surfing habits is unconstitutional, going completely against of one of our most basic freedoms. I can sort of see how Michael could get the two mixed up. They’re both really nasty, and both likely to eventually result in testimony before Congress.

What really bothers me is the future implications of these programs existing within the same network infrastructure. If Charter somehow gets the legal go-ahead with this deep packet inspection program, what’s to stop NebuAD’s unpatented, unexplained, untested hardware appliance from directing every blob with your MAC, IP, and raw packet to another database before creating their “anonymous” profiles? We’re talking about a literal recreation of your entire browsing history. If Charter and the federal government are already involved in red-flagging people for the feds, what’s to stop them from using the already-available DPI data mined for free by NebuAD to improve their hit rate?

Charter is currently only alerting the government when people visit certain websites. Soon they might be capable of alerting the feds when you string certain words together across a series of emails. They’ll also be able to turn over a complete reproduction of your clickstream to back it up. They’ll do this automatically, based on the keywords you type, the websites you visit, or the content of any emails you send or receive. Maybe they’ll have warrants, maybe they won’t.

But you’re not supposed to care. You’re next in line to get Charter’s “enhanced service,” which will help you keep up with the latest fashion by providing you with an endless stream of enhanced advertising directed to your personal interests. Ted Schremp, your personal guide to the world of better ads, is here to help!

NPR gets it totally wrong

NPR posted an absolutely terrible article on Charter’s wiretapping program today. Cyrus Farivar spends most of the piece drawing stupid comparisons to Google and Facebook, dedicating nary a word to Congressional interest and legal aspects of the topic. I guess maybe I just expect more out of NPR, but even the audio accompanying the story is bad. If anyone from NPR is reading this, you can contact me here when you’d like a coherent and thorough report on this case.

From the article:

[F]our years ago, when Google launched its free Web-based Gmail, a lot of people were concerned that Google would be scanning private e-mails to allow targeted ads. Today, most people don’t seem to mind so much and continue to use it. Just like Gmail, Blum says, some customers might not mind the more targeted ads.

Let me explain this again for Mr. Farivar and Mr. Blum:

What Google does is legal because the data they collect does not leave the company. Gmail users do not have their information sold to an advertising company because Google itself is the advertising company. As long as Google is competent enough to protect the data used to generate the advertising, which most reasonable people believe Google to be, then the privacy concern in their case is not as significant. I’m not saying it doesn’t exist, and I’m not suggesting that what Google does is right (because it isn’t), but at least what Google does is legal, as it isn’t predicated on user data being sent into the wild.

Charter, on the other hand, is breaking several federal laws. As an ISP they are held to regulations which disallow them from collecting data from their customers outside of that which is legally mandated. There is very little comparison to be drawn between the program put forth by Charter and NebuAD and that run by Google.

Charter would not go on the record to discuss its upcoming ad program, but the company already makes it possible for customers to opt out.

Do they now? Perhaps the dozens of articles to the contrary should have been consulted prior to your submitting a report to NPR on the matter, Mr. Farivar.

At its core, Charter’s initiaive is about money, says Chris Hoofnagle, a privacy law expert at the University of California, Berkeley.

“ISPs have to find a way to become profitable,” says Hoofnagle. “And they need to find ways to generate revenue on top of merely connecting people to the Internet.”

I don’t think anyone has any problem with Charter finding new ways to make money. That’s what companies are supposed to do. Nobody is ever going to speak negatively of Charter for exploring new ways to make money, except when those ways stomp all over the very people responsible for their current income. It’s robbing Peter to pay Paul. Wait, no, it’s selling Peter’s personal information to a bunch of people on the Internet so that they can steal Peter’s identity for fun and for profit, from which you will receive a kickback which you then use to pay Paul. Or better yet, just forget Paul and give Ted Schremp a bigger bonus!

Indeed, a recent filing with the Securities and Exchange Commission states that Charter is $20 billion in debt, has lost billions of dollars over the last three years, and adds that the company expects “to continue to incur net losses for the foreseeable future.”

I wasn’t aware of that. That’s the best news I’ve heard all week.

Wired goes after NebuAD

Wired is back with another great article, this time about Charter’s partner-in-crime NebuAD. Everything about this company just oozes sleaze. Just look at their website. It’s not inviting or inventive, it’s just a blob. And wait until you see some of these quotes.

From the article:

“NebuAd does not overlay ads, inject ads or otherwise alter ads that are already displayed on a publisher’s web site,” [vice president of marketing Janet] McGraw said. “Observers should not infer from any patent how our business actually operates.”

Oh, so you’re going to team up with Charter to monitor us in a super secret way that has nothing to do with anything you’ve previously put on record? Thanks NebuAD, I feel so much better about my personal information being protected now.

McGraw says the company doesn’t need to read the cookie to respect the users’ opt-out request. The company has a way to create a unique identifier for each user based on information their browsers sends with any request for a web page.

“This association is done by applying proprietary patent-pending user identification algorithms that makes use of multiple elements of a browser request,” McGraw said in a written response to questions.

The company didn’t explain why it sets a cookie to begin with.

I’m starting to think that Janet McGraw went to the same school as Ted Schremp. “It doesn’t work like we said it did before, and it doesn’t work like Charter says it does. It’s something completely different, made from the breath of unicorns and programmed by elves in a far-off land.” How are we customers supposed to accept this program if the people running it can’t even pin down how it works? And where the hell do these companies find their marketing people?

THREAT LEVEL was unable to find a patent application for that system.

Wait, so you mean Janet McGraw, vice president of marketing for NebuAD and otherwise upstanding corporate citizen, was lying? You mean this system doesn’t completely protect every single aspect of my privacy despite its being kept completely secret? I didn’t know that companies were allowed to outright lie about how they protect customer privacy. I thought there were all sorts of laws about that.

NebuAd’s president Bob Dykes backed out of a planned interview with THREAT LEVEL last Tuesday, asking instead to answer written question. Days later, McGraw provided some information related to a few of the questions, but declined to answer most on the grounds they related to NebuAd’s “proprietary technology.”

Oh, it’s proprietary. Now I understand. You can’t tell me how you’re spying on me because you’ve found an incredibly clever approach that you don’t want your competition to find out about. Never mind the fact that there are a relatively limited number of ways to accomplish IP wiretapping, all of which are widely published. We all believe you when you say you’ve come up with something completely new to do to a protocol which has been around for over 30 years.

McGraw did not respond to a follow-up email Wednesday asking for clarification of how the opt-out system worked and for answers to the original, non-technical questions. The questions the company refused to answer are below.

• How deep into packets are you going to extract urls? How does Nebuads know what a given url means? Are the urls manually reviewed, ala the early days of ask jeeves, or do you use some sort of spider tied to a classification algorithm? How does the system handle search engine queries?
• How does opt-out system work with a cookie, given that NebuAd is a network appliance and can’t read the opt-out cookie unless the user goes to a specific site so that the cookie can be released and thus either read by Nebuad.com or read in the TCP stream. It seems that an ISP’s customers can opt out of the ads but not the monitoring? If that’s incorrect, please explain how the opt-out works? How does this system fit with the promises made on the NebuAd opt-out page?
• Why should an ISP’s customers want to allow your company to monitor their web usage?
• Is there anyone at the company with a background in privacy?
• If a customer wanted to see the profile NebuAd had built up about them, how would they do so?
• What exernal auditing has NebuAd had? Does the company plan to perform audits on an ongoing basis? Will any of those reports be public?
• Are your network boxes capable of injecting content into packets?
• What security measures does NebuAd take to lock down the network appliances and prevent NebuAd from being used for a Man-in-the-Middle attack?
• How long does NebuAd keep data?

This looks to me like a list of questions Congress needs to put in front of NebuAD. Heck, why not just let Ryan Singel do the questioning himself? He seems like a capable sort.

Does NebuAD sound like a company that you want snooping around in your web traffic? They don’t even know what they’re doing, and they certainly aren’t on the same page with Charter. Ultimately it is we the customer who should have the final say as to whether our activity is tracked, and we should be given every opportunity to review the methods by which it is accomplished.

Poisoning Charter’s wiretapping data

Ever since I heard about Charter’s intention to capture my personal browsing habits and sell them to advertising companies, I’ve been looking for ways to protect my privacy against my own ISP. It’s not something any customer should have to do, and it says a lot about both Charter Communications and the elected representatives in the United States that we as customers find ourselves in this position.

Because of the specific manner in which Charter and NebuAD wiretap our connections, there is no way to route traffic around their snooping. We could use proxy servers, but there’s no guarantee that their deep packet inspection process couldn’t derive our intentions even from that. We could use encrypted proxies, but the average speed of a public encrypted proxy defeats the purpose of having broadband access anyway. We could just opt-out, but that’s a complete farce and would only give Adblock Plus new content to shut down. No, there just doesn’t seem to be a good technical way to get around Charter’s illegal monitoring program.

So why not just poison the data?

I’ve written a script which will access a random website, then randomly follow random links from that random website 30 times. It is called by a second script every minute which launches several iterations of the poisoning process, which runs several instances of the poisoning script concurrently. The result is a quick burst of activity which will mask any legitimate traffic my wife or I put on Charter’s system. Since NebuAD has no way of distinguishing the requests apart, the categorical interests which Charter and NebuAD assign to our household, and thus our advertising stream, will be completely useless to anyone.

It’s a shame that my only defense to being monitored by a private company in violation of several federal laws is to build a Linux workstation and script a custom solution. But that’s how it is, and until we either convince Charter to end their illegal wiretapping program or put them out of business, my Linux machine will visit thirty one web pages five times every minute.

That’s 155 pages per minute. 9,300 pages per hour. Over 220,000 pages per day.

You can download the poisoning script for yourself here. Feel free to modify and redistribute. If you find a way to significantly improve upon it, please send me a copy so that I can make it available.

My letter to The Consumerist

A letter I wrote to The Consumerist a few days ago was just published as an update to their previous coverage of Charter’s illegal wiretapping program. It’s good that they’re covering this, because Charter doesn’t seem to understand that their customers are pretty much universally pissed. Here’s my letter (areas highlighted by The Consumerist have been left as such):

Dear Consumerist,

I spent a long time last night looking into the way Charter is handling this program, and based on their own explanation it’s obvious that the cookie is not a “real” opt-out. Here’s why.

When a customer clicks a link, advertisement, or visits a page, Charter will capture the browsing data and send it to the third-party advertising provider. If Charter wanted to offer a functional opt-out, it would be at this deep-packet inspection level. The do not offer a way out of that service, however. The only thing they offer is the cookie-based solution you’ve previously covered, which merely tells the third-party organization not to match the machine with the DPI-harvested data or deliver the advertising. Customer browsing is still being captured and is still being turned over regardless of anyone’s individual opt-out status, but the third party is just blocked from doing anything with it by the cookie.

I might also point out that by doing this Charter is explicitly requesting that their customers choose not to follow safe browsing best practices. Every modern browser available today has an option for clearing cookies when the browser is closed, and many people choose to take advantage of this practice, myself included. Charter is either demanding that I and many others either fill out their form several dozen times per day (every time we open our browser) or specifically switch off browsing features intended to keep customers safe. Neither of these are acceptable, of course.

I am going to contact Charter’s executive team again this morning on the matter, as well as an attorney. I have not been notified of Charter’s changes through a letter or email, and learned about this program last night via other means. Having read through the Cable Privacy Act, which governs Charter’s use of personally identifiable information, I have discovered no fewer than three potential violations. Moreover, Charter is required by law to make any collected data available to its customers, so I would suggest that all Charter customers request their DPI browsing data on a daily basis, and file appropriate complaints when they fail to deliver it as required by law.

They’re not going to stop doing this until or unless they lose more money than they make on it. We have vehicles available to us to lose them vast sums of money on this project, if only the word gets out.

I did contact an attorney here in town, but he flat-out refused to consider the case. Maybe his being on the Chamber of Commerce, who bears partial responsibility for saddling myself and my neighbors with the scourge that is Charter Communications by granting them a monopoly, had something to do with his decision. Congress has since gotten involved, so I’m going to wait before I call another one. We might yet still get out of this without individual legal action being necessary.

Wired breaks down Charter’s pretend “opt-out”

Wired has done a great job of covering Charter’s new anti-customer-privacy advertising initiative, but their offering today simply takes the cake. Chock full of technical information, Wired takes a deep look at the technology employed by NebuAD in their collusion with Charter to spy on everything we broadband subscribers do online.

From the article:

NebuAd’s appliance categorizes users and their interests, and then uses the data to customize ads on the internet. Charter says the device will not actively inject NebuAd’s advertising into web sessions, but rather NebuAd will provide the profile information to third-party advertisers already paying to place their ads on major websites.

So now we’re learning that Charter sells our information to NebuAD, who then makes it available to even more companies? At exactly what point is the customer’s privacy taken into consideration in this chain of events? Is it before or after the data gets sold to NebuAD, who has no legal obligation not to resell your habits to every data-mining house on the planet?

Charter’s own opt-out page is careful not to claim that opted-out users won’t be monitored, saying only that if a user “would like to opt-out of this process” an opt-out cookie means they “will no longer receive ads that are tailored to your web preferences, usage patterns and commercial interests.”

Indeed, it is possible that the cookie system works to prevent opted-out users from receiving the third-party ads, and it could stop NebuAd from sharing a user’s profile with third-party ad networks — assuming those networks include a NebuAd image file, or some other embedded code, in the ads they serve on the web. But NebuAd’s claim that you can opt-out of the surveillance itself remains unexplained.

But don’t worry. I’m sure Ted Schremp has six or seven different explanations he can offer on the matter, each one more puppy dog and rainbow than the last.

In all seriousness, Charter Communications commits a federal crime every time it collects data on a customer which isn’t used to enhance their service. They commit a second federal crime every time they sell our information without our express consent allowing them to do so. Once the information is in NebuAD’s hands, though, they can do whatever they want with it. They’re not explaining their opt-out system because, to be blunt, they’re not under any obligation to reveal anything at all about it. Charter is the one on the hook for committing the crimes, so why not just let them lie about it?

There are also lingering questions about whether NebuAd’s systems are as non-invasive as described. A patent application filed by the company in March 2007 describes a monitoring system that actually manipulates data packets and replaces advertisements on third-party websites with their own ads.

Finally, Charter gets company as NebuAD commits federal copyright violations!

The legality of eavesdropping on Americans’ internet usage also isn’t clear. The practice could violate anti-wiretapping law, according to recent analyses of the legality of academic internet research, because the law says an ISP is only allowed to monitors its customers for security reasons.

Could violate the law? If the law says that an ISP can only monitor customers for security reasons, but Charter monitors its customers in order to sell their surfing habits for increased profits, then how exactly is that a matter of “could.” If I’m not mistaken, that’s a pretty direct violation.

But why wait for the lawyers to settle that? Charter wants to monitor you now.