Comment by jacobgkau

> I want privacy codified in human law

Article 12

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks

- Paris, 1948, Universal Declaration of Human Rights

> It pains me every time a “well behaved” website pops up a cookie consent banner for the billionth time after I already consented because the browser wiped all the persistent user identifiers available to it.

Do yourself a favor and enable the Cookie lists in uBlock Origin.

I'm personally grateful that a law requires my consent before tracking me. That means I should not be tracked without me saying OK without monetary risks.

>>We suffer from a problem that engineers want nothing to do with politics.

More on point, we suffer from a problem that far too many people of all walks of life want nothing to do with politics.

Plato made the most accurate point 2300 years ago: "The penalty for not being involved in politics is you will be ruled by your inferiors."

And, even though you may not be interested in politics, politics is ALWAYS interested in you.

The reason is our government and regulators are captured by business concerns which profit from our data. The government in turn views mass surveillance as a powerful tool for social control. Although there are many more people whose privacy is violated by these policies than benefit from them, the rich and powerful minority is more organized in its efforts and thus comes out ahead in the balance of power.

> It pains me every time a “well behaved” website pops up a cookie consent banner for the billionth time after I already consented because the browser wiped all the persistent user identifiers available to it. For my protection -_-

https://www.i-dont-care-about-cookies.eu/

Yep, you're right on the money. The correct course of action is for those of use who recognize this to cease arguing on the Internet with those who don't and connect with one another offline. We're in dire need of something akin to a 21st century Continental Congress.

"engineers want nothing to do with politics". Do you mean Comcast engineers see this as a purely technical challenge without caring about implications? In general we are seeing more engineers taking positions on a variety of political issues.

While I agree that we should have legal codes protecting our online and digital rights, I’m convinced that there are enough Bad People on the Internet that we do indeed still need strong technical protections as well.

I’ve been asked at work to build less than savory stuff, here are some general observations, none of which are admittedly an excuse:

* you get caught up in the moment, hell bent on solving the problem you don’t really think twice

* you don’t want to get that stink on you, you don’t want to be that guy that brings this type of stuff up

* you are mindful of the fact that you are being very well compensated to build it and you don’t want to lose your job

* you know it’s going to fall on deaf ears - maybe they will pay lip service, maybe they won’t but either way nothing will happen

* in the back of your mind you figure someone else is fighting the good fight

On and on, so many different things can go through your mind, who knows which it’ll be on any given day, on any given project

What law would you propose? I think the hard part is "Instagram and TikTok remain free-with-ads."

The problem is that the internet is international and laws are national or even by state.

There are 24 states that require ID to view porn sites. The laws are being completely ignored by popular websites that are not based in the US.

> We suffer from a problem that engineers want nothing to do with politics.

It's not even politics, it's simple ethics.

Why would you need a user identifier to block a consent banner? You don't technically. The website requires it because it is a shitty website.

It would be enough to have your browser store a cookie without personal information with { cookieconsent: "STFU" } or some variable in local storage. If the website respected that, we would be fine.

Personal identifiers are not needed and foul compromises aren't acceptable.

I think I’m kind of on your side in general, but I have more of the opposite feeling about legal versus technical solutions. If we had no idiotic EU cookie laws, no “consent” bs required, a technical solution would be easy: default segmentation of cookies by what site you are actually visiting, plus all non-first-party ones silently expired after 60 minutes or whatever. It seems like this would be very easy, except for the fact that the number one ad network is also the only browser vendor that matters.

But the attempted legal solutions suffer from being inside the sandbox, meaning all the “cookie management” software is a pile of hacks that barely work, and rely on browsers, as you’ve noticed, to allow their cookies in the service of…limiting cookies. And of course they also suffer from the politicians who wrote them having no clue how any of this works. I suspect if they did, they’d see how dumb it is to regulate that 10,000,000 websites each implement a ton of logic to self-limit their cookies they set (hard to police, buggy) instead of telling 2-3 companies they have to make their browsers have more conservative defaults with how they keep and send cookies back. (easy to prove it’s working with testing).

What law do you think mandates those annoying cookie popups?

> Why is it that if someone said “we need a legal solution to gun violence” the people that say “no we need a technical solution all people should wear kevlar and carry 9mm pistols” are considered the lunatics but when we ask for a legal solution to rampant non-consensual tracking for the purpose of indoctrinating the consumer class with propaganda we all laugh and say bah the solution must be technical? I don’t get it

I don’t know that a reasonable person would compare privacy threats to the threat of death from gun violence.

They exist in totally different altitudes of concern.

We need more funding for open-source WiFi Sensing counter-measures, e.g. EU research, https://ans.unibs.it/projects/csi-murder/

> this paper addressed passive attacks, where the attacker controls only a receiver, but exploits the normal Wi-Fi traffic. In this case, the only useful traffic for the attacker comes from transmitters that are perfectly fixed and whose position is well known and stable, so that the NN can be trained in advance, thus the obfuscator needs to be installed only in APs or similar ‘infrastructure’ devices. Active attacks, where the attacker controls both the transmitter and the receiver are another very interesting research area, where, however, privacy protection cannot be based on randomization at the transmitter.

https://github.com/ansresearch/csi-murder/

> The experimental results obtained in our laboratory show that the considered localization method (first proposed in an MSc thesis) works smoothly regardless of the environment, and that adding random information to the CSI mess up the localization, thus providing the community with a system that preserve location privacy and communication performance at the same time.

There is no technical solution for this unless you want to invest billions/trillions in building new computing and networking platforms created with privacy in mind.

ISPs will always have the ability to at least deduce whether a connection was used, the MAC address, and it there is WiFi, unfortunately whether people are physically present.

If we look at the roadmap for WiFi/phones/etc, they will soon gain the ability to map out your home, including objects, using consumer radios.

You can’t solve social problems with technical solutions. Technical solutions won’t work without some kind of legal backing to force it.

It makes it much more difficult to be profitable if its illegal. This deters the majority of opportunists leaving only the dedicated criminals. And just like thief's people might understand why they steal no one sheds a tear when they go to prison.

And how do you technically stop an ISP from using the radio in their hardware to detect small changes in phase angle of signals in your home?

When we find them spying on customers they will take it all the way to the supreme court where the definition of spying will be put the wringer and flushed of all actual meaning. Then the law will be struck because it violates the corporation's 1st amendment protections concerning 'free speech'. See also Citizen's United.

Technical and legal solutions are for different classes of problems.

Encryption is a technical solution trying to solve the problem of people being able to steal your data/money without your knowledge.

The law/police are the solution to the 5 dollar wrench problem, where you are very aware of the attack but unable to physically stop it

The legal part should be requiring a technical solution.

E.g. the you should be able to own your router and even if you choose to rent you should have full control over the software.

It might make it a bit harder to use the information obtained through spying, though. Both is good.

  > The customer has to opt-in to WiFi motion sensing to have the data tracked.

  - Is this true if Law Enforcement gets a subpoena? 
  - Is this true if Law Enforcement asks "nicely"?
  - Can Xfinity activate it without the user knowing?
    - Does it explicitly notify the user when the setting has been changed? (e.g. done by LE, hacker, or an abusive partner)
  - Is this a promise and a promise that by default it will stay off?
  - Is the code to perform this feature pre-installed and able to be trivially (or even non-trivially) activated by hackers? 

Idk, there's a lot of questionable things here and Xfinity doesn't have the best track record that gives me a lot of confidence that we should trust them. This seems like an easily abused system that can do a lot of harm while provides very little utility to the vast majority of people.

“Please accept our new terms of service to continue using your internet connection”

Your honor, they clearly opted in to us spying on absolutely everything they do or think.

> The customer has to opt-in to WiFi motion sensing to have the data tracked.

Not for long, there’s money to be made by adding this to the cops’ customer lookup portal.

>opting in to

Yea, at least in the US you have almost zero consumer rights around this.

Once they find some marketing firm to sell the data to suddenly it will be come opt-out in a new update and most people will blindly hit agree without having a clue what it's about.

From my understanding it tracks signal strength between two points (gateway and printer for example).

Putting your phone in airplane mode doesn't make it think you have left the house.

> If you’d like to prevent your pet’s movement from causing motion notifications, you can exclude pet motion in your WiFi Motion settings by turning on the Exclude Small Pets feature. > Motion is detected based on the amount of signal disruption taking place between the Xfinity Gateway and your selected WiFi-connected devices, so motion from small pets (around 40 pounds or less) can be filtered out while keeping you notified of large movements more likely to be caused by humans.

That would require Comcast to have access to your router, or more precisely, the NAT.

Until the day when to use the service you have to use their device. Or it's being used at work, a hotel, in stores, in your kids school, or anywhere you have no say on the devices used.

Also make sure your phone and other every day carry items never connect to the Internet via your ISP’s network or emit radio signals while nearby your home.

Same in the US!

Unfortunately, only the nerdiest nerds do things like buy their own routers...and that sort of thing is pretty much impossible to evangelize.

It would work even better. From the linked support page:

"Motion is detected based on the amount of signal disruption taking place between the Xfinity Gateway and your selected WiFi-connected devices, so motion from small pets (around 40 pounds or less) can be filtered out while keeping you notified of large movements more likely to be caused by humans."

With enough signals, gait recognition for example is possible, and those same signals could be corroborated with presence or absence of concomitant device signals to determine if your device is moving with your person, and if not, to then flag this for enhanced monitoring if evasion is suspected.

We are now treating foreign students with suspicion when they don't have a satisfactory internet footprint. Only a matter of time until that gets turned against the citizenry. Submit to surveillance capitalism or go to jail you deviant.

Hmm. Not much of this is true.

They provide a modem / router combination device at even their cheapest tier.

That device can leverage this technology, and the technology isn’t reliant on traffic.

They can gather plenty, and can provide it to third parties without our knowledge or consent.

And they can turn it right back on again.

I am curious if, with the number and quality of signals they can capture from this, how uniquely they can identify individuals and determine things like age, gender, weight, etc. Particularly when analyzed probabalistically with other household level data they likely have.

im very skeptical of the accuracy claimed. The layout and complexity of objects in most homes to do this is way to awkward to work reliably.

For someone breathing or a heartbeat you need much higher GHz signal. Usually this is done at 30ghz to 60ghz. The power flux leaving the antenna has an inverse square drop off rate which makes this basically impractical unless your standing directly in front of it.

It's an opt-in feature, for now.

If they find some way to sell the data you'll quickly find it difficult to opt-out of.