[rtpg]

> b) A VPN has some incentive to deliver on privacy. Your ISP does not.

Regarding this point, I think a good strategy here is to acknowledge that ISPs, like most organizations, don’t want to add to their workloads. Of course they aren’t privacy centric, but appeals to them oriented around _not_ having to store a bunch of logs or set up a bunch of processes can help to unite more people around initiatives to make things better for everyone

If everyone has the same ideals then it’s easy to team up. But even if everyone has different ideals, you might all still be wanting 90% of the same result and can still team up!

[mosselman]

Yes, VPNs might be unjustly talked about as a set-it-and-forget-it way to gain privacy online a bit, but what I find far more harmful is the blind trust people seem to have in their ISP. I often see the argument "You are just shifting trust from one company (ISP) to another (VPN).", yes, that might actually be the whole point.

ISPs can't be blindly trusted. I switched ISPs lately because my previous one started offering personalised TV-ads. This is a very scary topic and in Belgium it has already lead to some fishy things:

https://www.nieuwsblad.be/cnt/dmf20160913_02466535

Nice quote with regards to personalised tv-ads:

"Er komt ook een nog verdergaande versie waarbij ook het surfgedrag zal leiden tot gerichte tv-reclame. Daarbij wordt gemonitord naar welk type websites er in een gezin vaak wordt gesurfd, om zo interessepatronen te ontwaren die lucratief kunnen zijn voor adverteerders."

"There will be a far-reaching version in which browsing behaviour will also lead to personalised tv-ads. The websites visisted by families will be analysed in order to discover interest patterns that could be lucerative for advertisers."

Add this to the many cases where ISPs have fought for being allowed to use deep packet inspection to monitor what we do and you start to see that ISPs in fact think they have a right to collect and sell our data. Am I not already paying for internet and TV?

[ignoramous]

What's happening is the service providers are realising that a lot of lucrative billion dollar businesses have been built by selling ads on top of their last-mile services, they might as well do the same. In India, the companies that are ISPs are also Cable Providers and Mobile Network Providers. They have been caught MiTMing Https to inject ads. They do it cause they want their share of the internet ad revenue cake.

What's strange is that Belgium, in the post-GDPR world, has businesses with regressive behaviour wrt user profiling. What gives?

[Dylan16807]

Logs are worth a lot of money to advertisers if your customers can't effectively avoid the process.

[AstralStorm]

And a lot of money to a lawyer who will sue the ISP under privacy laws if it comes to light.

It has to be clearly stated in the signed contract that your data will be shared with third parties, in what way and how they will be processed. The company involved would definitely lose any Privacy Shield provisions for the EU and potentially peering rights.

Losing enough peering is identical to being disconnected.

Class suit of this kind is easy.

[kakarot]

I didn't get any money when my cell provider was caught multiple times selling my location history to anyone with a buck, including dangerous vigilantes.

[Dylan16807]

In the US they can share all the site IPs they want.

If you make them put it in the contract, sure: "We'll share it with all these ad agencies for the purposes of targeting." That doesn't help me at all!

[thinkloop]

> It has to be clearly stated in the signed contract that your data will be shared with third parties

The most valuable companies in the world trade in identity. They spend billions trying to figure out who you are. ISPs have it served on a silver platter, and there is generally little ISP choice. If ISPs haven't written it in contracts already, there must be a political reason for it, otherwise they doubtlessly would. Anyone know what the societal contract with ISPs is?

[john_minsk]

>Class suit of this kind is easy.

...in US

[smolder]

No, definitely not in the US. They sell everything and our treacherous congress specifically voted to allow it.

[pbhjpbhj]

If regulations require ISPs keep logs, or if they can make a profit from those logs then the workload is justified in reducing losses (fines from regulatory noncompliance) or increasing profits.