Watch this episode on YouTube.
Reasonably Accurate 🤖🧠 Transcript
Good morning. How's everyone doing today? Hit me up online at marknca and let me know today, I wanted to talk about net neutrality. And the reason why we're talking about net neutrality today is because it's June 11th and in the United States, this means that the uh previous ruling on net neutrality is no longer in effect, which means uh internet service providers can shape their networks, how they please.
Now they've all promised not to abuse or to take advantage of this newfound freedom. Um And of course, the FCC um with a GP have been pushing that this is going to be a benefit. This will force I SPS to invest and build up their networks to provide broadband to those who don't have it.
Um And these are all nice things to here. Um And I know there's a huge amount of challenges around the concept of regulation and the political climate. Um But the summary for consumers is that this is a way for I SPS to make sure that they're not just a dumb pipe, right?
That's their fear, they own this network. They want to monetize and maximize the value they're getting out of this network and being able to prioritize uh traffic from partners or from services they own is a forward. Now, I'm against that, but that's not what this video is about. I like um net neutrality.
I think it ensures a fair playing field for everybody, but again, not what we're diving into here today. What I want to dive into um is the security and privacy ramifications or at least the reminder of the position your ISP plays within your role. Now, the way the reason why an ISP could perhaps provide a fast lane could provide um you know, uh services that don't count against your data cap that could um leverage your information to provide a um better ad delivery experience for its advertising partners as the CEO S of AT&T and Verizon have stated they want do is because they know everything about your internet surfing habits.
There's a common assumption among average users and why not there? It's not like it's something that's pushed out there um that your home connection or even your cell connection is a relatively private connection. Um It's not your ISP has the health of the network to monitor, but they're also in the perfect place to monitor all of the activities that you're doing online.
This is why we in the security and privacy community have pushed end to end encryption and that's where encryption starts at the uh application that you're using and finishes at the other side of that communication. So if I'm having a direct message, chat with you, the viewer, the individual viewer, that message is encrypted on my phone, it transits down the stack of the operating system encrypted out across the network, encrypted up the stack of your phone encrypted to where your application will decrypt it so that we can communicate securely.
So people know that we are communicating, but they don't know the contents of that communication. Well, your internet service provider is in a position to see everything that's not encrypted and to see all the metadata around your encrypted communications because you're going over their pipe to get to the internet. And we saw this years ago with a common practice where anytime you miss type a domain, your internet service provider would serve up ads because they own the DNS that your connection um uses regularly.
DNS is the domain name service that's essentially like a phone book that translate google.com into a matching IP address. So unless you've manually gone into your uh home router and overridden that to use a third part um DNS service that uh promises privacy or contributes to your privacy, your ISP knows every website you've requested from a domain level and then they can see the traffic associated with that because you're going across their network again.
And I think that's a privacy threat that people aren't necessarily aware of. I think that's a security threat with the lack of net neutrality now, um, that people haven't quite gained, um, the, uh, compre or not gained but haven't quite comprehended. Right. It's going to be a collateral, uh, sort of a secondary impact of the lack of regulation around net neutrality is the fact that you lose even more trust in the network that you're on.
So, if you're using a cloud based security service, how do you know that that's, um, not being throttled as far as performance? Hopefully, that's because the security service is encrypted, end to end. But, um, even if it's encrypted, end to end your ISP is in a position now to slow down that traffic and slow that response, which creates a potential security issue for you as you're expecting a certain response time or at least your systems are and they're no longer getting that.
Um, and again, this is getting, uh, position, uh, I SPS to be more aggressive on the privacy intrusion side because they're in a position to see all that and there's no longer any regulation in the US, holding them back in other jurisdictions in other countries. There absolutely is. And there's mo movements underway in the states to reinstate or to ensure that net neutrality rules stay in place in those states.
Um, but I think it's an interesting aspect where a lot of people just assume your I SPS on your side. Um, they assume that that's a safe and trusted partnership and you do need to trust them to a certain extent. However, you should be aware of their capabilities because they are sitting on the, the first segment of the network as you connect to it.
They by, have your DNS, they by default, see all of your, um, activity, all of your traffic back and forth. You need to take steps, um, or you should look at taking steps to reduce that visibility and to, to um lessen their impact and their ability to serve you ads because they can inject ads into your traffic.
As we've seen where you reach bandwidth caps. A lot of the time I SPS will send a banner into your web pages saying, hey, you're near your cap, you're about to be charged over just nice feature. But the way they implement that feature is really scary, that means they're inserting their content into content you've asked for from somebody else.
Um Now the uh the safeties are off, they are free to do almost that uh wherever they choose because net neutrality is no longer in place. That means you as a user need to readjust your relationship there. So think about using a trusted third party VPN for all of your traffic, connect right from your home R out to a VPN.
And that means that now your ISP is only going to see um encrypted traffic at the very least. Look at using a third party DNS service that you trust um you know, uh there are a couple out there that do have privacy and security first, um as opposed to gathering more data around ad networks.
Um So we're in an interesting time. It'll be, uh this is not going to be sort of that instant snap um, of today, there's going to be a whole bunch of catastrophic things. Um But because there's no longer any push for that regulation, um where there's no longer any regulation in place, that means I I SPS can create those fast lanes can create those um preferred services.
The immediate uh idea there is for them to increase their revenue uh normally on ads, but there are some security and privacy impacts and I think we need to monitor those closely. What do you think? Let me know, hit me up online at marknca in the comments down below or as always by email me at markn.ca only gets better with discussion.
Um Again, this content, this show is driven by your ideas. I'm getting lots of great feedback. Uh Lots of push around starting in cybersecurity. Again, gonna be looking at a series of that um quite shortly to update. Uh The couple of weeks ago, we dove into that topic on a couple of shows, but let me know what you're looking uh to hear about to talk about.
I hope you are set up for a fantastic Monday. We'll talk to you online and we'll see you on the show tomorrow.
