this post was submitted on 31 May 2022
38 points (100.0% liked)

Privacy

31833 readers
96 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

There is no way for the surveillance to be bypassed, the company says. The roll-out is planned in Germany.

all 16 comments
sorted by: hot top controversial new old
[–] brombek@lemmy.ml 14 points 2 years ago

Vodafone says TrustPid will assign each user “random numbers” reducing the risk of individuals being directly identified. Someone saying something like this should never be allowed near a computer, let alone driving a surveillance scheme... what a joke.

[–] krolden@lemmy.ml 13 points 2 years ago* (last edited 2 years ago)

"Consumers appreciate the idea of a 'free' Internet, but this comes with a trade-off: publishers need a sustainable revenue model, meaning that it becomes essential to add subscription paywalls or rely on advertising to maintain free access to high-quality content," the official TrustPid website says.

Counterpoint: ads enable shitty content and disinformation to fester. How this whole "websites need ad revenue to survive" bullshit has become normalized by websites/companies that sell your information just for their own profit. Its no wonder why browsing these sites without an ad blocker makes them nearly unusable.

Not to mention that with ads, nothing is actually 'free', its just that you're the product and they're selling you.

[–] hamborgr@feddit.de 10 points 2 years ago* (last edited 2 years ago)

Dies from cringe

[–] angarabebesi@lemmy.ml 10 points 2 years ago (2 children)

This can't be GDPR compliant.

Also I doubt they can do this with https traffic.

[–] octt@feddit.it 8 points 2 years ago* (last edited 2 years ago)

Depends.

First, the content of HTTPS traffic might be encrypted, but some metadata (the domain name or IP address of the destination, for example) is not. You can use just that to do some tracking.

Then, if for example the ISP sees an user visits a particular website with poor privacy practices (let's say, any social media run by big tech), they could do business with them and buy and sell data.

Lastly, but this is tinfoil-hat territory, what is to say they can't leverage the biggest flaw in the global HTTPS infrastructure: they could manage to corrupt a certificate authority into giving them their root certificate keys (or at least into decrypting traffic they start logging and then pass over). This way, the ISP could read the traffic of any user of any service which uses certificates emitted by the corrupted CA. Very difficult that something like this happens because big CAs aren't just ran by 1 omnipotent person, but technically 100% possible.

Side node: Tor solves the trust problem of the global certificate infrastructure: Hidden Services don't work with trust on a CA, they work with just a public and private key system, where the only weak point is the server of the hidden service, storing the private key it uses to encrypt traffic and serve it to clients.
Edit: the server's private key decrypts data the client encrypted with the server's public key, and viceversa, idk why I always mess the 2 things up in my mind :P, but the point remains

[–] cypherpunks@lemmy.ml 6 points 2 years ago (1 children)

on the website it sounds like it's opt-in (via participating sites' GDPR cookie popups), and it's a new thing from a major european carrier, so i assume it was designed with GDPR compliance in mind.

(tag yourself; i'm the consenting laptop user sitting on the radio waves)

[–] altair222@beehaw.org 6 points 2 years ago

Yeah I'm still changing carriers

[–] octt@feddit.it 7 points 2 years ago* (last edited 2 years ago) (1 children)

Time to start using Tor for everything I suppose.. (Or just hope this tracking doesn't come to Italy too)

[–] ailiphilia@lemmy.ml 2 points 2 years ago (1 children)

Tor doesn't seem to help here if I got it right, because the data traffic is assigned to your phone number.

[–] octt@feddit.it 6 points 2 years ago* (last edited 2 years ago)

They can't do much if you use any proxy, be it Tor, a public single-node proxy, or a commercial VPN (which I think is inadequate for an use like this, after all VPN providers are ISPs in a way, so you are just hiding traffic from your own ISP and giving it to another one).

They could just see the traffic encrypted between proxy client and server, and maybe do some correlation with time of usage and stuff like that.

If you have bad opsec, it's possible to completely deanonymize you on Tor and track what you do, but it's not easy and so it's something that only law enforcement does. Entities with simple commercial interests don't go above certain limits of complexity. Most websites for example use browser fingerprinting techniques, and as far as I know some stuff uses advanced user fingerprinting tactics (logging the unique way you move the mouse or type on the keyboad, like Google ReCaptcha 2 does), an ISP could do even less.

[–] peeonyou@lemmy.ml 6 points 2 years ago (1 children)

Sorry but I already pay for the internet, so I'll skip that bullshit.

Also, if publishers can't make it online, then that's their problem, not everyone else's. Adapt or die, but this isn't going to win any subscribers.

[–] sexy_peach@feddit.de 4 points 2 years ago

We're going to have to share user location data with shops and supermarkets, since they're really struggling in this economy 😄

[–] iam0day@lemmy.ml 3 points 2 years ago
[–] iortega@lemmy.eus 3 points 2 years ago

They were not doing this already?

[–] 0therbit5@lemmy.ml 2 points 2 years ago

So a simple solution will be not use Vodafone services. Also, start to use I2P , phone number not registed on your name, buy a phone in cash and Degoogle it if you want android. Of course this don't make no one untraceable just make you less identifiable.