----------------------------------------------------------------------
Message-ID: <20180101215945.GA15926@telecom.csail.mit.edu>
Date: Mon, 1 Jan 2018 16:59:45 -0500
From: Bill Horne <bill@horneQRM.net>
Subject: Happy New Year
Happy New Year! It's 2018!
As in years past, I'd like to have the readers' opinions on ways to
make The Telecom Digest a better publication and a better source for
information and telecom advice. Please write to me here at the usual
digest address, or at my private email address, which is "bill at
horne dot net." If you write to the digest address, but would rather
not have your remarks posted, add the Not For Publication glyph to
your Subject line - [nfp] - instead of the usual .
The first question I'll ask is this: "What future do you see for The
Telecom Digest?" This isn't a rhetorical question, because the Network
Neutrality rules have been sacked and that will mean dramatic changes
for *ALL* non-profit outlets, not just the Digest. Consider the
players and the pressures:
* ISP's might limit Access to Usenet servers, either by demanding
tribute from places like eternal-september.org, or by gouging their
subscribers for more money. Some will do both, but few are likely to
do neither.
* Universities have already set up "Internet 2" connections to carry
their traffic without censorship or pay-per-byte charges, but the
Internet's "ordinary" users aren't likely to be offered such options
unless they have the means to buy them wholesale.
* Other bypass networks will be rare: the orginal idea of FidoNet was
to allow wide-area message transport without requiring long-distance
call from one Bulletin Board to another, and although I'd like to
see the paradigm revivied, it's unlikely that the ILECs or CLECs
would tolerate modem traffic again: they only allow '14.4' traffic
now because it's almost always between fax machines, and not even a
Republican Congress would dare to order every business to abandon
fax machines.
* Usenet seems to be in a death spiral, and the changes I suggested
while I was on the Big-8 Board aren't likely to come about. At some
point, comp.dcom.telecom might cease to exist: that would leave the
mailing list, of course, but only a fraction of my readers subscribe
to it.
* The ISPs - and the backbone providers - will all want a lot more of
the advertising revenue that sites like facebook now receive, and
they will take the easy route and demand extra fees for "social
media" tiers of service, plus the ability to substitute their own
ads for the ones users would normally receive. There will be a
wild-west game for a few months or even years, but then the
advertisers will demand better control and accounting, and there
will be a new compromise that leaves the ISPs with a lot more money -
and the ISPs' users will a lot more hidden charges on their bills.
It's a dreary world I'm forecasting, isn't it? Nothing lasts forever,
including the innocence and community spirit of Usenet or the Internet
outside of the "point and drool" world of the big web-based
providers. In a way, I hope they get bigger, or at least big enough
that Verizontal and Comcrap and the other petty dictators will leave
Usenet alone in their rush to squeeze FaceYaGoogTube for more and
more.
The second qustion is even more important: What are *YOUR* feelings,
and what do *YOU* forecast?
Bill
--
Bill Horne
(Remove QRM from my email address to write to me directly)
------------------------------
Message-ID: <E8ED0289-F16E-413D-810F-71515C248EFB@roscom.com>
Date: Mon, 1 Jan 2018 00:08:29 -0500
From: Monty Solomon <monty@roscom.com>
Subject: 5 New Year's Resolutions to Protect Your Technology
5 New Year's Resolutions to Protect Your Technology
The cybersecurity nightmares of 2017 highlight the need to protect yourself.
Here are some resolutions for living a safer digital life this new year.
By Brian X. Chen
If 2017 taught you anything about personal technology, it's that the
onus is on you to protect your personal data and devices.
Tech companies aren't going to do that for you. (In fact, they are
generally the ones failing you.) So why not make protecting yourself
your New Year's resolution?
Last year, I recommended some resolutions for making your tech less
frustrating, like doing regular maintenance on your devices, being a
strategic shopper and purging the e-waste sitting around your home.
https://www.nytimes.com/2017/12/27/technology/personaltech/new-years-resolutions-technology.html
------------------------------
Message-ID: <B268930C-3294-408F-8768-5B64C4AF1190@roscom.com>
Date: Sun, 31 Dec 2017 07:32:34 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Exfiltration of personal data by session-replay scripts
Exfiltration of personal data by session-replay scripts
You may know that most websites have third-party analytics scripts
that record which pages you visit and the searches you make. But
lately, more and more sites use "session replay" scripts. These
scripts record your keystrokes, mouse movements, and scrolling
behavior, along with the entire contents of the pages you visit, and
send them to third-party servers. Unlike typical analytics services
that provide aggregate statistics, these scripts are intended for the
recording and playback of individual browsing sessions, as if someone
is looking over your shoulder.
The stated purpose of this data collection includes gathering insights
into how users interact with websites and discovering broken or
confusing pages. However the extent of data collected by these
services far exceeds user expectations [1]; text typed into forms is
collected before the user submits the form, and precise mouse
movements are saved, all without any visual indication to the
user. This data can't reasonably be expected to be kept anonymous. In
fact, some companies allow publishers to explicitly link recordings to
a user's real identity.
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/
------------------------------
Message-ID: <7_SdnQEOWYN-zNrHnZ2dnUU7-UnNnZ2d@posted.internetamerica>
Date: Sat, 30 Dec 2017 02:44:19 -0600
From: gordonb.p1868@burditt.org (Gordon Burditt)
Subject: Re: Medical information leakage and junk phone calls
> You know doctors and dentists make a big thing about privacy -
> they won't tell you anything about a patient unless that patient has
> signed a form saying they can release the information, and to whom.
They legally have to. Whether they treat it as more than a joke is
less obvious. I have seen signs that they do pay some attention to
it.
This does not mean that they will do a good job detecting scumbags who
know the name of one of my relatives who IS on the list and call the
doctor pretending to be that person. Scumbags might get a lot of info
for male patients by claiming to be "Mrs. <Man's First Name>
<Man's Last Name>" and calling in a female voice, even if he's
not married.
> Yet this kind of information gets leaked to telemarketers all
> the time. Some years ago I had borderline high blood sugar, and
> I started getting telemarketing calls from companies dealing in
> diabetic supplies.
Were you prescribed a diabetic drug? Asked to monitor your blood
sugar? Had additional lab tests usually requested for diabetics?
These could identify you as a diabetic to the insurance company and
any spies there.
> More recently I gave my phone number to another person's
> doctor, because she was having trouble keeping up with her
> appointments. One of her complaints is chronic pain, and
> now I'm getting telemarketing calls from companies dealing
> with that kind of ailment.
Here's an idea of how the leaks might work:
Doctor writes prescription and gives it to patient (who brings it to a
pharmacy) or sends it directly to pharmacy. Pharmacy files insurance
claim with health insurance company using online system they use for
that. On many drugs, the name of the drug strongly suggests what
condition the patient is being treated for.
Insurance company has contracts with healthcare providers, including
pharma manufacturers, which they like to brag about because it
supposedly saves patients money. They make it LOOK like it does (e.g
lab tests: $200, contracted price: $30. I'm not sure anyone pays
$200). This may require turning over names of patients to verify the
terms of the contract (and I'm not sure whether this is illegal under
HIPAA. All of the HIPAA stuff allows transfer of information to
process insurance claims). Big Drugco's marketing department has a
mole in Big Drugco's sales department, who steals the info and passes
it on to the telemarketers that Big Drugco hires.
Also, if you have a discount card for a particular expensive drug,
(which typically requires an income test to get the card) you probably
gave your info (at least name and address) directly to the drug
company.
This does not explain how your name got attached to your friend's
ailment, unless perhaps YOUR phone number got put down as HER phone
number (or perhaps as her caretaker's phone number). That sounds
like a leak at the doctor or his electronic records system.
Did they call YOUR number and ask for HER?
Health insurance companies would also be a great place to put a mole.
> So it seems your best friend can't get the info without your
> permission, but the telemarketers are getting it without permission.
> I wonder who in the medical chain of people is getting paid to leak
> that information to the scumbags.
At least it hasn't got so bad that I receive calls from Petco about
my hare (some doctors can't spell) loss problem trying to sell me
an automatic rabbit cage door closer.
I hope that doctors pay attention to requests that some permissions
are TEMPORARY and LIMITED IN SCOPE. Hospital forms typically have
these ("may we discuss your condition and care with the person who
came with you?"). For example, I might allow a neighbor or hired
stranger who is going to drive me home from the hospital to have
information about caring for me right now ("He'll be out of surgery
in about an hour, he may not be able to walk straight, and he'll
sleep a lot but wake him up for his medication on time, and if you
can't wake him up call the doctor.") but the stuff last year about
an eye infection is irrelevant, and they shouldn't be asking for
more information a month later.
Medical information is NOT protected once it gets leaked. Scumbags
can sell info to other scumbags. If your relatives on the list
have big mouths, they can get away with blabbing the information
to anyone else. Local TV news have occasionally reported about
huge piles of medical records found in trash dumpsters. Apparently
it would be legal for me to take that and sell it (unless there's
a law against "stealing trash" or "trespassing" involved.)
------------------------------
*********************************************
End of telecom Digest Tue, 02 Jan 2018
