Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Wednesday May 22 2019, @07:30AM   Printer-friendly
from the use-and-abuse-case dept.

Submitted via IRC for AnonymousLuser

Deep Packet Inspection a threat to net neutrality, say campaigners

Some of Europe's biggest ISPs and mobile operators stand accused of using Deep Packet Inspection (DPI) technology to quietly undermine net neutrality rules and user privacy.

News of the troubling allegation first reached the public domain earlier this year in an analysis by German organisation epicenter.works. It claimed it had detected 186 products offered by providers that appeared to involve applying DPI to their customers' traffic. Deep packet inspection filters network traffic by looking at the contents of data packets.

[...] Now a group of academics and digital rights campaigners headed by European Digital Rights (EDRi) has sent EU authorities an open letter[pdf] pointing out the implications of this. The EDRi letter states:

Several of these products by mobile operators with large market shares are confirmed to rely on DPI because their products offer providers of applications or services the option of identifying their traffic via criteria such as Domain names, SNI, URLs or DNS snooping.

EU regulation outlaws DPI for anything other than basic traffic management, but it seems that providers in many countries have found a grey area that allows them to bend – and increasingly bypass – those rules.

The frontline of this is something called 'zero rating' whereby mobile operators attract subscribers by offering free access to a specific application – a streaming service would be one example – without that counting towards their data allowance.

By its nature, this favours larger application providers, in effect busting the principle of net neutrality that says that all applications and services should be given equal prioritisation across networks.

DPI is the technology that makes this possible because:

DPI allows IAS providers to identify and distinguish traffic in their networks in order to identify traffic of specific applications or services for the purpose such as billing them differently throttling or prioritising them over other traffic.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by kanisae on Wednesday May 22 2019, @12:50PM

    by kanisae (1908) on Wednesday May 22 2019, @12:50PM (#846170)

    In the past I actively managed DPI at a mobile provider for several use cases, Zero Rating being on of them. You need protocol/application awareness as simple ip/port ranges are not viable du to the constantly changing server farms and CDN's in play.

    With the product I used, I configured the DPI so that reporting was done in an aggregate form as unless I was actively troubleshooting a specific subscriber there was no need protocol/application usage on a per subscriber basis other than for the specific Zero rated data usage needed for billing.

    Having the DPI in place did make a world of difference for understanding how customers actually used the network and allowed to account the real usage patterns in our design work so it was a net win for everyone. I think DPI is a great tool for use by an ISP and privacy can be respected with some simple policies put in place, unfortunately I fear some bad actors will ruin it for everyone and we will all suffer the lack of the DPI functionality for congestion management and understanding usage patterns.

    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  

    Total Score:   3