Submitted via IRC for AnonymousLuser
Deep Packet Inspection a threat to net neutrality, say campaigners
Some of Europe's biggest ISPs and mobile operators stand accused of using Deep Packet Inspection (DPI) technology to quietly undermine net neutrality rules and user privacy.
News of the troubling allegation first reached the public domain earlier this year in an analysis by German organisation epicenter.works. It claimed it had detected 186 products offered by providers that appeared to involve applying DPI to their customers' traffic. Deep packet inspection filters network traffic by looking at the contents of data packets.
[...] Now a group of academics and digital rights campaigners headed by European Digital Rights (EDRi) has sent EU authorities an open letter[pdf] pointing out the implications of this. The EDRi letter states:
Several of these products by mobile operators with large market shares are confirmed to rely on DPI because their products offer providers of applications or services the option of identifying their traffic via criteria such as Domain names, SNI, URLs or DNS snooping.
EU regulation outlaws DPI for anything other than basic traffic management, but it seems that providers in many countries have found a grey area that allows them to bend – and increasingly bypass – those rules.
The frontline of this is something called 'zero rating' whereby mobile operators attract subscribers by offering free access to a specific application – a streaming service would be one example – without that counting towards their data allowance.
By its nature, this favours larger application providers, in effect busting the principle of net neutrality that says that all applications and services should be given equal prioritisation across networks.
DPI is the technology that makes this possible because:
DPI allows IAS providers to identify and distinguish traffic in their networks in order to identify traffic of specific applications or services for the purpose such as billing them differently throttling or prioritising them over other traffic.
Related Stories
The Federal Communications Commission has scheduled an April 25 vote to restore net neutrality rules similar to the ones introduced during the Obama era and repealed under former President Trump.
"After the prior administration abdicated authority over broadband services, the FCC has been handcuffed from acting to fully secure broadband networks, protect consumer data, and ensure the Internet remains fast, open, and fair," FCC Chairwoman Jessica Rosenworcel said today. "A return to the FCC's overwhelmingly popular and court-approved standard of net neutrality will allow the agency to serve once again as a strong consumer advocate of an open Internet."
[...]
In a filing with the FCC, Turner wrote that "ISPs have been incredibly bullish about the future of their businesses precisely because of the network investments they are making" and that the companies rarely, if ever, mention the impact of FCC regulation during calls with investors."We believe that the ISPs' own words to their shareholders, and to industry analysts through channels governed by the SEC, should be afforded significantly more weight than evidence-free tropes, vague threats, dubious aggregate capital expenditure tallies, or nonsensical math jargon foisted on the Commission this docket or elsewhere," Turner wrote.
(Score: 0, Disagree) by Anonymous Coward on Wednesday May 22 2019, @08:39AM
Fine them just 1€ per packet they improperly inspected. That should be enough to finish them off.
(Score: 2) by Snospar on Wednesday May 22 2019, @09:06AM (1 child)
Much more likely that ISP's are simply relying on simple Souce and Destination IP addressing for this. If a customer using IP address A.B.C.D accesses, for example, Netflix in a certain address range (most likely a Netflix Cache connected to the ISP's infrastructure) then the traffic is classified as "Netflix" and handled accordingly (including any billing arrangements or data usage allowance). No need to go down the much more expensive and intensive DPI route.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 1, Interesting) by Anonymous Coward on Wednesday May 22 2019, @09:32AM
I think from today's view, it was a mistake to include the source IP address in the fixed packet format (other than for ICMP). Except for the receiver, nobody needs to know the source IP. Even if things go wrong along the line, since the error handling is just dropping packets, you don't need the source IP for that either. Thus the source IP could be included in the higher level protocols instead, where it could be encrypted if the protocol allows it.
Without the source IP, the router would just see that this is a packet directed at you, not from what source that packet arrives, so it cannot treat a data packet from Netflix differently from a data packet from any other random site. At least not from the IP address.
(Score: 0) by Anonymous Coward on Wednesday May 22 2019, @10:12AM (1 child)
Enough said.
(Score: 0) by Anonymous Coward on Wednesday May 22 2019, @10:23AM
Isn't Netflix streaming already encrypted (DRM)?
(Score: 3, Interesting) by kanisae on Wednesday May 22 2019, @12:50PM
In the past I actively managed DPI at a mobile provider for several use cases, Zero Rating being on of them. You need protocol/application awareness as simple ip/port ranges are not viable du to the constantly changing server farms and CDN's in play.
With the product I used, I configured the DPI so that reporting was done in an aggregate form as unless I was actively troubleshooting a specific subscriber there was no need protocol/application usage on a per subscriber basis other than for the specific Zero rated data usage needed for billing.
Having the DPI in place did make a world of difference for understanding how customers actually used the network and allowed to account the real usage patterns in our design work so it was a net win for everyone. I think DPI is a great tool for use by an ISP and privacy can be respected with some simple policies put in place, unfortunately I fear some bad actors will ruin it for everyone and we will all suffer the lack of the DPI functionality for congestion management and understanding usage patterns.
(Score: 0) by Anonymous Coward on Wednesday May 22 2019, @02:47PM
Net neutrality had been US policy under a previous administration, as a crappy patch to the monopoly situation most Americans have for ISPs. It never was policy in Europe, and never some sort of innate magic sauce for the success of the Internet, as can be seen by the development of European, Asian and African Internet access in the last 25 years.
(Score: 0) by Anonymous Coward on Wednesday May 22 2019, @02:50PM (1 child)
Can I access 8ch.net yet? Did it take DPI to change it?
(Score: 0) by Anonymous Coward on Wednesday May 22 2019, @06:08PM
I'm pretty sure it takes DP, but I don't think it's ever going to change.
(Score: 0) by Anonymous Coward on Wednesday May 22 2019, @04:50PM
my home router keeps flaking out if i enable the DPI function ...
DPI should be in the hands of the user not the provider, eh?