We suffer from a problem that engineers want nothing to do with politics. I 1000% agree we need a digital bill of rights. It pains me every time a “well behaved” website pops up a cookie consent banner for the billionth time after I already consented because the browser wiped all the persistent user identifiers available to it. For my protection -_-

I want privacy codified in human law. I didn't vote for standards bodies to pave the road to hell by removing every goddamned persistent handle we can find from existence. I didn't vote for the EU to reinvent an internet worse than popup ads by attacking the symptoms not the cause. I would rather have the internet of the 2000s back in a heartbeat than keep putting up with shitty “technical solutions” to corporations having too much power at scale. I don’t care if people break the law: prosecute them when they do and make the punishments enough to deter future law breakers.

There is absolutely something civilized beyond a lawless advertising wild west where the technical solution is to all be masked Zorros.

Why is it that if someone said “we need a legal solution to gun violence” the people that say “no we need a technical solution all people should wear kevlar and carry 9mm pistols” are considered the lunatics but when we ask for a legal solution to rampant non-consensual tracking for the purpose of indoctrinating the consumer class with propaganda we all laugh and say bah the solution must be technical? I don’t get it.

> The solution here shouldn't be technical; it should be legal.

I disagree. Solutions should be technical whenever possible, because in practice, laws tend to be abused and/or not enforced. Laws also need resources and cooperation to be enforced, and some laws are hard to enforce without creating backdoors or compromising other rights.

"ISPs will be prohibited from spying on their customers" doesn't mean ISPs won't spy on their customers.

> The solution here shouldn't be technical; it should be legal.

The parent commenter was highlighting that law enforcement can compel them to provide the data.

The customer has to opt-in to WiFi motion sensing to have the data tracked. If you see something appear in an app, you should assume law enforcement can compel the company to provide that data. It's not really a surprise.

> If we rely on legal protection, then not only Comcast, but all ISPs will be prohibited from spying on their customers.

To be clear, the headline on HN is editorialized. The linked article is instructions for opting in to WiFi motion sensing and going through the setup and calibration. It's a feature they provide for customers to enable and use for themselves.

> The solution here shouldn't be technical; it should be legal.

I expect more than a few commenters here will disagree with you. Some rather vehemently.

To those that do so, I'd encourage you to read the novel Attack Surface by Cory Doctorow. While it's fiction, in the book, Doctorow makes a pretty compelling argument for the notion that when it comes to privacy, we can't win by "out tech'ing" the governments and corporations. We're simply too heavily out-resourced. If I'm interpreting his message correctly, he is saying basically what Josho is saying here: that we have to use the political/legal system to get the privacy protections that we care about enshrined into law and properly enforced.

Now, is that going to be easy? Hell no. But after reading the book I was largely sold on the idea, FWIW. That said, the two approaches aren't necessarily mutually exclusive. But I do believe that those of us who care about privacy should focus more on using our (knowledge|skills|resources) to try to foster change through politics, than on trying to beat "them" with better tech.

YMMV, of course. But if you haven't read the book, at least consider giving it a shot. Probably Doctorow makes the argument better than I can.

> I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.

"Best we can do is letting all the AI companies hoover up your data too"

"The solution here shouldn't be technical; it should be legal."

Laws can be broken. Laws of physics cannot. Best to utilize both a legal and physical defense.

> The solution here shouldn't be technical; it should be legal.

It should be both, one serving as a backup to the other. Theft is illegal, yet we lock our doors.

just buy your own simple modem and install your own wireless access point.

do not buy any device from comcast you dont fully control!

In the future when you say things like this, please say "First" or else you're starting an endless back-and-forth of one-ups and false dichotomies.

A legal precedent easily leads to a technical block.

> The solution here shouldn't be technical

Why not? Just run your own router instead of the one your ISP tries to give you.

> The solution here shouldn't be technical; it should be legal

Technical solutions tend to last longer. Legal solutions have a habit of being ignored when they become inconvenient.

The legal default should be that collecting this sort of data should always be illegal without informed consent and never used beyond the remit of that consent. As inconvenient as it sometimes is, the world needs GDPR.

What if I left my device at home?

It doesn't require IPv6. The modem is just as aware of all the private IPv4 addresses on your network as well as all the public IPv6 ones.

Unless you put your own gateway (layer 3 switch, wifi ap, linux router) in front of it.

> Comcast can achieve the same by how many active IPv6 addresses are in use

Isn't this basically impossible with IPv6 Privacy Extension Addresses?

> The solution here shouldn't be technical; it should be legal.

The technical solution seems strictly preferable

Legal "protections" only protect you up the moment a warrant is issued, if that

you cant tell most of those things because same ip doesnt coorespond to a unique service and plenty of programs and websites phone to servers where addresses have changed. there is no static database.

you also cant associate it to a person automatically. the burden of proof is high - how many jurors have tech at home they know nothing about and maybe got hacked?

>> The solution here shouldn't be technical

The solution can be technical, but only if it is also sneaky. Blocking or disallowing certain information is one thing but making that information worthless is better. A simple AI agent could pretend to ping all sorts of services. It could even do some light websurfing. This fake traffic would nullify any value from the real traffic, destroying the market that feeds this surveillance industry.

I see a UI that allows homeowners to fake certain people being in the house when they are not, either replaying traffic or a selection of generic bots that mimic the traffic of various cohorts.

Ipv6? I ain't enabling that anyway

> ... I can't imagine a world where Congress could actually achieve something that widely helpful for regular citizens.

The solution is to not use the internet if you care about your privacy.