FTTN, AT&T, and Privacy

[forest]

As I consider the idea of switching from ADSL2+ to FTTN, the fact that Sonic is reselling AT&T's wholesale service makes me wonder about the privacy implications. I trust Sonic far more than I trust AT&T to do the right thing, and I'd rather not be on the wrong side of that difference. I often hear similar comments when friends and associates tell me they're interested in switching to Sonic, which has been more frequent lately, perhaps because of the Snowden revelations in the news.

At what points would our data/metadata be on AT&T's ISP network instead of Sonic's? (If Sonic's FTTN service is run entirely by AT&T, then the answer is probably simple, and unfortunate. However, it occurs to me that Sonic might run some or all of what's upstream of the last mile, which would change the picture a bit.)

Would AT&T and its employees be able to snoop on our communications more than they can now? How about data inspection/collection equipment installed on AT&T's network?

Whose IP address space would we be using? Whose DHCP, DNS, and mail servers?

Does the provided VDSL2 gateway support some kind of bridge mode, allowing our own routers to claim the external IP address and provide NAT, rather than trusting someone else's equipment on the LAN?

Which privacy policies apply to Sonic FTTN customers?

(Edit: Added clarifications to the first two questions.)

[Guest]

At what points would my data (including meta-data) be traveling over AT&T's network versus Sonic's?

Would AT&T and its employees be able to snoop on my communications? Would any data inspection/collection equipment installed on AT&T's network have access to them?

Since AT&T is a tier-1 data provider, they have access to major parts of the internet backbone. If your data is not encrypted, it is collected and indexed. If it's encrypted it is still collected and saved when they could be decrypted, then indexed.

Whose IP address space would I be using? Whose DHCP, DNS, and mail servers?

When you subscribe to FTTN you're given an sbcglobal.net IP range from an AT&T DNS server. I have my own firewall connected to the GW and I'm able to use Sonic's DNSSEC servers. You can continue using Sonic's webmail--you won't get an sbcglobal.net email.

Does the provided VDSL2 gateway support some kind of bridge mode, allowing my router to claim the external IP address and provide NAT, rather than trusting someone else's equipment on my LAN?

Bridge mode is not supported, but you can attach your router to their GW's DMZ or use IP Passthrough. The reason is AT&T has decided to use certificate authentication to get on their FTTN network and they are not sharing these certs, requiring the modem to authenticate. Their hardware is dumbed down and crippled through customized firmware even though the base hardware is quite capable. These Pace GWs are descended from the GWs I used when I first subscribed to DSL from Pacific Bell (Cayman 3220, Netopia 3546).

[forest]

Since AT&T is a tier-1 data provider, they have access to major parts of the internet backbone. If your data is not encrypted, it is collected and indexed. If it's encrypted it is still collected and saved when they could be decrypted, then indexed.

I thought it was obvious from my first post, but just so I don't get more comments like that one, I'll state this explicitly:

I'm asking about differences between Sonic-only Fusion service and Sonic-branded AT&T FTTN service.

(Thanks for your other comments, though. )

[Guest]

I'm asking about differences between Sonic-only Fusion service and Sonic-branded AT&T FTTN service.

Your question is too general/vague.

[Guest]

Also, who controls the FTTN modem for purposes of firmware upgrades and remote diagnostics -- Sonic or AT&T?

[Guest]

I'm asking about differences between Sonic-only Fusion service and Sonic-branded AT&T FTTN service.

Your question is too general/vague.

I think the difference is at&t, in terms as an ISP, snooping you as a customer. They know what you are doing and can put an account name behind this activity, not just an IP address as they would be limited to as "tier 1" at&t. Sonic goes to great lengths to protect your identity, and after a set amount of time deletes all history of this activity. Would you lose this privacy if at&t, as ISP, is now the middle man?

[thulsa_doom]

As I consider the idea of switching from ADSL2+ to FTTN, the fact that Sonic is reselling AT&T's wholesale service makes me wonder about the privacy implications. I trust Sonic far more than I trust AT&T to do the right thing, and I'd rather not be on the wrong side of that difference. I often hear similar comments when friends and associates tell me they're interested in switching to Sonic, which has been more frequent lately, perhaps because of the Snowden revelations in the news.

I think in light of the Snowden situation you should assume you have an NSA spook behind you right now watching you type.

At what points would our data/metadata be on AT&T's ISP network instead of Sonic's?

Your data is on AT&T's network from the moment it leaves your modem to when it exits to the internet-at-large. Traffic on Fusion FTTN doesn't necessarily cross Sonic's network at all.

Would AT&T and its employees be able to snoop on our communications more than they can now? How about data inspection/collection equipment installed on AT&T's network?

I would expect them to have total access to any data passed over their equipment, which would include all data passed over Fusion FTTN. This is why you should use encryption and proxies.

Whose IP address space would we be using? Whose DHCP, DNS, and mail servers?

Theirs, theirs, theirs (you can specify some other DNS server if you're so inclined), whoever's mail servers you normally use (ours, gmail, whatever)

Does the provided VDSL2 gateway support some kind of bridge mode, allowing our own routers to claim the external IP address and provide NAT, rather than trusting someone else's equipment on the LAN?

Nope.

Which privacy policies apply to Sonic FTTN customers?

Sonic's privacy policies apply to our business practices, what information we gather, and what we do with those data. Dane would be in a better to comment on this end of things, obviously, but I don't think we're in a position to dictate what an AT&T network technician does to a piece of AT&T equipment in an AT&T facility.

[leeep]

This does bring up an interesting point... at least in the case of the ATT Gigabit fiber service, they are flat out charging customers a premium to NOT snoop on their internet traffic to the tune of +$30/month or more...

http://arstechnica.com/information-tech ... -about-it/

AT&T charges at least another $29 a month ($99 total) to provide standalone Internet service that doesn’t perform this extra scanning of your Web traffic. The privacy fee can balloon to more than $60 for bundles including TV or phone service.

Does this imply that, since this is resold ATT service, they basically have free-reign to treat all Sonic customers as non-premium-paying customers and snoop whatever they want for ad revenue? i.e. Sonic isn't paying the "opt-out" fee on our behalf, is it?

[jcarter1]

Bad news for people who torrent?

[thulsa_doom]

Bad news for people who torrent?

Fusion FTTN circuits are treated by AT&T as enterprise connections, so their normal residential usage caps do not apply. Since you're only torrenting totally 100% legitimate content that means there's no problem. Some other less scrupulous person misusing bittorrent may run afoul of their DMCA policies, but not you.