So, probably at least two dangerous loopholes: Other purposes including marketing and no mention of choice there. Opt-out for affiliate sharing/use Lets keep an eye open.
Might get really really lucky and either a whistle-blower, or some other investigation, would discover it. Not enough to hang one's hat on, but...
As Mirimir stated its somewhat vague. I took the time to read through it and I feel pretty comfortable with how shallow their attacks are. Any of the top VPN providers mentioned around here would easily beat the obvious. Having a tunnel encrypted and foregoing use of the ISP's dns, shielding all queries to the encrypted tunnel, and such are effective methods. Most use the private dns of the tunnel provider so that eliminates one main ISP attack vector. Compartmentalize, chain, multi providers, throw TOR in for good measure, etc......! Most concerning for users short of Pro configuration, is the area of site fingerprinting which exists even after multi stage tunnel setups because it comes from beyond the exit node. Expansive counter measures involve random padding throughout the tunnel so that returned signatures never quite match what the ISP would be sniffing for. Padding requires more bandwidth because your tunnel passes data 24/7 and is rotating all the time to make it impossible to know when YOU actually are using the tunnel, as compared to another chunk of data being "padded" through. i.e. - is the current bandwidth actually a tunnel being used or is it padding? Keep them guessing.
I just tossed that article into the stewpot for the hell of it . I agree , it is vague , and most of it is old news to people who take an interest in these things But for me it highlighted the huge disparity between the number of people complaining about unwarranted invasion of their privacy , by TLAs and others , and the much smaller number who are actively doing something about it ( eg. paying a few dollars a month for a quality VPN , and learning how to use it effectively ).
You make some good points there. Part of this may be the notion that "THEY" congress should address this and my personal need to attend to this situation should be un-needed. While that is likely true in a "Cinderella" world, it isn't how it really works. So, you either learn and attend to this protecting yourself or you go down in flames.
Yep, well put. Rather painfully, I'm adjusting to the pointlessness of "should" and "ought" in the face of what is. And yes, I've participated in what's laughingly called consultation about legislation - again, manifestly pointless. It's true, I'll admit it - I naively thought that post-Snowden, they'd be somewhat contrite and the bulk surveillance would have been curtailed - as it "should" have been if they were concerned with either effectiveness or constitutionality or the HRA or a zillion other things about living in a civilized democracy. Not so. And notice the "they". Look after yourself.
https://www.dslreports.com/shownews/FCC-Votes-For-New-Broadband-Privacy-Rules-Lifeline-Reform-136626 https://www.fcc.gov/document/fcc-proposes-broadband-consumer-privacy-rules
More FCC rules that 'supposedly' provide some benefit to consumers? Yeah, right! It's no different than the "Do Not Call Registry". It isn't worth the paper it's written on, IMO.
FWIW, came across a/the "proposal" from the American Cable Association, Competitive Carriers Association, CTIA, National Cable & Telecommunications Association, and USTelecom: https://www.ncta.com/sites/prod/files/Letter-PrivacyPrinciples-3-1-16.pdf Which basically boils down to: we should not be required to allow consumers to opt-in or opt-out of either affiliate sharing or third-party sharing.