I like the idea, and I especially like the idea of a 501c3 (which subsidizes the added costs over commercial baseline) coupled with a commercial company (which charges normal rates for service.
You can go a reasonably long way with just best practice privacy policy (requiring court orders, keeping minimal records, locking down configs, obfuscating IPs, not intentionally compromising privacy), but there are a couple issues. One, a lot of big ISPs (from what I've read) are only profitable due to selling clickstreams or other privacy-invading things. So a privacy-protecting ISP will cost more for the same service (or, will offer crappier bandwidth).
Second, once you move beyond this level of security, you're trying to defeat traffic analysis, and then targeted attacks. Targeted attacks are probably out of scope (and really expensive to defend against), but defending against traffic analysis usually requires burning a lot of bandwidth, or scheduling or routing communications in strange ways (which adds latency in various ways). This makes things REALLY expensive, and especially for wireless systems, uses up the finite spectrum capacity.
Ultimately the best way to really protect privacy is to structure applications to be message based, tolerant of latency on the order of hours, and basically non-interactive. This is the opposite of how ~everything is done on the web -- email is probably the only widely deployed application which works like this, and that's why email has the best anti-traffic-analysis systems out there (mixmaster/mixminion remailers).
Plus, there's a big problem with declaring yourself "the ISP for people who want to be anonymous" -- it self-selects, especially if it's a small pool of users due to higher cost, into a great target. Either the organization itself is evil and secretly monitoring, or just becomes a hacker/government target (which could involve monitoring on the perimeter/upstream). The best model is some combination of making privacy protection a default feature of protocols, having a bunch of different vendors (which may advertise better privacy) to choose from, and having technical systems which can provably protect your secrets against various kinds of threats.
It's a bunch of medium and hard problems. The biggest problem is that 99.99% of users totally don't care, though.
You can go a reasonably long way with just best practice privacy policy (requiring court orders, keeping minimal records, locking down configs, obfuscating IPs, not intentionally compromising privacy), but there are a couple issues. One, a lot of big ISPs (from what I've read) are only profitable due to selling clickstreams or other privacy-invading things. So a privacy-protecting ISP will cost more for the same service (or, will offer crappier bandwidth).
Second, once you move beyond this level of security, you're trying to defeat traffic analysis, and then targeted attacks. Targeted attacks are probably out of scope (and really expensive to defend against), but defending against traffic analysis usually requires burning a lot of bandwidth, or scheduling or routing communications in strange ways (which adds latency in various ways). This makes things REALLY expensive, and especially for wireless systems, uses up the finite spectrum capacity.
Ultimately the best way to really protect privacy is to structure applications to be message based, tolerant of latency on the order of hours, and basically non-interactive. This is the opposite of how ~everything is done on the web -- email is probably the only widely deployed application which works like this, and that's why email has the best anti-traffic-analysis systems out there (mixmaster/mixminion remailers).
Plus, there's a big problem with declaring yourself "the ISP for people who want to be anonymous" -- it self-selects, especially if it's a small pool of users due to higher cost, into a great target. Either the organization itself is evil and secretly monitoring, or just becomes a hacker/government target (which could involve monitoring on the perimeter/upstream). The best model is some combination of making privacy protection a default feature of protocols, having a bunch of different vendors (which may advertise better privacy) to choose from, and having technical systems which can provably protect your secrets against various kinds of threats.
It's a bunch of medium and hard problems. The biggest problem is that 99.99% of users totally don't care, though.