Yesterday Congress voted to erase privacy protections for consumers by passing a law making it illegal for the FCC to have rules to protect consumer privacy online. Specifically, this vote allows your ISP (Internet Service Provider, the company you pay for your Internet access) to collect and sell your Internet usage information without your permission. To be fair, you didn’t yet have these protections… they were just about to go into effect, and now they won’t.
Most people appreciate the right to keep private what they do in their own home and are unhappy with a violation of this privacy, but many don’t understand the potential impact on their lives, or how to protect themselves from these privacy violations.
What You Reveal Using the Internet
In your day-to-day usage of the Internet you expose to your ISP an enormous amount of data that enables them to target and classify you in ways that are valuable to advertisers, employers, insurance companies, and financial institutions. Your ISP has the ability to sell to companies data to classify you based on health issues, financial status, sexual interests, religion, hobbies, and political views.
Every web search you make and every web page you visit is an opportunity for your ISP to understand you a little better. Searching information about depression? Looking at the most recent coupon you got from BevMo? Congratulations, you’re now part of the “risk of alcoholism” demographic that might be of interest to future employers or insurance companies. Reading a medical site to figure out if that mole on your arm looks funny? You are flagged as a cancer risk. Searching for an anniversary present and looking at a dating site in the same week? Divorce attorneys and real estate agents might pay handsomely to know who you are (or, more accurately, who your spouse is).
But wait, Brett – I use “Incognito” or “Privacy” mode on my browser… doesn’t that protect me? Actually, no… these options prevent websites from permanently storing information on your browser that can later be used by that website to re-identify and track you, but they don’t do anything to secure the traffic that goes between your computer and the website, which always passes through your ISP.
But Brett, I know the little “https:” in the web address bar means secure, so I’m safe on those sites, right? You’re better off, but you’re still leaking a ton of information… Secure websites do a great job of ensuring that the traffic sent between the website and your computer is encrypted and secure – so the contents of the interaction should be private. However, your ISP will still have access to watching the Internet addresses you visit, so if you look at the Suicide Prevention Hotline, your ISP can’t see the specific data but they know you are interested in content about suicide. This site-identifying information is also revealed through your DNS queries (how your computer turns a URL into an IP address), and most consumers have their DNS handled by their ISP.
Okay, Brett… fine, ISPs can do this shifty stuff, but this sounds like tinfoil hat territory. Well, maybe, but these large ISPs have a history of doing some really shady things with your data, ranging from hijacking (and replacing) your search results, inserting ads into your web pages, and secretly sending your web history back to the ISP. The big name ISPs (Cox, Comcast, Time Warner, AT&T, and Verizon) spent money lobbying and buying votes because they are most capable of turning your private information into their profits (and they probably want a return on that investment).
You are the Product
Of course, collecting and selling information about users is the way many Internet companies (Google, Facebook) become powerful cash machines. As a general rule, if you use a free service that doesn’t sell its products, you are actually the product being sold to other companies. The primary difference is these privacy-selling services are optional (you don’t have to use Facebook), and you are not paying for them.
An ISP is closer to the phone company as a utility – while you may have some choice in which ISP you use, frequently these choices are very limited and, if selling private customer information is a standard practice, your only alternate choice is not having Internet access. If you found out that the phone company listened in on your conversations and sold transcripts to other companies, you’d likely be outraged.
Which brings up the question, what protections will you have that you are not highly targeted? You filled out a request for health insurance online, can that insurance company acquire the data to make coverage liability decisions about you based on requesting data for your IP address, if not for your name specifically? Can I go to my local ISP and buy data because I want to understand what news my neighbors read, what dating sites they use, and what movies they watch?
Keeping Your Internet Usage Private
For the more technically inclined, there are a several options available (e.g. centralized VPN at the router, or TOR servers), but these are not really accessible for the average consumer, so I’m going to cover what I think are the two best options accessible to most people that don’t have a system administrator living in their household.
A VPN (virtual private network) establishes an encrypted connection between your computer and another server, and that server accesses the Internet and relays the data back to your computer. A VPN prevents your ISP from seeing anything you access – they only see a single connection to the VPN server. While the VPN does conceal your data from your ISP, you need to find a trusted VPN provider as they now have access to your data. As an additional challenge, if you are interested in making all Internet access from your home private, a VPN is unlikely to work with all of your devices (e.g. Tablets, Roku, Apple TV, Alexa / Echo, and Amazon Fire TV). Finally, some Internet sites (like Netflix) specifically block VPNs, adding additional frustration to this solution.
Choose an ISP That Values Your Privacy
All ISPs have the ability to take advantage of Congress voting away your online privacy rights. The big names (Cox, Comcast, Time Warner, AT&T, and Verizon) have the most capability of leveraging your private data, but this doesn’t mean that smaller ISPs won’t also use your private data – it is quite likely that bigger companies will offer an easy revenue-generating solution that allows smaller ISPs to provide access to your data, bringing in some extra cash (tempting for small ISPs that are typically at a significant disadvantage over the big names).
However, smaller ISPs can be more committed to respecting customer desires, and may be more receptive to customer requests to maintain privacy. For example, since the early 1990’s I’ve worked with LMi.net, who has always been a great partner for my business and personal Internet needs. I called the owner and he told me several customers called after Congress voted and he responded, “It’s easy. We never have sold user data, and we never will.” While big ISP’s send me weekly junk mail trying to lure me in on some great Internet package (usually including TV), I understand the value of my ISP consistently making decisions that consider the best interest of the customer.
Do you have other suggestions for keeping your Internet usage private? Think I’m a paranoid crackpot? Please leave a comment!