US Internet Privacy Rollback Explained
Your browsing history is a goldmine for advertisers. Just think what they can see:
- Everything you’ve ever browsed or bought online.
- Hobbies you’ve researched.
- Health scares you’ve gone online to read up on.
- Credit cards or insurance you’ve compared.
- Holiday planning.
- Random questions you wanted an answer to.
And this is just the tip of the iceberg. Roll up all that data and an advertiser can hit you with ads that target you with laser precision. Your browsing history is a window into your very thoughts.
Which is why the success of Big Cable in persuading the US government to repeal new protections put in place by the outgoing Obama administration is such a mortal blow for online privacy.
ISPs no longer need your permission to share your data with any third party. They are free to sell it to advertisers looking to persuade you to part with your cash through ultra-targeted online ads.
Advertisers having access to your thought processes to sell you stuff you didn’t even know you wanted might seem like the stuff of dystopian nightmares. But this where are at in 2017.
If you want to know more about what exactly is happening and why, read on. But if you just want to know how to claw back some privacy, skip ahead to our privacy tips.
What exactly happened in the US?
In April 2017, Donald Trump signed a bill repealing broadband privacy rules after it squeaked through Congress with no Democratic support and strong objections from privacy advocates.
With a stroke of a pen, what would have been landmark protections for the US public melted away in the heat of furious lobbying by ISPs, who now no longer need your permission to share and sell your data.
The broadband regulations, introduced in October 2016 in one of the outgoing Obama administration’s last acts, placed stronger privacy protection demands on ISPs. It meant ISPs would have to ask your permission before they shared your data with third parties. But the new rules did not extend to the likes of Google and Facebook, which are also known to collect and share private data.
This was because ISPs have access to a far greater amount of user information, including:
- ALL your online activity
- Your full name
- Date of birth
- Payment information
- The unique identifying number of each device you use to go online.
By matching your smartphone, tablet, laptop or PC to your personal account details, ISPs are able to link browsing activity directly to the individual. This goes well above and beyond what any other internet company can track.
Big Cable has won a precious victory – to profit from your personal browsing history.
The biggest ISPs in the US – including Verizon, AT&T and Comcast – cried foul, complaining that they were now at a disadvantage while other big web companies could continue to collect, share and sell data without your explicit permission.
The telecoms lobby is one of the biggest and most powerful in US history and has very deep pockets. It made over $9 million in election donations to the Republicans in Congress who voted to repeal the bill. However, that sum pales into insignificance compared to how much the ISPs now stand to make selling YOUR data.
What are the consequences?
The Obama regulations had not come into force yet, so we are back to square one on internet privacy. However, make no mistake – the telecoms lobby sees this as a major victory in its bid to deregulate the market. The Obama regulations had not come into force yet, so we are back to square one on internet privacy. However, make no mistake – the telecoms lobby sees this as a major victory in its bid to deregulate the market.
ISPs would not have pushed so hard for the repeal if they hadn’t seen a fast buck in it. Expect to see the market for online user data to go into hyperdrive, at the expense of your privacy.
Here are just some of the possible consequences.
1. More aggressive monetization of user data
ISPs see the repeal as a green light from the Trump administration. They know there is big money to be made selling user data to advertisers, and now they have a government which backs them to take advantage of it.
That is going to add up to users being bombarded with a lot more targeted ads.
2. More invasive data collection techniques
The big fear is that many ISPs will now relax their own privacy policies so they can collect and sell even more data. The more personal it is, the higher value it has.
With this green light from Congress, expect more invasive data collection methods, such as malware-by-another-name supercookies.
Take the example of co-called ‘supercookies’ – pieces of code which sit hidden on your computer tracking your habits and preferences. Just imagine that, something implanted on your computer secretly logging everything you do. If hackers implanted it, we’d call it malware.
Verizon has already been fined by federal authorities for using supercookies. But after selling out to Big Cable on user privacy, who is betting the Trump administration won’t turn a blind eye on data collection techniques, too?
3. Reduced transparency about data collection
The whole point of the Obama reforms was to throw a light on the murky world of online data collection, by making ISPs tell the public what they were collecting, why and what they wanted to do with it. Now, all efforts to create more transparency have been thrown out of the window. Your ISP can collect whatever data it likes about you, without ever telling you what it is doing with it or who can see it.
4. A fall in data protection standards
Where is all of this private data going to be stored? How safe is it, and who exactly has access to it? ISPs and other online organisations are still not allowed to share personally identifiable information with third parties, it has to be anonymous. But the information they collect and store is far from anonymous. In fact, it is about as personal and identifiable as it gets.
Identity theft is a massive black market industry. Cyber-criminals are always looking for easy targets where they can lift industrial quantities of personal digital data. Like, for example, the databases where your ISP stores your entire browsing history.
Do you trust your ISP to be on the ball encrypting and protecting your personal data when it is busy selling it behind your back? Softening privacy laws is the start of a slippery slope because it removes any incentive for big businesses to focus on data protection.
5. Further deregulation
It is widely thought that the U-turn on ISP privacy rules will have a ‘chilling effect’ on internet regulation in general. Either other privacy laws will be rolled back, or online companies will just start to ignore them.
Take the laws which state that any sensitive private data inputted into an online form, for example financial details used on a checkout page, must be encrypted.
Say you complete a form stating when your home insurance or your credit card runs out. This would be gold dust to financial firms. They would know exactly when to bombard you with ads trying to win your business.
We already know ISPs can bypass encryption. Knowing how much money it could make from this sort of information, don’t you think your ISP is tempted? Under the Trump administration, would it be worried about being brought to book?
Remember, this is a government which itself runs one of the world’s biggest state surveillance programs of online activity.
How long before we get complete deregulation, with all privacy protections goodbye?
What does my ISP know about me?
Or should this question be – what does my ISP not know?
Your ISP can see more about your online browsing habits than anyone else. Someone, somewhere is sitting on a huge database with your name on it containing details including:
- Every site you visit
- How often you visit each site, and when
- The devices you use
- The services you subscribe to.
Even when you use your 4G data to get online, your cell carrier sees exactly what you are doing, too. And if they want to, your home broadband provider and cell carrier can swap notes on what you do. They both know your name, after all.
You might not think you have anything to hide. But that’s not the point.
It is amazing how complete a picture of your life someone can build just from what you do online. It is relatively easy to infer details of your family life, where you work, where you shop, where you like to go on vacation, your hobbies, your political affiliations, your religious beliefs, and much, much more.
They are inside your home and inside your head. And what is worse, all of that information is sat there with no oversight, no regulation, with who knows who able to get hold of it.
Make you feel uneasy? Here are some more specific examples
State of your finances
Most of us like to keep the state of our personal finances private. And because we all know online financial transactions are very heavily regulated, we tend to think all financial information online is sacred, too.
Not so. From your online shopping habits, the things you browse as well as actually buy, people can guess your wealth status, just from whether you are looking at luxury brands or bargain stores.
Whenever you for a new credit card, loan, mortgage, insurance policy or other financial product, someone can take the ballpark figure you are looking for and add that to your profile.
What is more, they can probably guess if you are in financial difficulties. Look for a short term loan online, and then see if you get bombarded with ads from pay day loan companies and credit rating services.
Many of us use the internet nowadays to look up symptoms before we decide to go to see a doctor.
This can be for some very personal stuff.
You or a loved one might be suffering signs of depression or anxiety, and want to know where to get some help.
You might be worried about an intimate problem like an STD, or want to give some sexual health advice to your children.
You could be struggling to come to terms with a diagnosis you or a family member has had for cancer or dementia and want to arm yourself with all of the facts.
Would you be comfortable with strangers knowing your intimate health and financial information?
Would these be things you would be comfortable talking openly about with your neighbor or your boss?
Then doesn’t it seem wrong that a stranger working for your ISP can see all of this, just from the websites you are visiting? Especially as their motive is to make money by selling that information to an advertiser.
Most of us would protect our children’s privacy above all else. But your ISP probably knows all about them.
Your children probably spend hours each day online, on tablets, smartphones and on games consoles. While a lot of attention is paid to the issues of age-appropriate content and online safety, very little is paid to the ethics of people collecting and storing data on minors.
Are you comfortable with your ISP holding a database of information which they use to profile your children? What about targeting them with adverts?
Imagine what happens in the run up to your child’s birthday each year. Someone has picked the date up from a form they filled in to register for an online game or social media site. It gets sold to advertisers, and sure enough toy companies start sending adverts, filtered for age and gender, and just the right time.
There is worse. Children are up to 50 times more vulnerable to identity theft than adults, as they represent ‘clean slates’ to criminals. They are also known to be targeted by drug dealers and sex offenders.
Any information your ISP holds on your child is valuable to criminals as well as to advertisers. Just by storing it, they are creating a risk.
How to protect your privacy
So what can you do to protect your online privacy in the US? The good news is, there ARE ways to fight back. With the right tools, you can make it harder for your ISP to track what you do online, and dodge the advertisers’ efforts to target you.
Here are seven strategies to reclaim your precious privacy. None offer complete protection by themselves, but used together they can form an effective defence against online snooping.
Opt out of targeted advertising
Ad-blocking is a well known way to stop targeted advertisements while you browse. Many ad services and ISPs offer an opt out – click the green triangle which appears on in-browser ads to switch them off, or else look out for emails from your ISP about ad services.
Pros: It stops your browser experience being affected by ads, and in theory you will not be included in the data sets passed on to that ad service.
Cons: It doesn’t stop your ISP watching what you do and collecting data on you, so your personal private data is still stored somewhere. Also, not all ad services provide an opt out.
Choose an alternative ISP
Most of the major wireless ISPs in the US – T-Mobile, Sprint, Verizon, AT&T, Comcast, Cox Communications – were actively involved in lobbying for the Obama privacy laws to be overturned. However, there are hundreds of smaller, local carriers available who may or may not take a different stance on privacy.
Use this government tool to track down providers in your your area, and then do some research on their privacy stance.
Pros: If you find an ISP which categorically states it does not collect customer browsing data, then problem solved.
Cons: There is no readily available information about which ISPs do and do not track browsing data. It could be a fruitless search.
Only browse using HTTPS
HTTPS is a secure browsing protocol which hides communication between a client (web user) and server (website) using encryption. In terms of privacy, this means that no one, your ISP included, can see the specific URL of the pages you browse, limiting the online activity they can track.
HTTPS has to be ‘switched on’ to work. Tools like the HTTPS Everywhere plug in for the Firefox, Chrome and Opera browsers will enforce HTTPS use wherever it is supported.
Pros: With page URLs encrypted, your ISPs cannot see in detail what you are viewing or doing online.
Cons: HTTPS support is still not widespread. Comparison, shopping and health sites are notorious for not using HTTPS encryption. Also, HTTPS does not stop your ISP seeing the domains you visit, so they can still build up a pretty accurate profile just from knowing which sites you browse.
There are a number of ways you can limit the ability of your ISP or cell carrier to monitor your online activity:
- Switch off cookies in the settings section of your web browser. You can also switch off supercookies and so-called Flash cookies, which are more permanent tracking devices. Here’s a handy guide for how to clear cookies and supercookies on Windows and Mac.
- Disable location services. Only switch them on when you really need to, for example for route planning. Leaving GPS and other location services switched on broadcasts your whereabouts to every site you visit. Use these links to turn off location services for Windows, Mac, iOS and Android.
- On mobile devices, regularly clear or reset the Ad ID used by apps. These track use and geolocation in a way similar to cookies. Here’s how to reset on Android and iOS.
- Avoid using Google tracking links. When search with Google, the search results do not give the genuine URL of the websites and pages listed. Instead, they use something called a tracking link as a proxy. When you click through to the page using this link, it makes it easier for Google to track your browsing. Use a tool like Searchlinkfix for the Mozilla browser to always see the genuine URL in search results.
- Use a browser plug in like Ghostery, which logs and blocks any attempts to track your online activity. A downside of this is that Ghostery is itself known to collect user data, although the site’s owners insist it is on an opt-in basis only.
Pros: Blocking tracking gets to the very heart of the privacy concerns surrounding ISPs because it stops third parties building up a profile of your online activities.
Cons: Even if you followed all of these examples, it still wouldn’t be foolproof. You might make it harder for someone to track you online, but you wouldn’t stop it altogether.
Manage DNS leaks
The Domain Name System (DNS) is the catalogue of numerical IP addresses which computers and mobile devices use to navigate the web. Each website has its own unique domain name. Normally when you access the web, you use a DNS server operated by your ISP, which means your ISP can effectively see every site you visit.
Regardless of other steps you take, such as using HTTPS or blocking tracking, so-called DNS ‘leaks’ can still let your ISP see what you do online. The most effective solutions are to either switch to a third party DNS server, or use a VPN (see below).
Pros: If you really want to stop your ISP monitoring what you do online, taking the DNS server you use out of their hands is highly effective.
Cons: Many of the third party DNS server companies available are also making money through advertising, so you are back to square one risking your online activity being tracked by a different kind of organisation.
The Onion Router (TOR) is a well known platform designed for anonymous browsing. It has a reputation for being a portal into the Dark Web, and for being used by political dissidents wanting to evade detection, such as the WikiLeaks contributors.
TOR works by blurring the links between the device you use to access the internet and the sites you visit. It does this by bouncing the requests around a complex network of servers all over the world – like the layers of an onion. Because of this, ISPs, or anyone else trying to track your online activity, find it very hard to match your device’s ID with the request destination.
Pros: If snoopers cannot trace a web hit back to the device it came from, the user remains anonymous, and so your online activity remains private.
Cons: Like all of the solutions listed so far, TOR is far from the perfect solution. Using the TOR browser leaves a lot of popular web content inaccessible, it slows down your browsing, and if you want to stay anonymous, there is a long list of guidelines to follow to change your browsing habits, otherwise you remain vulnerable.
Use a VPN
The general consensus on internet privacy is that, if you really want to stop people spying on what you do online, the most robust solution is to use a Virtual Private Network (VPN).
A VPN is an alternative service which bypasses traditional ISPs completely, using encrypted pathways through the public internet to create, as the name suggests, a hidden, private network. Many VPN providers also use their own DNS servers, avoiding the risks of DNS leaks.
Pros: The encrypted pathways a VPN creates through the internet is highly effective at hiding your device’s IP address, making it very difficult to trace what you do online back to you.
Cons: Not all third party VPN services are created equal. As with other examples listed above, some themselves collect user data, which raises the same privacy and security concerns all over again.
Choosing a VPN in the US
So if a VPN is the best way to protect your privacy online in a climate of increasing surveillance, which are the best services to choose in the US?
For the complete picture, you can read this best VPN for the USA list. But here are a few handy pointers to get you started:
- Check your VPN’s policy on data collection. If you really want to protect your privacy, choose a service which guarantees not to track your internet use.
- Look for a service with a high rating for customer service. Most managed VPNs nowadays are set up to be as easy for the consumer as possible, but if you do run into problems with your internet access, you want to know you can get help quickly to get back online.
- Choose a service which rates highly for connection speed and choice of servers in the US. Many VPN providers will run servers all over the world. How far away the server you connect to is will affect your browsing speed. Ideally, you want servers in or as close to the US as possible.
- Read reviews and look for a service which rates highly for blocking DNS leaks. Unless the VPN provider is proactive in managing its own DNS servers, this can be a weakness in the privacy a VPN provides.