The Trump administration has scrapped laws which clamped down on US internet service providers (ISPs) sharing and selling private customer data. Here’s the lowdown on why it happened, what it means for internet users in the US, and how you can still protect your privacy online.
Your browsing history is a goldmine for advertisers. Just think what they can see:
And this is just the tip of the iceberg. Roll up all that data and an advertiser can hit you with ads that target you with laser precision. Your browsing history is a window into your very thoughts.
Which is why the success of Big Cable in persuading the US government to repeal new protections put in place by the outgoing Obama administration is such a mortal blow for online privacy.
ISPs no longer need your permission to share your data with any third party. They are free to sell it to advertisers looking to persuade you to part with your cash through ultra-targeted online ads.
Advertisers having access to your thought processes to sell you stuff you didn’t even know you wanted might seem like the stuff of dystopian nightmares. But this where are at in 2017.
If you want to know more about what exactly is happening and why, read on. But if you just want to know how to claw back some privacy, skip ahead to our privacy tips.
In April 2017, Donald Trump signed a bill repealing broadband privacy rules after it squeaked through Congress with no Democratic support and strong objections from privacy advocates.
With a stroke of a pen, what would have been landmark protections for the US public melted away in the heat of furious lobbying by ISPs, who now no longer need your permission to share and sell your data.
The broadband regulations, introduced in October 2016 in one of the outgoing Obama administration’s last acts, placed stronger privacy protection demands on ISPs. It meant ISPs would have to ask your permission before they shared your data with third parties. But the new rules did not extend to the likes of Google and Facebook, which are also known to collect and share private data.
This was because ISPs have access to a far greater amount of user information, including:
By matching your smartphone, tablet, laptop or PC to your personal account details, ISPs are able to link browsing activity directly to the individual. This goes well above and beyond what any other internet company can track.
Big Cable has won a precious victory – to profit from your personal browsing history.
The biggest ISPs in the US – including Verizon, AT&T and Comcast – cried foul, complaining that they were now at a disadvantage while other big web companies could continue to collect, share and sell data without your explicit permission.
The telecoms lobby is one of the biggest and most powerful in US history and has very deep pockets. It made over $9 million in election donations to the Republicans in Congress who voted to repeal the bill. However, that sum pales into insignificance compared to how much the ISPs now stand to make selling YOUR data.
The Obama regulations had not come into force yet, so we are back to square one on internet privacy. However, make no mistake – the telecoms lobby sees this as a major victory in its bid to deregulate the market. The Obama regulations had not come into force yet, so we are back to square one on internet privacy. However, make no mistake – the telecoms lobby sees this as a major victory in its bid to deregulate the market.
ISPs would not have pushed so hard for the repeal if they hadn’t seen a fast buck in it. Expect to see the market for online user data to go into hyperdrive, at the expense of your privacy.
Here are just some of the possible consequences.
ISPs see the repeal as a green light from the Trump administration. They know there is big money to be made selling user data to advertisers, and now they have a government which backs them to take advantage of it.
That is going to add up to users being bombarded with a lot more targeted ads.
The big fear is that many ISPs will now relax their own privacy policies so they can collect and sell even more data. The more personal it is, the higher value it has.
With this green light from Congress, expect more invasive data collection methods, such as malware-by-another-name supercookies.
Take the example of co-called ‘supercookies’ – pieces of code which sit hidden on your computer tracking your habits and preferences. Just imagine that, something implanted on your computer secretly logging everything you do. If hackers implanted it, we’d call it malware.
Verizon has already been fined by federal authorities for using supercookies. But after selling out to Big Cable on user privacy, who is betting the Trump administration won’t turn a blind eye on data collection techniques, too?
The whole point of the Obama reforms was to throw a light on the murky world of online data collection, by making ISPs tell the public what they were collecting, why and what they wanted to do with it. Now, all efforts to create more transparency have been thrown out of the window. Your ISP can collect whatever data it likes about you, without ever telling you what it is doing with it or who can see it.
Where is all of this private data going to be stored? How safe is it, and who exactly has access to it? ISPs and other online organisations are still not allowed to share personally identifiable information with third parties, it has to be anonymous. But the information they collect and store is far from anonymous. In fact, it is about as personal and identifiable as it gets.
Identity theft is a massive black market industry. Cyber-criminals are always looking for easy targets where they can lift industrial quantities of personal digital data. Like, for example, the databases where your ISP stores your entire browsing history.
Do you trust your ISP to be on the ball encrypting and protecting your personal data when it is busy selling it behind your back? Softening privacy laws is the start of a slippery slope because it removes any incentive for big businesses to focus on data protection.
It is widely thought that the U-turn on ISP privacy rules will have a ‘chilling effect’ on internet regulation in general. Either other privacy laws will be rolled back, or online companies will just start to ignore them.
Take the laws which state that any sensitive private data inputted into an online form, for example financial details used on a checkout page, must be encrypted.
Say you complete a form stating when your home insurance or your credit card runs out. This would be gold dust to financial firms. They would know exactly when to bombard you with ads trying to win your business.
We already know ISPs can bypass encryption. Knowing how much money it could make from this sort of information, don’t you think your ISP is tempted? Under the Trump administration, would it be worried about being brought to book?
Remember, this is a government which itself runs one of the world’s biggest state surveillance programs of online activity.
How long before we get complete deregulation, with all privacy protections goodbye?
Or should this question be – what does my ISP not know?
Your ISP can see more about your online browsing habits than anyone else. Someone, somewhere is sitting on a huge database with your name on it containing details including:
Even when you use your 4G data to get online, your cell carrier sees exactly what you are doing, too. And if they want to, your home broadband provider and cell carrier can swap notes on what you do. They both know your name, after all.
You might not think you have anything to hide. But that’s not the point.
It is amazing how complete a picture of your life someone can build just from what you do online. It is relatively easy to infer details of your family life, where you work, where you shop, where you like to go on vacation, your hobbies, your political affiliations, your religious beliefs, and much, much more.
They are inside your home and inside your head. And what is worse, all of that information is sat there with no oversight, no regulation, with who knows who able to get hold of it.
Make you feel uneasy? Here are some more specific examples
Most of us like to keep the state of our personal finances private. And because we all know online financial transactions are very heavily regulated, we tend to think all financial information online is sacred, too.
Not so. From your online shopping habits, the things you browse as well as actually buy, people can guess your wealth status, just from whether you are looking at luxury brands or bargain stores.
Whenever you for a new credit card, loan, mortgage, insurance policy or other financial product, someone can take the ballpark figure you are looking for and add that to your profile.
What is more, they can probably guess if you are in financial difficulties. Look for a short term loan online, and then see if you get bombarded with ads from pay day loan companies and credit rating services.
Many of us use the internet nowadays to look up symptoms before we decide to go to see a doctor.
This can be for some very personal stuff.
You or a loved one might be suffering signs of depression or anxiety, and want to know where to get some help.
You might be worried about an intimate problem like an STD, or want to give some sexual health advice to your children.
You could be struggling to come to terms with a diagnosis you or a family member has had for cancer or dementia and want to arm yourself with all of the facts.
Would you be comfortable with strangers knowing your intimate health and financial information?
Would these be things you would be comfortable talking openly about with your neighbor or your boss?
Then doesn’t it seem wrong that a stranger working for your ISP can see all of this, just from the websites you are visiting? Especially as their motive is to make money by selling that information to an advertiser.
Most of us would protect our children’s privacy above all else. But your ISP probably knows all about them.
Your children probably spend hours each day online, on tablets, smartphones and on games consoles. While a lot of attention is paid to the issues of age-appropriate content and online safety, very little is paid to the ethics of people collecting and storing data on minors.
Are you comfortable with your ISP holding a database of information which they use to profile your children? What about targeting them with adverts?
Imagine what happens in the run up to your child’s birthday each year. Someone has picked the date up from a form they filled in to register for an online game or social media site. It gets sold to advertisers, and sure enough toy companies start sending adverts, filtered for age and gender, and just the right time.
There is worse. Children are up to 50 times more vulnerable to identity theft than adults, as they represent ‘clean slates’ to criminals. They are also known to be targeted by drug dealers and sex offenders.
Any information your ISP holds on your child is valuable to criminals as well as to advertisers. Just by storing it, they are creating a risk.
So what can you do to protect your online privacy in the US? The good news is, there ARE ways to fight back. With the right tools, you can make it harder for your ISP to track what you do online, and dodge the advertisers’ efforts to target you.
Here are seven strategies to reclaim your precious privacy. None offer complete protection by themselves, but used together they can form an effective defence against online snooping.
Ad-blocking is a well known way to stop targeted advertisements while you browse. Many ad services and ISPs offer an opt out – click the green triangle which appears on in-browser ads to switch them off, or else look out for emails from your ISP about ad services.
Pros: It stops your browser experience being affected by ads, and in theory you will not be included in the data sets passed on to that ad service.
Cons: It doesn’t stop your ISP watching what you do and collecting data on you, so your personal private data is still stored somewhere. Also, not all ad services provide an opt out.
Most of the major wireless ISPs in the US – T-Mobile, Sprint, Verizon, AT&T, Comcast, Cox Communications – were actively involved in lobbying for the Obama privacy laws to be overturned. However, there are hundreds of smaller, local carriers available who may or may not take a different stance on privacy.
Use this government tool to track down providers in your your area, and then do some research on their privacy stance.
Pros: If you find an ISP which categorically states it does not collect customer browsing data, then problem solved.
Cons: There is no readily available information about which ISPs do and do not track browsing data. It could be a fruitless search.
HTTPS is a secure browsing protocol which hides communication between a client (web user) and server (website) using encryption. In terms of privacy, this means that no one, your ISP included, can see the specific URL of the pages you browse, limiting the online activity they can track.
HTTPS has to be ‘switched on’ to work. Tools like the HTTPS Everywhere plug in for the Firefox, Chrome and Opera browsers will enforce HTTPS use wherever it is supported.
Pros: With page URLs encrypted, your ISPs cannot see in detail what you are viewing or doing online.
Cons: HTTPS support is still not widespread. Comparison, shopping and health sites are notorious for not using HTTPS encryption. Also, HTTPS does not stop your ISP seeing the domains you visit, so they can still build up a pretty accurate profile just from knowing which sites you browse.
There are a number of ways you can limit the ability of your ISP or cell carrier to monitor your online activity:
Pros: Blocking tracking gets to the very heart of the privacy concerns surrounding ISPs because it stops third parties building up a profile of your online activities.
Cons: Even if you followed all of these examples, it still wouldn’t be foolproof. You might make it harder for someone to track you online, but you wouldn’t stop it altogether.
The Domain Name System (DNS) is the catalogue of numerical IP addresses which computers and mobile devices use to navigate the web. Each website has its own unique domain name. Normally when you access the web, you use a DNS server operated by your ISP, which means your ISP can effectively see every site you visit.
Regardless of other steps you take, such as using HTTPS or blocking tracking, so-called DNS ‘leaks’ can still let your ISP see what you do online. The most effective solutions are to either switch to a third party DNS server, or use a VPN (see below).
Pros: If you really want to stop your ISP monitoring what you do online, taking the DNS server you use out of their hands is highly effective.
Cons: Many of the third party DNS server companies available are also making money through advertising, so you are back to square one risking your online activity being tracked by a different kind of organisation.
The Onion Router (TOR) is a well known platform designed for anonymous browsing. It has a reputation for being a portal into the Dark Web, and for being used by political dissidents wanting to evade detection, such as the WikiLeaks contributors.
TOR works by blurring the links between the device you use to access the internet and the sites you visit. It does this by bouncing the requests around a complex network of servers all over the world – like the layers of an onion. Because of this, ISPs, or anyone else trying to track your online activity, find it very hard to match your device’s ID with the request destination.
Pros: If snoopers cannot trace a web hit back to the device it came from, the user remains anonymous, and so your online activity remains private.
Cons: Like all of the solutions listed so far, TOR is far from the perfect solution. Using the TOR browser leaves a lot of popular web content inaccessible, it slows down your browsing, and if you want to stay anonymous, there is a long list of guidelines to follow to change your browsing habits, otherwise you remain vulnerable.
The general consensus on internet privacy is that, if you really want to stop people spying on what you do online, the most robust solution is to use a Virtual Private Network (VPN).
A VPN is an alternative service which bypasses traditional ISPs completely, using encrypted pathways through the public internet to create, as the name suggests, a hidden, private network. Many VPN providers also use their own DNS servers, avoiding the risks of DNS leaks.
Pros: The encrypted pathways a VPN creates through the internet is highly effective at hiding your device’s IP address, making it very difficult to trace what you do online back to you.
Cons: Not all third party VPN services are created equal. As with other examples listed above, some themselves collect user data, which raises the same privacy and security concerns all over again.
So if a VPN is the best way to protect your privacy online in a climate of increasing surveillance, which are the best services to choose in the US?
For the complete picture, you can read this best VPN for the USA list. But here are a few handy pointers to get you started: