On April 3rd, 2017, the White house signed a bill repealing several broadband internet privacy rules. These rules, enacted during the Obama administration and set to take effect in late-2017, would have severely restricted what an ISP could do with their customer’s search data. Originally, the rules would have forced ISPs to ask their customer’s permission before using their personal browsing data to sell targeted advertising. Now, using all of that data with permission or not, is fair game.
As one might have expected, the public backlash against this move has been loud and swift. One non-profit group intends to raise billboards plastered with names of the US Senators and Representatives who voted in favor of the legislation. Other independent groups are gathering funds in an attempt to purchase congressional browser histories, despite the fact these attempts are doomed to fail. One man in Sweden is even selling his own browser history on E-bay as a form of political protest.
Sure, advertising can be a nuisance and many of us would probably be happy never to see it again. The problem, however, is that many of the websites we interact with every day run on advertising. Something needs to pay for all of the equipment and effort that goes into running a premium website, and online advertising is often the approach chosen to do so. The simple fact that many websites’ very existence is dependent on their ability to sell ad-space, means that for the time being marketing will inevitably play a role in our browsing experiences.
Marketing professionals thrive off of data. The more information they can collect about a person’s background, habits, wants, desires and needs, the more effective their messaging becomes. “Fine”, you may be thinking, “But that doesn’t mean they should get to crawl through my browser history without my consent!”. You can picture it easily in your mind; a marketing team is tasked with improving sales. In this new age of data-for-sale, they simply call up an ISP and purchase all of individual internet browsing histories for a particular area. Whoila, they have every online query issued from every person in the whole town. Now what? A town of only a few thousand people could generate hundreds of gigabytes worth of browser data in mere days. Is that team going to go through each individual record? No they will not, for 2 reasons. It’s not a good use of their time, and it’s illegal.
This marketing group that likely consists of a product manager, a couple sales folks, a handful of recent college graduates and an intern is not going to personally shovel through thousands of gigabytes of data looking for your buying trends. They simple do not have the time or resources to do so.
Besides, even assuming they had the energy and resources to mine massive troves of browser data, they are simply not allowed. The Telecommunications Act of 1996 explicitly prohibits the sharing of “individually identifiable” information records. This means that your ISP cannot legally pass along browsing data to an advertiser who could then tie that data to your identity. The marketer who put the ad together is not allowed to know who you are based off what your ISP tells them.
So how will all of this work? According to Chris Calabrese at the Center for Democracy and Technology, an ISP’s server will analyze an individual’s browsing habits and sort them into one of several dozen consumer categories, also referred to as market segments. This is nothing new. Companies like Experian have been using tons of data to classify every US household for years, as you can see here.
When you type in a particular URL, your ISP will let that site know that a certain type of consumer is on the way. Before your browser even loads the page, you are paired with the advertiser who paid the most to be connected with people of your particular segment. Less than a second later, you show up on the site, and the ad appears somewhere on the page. The marketing team who bought the ad space will not know all of the sites you visited prior to this one, or even who you are. They will only know what type of customer you are, as designated by your ISP’s servers. It’s also worth noting that this is how web advertising has worked for years, as this digital animation demonstrates beautifully. What we can likely expect from this change is simply more advertising, finer-tuned using our browsing histories to resonate with our individual personalities.
There are more alarming predictions around the web, for sure. Take this group for example, who fear our web searches will be hijacked, computers bugged and phones laden with advertising spyware. Another article suggests that this is merely the beginning of a very slippery slope. Could government agencies work with your ISP to spy on you? What if an ISP suffered a data breach? Will businesses track our movements 24/7 via our cell phones?
Regardless of what happens today, it seems unlikely this is the last we’ll hear of our browsing data being used for commercial purposes. As the internet continues to grow exponentially, the nature of our interaction with it will continue to change. These changes will inevitably raise new questions and concerns about data privacy with each incoming wave of innovation and change.
In the meantime, many individuals are coming up with ways to disguise their browsing behavior from their ISP, and any other prying eyes for that matter. Should you wish to do the same, you could try one of the following options. These are the top 6 approaches being touted around the web today:
1. Find a new ISP
If you don’t like how your current ISP is handling your data, let you wallet do the talking and switch providers. You might be thinking though, “Don’t all ISPs get to use my data?”, and you would be right. Still, they’re not obliged to touch any of it. In fact, several smaller ISPs have written an open letter protesting the rules repeal. The letter features a least a dozen smaller ISPs you could switch to assuming they serve your area, and therein lies a major problem. The US is primarily served by several massive ISPs including Verizon, AT&T, Charter, Comcast & Sprint. In many areas, customers only have access to a single ISP service, and it’s typically a major carrier. So, even assuming you take another carrier at their word not to use your data, you might be hard-pressed to find one.
Most ISPs offer customers the option to opt-out of certain types of data collection. Which ones? Comcast, AT&T and Charter for starters. As a matter of fact, a few companies including Verizon and Sprint actually require users to opt-in for data collection! That being said, ISPs are under no obligation to offer an option at the moment. Furthermore, the language describing each opt-out and opt-in can be long and complex. It’s not always clear what kind of data collection one is consenting to. It’s also worth asking whether or not these opt-out choices are simply a temporary lip-service, given the fact that ISPs pushed so hard to have these rules repealed in the first place.
3. Use a VPN
A Virtual Private Network (VPN) redirects your traffic around the web during your browser session. This method of hopping-around effectively disguises information about your computer, phone or tablet. Information sent across VPN connections is encrypted, so those who may intercept your traffic cannot read the information itself, and this includes ISPs. It is very important to bear in mind however, that some VPN companies are more trustworthy than others. There are others still who feel using a VPN is not enough to keep their data private.
A local tech provider can provide recommendations on which service is best for you. Depending on your particular technology needs, a VPN may or may not be suitable for your business.
4. Find Cover
One easy step you can take right now is to install a browser extension called HTTPS Everywhere. HTTPS is a variation of the everyday protocol language that runs the world wide web, and the “s” stands for “secure”. When you see this in a website URL, know that whatever interactions you have with that particular site are encrypted. When using a site enabled with HTTPS, your ISP can see that you went to a particular site and have no idea what happened while you were there. Websites commonly used to access legal, financial and healthcare industries generally enable HTTPS connections as a standard practice due to sensitive nature of the data being accessed. Unfortunately, HTTPS isn’t automatically enabled for every site you will visit. While it can’t work for every website out there, this browser extension enables an HTTPS connection wherever possible.
5. Make some noise!
One approach growing in popularity is to hide browsing data by simply heaping on more. Since this legislation became public, several individuals have created scripts and browser extensions that will automatically generate random web traffic from your IP address. While you browse the internet at your leisure, your computer is working in the background, sending additional search queries to random sites around the internet. The idea is that your real traffic will be indecipherable from the garbage traffic, thus making your browser history worthless. As the expression goes, your ISP theoretically can’t “see the forest for the trees”. While this is certainly an innovative approach, it likely can’t do much to conceal your true browsing habits. According to experts, computers are simply too good at filtering noise and identifying patterns, meaning the true nature of you browse the internet will shine through.
While this seems like a cool approach to staying undercover, it likely won’t cover much of anything.
6. Anonymized Browsing Software
By now, it’s been around long-enough that many of us a familiar with the name “Tor”. Tor, which stand for The Onion Router, was actually funded in large part by the US government. Despite its common association in popular culture with illegal activity, the use of Tor by itself is not illegal at all. Tor is simply a different kind of web browser, and directs your web queries through multiple layers (hence the name onion) of anonymity. Tor is not the only browser of its kind either. There are many different systems which claim to offer a similarly anonymous browsing experience. However, it’s important to remember that no browser is perfect. Anonymous web browsing of this manner is terribly slow, so for those us trying to download the latest cat video or check the weather, this is going to feel like overkill.
Where do you go from here?
While it doesn’t seem as though this repeal will have an immediate major effect on our browsing experience, it doesn’t appear we can do much to prevent it either. In light of this change, the best thing a business owner can do is examine their relationship with their ISP. Talk to a local qualified technology provider. These experts are often very familiar with the ISPs serving your local area. They can educate you on which is the best service for your business to choose and why. Ask them about best practices, and what you can do to ensure your data and business remain safe and secure.