Privacy please: How to protect your online history now that Republicans want to let internet providers sell it

[Joel]

Privacy please: How to protect your online history now that Republicans want to let internet providers sell it


Internet service providers will soon be able to sell information like what websites you visit to third-party advertisers, if all goes according to House Republicans’ plan Tuesday. But not all is lost – or public.

Because the Senate last week approved this bill, and because the Republicans supporting the bill control both chambers of Congress, it is widely expected that this rollback of Obama-era privacy protections will be signed into law.

The reason that ISPs want to be allowed to collect and sell this data is fairly straightforward: They want to make more money. Facebook and Google, which together have a de facto duopoly on digital advertising dollars, already collect this sort of information and use it to help advertisers better target users. Internet providers want a slice of that pie.

Though state governments are considering maneuvers to protect customer data, there are other steps that privacy-minded internet users can take on their own to conceal their information.

The easiest way is a VPN – virtual private network – which is kind of software that allows the user to mask what they are doing online. It’s not a protection against sustained, malicious hacking, but it can offer protection against mass surveillance and data collection. Outside the U.S., VPNs are commonly used to shield users from government monitors and to trick streaming services like Netflix into thinking that you’re in a different country.

VPNs do not offer complete security, and you should be careful about which VPN you trust; theoretically, a VPN could protect your data, only to collect information itself and then sell to others. And, as Electronic Frontier Foundation civil liberties experts noted earlier this month, “the only way to protect your privacy from your ISP is to pay for a VPN” — meaning you shouldn’t use freebie services.

If you’re interested in using a VPN, here are a few strong options to look at:


Hotspot Shield (Elite version): One of the most popular VPNs — and one of the more highly priced ones — parent company AnchorFree talks a big game about protecting users from government surveillance.

IPVanish: Another popular, paid service that offers extensive support options including for mobile.

NordVPN: A popular option that’s generally cheaper than the competition.

PrivateInternetAccess: Another cheaper, reliable option.


And if you’re more technically inclined, or want to avoid using a corporate VPN, you can set up your own VPN for your home internet network using open source tools. Here’s a how-to guide.

[Onsdag]

Privacy please: How to protect your online history...

Ultimately, the only real and reliable way to 'protect' your online history is to live a virtuous and godly life.

"And wo unto them that seek deep to hide their counsel from the Lord! And their works are in the dark; and they say: Who seeth us, and who knoweth us? And they also say: Surely, your turning of things upside down shall be esteemed as the potter’s clay. But behold, I will show unto them, saith the Lord of Hosts, that I know all their works. For shall the work say of him that made it, he made me not? Or shall the thing framed say of him that framed it, he had no understanding?"

"And the rebellious shall be pierced with much sorrow; for their iniquities shall be spoken upon the housetops, and their secret acts shall be revealed."

[Joel]

Your ISP does not care if you live a virtuous and godly life =)) Those people will have their private information sold too. This isn’t just your browsing history or cookies. It’s geolocation data, financial info, passwords, health info, even your Social Security Number. Anything you do, any data you enter, any online video you watch, any email you write. Your ISP could store it all and sell it for their own profit.

[Joel]

Five Creepy Things Your ISP Could Do if Congress Repeals the FCC’s Privacy Protections

Why are we so worried about Congress repealing the FCC’s privacy rules for ISPs? Because we’ve seen ISPs do some disturbing things in the past to invade their users’ privacy. Here are five examples of creepy practices that could make a resurgence if we don’t stop Congress now


5. Selling your data to marketers

Which ISPs did it before? We don’t know—but they’re doing it as you read this!

It’s no secret that many ISPs think they’re sitting on a gold mine of user data that they want to sell to marketers. What some people don’t realize is that some are already doing it. (Unfortunately they’re getting away with this for now because the FCC’s rules haven’t gone into effect yet.)

According to Ad Age, SAP sells a service called Consumer Insights 365, which “ingests regularly updated data representing as many as 300 cellphone events per day for each of the 20 million to 25 million mobile subscribers.” What type of data does Consumer Insights 365 “ingest?” Again, according to Ad Age, “The service also combines data from telcos with other information, telling businesses whether shoppers are checking out competitor prices… It can tell them the age ranges and genders of people who visited a store location between 10 a.m. and noon, and link location and demographic data with shoppers' web browsing history.” And who is selling SAP their customers’ data? Ad Age says “SAP won't disclose the carriers providing this data.”

In other words, mobile broadband providers are too afraid to tell you, their customers, that they’re selling data about your location, demographics, and browsing history. Maybe that’s because it’s an incredibly creepy thing to do, and these ISPs don’t want to get caught red-handed.

And speaking of getting caught red-handed, that brings us to…

4. Hijacking your searches

Which ISPs did it before? Charter, Cogent, DirecPC, Frontier, Wide Open West (to name a few)

Back in 2011, several ISPs were caught red-handed working with a company called Paxfire to hijack their customers’ search queries to Bing, Yahoo!, and Google. Here’s how it worked.

When you entered a search term in your browser’s search box or URL bar, your ISP directed that query to Paxfire instead of to an actual search engine. Paxfire then checked what you were searching for to see if it matched a list of companies that had paid them for more traffic. If your query matched one of these brands (e.g. you had typed in “apple”, “dell”, or “wsj”, to name a few) then Paxfire would send you directly to that company’s website instead of sending you to a search engine and showing you all the search results (which is what you’d normally expect). The company would then presumably give Paxfire some money, and Paxfire would presumably give your ISP some money.

In other words, ISPs were hijacking their customers’ search queries and redirecting them to a place customers hadn’t asked for, all while pocketing a little cash on the side. Oh, and the ISPs in question hadn’t bothered to tell their customers they’d be sending their search traffic to a third party that might record some of it.

It’s hard to believe we’re still on the subtle end of the creepy spectrum. But things are about to get a whole lot more in-your-face creepy, with…

3. Snooping through your traffic and inserting ads

Which ISPs did it before? AT&T, Charter, CMA

This is the biggest one people are worried about, and with good reason—ISPs have every incentive to snoop through your traffic, record what you’re browsing, and then inject ads into your traffic based on your browsing history.

Plenty of ISPs have done it before—AT&T did it on some of their paid wifi hotspots; Charter did it with its broadband customers; and a smaller ISP called CMA did the same.

We don’t think this one requires much explaining for folks to understand just how privacy invasive this is. But if you need a reminder, we’re talking about the company that carries all your Internet traffic examining each packet in detail1 to build up a profile on you, which they can then use to inject even more ads into your browsing experience. (Or, even worse—they could hire a third-party company like NebuAd or Phorm to do all this for them.) That’s your ISP straight up spying on you to sell ads—and turning the creepiness factor up to eleven.2 And speaking of spying, we’d be remiss if we didn’t mention…

2. Pre-installing software on your phone and recording every URL you visit

Which ISPs did it before? AT&T, Sprint, T-Mobile

When you buy a new Android phone, you probably expect it to come with some bloatware—apps installed by the manufacturer or carrier that you’re never going to use. You don’t expect it to come preinstalled with software that logs which apps you use and what websites you visit and sends data back to your ISP. But that’s exactly what was uncovered when security researcher and EFF client Trevor Eckhart did some digging into Carrier IQ, an application that came preinstalled on phones sold by AT&T, Sprint, and T-Mobile.

This is even creepier than number three on our list (watching your traffic and injecting ads), because at least with number three, your ISP can only see your unencrypted traffic. With Carrier IQ, your ISP could also see what encrypted (HTTPS) URLs you visit and record what apps you use.

Simply put, preinstalled software like Carrier IQ gives your ISP a window into everything you do on your phone. While mobile ISPs may have backed down on using Carrier IQ in the past (and the situation led to a class action lawsuit), you can bet that if the FCC’s privacy rules are rolled back there’ll be ISPs be eager to start something similar.

But none of these creepy practices holds a candle to the ultimate, creepiest thing ISPs want to do with your traffic, which is…

1. Injecting undetectable, undeletable tracking cookies in all of your HTTP traffic

Which ISPs did it before? AT&T, Verizon

The number one creepiest thing on our list of privacy-invasive practices comes courtesy of Verizon (and AT&T, which quickly killed a similar program after Verizon started getting blowback).

Back in 2014 Verizon Wireless decided that it was a good idea to insert supercookies into all of its mobile customers’ traffic. Yes, you read that right—it’s as if some Verizon exec thought “inserting tracking headers into all our customers’ traffic can’t have a down side, can it?” Oh, and, for far too long, they didn’t bother to explicitly tell their customers ahead of time.

But it gets worse. Initially, there was no way for customers to turn this “feature” off. It didn’t matter if you were browsing in Incognito or Private Browsing mode, using a tracker-blocker, or had enabled Do-Not-Track: Verizon ignored all this and inserted a unique identifier into all your unencrypted outbound traffic anyway. According to the FCC, it wasn’t until “two years after Verizon Wireless first began inserting UIDH, that the company updated its privacy policy to disclose its use of UIDH and began to offer consumers the opportunity to opt-out of the insertion of unique identifier headers into their Internet traffic.”

As a result, anyone—not just advertisers—could track you as you browsed the web. Even if you cleared your cookies, advertisers could use Verizon’s tracking header to resurrect them, which led to something called “zombie cookies.” If that doesn’t sound creepy, we don’t know what does.

As you can see, there’s a lot at stake in this fight. The FCC privacy rules congress is trying to kill would limit all of these creepy practices (and even ban some of them outright). So don’t forget to call your senators and representative right now—because if we don’t stop Congress from killing the FCC’s ISP privacy rules now, we may end up with a lot more than five creepy ISP practices in the future.

[Joel]