Over the past couple of days, the media has been freaking out over S.J. Res. 34 being passed by the house and senate. If you believe what everyone is telling you, this is the death of internet privacy as we know it. But do you really have internet privacy to begin with? Does this recent change in legislation change anything?

S.J. Res. 34 - A joint resolution providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”.

What does all that legal jargon mean?

The legislation is intended to disapprove of a rule passed by Obama’s administration. That rule was designed to force Internet Service Providers to inform you, the customer, if their Terms of Service were to change, allowing them to effectively sell your “internet browser history” to advertisers.

Let’s put aside the general arguments about this. The fact that Obama’s efforts hadn’t actually taken effect yet. Nor that most ISPs provide Terms of Service agreements that currently block the selling of your information. Because admittedly those are fairly weak arguments. If it had taken effect, we’d be experiencing privacy on the internet, right? And those evil ISPs could change their Terms of Service at any time.

My stance is simple: regardless what rules get passed for ISPs, you don’t have privacy on the internet, and you never did.

What? How do you know my privacy is compromised?

Let’s do a quick questionnaire:

Are you currently signed in to Google? Gmail? YouTube? Are you currently signed in to Facebook? Are you browsing this article on Google Chrome?

If you answer yes to any one of the above, congratulations, you are being tracked and you’ve given up your privacy.

The thing is, these companies are in the business of advertising. They make money off showing you ads in the hopes you’ll buy something. The most effective way for them to do that is to target ads to your specific interests. And what’s the best way to figure out what you’re interested in? Track your every move across the internet, of course. The thing everyone is so scared of the ISPs doing, these big name companies are already doing it.

Preposterous! Only the ISP can see where I’m going! The news told me so!

Lies. There’s a popular free service many websites use called Google Analytics. The website owner puts a little code on her site and bam, the website owner can figure out who their audience is and how much traffic her article about unicorns is getting. Sounds like a great service.

There’s just one problem. Google keeps this data for themselves as well. It is free after all, and if it’s free, ask yourself: what’s in it for them?

And it gets worse. If you’re signed in to any of Google’s services (Gmail, YouTube, etc)? They can tie it back explicitly to you.

That sounds just like what the ISPs are doing!

In many ways, it is. But there’s a key difference.

See, there’s this technology called TLS. It provides a mechanism for you to securely browse the internet with end-to-end encryption. That means the ISP, where all of your data is flowing through, can’t actually see what page you’re looking at so long as you’re browsing a secure site. And the adoption of TLS is skyrocketing. It doubled in 2016 alone. (Coincidentally, Google has started giving preference to websites using TLS in their search rules.)

So the media freaking out that the ISPs can see your internet history? Not entirely truthful.

The most the ISP can actually do is see the domains you interact with. This is due to a technology called DNS. Basically, when you go to tubignaaso.me , you’re actually going to 13.32.244.91 which is an internet protocol address. Knowing the actual address for every website sucks, right? So we gave things names. DNS is the technology responsible for translating a name into an address.

The problem is DNS isn’t secure. All of its information is still, to this day, sent through the tubes in the clear. That means the ISP can see the domains you visit. And right about now, Comcast is probably going “wtf is a tubignaaso?“. But they can’t see the pages you visit, meaning they don’t know you’re looking at this particular article.

If I go to reddit.com, then Comcast may know that. But if I specifically visit reddit.com/r/unicorns, the ISP can’t see that. Because that much is encrypted.

Google can still see the “secure” sites I’m on?

Thanks to their little analytics code. It’s part of the secure page, so it can see everything. They are effectively bypassing the encryption entirely putting them in a very unique position to be able to spy on everything you do. And yet we don’t freak out about that? We aren’t calling for the US Government to save us from this outrageous invasion of privacy? I don’t remember signing a Terms of Service to Google before using the internet saying they could do this to me, and yet they do it anyway.

Google isn’t the only offender, either. Have you seen those WordPress blogs with those ever so convenient “Like this on Facebook!” buttons? Or the Pitnerest “Pin It!” buttons?

Those do exactly the same thing as Google Analytics. You don’t even have to click on the button. Just the fact that it loads, information is sent to Facebook or Pinterest about the exact page you are on. And they tie this information back to your specific profile on their site. You’re not logged in? No problem. They can generate a digital fingerprint for you then tie it back to you once you log back in.

Why am I seeing underwear ads on Facebook?

Have you ever found yourself doing a little online shopping, maybe browsing Amazon for some hot new underwear? Then you go over to Facebook to see what your BFFs from college have been up to, only to see ads in the sidebar advertising the exact same products you were just looking at? That’s because you’ve been tracked. They know what you’re looking at. And they’re turning it around selling that targeted information to advertisers. You were supposedly “secure” on Amazon. But Facebook and Google still knew. Where’s the outcry about that?

More importantly, why are these companies (Google, Facebook, etc) so quick to yell at the ISPs to collect information on you, yet so happy to do it themselves? The simple truth is they just don’t want the competition.

Geez bro, just use a content blocker already…

It is true, a content blocker (more commonly known as an “ad blocker”) would prevent most of this. But first of all, the regular Joe Schmoe doesn’t have such a thing enabled. If he did, the internet advertising industry would have died out long ago. Yet it is still alive and kicking.

And yes, for the true privacy conscious folks out there that do have such a thing enabled, it stops some of this spying, but certainly not all. Most ad blockers, by default, won’t block Google Analytics, nor Facebook “like” buttons. And others totally allow Google ads becuase they’re “ethical advertisers” (looking at you AdBlock Plus).

But assuming you have gone all out and tweaked your ad blocker to do all of this, are you still fully private on the internet? Maybe on your desktop computer (though we could still debate that, depending on your browser), but certainly not your smart phone.

Smart phones are the worst at privacy.

You may have read you can enable content blockers on Mobile Safari now, and I’m sure Android has something similar. But native apps? Good luck. There are no rules, no hooks, nothing to stop the app publisher from spying on you. And many of these apps use services like Google Analytics, Flury Analytics, or Facebook baked right into their apps. You have no way of blocking them, or even knowing that it’s happening.

Maybe you were scared the ISP knew exactly where you lived because they give you internet access to your home? Smartphones can identify you down to within 10 meters of where you currently are. Companies then use this information to direct advertising towards you based on your region. “There’s a sale on hamburgers at the McDonald’s one block over from you!” Or they may build up a profile of you based on places you frequent.

But the funny thing is, advertisers don’t even need to be this “evil” anymore.

The majority of people in the world are willingly and gleefully publicly sharing it all anyway.

“Janice just liked McDonald’s on Facebook!” “Jerry went to Sunny’s Tan Salon and gave it 5 stars!”

Or, you know, just search for something on Google.

Maybe we shouldn’t be raising our pitchforks against the government allowing ISPs to do what the companies we interact with on a daily basis have been doing for years now. Maybe we shouldn’t be yelling at the government to give us privacy when we are explicitly giving away our data in the first place.

Do I personally like what these companies do? No. But I understand it’s not some evil conspiracy to hunt you down and single you out. It’s to try and provide a beneficial service to you and the company’s advertisers. We live in a world now where we don’t just see random ads. We actually see ads that are relevant and that may better our lives (or at least the economy).

It’s just kind of the deal you make when going on the internet now. Privacy is not to be expected. If you want privacy, there are still options. Incognito mode for the weak, VPNs for the mild, and Tor for the truly hardcore. So long as those are all still available, I think we can lower our pitchforks. Or at the very least, know where the hell we should be pointing them.