how your isp will exploit your browsing history and how it can backfire

ISP's won't sell your porn surfing history, but the new law is still bad news for your privacy.





Let’s consider the bad news first. Republicans have decided to sell you out for millions in big telecom campaign contributions and have literally put a price tag on what you do online in the privacy of your own home so ISPs can monetize your surfing habits. Literally no one but ISPs wanted this. In the Obama era, the regulatory guidance would’ve kept your browsing data private and put them on the hook for informing you if your data was ever compromised so you could take steps to protect your identity. But with an administration that seems deathly allergic to even the most necessary and basic regulation, the ISPs had a better idea. Instead of making money just from getting your data and keeping it safe, they’ll take your money, collect your browsing history, then sell it to the highest bidder and have the law exempt them from any responsibility for handling it safely. So that’s all the bad news in a nutshell and there’s absolutely nothing redeeming here, it’s basically a naked grab for the right to exploit you with no consequences to worry about should the beneficiaries treat your data carelessly.

But there are some good news in this. You won’t actually be able to go out and buy the browsing history of say, Rep. Marsha Blackburn who pushed this bill through Congress for $600,000 in contributions from ISPs. That’s not how it’s going to work even though several campaigns are planning to do exactly that in retribution. Why not? Well, this data is exactly what the ISPs want to monetize so they’re not going to just send you a log file that’ll detail exactly what sites the customer visits, when, and for how long over a certain period. No, they want to hold on to that and sort their customers in hyper-targeted groups, then sell access to these groups to companies that’ll pay top dollar to market their wares to likely customers. Targeting you and you alone is kind of a waste of time and money, marketing to thousands of people like you, on the other hand, is well worth companies’ resources as the best targets they could get so far were groups of hundreds of thousands of people who may kind of sort of be like you because they liked or shared some stuff on social media and visited the same few sites.

Now that said, if the data is not properly anonymized using two common techniques in differential privacy, enough queries and social media lookups can pinpoint the habits of certain people you could actually name. Even as little as poorly anonymized movie ratings can be traced to flesh and blood people and their activity on the web, as was demonstrated in 2007 by a pair of data scientists. How easy do you think it would be to mine anonymized minute by minute surfing data? And worse yet, there’s a high likelihood of the data being easily traced back to you because proper anonymization will involve smoothing over differences in the data set, but those differences are exactly what advertisers are paying to exploit so they can better target the market segment they’re after. So should a dataset leak, it will be possible, if not trivial, to trace a whole lot of identifying information to certain people, especially if they make a habit of visiting sites that don’t use encryption or don’t follow common security advice and won’t install ad blockers.

All this brings us to the big question: what can we do about this? Well, it’s sad to say this but not a whole hell of a lot. Obviously, as much as you can use encrypted sites, you should, identifying them by the green locks or the secure tag in your browsers’ URL and search bars. Weird Things was using the sort of encryption in question for years now precisely for this reason. It hides your data from numerous trackers and loggers. You can also use Tor, or get a VPN subscription to obscure your browsing, although you may hit numerous restrictions designed to stymie VPNs and onion routing and that isn’t necessarily the ISPs trying to stop you, it’s because some e-commerce sites are trying to prevent fraudsters who often abuse IP-obfuscating tools. Alternatively, you can also use extensions like TrackMeNot, which create a stream of nonsense searches to overwhelm loggers, and make sure you use an ad blocker like uBlock Origin to make it extremely difficult to track any sort of return on the advertisers’ bets to inject targeted ads.

Most importantly, however, is realizing that these are temporary fixes and imperfect ones at that. What will really fix this once and for all are laws by politicians who actually understand the dangers of giving ISPs a license to use and abuse your personal browsing on a whim and with get-out-of-jail-free cards in case their poor custodianship leads to identify theft, stalking, and targeted harassment. Politicians who vote to sell you out because they are either ignorant, malicious, or just sociopathic enough to not care about you or the consequences of their actions have to be sent home post haste. It really is time to stop pretending that all politicians are the same and both parties are basically interchangeable. As the debates on the ACHA and the votes and discussions on this ISP issue show, this couldn’t be farther from the truth. Republicans care about fattening up big corporations even if it hurts their voters and either don’t know how the modern world works, or don’t care as long as they can cash their lobbyist checks, as the new FCC chairman is showing us with his horrendous tech policy…