Tuesday 28 March 2017 will go down in history as the day privacy died in the United States. Last week the Senate, after a huge lobbying effort by ISPs, used the Congressional Review Act to repeal FCC rules designed to protect your privacy.
This vote was ratified by the House on and represents an utter betrayal of the American people by their leaders. President Trump could, in theory, still veto the move. But that is not going to happen.
Your Internet Service Provider (ISP) now has carte blanch to sell or share your detailed web browsing history and geolocation data with advertisers and partner companies.
And because your ISP has is able to collect reams of personal data about your internet activity that the likes of Facebook and Google can only wet-dream about, the threat to your privacy posed by your ISP is exponentially greater.
So what exactly does this all mean for you, if you are a US internet user?
Your ISP can see your personal browsing history…
Your ISP is responsible for connecting you to the internet. It can see when you connect, what time you connect, and can see every website that you visit. When you visit any regular unencrypted (HTTP) website it can see everything that you do on that website.
When you visit an encrypted (HTTPS) website, your ISP cannot see what you get up to on that website, but it does know that you have visited that website. With this data, your ISP will be able easily to determine what kind of porn you like, whether you are cheating on your partner, your political and religious affiliations, what your hobbies and pastimes are, and more.
After all, it does not take a mind-reader to guess the political leanings of a regular visitor to the www.greenpeace.org website, or that a married individual who frequents a dating website is being unfaithful (or wants to be!). The fact that the individual web pages looked at on those websites are not recorded hardly matters!
And now it can sell it
ISPs have always had access to this information, of course. But they have now been given explicit permission to exploit this data for profit. They can now your data by profiling you for advertising purposes, as Facebook and Google do. Except that they have intimate details of your online life that Facebook and Google could only dream of.
The now-overturned FCC rules did not stop ISPs from doing but did require opt-in permission from customers. This is now longer required, so ISPs can exploit your data in whatever way they see fit, without your permission.
Verizon, in the fine the fine print of its privacy policy, were at least refreshingly honest about this,
"If you do not want information collected for marketing purposes from services such as the Verizon Wireless Mobile Internet services, you should not use those particular services.”
Other ISPs are more circumspect, although the likes of AT&T, Charter, and Sprint have all been involved in creepy assaults on their customers’ privacy.
The same applies to your geo-location data and emails
In addition to your intimate web browsing records, your ISP can scan your emails to find out more about you. It can then sell that data to advertisers (or do whatever the hell it wants to with it). Much as Google can.
Mobile service providers also keep detailed GPS and cell-tower geolocation records of your every physical movement. They know exactly where you go, who you meet up with etc., and can build up a detailed picture of your daily habits. All grist to the money-making mill.
Panic!!! So what can I do to protect myself?
The US government has acted against the best interest of its citizens, and ISPs in the best interests of their customers. All in the name of profit. The only recourse now available to US internet users who value their privacy is to take matters into your own hands and encrypt your digital life.
Use HTTPS websites
Any website that handles sensitive information uses HTTPS. When you connect to an HTTPS website, that connection is securely encrypted. This means that your ISP cannot see what you get up to on that website. But as already noted, it will still know that you have visited www.mykinkystuff.com. Which can be very revealing.
A good analogy is visiting a store. With regular unencrypted HTTP, your ISP can follow you to the store and also follow you round the store. When visiting an HTTPS encrypted website it can follow you to the store, but it cannot get past the store door. So it will know that you have visited the store, but not what you looked at or purchased there.
You should therefor always try to use HTTPS websites whenever possible. A helpful tool for doing this is HTTPS Everywhere, a browser extension developed by the Electronic Frontier Foundation (EFF) for Firefox, Chrome, and Opera.
Many websites permit HTTPS but use regular HTTP by default. HTTPS Everywhere tries to ensure that you always connect to a website using a secure HTTPS connection if one is available. If no HTTPS connection is available then you will connect using regular HTTP.
As already discussed, however, although important, the privacy benefits of using HTTPS are limited. Your ISP will still know every website you have visited.
Use a VPN
A Virtual Private Networks (VPN) allows you to connect to the internet via a server run by a VPN provider. All data between your computer, phone or tablet, and this "VPN server” is securely encrypted.
This setup means that your ISP cannot see what you get up to on the internet:
- It cannot snoop on your data because it is encrypted
- It cannot see what websites you visit. All it can see is the IP address of the VPN server you are connected to.
In other words, using a VPN almost completely mitigates the betrayal by Congress and your ISP. Note that your VPN provider can see what you get up to on the internet in the same way that your ISP could before using the VPN.
But while your ISP is hell-bent on exploiting your data, most VPN companies’ business model offering privacy. Failure to protect their customers’ privacy would be a commercial disaster. So it comes down to a matter of trust: do you trust your ISP (lol hysterically!) or a reputable VPN company that is in the business of providing privacy?
In order to use you must first signup for a VPN service. This typically between $5 – $10 a month, with reductions for buying 6 months or a year at a time. A contract with a VPN service is required to use a VPN.
Tor and encrypted proxies
VPNs are arguably the best way to defend against government snooping, but other options are available. Purely in terms of privacy, the Tor network is superior any VPN because it can offer true anonymity without the need to trust anybody.
But the Tor network is very slow and has a number of limitations that make it much more suitable to the Edward Snowdon’s of this world than ordinary day-to-day internet users. Please see my Tor Network Review for a detailed look at the pros and cons of using Tor.
Another option is to use encrypted proxies. These provide many of the benefits of using a but must be configured individually for each software program. Largely because of this, there are pretty much no reputable encrypted proxy businesses. After all, why bother, when VPN is more comprehensive and easier?
Private encrypted proxies are available, but why on Earth would you trust them?!
Change your email provider
If you use an email address supplied by your ISP, then you should change to a third party email provider that respects your privacy.
Just as Google does with Gmail, ISPs can scan emails on their system. The data gleaned from this wholesale assault on your privacy will help profile you, all the better to sell you stuff.
Please check out Secure Privacy Email Options for a rundown of your options.
Disable GPS
Disabling GPS on your mobile devices will deprive your ISP of at least one way to track your every movement. I recommend doing it (at least when you are not actively using it). Sadly, however, GPS is not only one way that your ISP knows where you are and where you go.
Your ISP will always know which cellphone tower your phone is connected to, and can track you as you move between towers. Although a little imprecise on its own, cell phone triangulation can pinpoint your location to an accuracy of around 50m (in urban areas).
Equally sadly, there is little you can do about this other than leaving your cell phone at home, removing the battery (if possible), or placing your phone inside a Faraday Cage.
Although simply turning your phone off will probably prevent your ISP from tracking you, this cannot be guaranteed.
Even more worrying stuff your ISP can now do!
ISPs have demonstrated, time and time again, that they are sneaky and unscrupulous bastards. The EFF lists a number of things that they have already tried to get away with. And with the FCC’s rules overturned, there is no nothing to hold them back:
- Intercept your internet using a proposed standard called Explicit Trusted Proxies. This would remove HTTPS encryption, allowing ISPOs to see everything customers get up to on the internet
- Insert ads into your intent browsing
- Redirect your Google and Big searches away from the search engines and directly towards paying customers’ websites
- Use Zombie that cannot be easily erased. These can be used by any website you visit to track you as you surf the web
- Insert spyware that allows the ISP to see everything you do on your computer or mobile device.
Please see this EFF article for more details, although I hope to explore these issues in greater depth myself when time permits.
Conclusion
The US government has just proved that it does not have the best interests of ordinary US citizens at heart. Acting purely on behalf of big businesses, who are themselves motivated by sheer greed, Congress has sold away one of your most fundamental freedoms. RIP internet privacy.
Your government will not protect you from rapacious businesses. Rather, it is on their payroll. So the only thing you can privacy into your own hands and encrypt, encrypt, encrypt…
Update: On 3 April 2017 President Donald Trump surprised no-one by signing the repeal of the FCC's rules. So it is now official - ISPs have been given the go-ahead to sell your browsing data. Even Trump's own supporters are left unimpressed. A recent HuffPost/YouGov poll found that 75 of Republican voters wanted Trump to veto the bill (and 80 percent of Democrat voters).