The US Senate has voted to repeal the broadband privacy rules that required Internet Service Providers (ISP’s) to get user permission before sharing or selling web browsing data and other private information to advertisers and other companies.
The Senate voted 50-48 in favor of S.J.34, which would not only remove the existing rules, created last year by the FCC under Obama Administration, but also prevent it from issuing similar regulations in future, using its authority of Congressional Review Act.
Unless President Trump or the House opposes the Senate’s action, the broadband privacy rules will be revoked. If that happens, your ISP won’t be required for an opt-in consent even if it is gathering data for just one customer instead of anonymizing your data by aggregating it.
How it impacts you
Currently, ISPs can see all the traffic & data that you browse on non-secure (HTTP) sites. They can’t see encrypted traffic. So if you visit an HTTPS site, it will be able to only the see the domain (e.g, https://ubiq.co) and not the actual pages you visited. Still that’s a lot of information. By relating them to your IP, they’ll know which banks have your accounts, where you work, where you eat, where you shop, which brands you like, which illnesses you have, which medicines you take, and so on. The domain name alone can provide so much information about consumer behavior and preferences.
According to Dallas Harris, an attorney who specializes in broadband privacy and is a policy fellow at consumer advocacy group Public Knowledge, ISPs want to be the advertising powerhouse and be able to compete with Google and Facebook and other edge providers in the advertising space. Big companies like AT&T, Verizon & Comcast have been pushing hard for it, he says. Harris told ArsTechnica, “They’ve already begun marketing [to advertisers], explaining how they have the ability to track you on four devices. Because they’re also your cable [TV] providers, they can combine what you’re watching on TV with what you’re doing on the Internet and looking at on your phones and your tablets. They’re heavily invested in this idea that they have a lot of data that can be valuable to advertisers and want to build up that part of their business.”
What you can do about it
You can protect your browsing history in 3 ways – using VPN, Tor and HTTPS. ISPs will be able to see that you’re using Tor or VPN (Virtual Private Network) but they won’t know which sites you’re visited.
VPN allows you to direct your traffic via a Private Network’s server whereby it is encrypted. In VPN, you’re basically paying another company to encrypt your traffic and prevent others from tracing your browsing back to your IP address. However, your VPN company will be able to see exactly what your ISP would be able to see otherwise. So you’ll need to basically trust that your VPN provider doesn’t log your activity like ISP.
Here’s a list of well-known VPN Servers in 2017.
Tor is similar to VPN, but requires a little more technical expertise to setup. While VPN routes your traffic through a single server, Tor routes it via series of intermediate relays. So the ISPs will only be able to see that the connection is coming from an exit Tor nodes which can be anywhere in the world.
Here are 11 steps to get started with Tor.
Finally, you have the HTTPS protocol that encrypts your traffic if you use HTTPS version of the URL in your browser. You can install the HTTPS Everywhere browser extension, provided by the Tor Project and Electronic Frontier Fondation, that automatically encrypts your traffic, even for websites that only provide limited support for encryption over HTTPS.
What are you doing to secure your online activity?