The US Senate and House both voted this week to overturn privacy rules that had been adopted by the FCC last year. The rules had not actually gone into effect yet, but thanks to Congress your internet service provider is free to track your online activity and sell it to the highest bidder—or any bidders, really.
With more and more of our entertainment and communication being delivered over the internet, your ISP is in a unique position to know what websites you visit, what shows you watch, which stores you shop at, the apps you use and more. The FCC rules would have required that ISPs get permission from customers before sharing that data with third parties, but once Trump signs the legislation into law you will lose much of your ability to control or prevent that.
“The fact that your internet service provider can sell your browsing history to the highest bidder is a wakeup call,” warns Ajay Arora, CEO of Vera. “Anything that shines a light on the fact that we need to take control of our own digital privacy is a good thing, especially because there is no silver bullet and there is no catch-all when it comes to privacy. We have got to take security into our own hands, but ultimately, it’s a slippery slope. Adding yet another situation where there the erosion of digital rights continues is becoming common place.”
ISPs are able to gather extremely accurate information regarding you online activities and preferences. That information is enormously valuable to other companies that want to market their products and services to you. It allows business to be much more targeted with marketing and focus advertising based on your internet history.
Daniel Miessler, Director of Advisory Services for IOActive, stresses, “Politics aside, there are some serious implications for everyone’s internet privacy as a result of these proposed changes. Essentially, it will make it far easier for internet providers to sell your data to other companies.”
The Sky Is Not Falling…Yet
It’s not time to panic. Don’t get me wrong, it’s very concerning that our elected official choose corporate greed over the rights and freedoms of the constituents they’re supposed to represent almost every time. However, in this case Congress is simply reversing FCC rules that hadn’t even gone into effect yet—so really we’re just maintaining the status quo.
“It’s worth pointing out that ISPs are only one service provider that has the potential of selling customer data,” explains Asaf Cidon, VP of Content Security Services, Barracuda. “Many of us rely on services like Google, Facebook, Amazon, Linkedin, etc. which are not bound by these regulations, and in many cases they have much richer data on their users than the ISPs. In general, it’s really hard to achieve true anonymity as a consumer of the internet.”
Cidon also points out that the major ISPs have committed to providing customers an opportunity to opt out if they do plan to sell their data. He suggests that you pay attention to those privacy and terms of service notifications so you know what is going on and what your options are.
How Can You Protect Your Privacy?
One thing to remember is that you are also not completely at the mercy of your ISP. There are actions you can take to try and obscure your online activities and protect your privacy.
IOActive’s Miessler says that you should try to leave less of an online trail by doing things like disabling third-party cookies, using an ad blocker tools, and clearing your browser history more frequently. Most browsers can be configured to erase your history every time the browser is shut down.
“Consumers that are worried that ISPs can track them, can use a service like Tor or a VPN to avoid getting tracked,” says Cidon. “Of course, the downside of this, is that Tor and many VPN services typically slow down traffic and affect user experience. In particular, VPN services are not always trustworthy (especially the free ones), and they could also sell your data to advertisers.”
Vera’s Arora agrees that using a VPN can help, but requires some vigilance as well. “There are reputable VPN services out there, but it’s incumbent on you—the user—to ‘do your homework’. In addition to making sure the VPN will actually keep your data private, you’ll want to make sure there’s nothing shady in the terms and conditions.”
Arora also reminds users that you would need to set up a VPN for all of your various devices—home computer, mobile device, etc. The bottom line is that most people don’t even know what a VPN is, though, never mind how to install, configure, and effectively manage one.
Your internet privacy is under siege. Congress certainly isn’t helping, but since this legislation simply maintains the current state of internet privacy, you also haven’t really lost anything yet. Just be aware that pretty much everything you do online can be monitored and tracked, and understand that if you want to protect your privacy you’re going to have to take some extra precautions and be diligent about obscuring what you do online.
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022
- Maggie MacAlpine Chats about Collaborative Threat Intel Initiative - October 14, 2022
- Intel Outlines Focus on Innovative Security Technologies - October 8, 2022