Republicans Are About To Sell Your Browser History. Here’s How To Protect Yourself.
“If I don’t like the practices of Google, I can go to Bing... But if I don’t like the practice of my network provider, I’m out of luck.”
By Ryan Grenoble
Comcast has done the impossible. Somehow, Americans are about to hate it (and just about every other large internet service provider in the country) more than they already do.
Thanks in no small part to the efforts of those ISPs, the House of Representatives passed a bill Tuesday that would allow internet and telecom companies to share customers’ personal information, including web browsing history, without their consent.
Rep. Marsha Blackburn (R-Tenn.), who introduced the legislation in the House, has received $693,000 from the internet and telecom industry over the course of her 14-year political career, including $77,000 from Comcast, $98,600 from Verizon, and $104,000 from AT&T. While we’re on the subject, here’s a complete list of every politician who voted for Tuesday’s bill, and how much the telecom industry gave them in their most recent election cycle. Yeah.
Unfortunately, you can’t just go and drop your ISP for one that will protect your data, since many of them are local monopolies and you don’t have a choice.
“ISPs are in a position to see a lot of what you do online. They kind of have to be, since they have to carry all of your traffic,” Jeremy Guillula, a senior staff technologist at the Electronic Frontier Foundation, a nonprofit that advocates for internet privacy, said in a statement to The Huffington Post.
That’s different than the rest of the internet, where “if I don’t like the practices of Google, I can go to Bing; if I don’t like the practices of Bing, I can go to Firefox,” former Federal Communications Commission Chairman Tom Wheeler told HuffPost on Monday. “But if I don’t like the practice of my network provider, I’m out of luck.”
The bill has now passed in both the House and the Senate, with Republicans almost unanimously in favor and Democrats mostly opposed. President Donald Trump has said he strongly supports the measure, meaning a veto is unlikely.
So, in the very likely event that this becomes law, here’s what you can do to protect your privacy:
Get A Virtual Private Network
A virtual private network guards your web traffic by encrypting it as it flows from your device, through your ISP, and to a private server, which then directs you to your ultimate internet destination. They’re extremely common in the corporate world as a way to shield sensitive data when, say, an employee logs on to the free Wi-Fi at Starbucks to do some work.
Unfortunately, VPNs aren’t exactly a “silver bullet,” says Jake Laperruque, senior counsel at the Constitution Project, a bipartisan think tank focused on public safety, privacy and government accountability.
While VPNs protect users from ISP snooping, there’s nothing regulating the VPNs themselves. And that matters, since you’re effectively letting your VPN handle all the data that would otherwise be available to your ISP. So be sure to find a VPN that both encrypts your data and explicitly says it won’t collect it.
“It’s important to do research and make sure the VPN you use has clear terms guaranteeing it won’t collect your data,” Laperruque told HuffPost in an email. “Unfortunately, more reliable VPNs tend to require payment, so Internet users will now face a cost to preserving privacy.”
Laperruque noted that VPNs also won’t protect users from tracking software, “or potentially innovative new types of ‘cookies’ that are more effective.” (More information on that here.)
You can expect to pay around $5 a month for an honest, reliable VPN. Alternatively, Ars Technica has an excellent explanation of how ― and why ― you might want to just build your own if you’re technically inclined.
No, not the Norse god with the similar name and the big hammer. TOR, which stands for “The Onion Router” (really), is an all-in-one anonymous browsing beast.
TOR disguises your web traffic by mixing it up with everyone else’s, bouncing data around via a relay of volunteer-run servers all over the world. It’s extremely effective at anonymizing people, but all that bouncing comes at a cost: It’s also pretty slow.
“Tor is an excellent resource for private browsing but there are a few caveats to note,” Laperruque says. “It’s slower so things like streaming video are very hard... and you need to be in the Tor browser, so things like outside messaging apps... that default to a different browser aren’t protected. On the upside, unlike many VPNs, Tor is totally free.”
Make Some Noise
Instead of hiding from your ISP, feed it lies.
A handy new website called “Internet Noise,” courtesy of the programmer Dan Schultz, will drown your web history by constantly conducting random Google searches on the side. Your browsing data isn’t worth much to advertisers if they can’t figure out what it means.
In the 15 or so seconds HuffPost had the tool activated, it searched for spearfishing, “spy sad” (whatever that means), and “horse news.” Yee haw! Schultz told Wired he Googled “top 4,000 nouns” and used the results to figure out what sort of noise would be... er, noisiest.
Schultz warns that his tool “does not make you safe” and is intended mostly “as a form of digital protest.”
Encryption Is Your Friend
Remember the early days of the internet, when every web address started with “http://”? They still do, actually (though modern browsers rarely display it), but these days a more secure version has started to take its place: HTTPS. It’s basically the same thing as its predecessor, just encrypted. And given the choice, encrypted is always better from a security standpoint.
When you visit a website that uses HTTPS, your ISP can see ― and track ― the website you visited, but it can’t see the individual pages. (If you’re using Chrome or Firefox, sites that use HTTPS are denoted with a little green lock icon to the left of the address bar.)
“HTTPS is something that every internet user should be on the lookout for whenever they’re on a site that might request sensitive data,” Laperruque said. “It’s a critical protection against malicious hackers.”
However, HTTPS “will only provide limited help in terms of ISP tracking,” he went on. “On these sites [ISPs] can’t track what you visit within a site, but they can see the base domain you visited, which can be very sensitive (for example a site for an abortion clinic, drug addiction resources, or political donations).”
Not every website has HTTPS, or even automatically serves it by default if it does. But thanks to a handy browser plug-in from the Electronic Frontier Foundation, you can force sites to provide HTTPS when possible.
“HTTPS Everywhere” is available for Firefox, Chrome, Opera and Android. It’s currently in beta, so expect some hiccups.
Be A Sellout
If a corporation can sell your browsing history (and “corporations are people, my friend”), why not cut out the middleman and just sell your own data?
Petter Rudwall, a creative director at the Swedish public relations agency Wenderfalck, recently attempted to do just that. “If my browser history is becoming a commodity,” he told HuffPost, “why shouldn’t I benefit from it?”
Rudwall listed his browser history on eBay earlier this week, writing in the description: “The money will go to me, instead of a large ISP (I’ll make good use of it, promise). My browser history will be delivered in a nice email or as a glossy 3.5” floppy disk. Your choice!”
Unsurprisingly, eBay pulled the listing soon after, forcing Rudwall to put it on Craigslist instead.
“This makes the story even more interesting, since Ebay won’t let me sell something that is mine, i.e. my browser history, but soon my ISP will be able to do it,” he told HuffPost. “I’ve sent an email to Ebay regarding this, and asked them to clarify.”
# # #