ISPs May Start Selling Internet Browsing History
On March 23, 2017, the US Senate voted to revoke the internet privacy regulations the FCC pushed last year. The rules protected private citizen data by restricting access to internet browsing history by internet service providers—when used as a source of revenue. A corporation like AT&T or Comcast now needs subscriber’s permission before sharing such data.
ISP companies inherently observe the web browsing data of each subscriber. But they struggled to use that web browsing data for advertisement purposes after the FCC essentially shut that down in 2016. Major ISP companies like AT&T and Charter have since argued that they were treated unfairly in contrast to internet services and websites. And they made a loud enough noise about their complaint; the US Senate voted on the reversal of a rule that gave the public some degree of internet privacy.
Companies and advertising networks pay premium prices for information about users who might fit the criteria for a demographic. For example, Facebook sees the pages you like, movies, music, etc. Then, when a company pays for Facebook advertising, they have the ability or choice to target only people with certain interests. Facebook themselves can target specific users.
Google too. Google shows advertisements that relate to Google browsing history. They provide a massive platform for advertisements; every second website partners with or uses Google for one service or another. Often, websites display ads from companies like Amazon for products you recently searched for on the on the internet. But, unlike many sites that track you or use your profile or information for advertisement purposes, internet service providers can provide a service that nearly everyone in the US needs.
Websites track you across a site or across an entire network of partners (think: Facebook.). Yet cannot track someone from point A to point B when point A and point B are completely independent.
Internet service providers can. They see everywhere you travel on the internet, for the most part. Obviously ISPs see network activity. Depending on the activity, they might be able to access an even greater level of information about a user. However they are restrained in a completely different sense. Or numerous. One comes from an end user of their service. Products and services like VPNs, Tor, or SSL render user data much less valuable. Especially when services like good VPNs render user network traffic almost invisible.
In theory, that’s how it works. Tor, for example, reveals much less useful information than Internet Explorer gathers. In theory, an ISP only sees that a subscriber accessed the internet and then that the target subscriber entered the Tor network via node IP address. That being said, many attacks against Tor users still exist. EFF Senior Staff Technologist Seth Schoen explained several attacks against Tor users. One, he explained, is “creating a popular relay in the hope that users who are interesting to you will route through it.”
ISPs posses the technical know-how and cash flow to gather as much information as technologically possible. (Within reason; three letter surveillance agencies intend on maintaining a technological lead on everybody else.) They lack the network of data gathering partners that tech giants have at their disposal no ISP will, in the near future, outperform Google. Keep in mind that nobody uses Yahoo! – and one of the largest ISPs in the US, Verizon, owns the search engine and related products.
Despite their disputed data gathering ability, ISPs want a piece of the advertisement business. They undeniably gather a massive amount of useful information. Some (AT&T comes to mind) more so than others. And they are well on their way to their goal. The rules will now head to the House where another vote will take place. If the changes pass, the FCC will need a new set of privacy rules. The difference is that the consumer friendly options will disappear with the 2016 FCC rules and internet privacy—already in short supply—will follow.