Four Privacy Protecting Measures.
The Federal Communications Commission’s stance on privacy is changing: on March 28th, with a 215-205 vote the order passed through congress, and is now expecting to be signed and stamped by President Donald Trump to do away with the laws previously passed last October. The privacy laws, approved of by the previous Obama administration but not yet enforced, were intended as a measure to block Internet Service Providers (ISPs) such as Time Warner or AT&T from selling user's web surfing data, much same way many popular social networking platforms, including Facebook, sell details from their customers use of product and online habits. In a growing world of Big Data and Artificial Intelligence, your information is big business; question is, are you okay with not having a say in who can see that data?
What this means for your privacy
First, deep breaths and relax: this action does not mean ISPs are selling your browsing habits at first chance. Instead, the bill struck down a new requirement for ISPs that had yet to go into force: to require ISPs to collect consent before selling your data. It’s a requirement that many argued wasn’t necessary, with a number of ISPs already oppose to selling user information and now taking further steps to protect it. However, given the amount of information that ISPs collect thanks to even daily internet habits, the bill was put in place to protect privacy before ISP user data sale became a common problem. With the law struct down and less regulation in place, privacy advocates argue it will be very tempting for them to start, and without informing you beforehand.
The other reason for the alarm is that ISPs have an advantage over browser and website tracking in how much they can see about your online activities. If Facebook is considered intrusive tracking your habits, it has nothing on an ISP: they can see what websites you visit, the information you submit through online forms, where you go and whom you talk to... even when you think you're being cautious using browser plugins to block cookie tracking, or private browsing. ISPs can also see the data transmitted from 'smart' devices, if the data doesn't have set up or preconfigured safeguards. That's a lot of your data, and with no promise they'll tell you going forward if they sell it, or to whom they'll sell it to, a good reason to be aware.
So what can you do to protect your privacy, going into the future where it isn't guaranteed? Here are four tools worth having in your internet toolkit. None of them are new for privacy protection, and unfortunately can’t guarantee 100% that your ISP won’t have some data on your habits to sell, but they can help you feel more secure in your awareness of who can see what you’re doing online, and what they are going to do with that information.
1. Use https everywhere, and stick to encrypted websites.
Plugins like HTTPS Everywhere and KB SSL Enforcer operate by telling your web browser to default to encrypted connections whenever possible as you browse the web. Secure Socket Layer encryption (SSL), also known as Transport Layer Encryption (TLS) operate by taking making the flow of data unreadable between your computer and the web server providing the page you're looking at. In other words, your ISP can't tell what you're reading, because without access to your computer or the server the site is hosted on, the information appears 'scrambled'. SSL and TLS have for a long time been popular for securing connections online, particularly with the rise of online shopping, and even Google has shown preference for secure sites, particularly against those sites asking to collect information.
2. Pay for a VPN
VPN, or Virtual Private Network take privacy a step further than SSL encryption by encrypting all of the traffic that goes to and from a device to the connecting server, blocking third parties from seeing the data or where it comes from. Common uses for VPNs are for businesses to ensure secure communications even when using public internet, or for individual users to access geographically restricted content outside their area. Entertainment-streaming service Netflix cracked down on VPNs for users accessing American content in late 2016, although some services have still been able to get around this issue.
If you want to add a higher level of privacy against your ISP, a VPN is the way to go, however word to the wise: never go for freebies. Free VPN providers are notorious for selling the very client information you’re attempting to protect from your ISP, and can be fast and loose with their encryption; so much so that it appears pointless to use them for added security. In 2015 VPN Hola was caught selling its access to users machines, and using the large number of subscribers. Paid VPNs are often much more secure, but buyer beware: some sites, such as the above listed Netflix, won’t work if you attempt to use them.
Tor is another, even more secure option than VPN, making users anonymous by stripping away their personal data and sending requests through a multitude of servers all over the globe. However, this anonymizing tool comes with a cost: free to use but requires more advanced understanding at the set-up, can still be blocked by websites and users run the risk of being host to even more problems, including drawing attention from local law enforcement. For most home and business users, Tor isn’t a best bet.
3. Making a new purchase connected to the Internet of Things? Require end-to-end encryption for all your apps and devices.
It's not just we browsing habits your ISP will have access to. Virtually every flow of data that connects from your home to the outside world via internet, regardless of cable or satellite, are a part of your online activity. This gets particularly daunting when considering products such as Amazon Echo, which can do incredible things and make life easier, but need to know and send a certain amount of data about the surrounding environment and requested actions to do so. If you are concerned about your ISP having access to and selling, records of IoT activity, such as appliance use or coffee habits, look for products that have encryption of data transmission; in particular end-to-end encryption so that the information can only be accessed if the party has access to the data inside the device, or to the data server it’s connecting to.
4. Opt-out: pick your ISP carefully, and keep letting them know privacy is important to you.
The new ruling means that they can sell your information, not that they will, and a contract is still a contract: if your ISP includes a privacy policy and an agreement that they will not sell your information, they are legally obligated to follow that contract. If your ISP gives you the option of opting out of data collection and sales to third parties, go through your preferences or agreements and make your voice heard. The more people who chose not to allow sale of their data, or purchase from operations that won't, the more ISPs will tread carefully and choose not to sell traffic data, for fear of customer repercussions. If your ISP doesn’t allow an opt-out, consider changing providers altogether: if your area is covered by a provider that takes privacy seriously, pay for their service over the competition. Money talks, with Comcast publicly stating they have no intention of selling customers’s individual web browsing data unless the customer has already opted into such a sale beforehand.
A word to the wise for American telecoms on this one: privacy has now become both a major competitive advantage and selling point, one worth adding to your business operations. With 86% of users in America taking steps to protect privacy online in 2016, it is safe to say that many of the people you sell to want that privacy, and with sales of VPN subscriptions on the rise, will pay for it. Make privacy a reason to use your services over competitors, and hold consumer loyalty by showing you care.
Outside the United States
For internet surfers outside the United States who have heard the ruling and are wondering about their own ISP privacy laws, the answer is it depends on your country. In Canada, for example, an ISP selling consumer browsing data without prior consent is illegal, while in Australia and the U.K, ISPs are legally required to hold onto user electronic communications and metadata. Many of the tools above are useful to protect privacy and increase security no matter where you're connecting from, but pay attention to local law enforcement before you connect: VPN use may not be legal depending on where you travel. Some countries, such as China and Iran, prefer more control over social media communications, banning VPN and popular platforms like Facebook, and instead encouraging communications on channels that can be monitored.
What this means? Be active, not passive, in privacy protection.
If the knockdown the FCC's ISP privacy laws tell us one thing, it is up to us to protect our privacy and tell the business community we want it. Privacy should not fall onto the opinions of different administrations: that the very same FCC laws which were approved by a prior government and could be removed less than a year later should tell internet users and consumers how fragile these regulations and laws really are. By actively paying attention to who can see your data, learning the tools of the trade and making choices based on privacy as a priority, take your privacy protection into your own hands.