The Death of Online Privacy: How to Protect Yourself

The President recently signed S.J. Res. 34 (Senate Joint Resolution), which rolls back privacy regulations enacted last year at the Federal Communications Commission.  These regulations would have blocked Internet Service Providers (ISPs) from sharing their customers’ internet activity with third parties.  They also would have banned ISPs from collecting or storing certain types of customer information without your consent.

Without these regulations, your ISP will be able to sell everything they know about your use of the Internet to third parties without your approval.  This detailed data can be used to build a dossier about you including your medical conditions, hobbies and interests, political leanings, where you bank and shop, and a host of other information.  There are literally thousands of different data points that your ISP can collect and sell to third parties.  This information can be extremely valuable for advertising and other purposes.

There is no simple way to completely protect your privacy when dealing with your ISP.  However, there are several options that may help to limit the amount of information that is disclosed.

Choosing Your ISP and Opting Out

Begin by looking for a provider that respects your privacy.  While many consumers may not have a choice of an ISP at their home, almost everyone has a choice of a cellular provider. Visit your provider’s privacy policy page and try to understand how your data is used and shared.  Your ISP may allow you to opt-out of some types of data collection and sharing on that page.  While opting out important, it is not enough to completely protect your privacy. Your ISP probably is not giving you the opportunity to opt out of all types of data collection.

AT&T, Comcast and Verizon have said they won’t sell browsing data to third parties. However, that does not mean that they won’t use your data to market to you themselves.  They might also change their policies in the future.

Virtual Private Network (VPN)

Many privacy advocates recommend using a Virtual Private Network (VPN).  A VPN acts like a “tunnel” that hides your browsing information from your ISP and others.  It creates a secure, encrypted connection between your computer or other device and the VPN’s server, preventing anyone else from seeing which sites you are visiting or viewing your communications.

However, it’s important to understand that your VPN will be replacing your ISP as the custodian of your data.  A VPN could potentially use or sell your browsing information in the same manner that your ISP could. In effect, you aren't hiding your data from everyone, you are just entrusting it to a different entity.

You will have to pick a VPN provider very carefully.  Unfortunately, experts can’t agree upon which VPN services are best.  Some VPNs have potential security flaws that could put your data at risk. It can be difficult to determine how secure a VPN is, and precisely what it is doing with your data.  Most experts advise avoiding free VPNs, which may monetize your data in exchange for the free service.

Security writer Brian Krebs wrote a very informative article Post-FCC Privacy Rules, Should You VPN?  that explains the many limitations of VPN technology and to need to research VPN providers before entrusting them with your browsing data. The website That One Privacy Site provides extensive, detailed information about VPNs.

Bottom line: Do your research very carefully before choosing a VPN.  Understand their limitations. (If you have the technical expertise to set up your own VPN server, that may be the safest solution.)

Tor

Tor is a free service that encrypts your browsing activity and bounces your website requests to multiple servers around the globe.  Tor relies on using a series of encrypted tunnels between Tor routers. It’s effectively a series of anonymized VPN tunnels.  If you use a properly configured Tor browser, your ISP should not be able to see your activity.

The Tor browser is built as a modified version of the Firefox browser. However, it does have some drawbacks.  Users should be aware that some websites may not work in the Tor browser because of the protections that are built in. Additionally, maintaining privacy on Tor does require users to change some of their browsing habits or risk compromising their privacy. Failure to follow these warnings can defeat the privacy protections that are built in to Tor.  Finally, Tor can cause your web browsing to be slower than usual.  Tor is also available for Android devices.

HTTPS Everywhere

The browser extension HTTPS Everywhere ensures that you are connecting to a site through an encrypted connection whenever possible.

Sites that encrypt the connection between themselves and your browser are generally identified with an “https” prefix and a lock icon in the address bar. HTTPS stops your ISP from seeing the content of your communications with the site.  Your ISP will still see the domain name you visit.  Only the contents of your communication are protected. For example, your ISP will know you visited YouTube, but not what you watched while you were there, or the specific pages you visited.

The extension can’t force HTTPS when the site you’re connecting to does not support the HTTPS protocol.  HTTPS Everywhere is available for Firefox (desktop and Android), Chrome, and Opera.

Because HTTPS Everywhere cannot encrypt the domain name that you visit, the general nature of your browsing habits will not be hidden from your ISP.  For example, if you visit a site about a medical condition, your ISP will know the name of the site.

Want to Learn More About Online Privacy?

Privacy Rights Clearinghouse has two Consumer Guides that can help you learn more about online privacy: