With news of the FCC allowing ISPs to sell browser history and other data on users, this has raised a lot of concerns about online privacy. How much privacy do we currently have?
What can we do to protect ourselves?
There are many misconceptions about how much privacy ISPs (internet service providers) really lend to their subscribers: that ISPs can use and sell Social Security Numbers, or that they can just sell our browsing history and other information to marketers.
ISPs do collect data about their users and need to be more transparent about how they use it. However, Social Security Numbers and other personally-identifiable information (PII) is subject to additional legal safeguards under the law that limits what private businesses can do with this information.
How Much Privacy Do ISPs Really Allow Us?
One of the primary privacy measures that users have between themselves and ISPs is a secure-socket-layer (SSL) certificate that protects your activity from the ISP. When the browser connects to a website through SSL, that certificate encrypts the connection between your device and that server which cloaks the precise details of what your ISP sees. The browser can tell when you are visiting that site, but not your activities there.
However, SSL encryption is not enough in the highly connected modern era. ISPs are not the only receptors of information as devices also send browsing activity to device vendors, even if it’s not a 1:1 replica of the content. With so much information available online, there’s no way for the billions of users to have full control over their protection and the flow of information to and from all these different servers and websites. Remote computers and servers may be sending your information to places that really shouldn’t have it and you would have no idea it was happening.
This has caused concerns for people who value their privacy and don’t want their information being used without consent. In an age where not having online access to essential aspects of day-to-day life like banking, research for school, managing your healthcare, and numerous other functions, simply avoiding Internet usage is not really an option.
Are VPNs a Cure-All?
Virtual private networks (VPNs) have been touted as a panacea for protecting your online activity. However, just like with ISPs you need to review the privacy policies of each VPN provider. They may actually offer even fewer safeguards, such as “free” VPN services that serve as a means for the companies to make money off your browsing data to be sold.
Other Safeguards You Can Take to Protect Your Privacy
There are many precautions that you can adopt to protect your privacy right now. Many people think that an SSL certificate is protection enough, along with using a private network that isn’t in a public place on an unsecured device. While pushing vendors and ISPs to be more transparent is a slow-moving process, here’s what you can do today to stay secure today.
Use two-factor authentification (2FA) for key accounts like your email, banking, social media, and so on. 2FA provides an extra layer of security that a simple password doesn’t.
Change your passwords often and don’t rely on the same set of them. Choose something long that is much harder to crack.
Change the privacy settings in all of the browsers and social media platforms that you use so that you aren’t inadvertently advertising your search history.
Use Tor for “deep web” browsing (not to be confused with the dark web) where your search activity will not be indexed.
Try Signal for end-to-end encryption of text messages and phone calls, but the other user must be a Signal user with the app installed on their device for this to be effective.
Don’t transact on public wifi (such as using credit cards, accessing bank accounts, etc.)
Learn to protect yourself from common phishing and malware threats.
Install the https Everywhere plugin on your browser to minimize the amount of unencrypted data that gets sent.
Regardless of what happens with proposed FCC laws that could allow ISPs to sell your browser activity at will, you need to take steps on your own to protect your privacy online. Relying on government regulations alone when there are people within trying to fight against that privacy for profit will not be enough, and should only be relied on for simple basic measures like ensuring that your PII like Social Security and bank account numbers are not tampered with.
Take precautions when it comes to your email, browsing, and account security with the right tools and best practices. A simple password change or a few minutes spent updating your privacy settings in your most commonly-used browsers and apps can be all it takes to prevent an attack or massive fire sale of your browsing activity.