US Congress votes to remove ISP privacy rules

The United States House of Representatives recently approved a “congressional disapproval” vote of privacy rules, which basically gives your ISP the right to sell collected information to third parties without your approval.

As extracted from the House Joint resolution: This joint resolution nullifies the rule submitted by the Federal Communications Commission entitled “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services.” You can read the full resolution here.

To summarize, this gives ISPs such as Comcast the right to sell everything they know about your internet usage to third parties without any notification or prior agreement.

What information do they collect

The profiling that can be done via monitoring your internet access is quite accurate. It can determine your age, sex, location, search habits, medical conditions, sexual orientation and preference, religious beliefs, how big your household is, how many kids you have, if you are on vacation and the list goes on.

You might think that Facebook and Google already do this, and you are perfectly right. However, there are two fundamental differences.

  1. You agreed to the terms and conditions of Facebook and Google.
  2. If you disconnect from Facebook and Google and clear your cookies, block their tracking scripts, or if you don’t use their services, they have virtually no way to monitor your activity anymore. This means that you can “get out” of their surveillance range.

With your ISP however, it’s a whole different story. Once you access the internet, they can see what you access, for how long, and in the case of clear text websites (generally website addresses that don’t start with “https://”) they can even see the content you access. There is some good news however, most websites nowadays (the popular ones at least) are secured and the content is pretty unlikely to be visible to your ISP. However, even on HTTPS connections, your ISP still sees what web site you accessed it and for how long, even if the actual accessed content is not visible, and this is almost always done by logging DNS requests history.

The curious thing about this whole situation is that not too long ago, the FCC actually passed new privacy rules that require ISPs to give customers an opt-in option for their most sensitive information. When Google started their $70/mo. Gigabit campaign, AT&T started offering the same package, at the same price with one difference: you had to opt in to a “internet preferences” program where you basically agree to them selling your internet traffic information to third parties. Without opting in, you would have to pay $99/mo., meaning that you would value your privacy at $29/mo. and we’ll let you draw your own conclusions. Needless to say that a lot of AT&T customers opted in due to commodity and lack of regard for their own privacy without knowing, understanding or caring that their internet experience will be greatly impacted by this decision.

What you can do

There are several work-around options available. The most secure option would be using a VPN service that is trustworthy (check our sidebar and Best VPN page for recommendations and reviews). This service will cut your ISP’s access to your online activity. We do recommend caution when using a VPN service however. Free services are not secure and some paid services might have non-secure aspects such as their privacy and logging policies or the jurisdiction they are under, so make sure you do your homework well before choosing a VPN service. Paid services are rather cheap and they provide extra security features and better support, so keep that in mind.

It likely that most data collection of browsing history is made by “exploiting” the DNS protocol, by logging and analyzing all DNS queries on the ISP’s DNS servers. To by-pass this, you can simply use 3rd party public DNS servers or DNSCrypt. We recommend to check out our recent article: Recommended Public DNS Servers

Call your ISP and tell them you want to know what information is being collected and if there is a way to opt out. They have the legal obligation to give you this information, and if you have the possibility, you should opt out of their data collection program. Keep in mind that your ISP is a business first and foremost. Like any business, they want to make money, and not losing customers is their priority. If we have enough complaints registered regarding this issue we might just be able to change something.

Make sure that you don’t use non-HTTPS websites unless you absolutely must (and we don’t mean absolutely must see this cute picture of a kitten). Also, keep in mind that your actions and traffic is completely visible when accessing a non-secured website.

Stay up to date with current events. There are a lot of changes in this industry, and keeping up with the news is very important. You wouldn’t want to find yourself in the middle of a contract without realizing the down sides, so stay informed.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.