There has long been advised that using things like Incognito Mode and clearing your cookies and opting out of advertising preferences will help keep your browsing information disassociated from your identity, and to some extent this wisdom has been true – as nothing is foolproof, it is not possible to be completely de-personalised when using the Internet, but putting roadblocks up when possible makes the data incomplete and less useful.
Add to this a move by the FCC in October 2016 to adopt the Broadband Privacy Rule, a consumer-minded way to ensure that the most sensitive activities you undertake on your home broadband are able to be protected from the vacuum that sucks in all possible data in order to sell you more crap (or adapt what you think and feel on a political topic). This is about to change, if the new FCC has it’s way. Ajit Pai, the new chairman of the FCC has been vocal in his distaste for such privacy measures, as he believes that the path to happiness goes through businesses and not consumers protection.
After reading the excellent Frequently Asked Questions: The Broadband Privacy Rule about the upcoming changes by Natasha Duarte, I wanted to go into a little bit more about what this means to you (and if you are in a library, your patrons).
Unless you use a reputable VPN all the time, everything you and your family browse or download via your broadband connection is subject to being sold to advertisers or anyone who will pay for it. This includes all web sites, all files, all images, even those that you try to keep from Google or other search services via incognito mode or clearing cookies. Your Internet Service Provider has access to everything you do with your Internet connection, and the rollback of the Broadband Privacy Rule will mean that they can, and likely will sell it or use it to milk more money out of you to keep it from being sold.
There certainly is not explicit opt-in, and opting-out will cost you (a lot). As we saw with AT&T’s illustrious GigaPower service, the service as advertised included the poorly and deceptively-named Internet Preferences which gave AT&T the right to sell your usage data. In order to keep your data from being sold, AT&T squeezed up to $792/year from you to opt-out of the service, and they didn’t make it easy to do so. Upon becoming aware of the Broadband Privacy Rule’s imminence, AT&T decided to end the programme altogether.
HTTPS is not enough in this case. HTTPS protects the information inside the packet, but the URL and metadata still tells a lot about the sites you go to, the things you search for when you are there, the topics that interest you and the people you follow. The URL’s have such info in them and HTTPS does not obfuscate them in any way from being collected by ISPs. For example, my twitter URL is https://twitter.com/buddhake and if you click on it, your ISP will know that you went to my Twitter regardless of the fact that the content sent to you was encrypted between Twitter and your web browser. URL’s house much information that is useful to those buying data.
This is a topic that, if not understood by the general public can lead to exposure of information that was previously thought to be sacrosanct from mining and usage. Comcast is already taking what they know about you to inject targeted ads into the shows you watch via your cable box (perhaps a reason why they lobbied Mr. Pai to end the move by Tom Wheeler, former FCC Chairman to unlock the set top box which would also reduce the required fees to rend them from the cable company).
[UPDATE 1 February 2017 18:31EDT : Comcast has announced this evening that they will charge for access to their application when used from a Roku. Due to the lack of rule requiring this to be free, Comcast, of course, will charge.]
It is not that I am against personalisation, because I am not; I believe that consumers have become very used to and rely upon a certain level of knowledge by service providers to get users closer to the information they seek by using info already stored, however the de facto collection and use without transparency of what is collected, what it is used for and with whom it is shared, and without an easy means of opt-out, and/or exorbitant fees making privacy only available to the wealthy is reprehensible. It is the role of government to protect its citizens, and in this case the changes forthcoming from the FCC are going to enable those citizens to be further exploited without reasonable means to opt-out.
What you can do? Call your congress(wo)man and call your senator and tell them you want legislation that requires consumer-friendly requirements on broadband data use. Use Tor. Get a reputable VPN service (although this is harder than it seems to find one that actually protects your data). Tell others to do the same. Librarians, this is a great topic to pass on to your patrons as you consider the notion that the library is perfectly situated to be an expert resource for patrons on privacy.