Forget about online privacy
Experts say to practice digital hygiene instead
Protecting your Internet activities from collection and sale by marketers is easier said than done, especially after Tuesday’s vote to overturn pending FCC privacy rules for Internet Service Providers.
The move by Congress dismantled rules created by the Federal Communications Commission just six months ago, rules that weren’t slated to go into effect until later this year. President Trump is expected to sign the bill into law soon.
The decision, decried by consumer groups and Democrats and lauded by Republicans and telecom companies, sent those worried looking for a fallback plan. One possibility? Wider use of VPNs, which provide private end-toend Internet connections and are typically used to keep out snoops when using public Wi-Fi.
But such protection is limited. While VPNs keep broadband providers from seeing the sites users visit, that masking only goes so far — once logged into a website, an operator such as Amazon tracks users’ activities so it can suggest tailored products.
“All that a VPN does is hide what take place to get from point A to point B. Once you’re on the other side, if you have credentials there — think Netflix — it knows who you are,” said Matt Stamper, director of security and risk management programs at consulting company Gartner.
Congress’ decision essentially reverts to the status quo. The FCC argued that ISP’s such as Comcast and AT&T should not face more stringent privacy rules than online companies
“Your entire clickstream, basically your life online, has the potential to become one giant profile.” Matt Stamper, director of security and risk management programs at consulting company Gartner
such as Facebook and Google, which also collect information about users. Opponents countered that ISPs are different because they have access to users’ full Web browsing habits and physical addresses.
With the repeal, Internet providers won’t be required to notify customers they collect data about or ask permission before collecting, sharing and selling data about what they do online, beyond the initial Terms of Service agreement. Information collected could include websites visited, apps used and physical location.
“Your entire clickstream, basically your life online, has the potential to become one giant profile,” Stamper said.
That information can then be used to craft highly-targeted ads.
While Web companies’ profiles aren’t person-specific, they allow their own products and those of advertisers to minutely target a type of customer, say a 30-yearold woman in the Southwest who likes rock climbing. While individual companies’ privacy policies vary and sometimes allow for opt-outs of information sharing, in general websites can sell or share this depersonalized information with partners.
Side-stepping that constant surveillance while trying to use the Web in our daily lives is almost unachievable, Stamper said.
“Realistically, unless somebody is extraordinarily well-versed in technology, has a really good understanding of what different sites are doing and how they do it, it’s almost impossible for the average consumer to keep their details private,” he said.
One option is for customers to find the privacy policy of their ISP and specifically opt out of data collection, said Robert Cattanach, a privacy lawyer with the firm of Dorsey & Whitney.
That’s easier said than done, said ACLU lawyer Neema Singh Guliani. “You’ll need to go through what in some cases is going to be a long, arduous and frustrating process in understanding what you can do to control the information they gather about you,” she said.
Overall, the best course of action for those concerned about what’s collected about them is to practice “digital privacy hygiene” by giving as little information as possible when online to minimize the digital footprint available to companies, said Nuala O’Connor, president and CEO of the Center for Democracy & Technology, a non-profit digital rights group.