For the last few years the question of Internet Service Providers (ISPs) selling your data has been up for debate. Put simply, in the United States, Canada and most Western countries it was illegal for ISP’s to sell your data, but that all changed in 2017 when then US President Trump walked back internet privacy rules.
Today several investigations are underway to determine if ISP’s are selling your data. However, even if they are not, it is clear that you are unlikely to be aware that they have started to sell it in the future, until months or years after it has already happened.
So lets avoid the hype on this topic, stick to the facts and consider the situation rationally.
WHAT CAN YOUR INTERNET PROVIDER SEE?
Obviously, the company that connects you to the internet (your ISP) can see all of your internet activity. They are the ones pulling and pushing the data to and from your computer. This means they know:
- When You Are Home: Most people are connected to the internet in one way or another all day long:
- when your homes internet activity is low (i.e. just an internet connected thermostat) they know you are away
- when your mobile phone data usage drops to near zero, they can guess you are on WiFi, likely at home
- Where You Live: If we are talking about home internet service, the company obviously knows where you live
- What Type of Mobile Phone/Tablet/Laptop You Use: Most internet providers now supply internet with integrated WiFi so you no longer need to buy and configure your own WiFi router. When your cell or tablet is connected it is usually easy for the ISP to determine what type of device you have and sometimes even the version of operating system (i.e. iOS7 vs iOS10)
- What Sites You Are Visiting: DNS stands for Domain Naming Service and it is nothing more than the internets phone book. Humans like to use names (like URTech.ca) while your computer needs numbers (like 188.8.131.52), so when you do anything on the internet with a name your ISP will use its DNS to change it into a number. That DNS query is recorded as coming from your computer.
- The Sites You Visit Most Often: Because the ISP sees every site you visit, they know how often you visit them and and how long you stayed on each site.
These five items can be easily combined to correctly guess your sex, age and income bracket. For example, if you live in North Winnipeg and surf a lot of young mother focused sites, between 9pm and midnight, you are likely working two jobs, a female renter, with children and in a lower income bracket.
WHAT CAN YOUR INTERNET PROVIDER DO WITH THAT DATA?
It isn’t so much that your ISP is using your data, it is that they could be selling your data to combine with other large data sets to build a monster profile of you and everyone you know.
Using big data models that combine data from your ISP and dozens of other sources (think Facebook, publicly available government records like tax rolls, credit agencies, large retailers like Amazon, YouTube data, Google search data, those little online surveys you take, Google maps data, your Tinder profile, and on and on), giant companies like Axiom, Neilsen and Experian have more than 1000 characteristics about YOU (age, weight, hair colour, job, credit rating, employment history, marital status, ‘time of the month’, children’s names and addresses…)
Your ISP data is used to corroborate and confirm what big data companies know about you because the big data companies already know where you live, if you are male / female / trans /… and what your income bracket is.
What they really find useful is your surfing habits which was number 4 on our list above. It tells them what your interests are on the edges. Big data already knows what you buy because they look at your credit card histories. What is really valuable is what you are THINKING about and that is likely what you are surfing to and spending time on but not buying. If they can figure out who you are, they spend their resources to push you over the edge and make a purchase. That is information which companies will pay big dollars for.
CAN EASY ENCRYPTION SOLVE DATA PRIVACY ISSUES?
So the question them becomes, if the fight is about privacy how can a little person like you or I ever defeat these massive companies. Well, it is not as hard as you might think. Big Data companies are scraping information from thousands of sources and they are not targeting individual people, so if you take just a few precautions you can really make a difference. Mostly this gets down to encryption.
You likely have heard of VPN’s. A VPN is a Virtual Private Network, which is nothing more than a simple tool to encrypt your data (i.e. scramble it) between two points on the internet. Using a Windows VPN is cheap and easy these days. For example PrivacySharks.com has an excellent list of VPN‘s for you to quickly scan through and find one that meets your needs.
When using a VPN you appear to be in a different location and use a different DNS from your home ISP. This means the data is useless to big data companies. In some cases, the data actually becomes what the industry calls noise that they have to filter out! That is a win for you.
Another way to protect yourself is to ensure that every site you visit has the little lock icon in the address bar.
That lock means that what you are sending and receiving to/from the website is locked to just the two of you. Your ISP cannot see what you are typing or receiving because the information is scrambled because it is using SSL (Secure Socket Layer).
SSL is not perfect. It is possible, with large amounts of money and time, to hack SSL but this is simply not going to happen to normal individuals. If you are the British Prime Minister, the Russians or Chinese may put the resources in to crack your traffic, but if you are Larry from Vancouver you are pretty safe with SSL.
The best protection is to stay on SSL only sites while using a VPN. In that way your data is double encrypted.
It is important to note that encryption is no subsitute for common sense. If you don’t want the world to know you are a single women with two kids, living in Mount Royal (high end Montreal), don’t fill out online / phone surveys and don’t post your private details on social media!
To wrap this up, your Internet Service Provider is collecting much data about you. They are not likely being evil or malicious; it is simply how the system is built. You can reduce your exposure by both being cautios with what you say on the internet and by locking down that information using encryption like SSL and VPN.