On October 27, 2016, the Federal Communications Commission (FCC) imposed new privacy rules on Internet Service Providers (ISPs). The new privacy rules were originally introduced to give consumers more options, transparency and security for personal data. On March 23, 2017, the U.S. Senate voted to overturn those privacy laws. In the past, ISPs were required to get your permission before they could sell your internet logs to third parties.
Many consumers assume this means your web browser history, which can be cleared locally at their machine. There is a lot more to it than just that.
When you visit a website such as Google.com on your computer at home, at work, a tablet, phablet, smart-phone, your web browser sends a request through your ISP (Verizon, AT&T, Charter, etc.). Next, your ISP checks against a domain name system (DNS). It is an international list ISPs have of all websites and their IP addresses. Everything on the internet has an Internet Protocol (IP) address Google.com, it works like matching a person to a phone number (i.e. Google.com uses a public IP address of 18.104.22.168) and sends back data from Google's server through your ISP. Usually, that data comes through in what's called data packets. Data packets are chunks of the requested data. Code, text, images, audio, video, are the elements of data.
Data transfers are very much like a truck carrying your shipping request (on the super information highway) along with everyone else's requests (think speed, rush-hour, traffic problems, crashes). All that “shipping and receiving” transmission of requested data is stored in log files on your ISPs servers and linked to you, your account, your IP address.
Another example, think of it like puzzle pieces in different envelopes that are reassembled when they reach their destination, that destination being your computer or “device”.
If you delete your history in your web browser, there will still be data log files kept by your ISP at a minimum of two years back (mandatory by U.S. Federal Law in 2011 for later investigations) on servers and data center back-ups for a long time, in some cases, indefinitely.
Where you go, what you view and access is saved by ISPs. When you download and install an app, software, join a social media service, those who own them usually have a privacy warning, acknowledgment, policy, declaration saying, “By signing here, or by clicking here, you adhere or acknowledged we get to do what we want with it.” Paraphrasing aside, your personal data becomes someone else's and getting them to delete it or permanently wipe it, is difficult (and usually requires court orders for them to think about actually doing it but that doesn't stop where it's branched off to already).
If your phone service provider is providing you internet, they are your internet service provider (ISP), if you're using that in conjunction with your phone, you are being pinged by cell towers constantly (pinging helps to make sure you are in sync with new data coming in and going out to your device). If someone sends you a text, there is a ping cycle until that message is sent and confirmed as received, any apps you “allow” to use your phone, get those same rights too.
If you use and have your GPS (“Global Positioning Satellite” feature) there is a trail (or log) of where you go, what you do, that information up for sale too from your ISP (not to mention up for grabs by hackers if that stored data is stolen). It is not as clear and concise as it probably should be. In the end, this is about selling your data for money.
This could go beyond the simplistic from what color underpants you prefer or if you prefer diet soda over bottled water (or if someone in your family has a terminal disease, someone can buy your search logs and show you medical treatments ads while you're watching a music video online trying to not think about it).
Imagine someone running for political office. Your opposition has Super-PAC support who can buy your web history and use that in a hit campaign against you. Welcome to a new era of political trash ads.
If someone is a cheater and their ex can buy their internet history log and see if they have been where they said they've been, or with someone else. Hopefully someone didn't steal they phone and make matters worse! Far fetched perhaps but you never know.
There are ways to completely remove yourself from the internet. Some have done it, some trying, some do then “relapse”.
NBA star Stephen Curry cuts all ties to social media around the NBA playoffs to keep a clearer head. In fact he is a co-founder of a new social media platform called Slyce a new social media service for celebrities that helps filter out a lot of the social “noise”.
There are paid services to help remove you from the web, but they can't stop (or undo) everything. In some cases, you can write to individual websites or companies to demand account closure and to delete your data history, but it may take time, effort, either way, if the FBI is keeping records for two years and back, you'll never really be rid of it.
Your best option is, be more discreet and conscience of what you say and do online. There are now software programs can figure out what you mean by what you don't say (or by what you omit).
Another option, Virtual Private Networks (VPN) which cost additional money but can help mask what you do online (to an extent), but they tend to slow down what you're doing even more. There are web proxies that can help mask what you do to an extent (basically you end up coming in from a different IP address) but most are limited in functionality and some web proxies are shady. You should do some background research before you put too much faith in one you are unfamiliar with. Due to the fact this was a Senate bill, it still must go back to the House of Representatives and then to President Trump sign. If it passes the House (which many assume it will) and President Trump signs the bill, it will go into effect November 4, 2017.
Since Citizens United v the FEC, where US Supreme Court ruled corporations have rights as people for campaign spending (so to speak) and we now have Super-PACs in the US (who do not have to disclose who they really or if their money source is even based in the US, possibly allowing foreigners to influence US elections), and they are out there, where people can contribute money to campaigns without revealing their identity, we don’t know who’s going to be buying our data and personal information with this FCC change in November. For all we know, it could be foreign owned companies. Since there is no mention able oversight with the FCC changes in 2017, how far back (or how specific) can these internet logs be? We don't know. Hopefully legislators insist on clarification of such things before it passes and or gets out of control.
Many websites are adding Secure Sockets Layer (SSL). Web browsers are already warning consumers about non-SSL websites (or if something is fishy about the SSL certificate). SSL certificates will also help reduce hacking issues as the source website must provide real authenticating data. In some cases an EV (Extended Validation) SSL certificate which requires proof of a DBA, LLC, or Corporation paperwork filed in the appropriate jurisdiction has to be shared with the web host and or domain name registrar. If a website is phony, it can't have a genuine SSL certificate much less an SSL EV certificate. It makes it harder for criminals to spoof IP addresses and domain names.
When you type in Google.com and it loads, Google forces SSL, which encrypts your connection. However, Google still collects data on what you do, themselves. A lot of people are using other search engines such as https://www.duckduckgo.com which has grown in popularity exponentially and promises not to track you as many other search engines do (and Duck Duck Go uses SSL).
If you go to https://www.duckduckgo.com and type in sbnews.us the web link that shows up is https://sbnews.us which means you go from one encrypted site to another so your ISP can only see you went to duckduckgo.com and then to sbnews.us that is it. They cannot see what you do once you are on sbnews.us as the data transmitted is now encrypted. SSL helps hide specific details that your ISP would otherwise know.
People will soon be aware of SSL (and the lack thereof) and the public will expect web sites to implement SSL. To better protect yourself, your family, your business and your interests, anything “delicate in subject matter”, make sure you see HTTPS in the address bar. If a website does not have SSL, it will show HTTP in the web browser address. If you don't see HTTPS in the address, you can try editing and adding an 'S' yourself, if your web browser gives warnings about the website, avoid it.
In the end, by the current US Senate giving up the consumer to the highest bidder, people who are already set on limiting their online exposure may eventually lead to more shady tactics, pushing the public to go darker (which isn't good, creating this frame of mind for society), to become more secretive to try and preserve their privacy. We're seeing a huge uprising in hacking activity in the world. Ransom-ware hitting hospitals and schools, the most vulnerable, our sick and our children and these as such demand ransom pay-offs in Bitcoins instead of common currency because it is hard to trace through the dark web (another article in itself). Remember, our nation spends massive budgets on spying on its citizens. SSL will become a necessity.
Again, SSL (some may refer to it as TLS “Transport Security Layer”, it is essentially the same idea), encrypts data being sent from your computer to the website you are visiting making it nearly impossible for your ISP and others to see what you are viewing, doing or otherwise.
Facebook, Google, Twitter and many other social media use SSL, but obviously, if you don’t control your privacy settings in those applications (learn how to do this before you post and share things), you may be forfeiting the benefit of SSL. For example, in Facebook, if you’re posting something you want to be seen only by friends, you don’t post it publicly. If you post on twitter, usually it is posted publicly. Just ask former Congressman Anthony Weiner, he found out the hard way.
By using websites that don’t have SSL, you are really letting the cat out of the bag. When you arrived at sbnews.us, that is all your ISP can see, that you came here, after that, everything you clicked on, they can’t see exactly what you are looking at, reading, browsing, all they can see is you came to visit this website at a certain date and time.
If the House of Representatives pass this bill, which looks to be a given, ISPs will be able to sell your historical log information, data with it and sell it to third parties. This information may include your IP address, websites you visit and other sensitive data.
A lot of people (for too long) have responded to threats against online privacy with, “I have nothing to hide.” or things like, “Hey, I’m not doing anything illegal so...” That’s beside the point. These are corporations, in some cases individuals (they can even be foreigners). This new shift in FCC Privacy Rules shows true intentions at heart and as citizens, we should be aware and take steps to protect ourselves. In the end, nobody can guard our own privacy except ourselves. It's not fun, not easy but a necessary in a world of exploitation and evil.
About the writer: Aaron Conaway is an IT consultant and web developer who has worked in the web industry for over fifteen years, has been on TV numerous times answering questions about technology and consumer security, hidden dangers in social media and common sense ways to protect your business, yourself and your children on the internet. His latest endeavor is https://www.sslbiz.com an online start-up business that focuses on building SSL based websites.