Teaching Politicians a Privacy Lesson
Summary
The post in brief for those in a rush:
Donald Trump & the Republicans have given ISPs the right to collect and sell US-based internet users' private browsing data to the highest bidder without customers' explicit permission. This is a threat to everyone's privacy and security, and ripe for abuse. Privacy campaigner Adam Elhaney plans to turn the tables and purchase the internet history of those who passed the legislation or lobbied for it and make it available on searchinternethistory.com. He is raising money to make this possible. German politicians confronted with their leaked/bought internet browsing histories came out in favor of improving privacy laws. At the bottom of the post I offer some advice for protecting yourself against being snooped on by your ISP.
US internet users' privacy has been signed away
President Trump recently signed into law resolution J.S.Res.34, which allows Internet Service Providers (ISPs), such as AT&T, Comcast and Verizon, to sell customers’ internet browsing histories without their permission. They argued successfully to overturn Obama-era FCC plans that would have meant customer permission is required, claiming web browsing history and app use shouldn’t be considered “sensitive”.
The idea is that such information could be sold to and used by advertising companies wishing to target people with more accurate ads. In reality the information could be sold to anyone. In effect, it takes your personal activity online and makes it a money-making resource for corporations, whether you like it or not. It could also be purchased by insurance companies, law enforcement, banks, schools, jealous/angry (ex) spouses or anyone else willing to be the highest bidder.
This could reveal all your online searches and which sites/pages you visit and how often as well as your geo-location (where you go with your internet-enabled phone or tablet). That, in turn, probably reveals just about everything about you: your schedule, travel routes, which news sources you read, religious and political beliefs, forums you frequent, your medical concerns, which software (or anything else) you’ve downloaded, who you bank with... yes, which porn you like... and just about all your other online activity.
The Electronic Frontier Foundation’s (EFF) Ernesto Falcon summarized the implications:
Big Internet providers will be given new powers to harvest your personal information in extraordinarily creepy ways. They will watch your every action online and create highly personalized and sensitive profiles for the highest bidder. All without your consent. This breaks with the decades long legal tradition that your communications provider is never allowed to monetize your personal information without asking for your permission first.”
This will harm our cybersecurity as these companies become giant repositories of personal data. It won't be long before the government begins demanding access to the treasure trove of private information Internet providers will collect and store.”
Moreover, it will mean the ISPs and their databases could become prominent targets for hackers and make politicians, journalists, doctors and just about everyone else vulnerable to extortion.
The plan to fight fire with fire
Now, privacy activist Adam McElhaney plans to fight fire with fire. His idea is to buy the web browsing history of the very congressmen, executives and legislators responsible for the new privacy-violating law, which passed along party lines through The Senate 50-48, and make their private online activity available for all to see.
McElhaney’s plan comes in three phases:
- prioritize whose web histories to buy
- raise funds to do it (you can donate here)
- make them searchable online at www.searchinternethistory.com
Voting on whose browsing history to buy is over, and the winners are: 1) Speaker of the House, Paul Ryan; 2) House member Marsha Blackburn; 3) Senate Majority Leader Mitch McConnel, 4) FCC Chairman Ajit Pai; 5) Comcast CEO Brian Roberts and 6) AT&T CEO Randall Stephenson.
The logic is simple. If these people think it's a good idea for everyone's internet privacy to be available to the highest bidder, irrespective of the prospects for abuse or the implications this has for the role of privacy in a democratic society, let them lead by example: let's put their internet activity on show.
And some precedent suggests that this might work.
Recently, German journalists bought data collected and sold by the browser Web of Trust (WOT) from which they were able to identify specific individuals’ entire browsing history, including travel information, tax details, medical histories, sexual preferences, porn sites and, in some cases, even bank details and copies of an ID card stored in an unencrypted form online.
Politician Valerie Wilms was amongst those whose internet history had been bought. As a result, she and other German legislators have recognizedthe enormous potential for abuse access to individuals' private data of this type can have and they have come out in support of enacting stronger privacy laws.
In the meantime, US politician Jacky Rosen has introduced the Restoring American Privacy Act 2017.
You should also know that this problem is not unique to the US or Germany. Many countries have equivalent legislation. The UK government, for example, recently passed a law called the Snooper's Charter, which compels ISPs to store information about customers' browsing habits specifically for future use by government agencies.
It is also likely that regimes around the world, including those with poor human rights records, will use such examples as justification to enact their own surveillance laws, which could be used to compromise human rights campaigners, medical staff, political dissidents and others.
What you can do to protect yourself
A comprehensive set of defences is complicated to describe and not so easy to realise.
Nonetheless, there are some simple and worthwhile defenses you can put into action:
Use a different ISP: Not all US-based ISPs agree with the new law. Cruzio Internet, Etheric Networks and Sonic have all written in protest against it. Read your ISP's privacy policy and switch if need be.
Use a Paid-for Virtual Private Network (VPN): VPNs are services which connect your computer through an encrypted "tunnel" to a server belonging to the VPN service. This server then surfs the internet for you, pulling down websites in a way that cannot be easily tracked, including by your ISP. Unfortunately, there are complications: not all VPN services are equally trustworthy; do not rely on "free" VPNs and online reviews are littered with fake opinions paid for through referral schemes. ThatOnePrivacySite is just about the only comprehensive and neutral list of VPN services, their features and ethics that I've seen. I plan to discuss this important but confusing topic in more detail in the future. If you're confused by all the choices, go with a VPN provider like AirVPN or the soon-out ProtonVPN, both of which have as good reputations as it's possible to be sure about.
Install privacy-enhancing browser plugins: My minimum recommendations are:
- Https Everywhere (here for Firefox and here for Chrome/Chromium/Vivaldi), which ensures that, where available, traffic from websites travels to your computer using an encrypted connection. On its own, this will protect the content of your browsing (like the text of a website), but not where you go online.
- uBlock Origin (here for Firefox and here for Chrome/Chromium/Vivaldi), which blocks ads and their trackers.
- Self-Destructing Cookies (Firefox only), which will delete cookies from browser tabs you have recently closed so they cannot be used to track you as you go about your business later.
- BetterPrivacy (Firefox only), which deletes "super cookies", "flash cookies" or LSOs - files stored on your computer which are even more powerful than normal cookies and which browsers aren't well setup to deal with. In the Preferences, set the LSOs to delete within 1 second and when you exit the browser.
I will discuss these and other browser cookies useful to enhancing general online privacy in future posts.