Greg Ranzini '18
There's been a lot of fear, uncertainty, and doubt swirling around lately about Congress's repeal of last October's FCC broadband privacy rules. If you spent any time on Reddit in the last month, you probably read blaring headlines about how this spells the END OF PRIVACY ONLINE, because your ISP will now be legally permitted to sell your browsing history to the highest bidder. In the hours after the vote, crowdfunding campaigns cropped up, pledging to buy and publish the browsing histories of the bill’s sponsors, of FCC Commissioner Ajit Pai, and of various members of the Trump administration. Other pages appeared shortly thereafter, denouncing the crowdfunding campaigns as scams. Max Temkin, one of the co-creators of Cards Against Humanity, vowed to pony up and buy the data himself, although, for the moment, no ISP has yet come forward offering to sell customer data on an individual basis. At press time, the crisis has entered the Third Phase of Internet Grieving as smug pedants come forward to remind you that the rules never took effect in the first place, and so your ISP was always allowed to sell your data, and will now continue to be able to sell your data—sweet dreams, sheeple.
This is not to say that fear, uncertainty, or doubt are unwarranted under the circumstances, however. If anything, the situation as it stands is worse than most understand. Sure, it's not like Comcast is going to let Joe Schmoe PayPal them fifty bucks and find out about all the freaky things you search for on YouPorn—you sick bastard—but it's not because they can't. It's because that's chump change. The real money is in selling bulk data to advertisers. Moreover, the optics are better for them this way: when it's just your data getting sold off to the highest bidder, that's personal. When it's everybody's data, that might just be the new normal. Just ask Mark Zuckerberg.
Or, hell, ask former-Representative-turned-telco-lobbyist Henry Waxman (D-Calif.). In an astonishingly disingenuous editorial last October, he wrote what emerged as the definitive argument against the then-draft rules:
“What it means is that consumers’ private data collected online will be protected by one set of standards when collected by an ISP and different standard [sic] when collected online by other internet [sic] parties, such as Google, Amazon and Facebook.”
Ah, yes, consistency. See, it’s just terribly unfair that Google, Amazon, and Facebook get to pry into every detail of your daily lives online, but ISPs can’t get in on that game too! I, for one, sleep better at night knowing that my privacy is being consistently violated. That said, Waxman is talking about a somewhat funny kind of “consistency” here. After all, it’s not like everything you look at online goes through a Google, Amazon, or Facebook server, as much as it sometimes seems that way. Your ISP, however, passes along every single bit, so even if they can’t read the bits protected by website encryption, they are uniquely situated to discover what servers you’re connecting to and, consequently, whom you’re associating with. And unless you’re Rep. F. James Sensenbrenner Jr. (R-Wis.), who admonished an angry constituent last Thursday that “Nobody’s got to use the Internet” if they value their privacy, you probably can’t switch ISPs just for a sec the way you can go to DuckDuckGo to search for “early cirrhosis symptoms” instead of Bing.
That’s not to say that there’s absolutely nothing to do, however. Savvy netizens still have a range of options available, which provide more or less effective protection against certain kinds of surveillance. Here are a few that, honestly, you should already be using:
Step 1: Encrypt everything
This is the Electronic Frontier Foundation’s signature browser plugin. It accomplishes something very simple: whenever you would connect to an insecure HTTP page, it redirects you instead to the encrypted HTTPS version of that page, if available. This doesn’t do anything to keep your ISP from figuring out what sites you’re going to, of course, but it does have the effect of protecting whatever you actually do on those domains. Spend lots of time posting on /r/gonewild? This one’s for you.
Step 2: Hide from ad tracking
Adblockers. If you’re living without them, you’re missing out. This time two years ago, I would probably have recommended perennial favorite AdBlockPlus, but ABP decided that they’d rather make money letting ad networks pay to be unblocked. uBlock Origin is a significantly nicer piece of software, anyway. Don’t use “uBlock” (without the “Origin,”) by the way. One of the former developers hijacked the name, started soliciting donations, eventually lost interest, and left the software unmaintained.
Adblocking is important for more than just cosmetic reasons. One of the many salutary effects of keeping ads from loading is that it makes it that much harder for ad networks to follow you from site to site. Moreover, online advertising is one of the main ways that viruses get spread these days. Block the ads, and you block the malvertising, too.
Step 3: Lock out your ISP
These cost money, which is unfortunate, but they’re also the only practical way to make the broadband privacy repeal a moot point. Also, they’re generally super cheap, for what they are. A VPN service provides you with a sort of encrypted ‘tunnel,’ through which you access the broader Internet. At the other end of the tunnel is a VPN exit server, the IP address of which is shared with all the other VPN customers using the same node. The upshot is that your data is encrypted, and, provided that you’ve picked a reputable VPN provider, nobody can tell who is connecting where. From your ISP’s perspective, you’re spending a lot of time sending gibberish to a random server farm in New Jersey or wherever—not terribly much for them to glean from that. A pleasant side-effect of this is that you can make your computer appear to be anywhere in the world, thereby bypassing those stupid country-by-country region locks on YouTube. A not-so-pleasant side-effect of this is that Netflix won’t let you connect through a VPN, because they don’t want you bypassing their region locking. Good thing you can just turn off your VPN whenever you want to watch Netflix.
Picking a VPN can be pretty tricky, however, because you ultimately are placing a lot of trust in your particular provider. Luckily, a blog called TorrentFreak does the requisite due diligence and publishes their findings annually: https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/. Who better to listen to than people who have a really good reason to be paranoid, right?