Over the last several days, both the US House and the Senate passed legislation to repeal the FCC’s privacy protections against internet service providers (ISPs) abusing customer data for their own benefit, largely without any consent.
It’s likely that the only real long-term solution against this type of abuse will be for policymakers to pass new legislation that brings back the broadband and wireless customer privacy protections that they’ve now repealed. Granted, this probably won’t happen with a Congress under the current configuration, as the current Congress clearly wanted to eliminate those types of protections.
However, a future Congress, backed by enough interest from citizens and political will, could shape stronger internet privacy policies into a law that would be harder to repeal than the FCC’s own rules.
In the meantime, there are some things you can do to stop, or at least significantly restrict, ISPs from tracking you across the web.
Don’t Buy/Rent Devices From Your ISP
If possible, it would be best not to buy, subsidize, or rent any type of device from your wireless or broadband provider, whether it’s a smartphone, tablet, Chromebook, router, modem, and so on.
This is among the easiest ways in which the ISP or wireless service providers can track everything you do on the web, because they get full or almost full control over the devices they sell or rent to their customers. It’s trivial for them to install firmware or applications on those devices to track you without you even knowing it.
As Verizon eagerly showed us after the House vote to repeal the FCC’s privacy framework, wireless service providers can’t wait to start collecting as much data as possible about what you do online.
HTTPS Encryption Is Your Friend
Wireless carriers and ISPs aren’t exactly new at tracking customers on the web and serving them ads; they’ve often been caught injecting ads into their customers’ web traffic. For instance, you may be visiting a website, that may even have its own ads, and suddenly, an ad from your ISP or carrier would appear as well.
However, this can only happen if the website you visit doesn’t use HTTPS encryption and the address bar is marked with HTTP instead. When a website doesn’t use HTTPS, the ISP can shape and control that flow of data however it likes. HTTPS encryption stops carriers from tracking your browsing habits in more detail and also from showing you their own ads.
There is one caveat to this, which is that the service provider doesn’t control the device, as mentioned above. If it does, then it could create a “man-in-the-middle (MITM) attack” by interposing itself between you and the HTTPS encrypted website you’re trying to visit.
This shouldn’t be possible anymore on Android 7+ devices, because Google now mandates that there can’t be any other certificates than the ones it’s allowing. However, service providers could still be able to control other devices in this way.
Having to visit HTTPS-only websites may be easier said than done. EFF extensions such as HTTPS Everywhere do allow users to automatically switch websites from HTTP to HTTPS, but only when the HTTP website doesn’t automatically redirect all of its web pages to the HTTPS versions. The extension redirects automatically for you.
HTTPS Everywhere also has an option to “Block all unencrypted requests,” which essentially forces your browser to only retrieve web pages and connections that are encrypted with HTTPS. This is probably an option not too many are willing to use just yet, though, as much of the web remains unencrypted, and it could quickly become a frustrating exercise.
Because not all websites you may visit use HTTPS, that makes a VPN service provider a major tool in your arsenal against ISP tracking, too. The VPN creates a secure tunnel for all of your device’s internet traffic, so it’s irrelevant whether the websites you visit have encryption or not — the ISPs won’t be able to see that traffic. Another caveat: You have to research VPN providers, because many will sell your data, which defeats the purpose of using one to evade ISP snooping in the first place.
The Tor browser is the tool of choice for those who want maximum privacy, or anything resembling true anonymity on the web. This comes with some caveats, especially when you’re up against intelligence agencies and you’re a target. However, it should be more than good enough against ISP tracking, or any other common kinds of tracking on the web.
The Tor browser may load websites a little more slowly, even compared to VPN services, because it routes your traffic through more locations around the world. This is the only price you have to pay, though, because the tool is free to use. Most VPNs, especially if you want to use them for all of your internet needs, aren’t. You can also use a VPN and the Tor browser together for even better privacy.
Change Your DNS Servers
Even if you visit encrypted websites, ISPs may still be able to see the browser requests you make via their own Domain Name System (DNS) servers which are automatically assigned to your computer or smartphone.
The DNS servers’ role is to resolve the website addresses you type in your browser to the IP addresses of those websites’ physical servers. That means that if you use the DNS servers automatically provided by your ISP, the ISP should be able to log which websites you visited.
OpenNIC DNS servers tend to be more privacy-focused than other better known DNS server alternatives such as Google’s own DNS servers or OpenDNS (now owned by Cisco), but there are others as well.
Officially Opting Out Of ISP Tracking
Some, if not all, of the ISPs and carriers should provide ways for you to opt-out of most of their tracking. However, it often involves multiple steps, and the opt-out may still not be complete. Therefore, you may still want to use some of the above options, just in case the ISPs don’t actually stop much of their tracking.
Future Of Web Privacy Looks Uncertain
If the net neutrality rules fall as well under the existing Congress and FCC leadership, then some of these tools may start to lose their effectiveness, as they could become the primary enemies of ISPs trying to collect that user data. Some of the services could be slowed down, and some could even be blocked, which is basically why the net neutrality rules were proposed by the former FCC leadership in the first place.
However, if millions or tens of millions of people start relying on them, the ISPs may fear a backlash, even if there wouldn’t be any rules or laws left to keep them from hurting the performance of these tools and services in order to increase their profits.
Regardless of what happens in the future, these tools can be used right now to drastically reduce the amount of tracking ISPs and wireless carriers can do to you. If you’re serious about privacy, or at least not wanting internet providers to sell your data without consent, you may want to start using some of these tools today.