No, the sky isn’t falling. That already happened, some 20 years ago, when online sites first began tracking every move we made on the Internet without our permission.
So when the US House of Representatives foolishly voted Tuesday to strike down Obama-era privacy regulations on Internet service providers that were scheduled to go into effect in December, it wasn’t exactly a disaster. More like a cynical affirmation of the status quo.
If President Trump, as expected, signs the legislation, online network operators like Comcast Corp. and Verizon Communications Inc. will be free to monitor their customers’ activities and sell the information to advertisers, without first getting the customers to agree.
In short, they will be able to do what many Internet companies have been doing for the past two decades. Even if the now-doomed regulations had been left in place, they didn’t apply to the social networks, search services, and advertisers that have kept us under ceaseless surveillance for years.
We’re not entirely defenseless. The network operators have less access to our data than you might think. And there are technologies that offer some protection from the unwanted gaze of online spies.
But don’t expect the government to save us. Our best chance of that came and went in the late 1990s, when nobody thought to make rules about when and how Internet companies could use our information. Since then, we’ve welcomed “free” Web services that are actually paid for with our personal data. An industry worth billions has grown up around this business model, and no one dares tear it down. For those who still hunger and thirst for online privacy, you’re on your own.
The rules issued last year by the Federal Communications Commission banned network operators from the same kind of tracking activities conducted by Google, Facebook, and other Internet-based companies. But privacy advocates replied that network operators like Comcast are at the heart of the Internet; all our traffic passes through their networks. These companies should be more strictly regulated than online services like Google and Facebook because the service providers can see everything we do online.
But that’s not quite right. For one thing, many of us use more than one network provider. You might have Comcast at home, Verizon in the office, and AT&T on your smartphone. Each sees only so much of your online activity. But I’ll bet you use Google and Facebook on every device, enabling these companies to track you all day long.
In addition, much of our online activity can’t be monitored by the carriers, thanks in part to National Security Agency turncoat Edward Snowden. After his startling revelations about the NSA’s Internet spying, major sites adopted the Hyper Text Transfer Protocol Secure standard, better known as HTTPS. When you visit an HTTPS site, all data between your computer and the remote server is encrypted, making it invisible to anyone else.
The makers of the Mozilla browser estimate that half of all online traffic now uses HTTPS encryption, up from 36 percent in 2015. That’s not just a problem for the NSA, but also for Comcast, Verizon, and RCN. Your Internet provider can still see the HTTPS-compatible sites you visit, but not what you’re reading or viewing there. They might know you’re at the encrypted New York Times website, for instance, but they won’t know what you’re reading about.
HTTPS doesn’t provide total protection — far from it. The network company can still compile a record of sites you visit, and that can be very revealing. And you’re exposed when visiting the many sites that still aren’t encrypted.
And HTTPS doesn’t even slow down Google, Facebook, or Twitter. They can track your activities in great detail, not just at their own sites, but also at countless others like the Times, or The Boston Globe. The same goes for AOL, Quantcast, and many online advertising networks.
These companies have allied with millions of the world’s websites that install “tracking cookies” in your browser when you visit them. These cookies follow you all over the ’Net, monitoring your activities, creating a profile of your tastes and interests, and targeting you with customized advertisements.
Nobody’s cracking down on this practice. Proposed federal legislation to let consumers opt out of being tracked has gone nowhere. That’s too bad. An opt-out law applied to network operators and Internet sites alike is probably the best hope to control online snooping. In such a system, you could set your browser to tell networks and websites not to track you; by law, they’d have to comply.
In the absence of such sensible legislation, what can we do? For years, I’ve run Ghostery, a program that detects and deletes tracking cookies. Ad blocking programs like AdBlock Plus also provide this feature.
For defense against snooping Internet service providers, your best bet is a virtual private network or VPN. For a few dollars a month, a VPN will encrypt all your Internet traffic and conceal which sites you visit. VPNs can sometimes slow your Internet performance, but the one that I recently tested, Hotspot Shield, let me stream TV shows with hardly a flicker.
But consumers should not have to pay for the right to be left alone. The overturned FCC rule was a reasonable attempt to restore “none of your business” as the default setting for the Internet. But even if the effort had survived the new conservative Congress, it’s already two decades too late.