By now, it is common knowledge that when applying for a job, the applicant is opening to the possibility of having his or her online activity dissected by the potential employer. But how informative can a simple Internet search truly be? We have learned to be more vigilant with our online presence by deactivating our teenage accounts, deleting compromising posts and restricting public access. The idea that you have control over your online data is however misleading. Your Internet Service Provider (ISP) knows and stores more about your online habits than you do yourself. This may come to a surprise to you, as the majority of the people online tend to pay scant attention to their ISP (outside of troubleshooting their connectivity or paying their bills). Privacy laws that directly impact ISPs and customer’s rights have been in discussion for the last several years. While there have been some improvements, there have equally been as many disastrous setbacks to privacy

Web browsing is a bountiful source of customer data that is worth billions of dollars. The websites a person visits, the items they choose to purchase, and the topics they aimlessly search are only a few of the activities that are logged and collected by your ISP. The laws applying to ISPs in the United States have varied with extreme swings, depending on the ruling political party. In 2016, the Federal Communications Commission delivered a landmark ruling that limited how ISPs could use and sell customer data. It also granted customers the right to govern and control their personal information. The elections of 2016 in the U.S. brought sweeping political changes. Only six months later, the FCC ruling was rolled back. It is evident that ISP companies used political largesse to gain back their ability to exploit their customers’ data. To overturn the 2016 FCC ruling, ISPs solely used arguments based on the amount of profit Facebook and Google have been able to produce from monetizing customer data.  

Facebook and Google are the two biggest players when it comes to monetizing data and running afoul of privacy laws. These two tech giants are also considered edge companies that provide free services that are optional for customers to use. It is incorrect to categorize ISPs with these companies as ISPs provide a service that needs to be paid for. Thus, legally, they need to be treated to higher standards than edge companies and application layer service providers. We know from history that ISPs cannot be trusted with customer data if unregulated. Several ISPs in the United States have previously hijacked their own customer’s search traffic in order to monetize the searches of their customers. Researches have shown many cases of ISP’s redirecting customers to one or more affiliate marketing programs resulting in commission payments to the ISPs involved. 

ISPs are known to observe customer traffic, record their browsing history, and inject relevant ads into their traffic. AT&T, Sprint, & T-Mobile are some of the largest ISPs in the United States that have been caught selling mobile phones with pre-installed software that log and send back information regarding customers’ apps, websites and other online activities.  

How Do You Preserve Your Privacy? 

Use a VPN

Using a no-log VPN will encrypt your internet traffic and prevent your ISP from seeing and tracking your online activities. Furthermore, it will also prevent any entity from tracking your actions back to your IP address. However, beware of privacy and affiliate sites pushing VPN providers whose jurisdictions are known to be subject to surveillance (i.e., United States). We also recommend being cautious about using Tor, which is an open-sourced browser that enables anonymous communication via directing Internet traffic through a volunteer overlay network. The major issue we have with Tor is that it has been compromised in the past and may provide a false sense of security. 

We also recommend using an encrypted search engine. Always make it a habit to review your ISP’s privacy policy and opt-out of data sharing whenever possible. Privacy laws alone will not be enough to protect you. 

Being proactive and safeguarding your data is crucial in this day and age. Many ISPs have the habit of assuring their customers by specifying that it only aggregates or anonymizes customer data. This is cold comfort that provides little value. A 2017 study by the Stanford Center for Internet and Society showed that de-identified web browsing histories can easily be linked to social media profiles using publicly available data. The Stanford researchers recruited nearly 400 users to turn over their web browsing data that had been scrubbed of any overt personal identifiers. The researchers were able to identify an individual from the data sets in nearly 70% of the cases. 

Safeguarding privacy and proactively using encryption is necessary to fight “surveillance capitalism”. Shoshana Zuboff, Harvard Business School professor and author of the book Surveillance Capitalism, famously wrote:“Privacy is having the right to decide how you want to live, what you want to share, and what you choose to expose to the risks of transparency. In surveillance capitalism, those rights are taken from us without our knowledge, understanding, or consent, and used to create products designed to predict our behavior.” Proactively protect your privacy and never blindly trust your ISP.