Privacy Alerts - ISPs
Home
Internet & Software Privacy
Computer Hardware Privacy
Telephone Privacy
Data Broker Opt-Out
Card-Based Concerns
Background Checks & Criminal Records
Financial Privacy
Identity Theft
Latest Privacy News
Display Our Seal
 

Is your Internet Service Provider selling you out?

Yes. Well, it looks like some of them do.

It's a fact that if you surf the web, you leave behind a trail that can be followed. Privacy on the web is an interesting thing. Most web users expect it like an inalienable right, but it's just not always there. In fact, one of the major internet business phenomena of the past few years in particular is advancement of data mining and data storage. To learn more, click here.

Your clickstream is your path as you navigate through websites on your internet browser (e.g. Internet Explorer, Mozilla Firefox). When it is sold, an ISP would "anonymize" the click stream by substituting "User 1" for an account or customer ID. The problem with "anonymizing" data is that the ISP would have to go through great lengths to completely remove all of your identifying information from the clickstream. That's to say, that it is possible your identity can be constructed from this "mildly anonymized" data.

Let me explain a bit further: your ISP may sell your information, your name may not be attached to it, but it wouldn't take that much detective work for your identity to be derived. For example, say you were looking for a Bank of America ATM near your house. While your name wouldn't be in the clickstream, your home zip or address and your bank would be. Say you are using part of your name for a user ID (common practice particularly for colleges and universities), well now that information may be incorporated into the clickstream (most easily if your user ID... Carla B... is part of the domain name... www.usc.edu/registrar/1784396/Carla_B). With those two transactions, someone at an affiliate company would know your home, school, name, and bank account company. Pretty impressive.

It has been reported that ISPs make about $5 USD a month per user clickstream . Your ISP may sell this to internet marketing firms to understand internet user trends. They may also keep your data and analyze it themselves.

Although it varies from company to company, ISPs can also sell your directory information (your name, address, and telephone number) if their privacy policy language allows for it. This is similar to is your telephone company selling your information.

Wired.com recently did a very interesting study where they posted the contact information for the major ISPs. Their respective customers contacted them with certain specific questions, one of them being "are you selling my clickstream data?"

ISPs that expect to profit from your clickstream should at the very least inform their users that they are doing so.

So yes. Internet service providers (ISPs) can and sometimes do sell your information.

In a related story:

In August of 2006, America On Line (AOL) posted mildly anonymized data that included 20 million web queries from 650,000 AOL users. They did this mainly to furnish academic researchers with a dataset, but soon realized the error of their ways. The dataset was only posted online for a short period of time, but was copied numerous times. As a result, AOL customer identities could be readily constructed. In this article, the identity of Georgian retiree Thelma Arnold was discovered by piecing together her clickstream. Ridiculous story of the day...

This is perfect example of technology developing at such a rapid pace that government legislation cannot keep up. In fact, when congress tried to do something about this particular issue, the bill died before it was even debated (Eliminating Warehousing of Consumer Data Act of 2006). The bill sounds as if it's little more than an afterthought now. Basically, there is too much money being made to augment this industry.

How can you help prevent damaging privacy invasions like AOL's data leak?

Some ideas to keep your search history private:

  • Don't put personally-identifying or sensitive information in your searches (search your own name, your car, your current residence, etc...) so that it can be built up into a profile. Many of these searches are commonplace, and rather than just not doing them, create more secure ways to do them. For example, doing searches from different search engines (use Yahoo! for financial searches, Google for personal searches, etc...). Also try using a different computer for sensitive searches or a different user profile on the same computer.
     
  • Don't use a search engine operated by your ISP. Most ISPs inherently know who their users are, at any given time and over the long run. If you use their default search tool, they don't just know who you are and but now they know everything you search for. Use another company's search tool instead.
     
  • Don't log in when you don't have to. Don't log in to a search engine account if you use a web-based e-mail service or other services provided by your search engine.
     
  • Use a separate browser or browser profile for search and sensitive activities.
     
  • Don't accept cookies from your search engine. If you use a service like web-based e-mail that requires you to accept cookies, don't let the personally-identifying information in your e-mail get linked with your searches. You do this by clearing your cache or setting up a different profile for search activities (different browser, or sign into a search email account).
     
  • Interesting notes: For Firefox users, the free CustomizeGoogle extension will allow you to anonymize your search cookie without breaking GMail (see the "Privacy" tab in the CustomizeGoogle options). We're still looking for extensions that provide corresponding functionality for Yahoo!, MSN, and AOL users.
     
  • You can also use Privoxy, although it's a bit more difficult to configure.
     
  • Use an anonymizing proxy, or proxy network like Tor, to prevent search engines from learning your IP address, especially if your ISP gives you the same IP address each time you use the Internet.
     
  • Also, there are several products out there that will anonymize your web searches, here's one: http://www.anonymizer.com/
     
  • Besides that, here's a list of online privacy tools: http://www.epic.org/privacy/tools.html

Related articles

Rate this article

Your vote:

Leave a comment

Your Name (required)

Questions about this topic? Ask them on our Contact Us page.

Bookmark this page
Home | Contact Us | Privacy Policy | Terms | About Us | Sitemap | Attention Webmasters
© PrivacyAlerts.org - All Right Reserved.