There's a lot of buzz going around about internet privacy right now. It's a longstanding debate– who's tracking your online activity and what are they doing with that data?
But for some, this conversation and its correlated anxieties were revived last week when congress voted to reverse a few rules that the Federal Communications Commission was scheduled to enact.
Back in October of 2016, the FCC voted to put a few protections in place to make it harder for Internet Service Providers or ISPs to sell your data. In short, ISPs (companies sell you your internet connection like AT&T and Charter) would need your permission to sell your search history. That data is bought by companies so they can market directly to you.
But last week, Congress voted to rollback those provisions before they even took effect. And last night, President Trump signed it into law.
Since those now overturned FCC rules weren't actually in effect yet, nothing has actually changed about how your data is utilized. Nevertheless, online tools intended to protect user privacy are gaining popularity.
To get a better sense of how ISPs use data about personal online activity and how privacy tools work, Take Two's Libby Denkmann spoke with Josephine Wolff. She's a professor of public policy and computing security at the Rochester Institute of Technology. And she's written about this for the online publication, Quartz.
So, here are 3 things you should know about internet privacy:
1. Noise injection tools create data static but don't eliminate data collection
Most of the ‘noise injection’ tools are designed to create a lot of automated, fake activity that looks like you were doing a search every 5 seconds for something random on Google. And that makes it harder if you're selling all of your data as a set, to pick out what you're actually interested. How do I profile you as an individual because there are these thousands and thousands of searches or random websites being opened that make it more confusing and make it harder to profile effectively.
If you're dealing with a simple advertising algorithm that looks at what website you visited and tries to advertises based on that, then I think, certainly, this could confuse that a little bit. But I also think that a lot of this ‘noise’ is easy to detect both by people who are analyzing the data, and also by search engines. If you're doing a random search every 5 seconds, then search engines are probably going to notice your computer is sending these searches at very regular intervals that doesn't look like human activity. And you're going to see some pushback from them as well because they also need good data about what people actually want to search for and what they actually want to click on to build their product.
2. VPNs can help protect your information but are not a cure-all.
Virtual Private Networks essentially mean that on top of your Internet Service Provider which is proving connectivity to your house, you then have another service– your VPN provider who you connect to through your service provider. And they then process your other connections to the internet. So your ISP can't necessarily see what you're doing because you're doing it through your VPN. They can see that you connected to a VPN, but they don't necessarily know what happened after that.
That's a good way of sort of shielding some of your information from your service provider. On the other hand, you have to trust your VPN because now they have all of that data about what you're doing. And also, there are some restrictions on say, what kinds of services you can use VPNs with. So, it's hard to do something like watch Netflix through a VPN because they're concerned about people coming in from different countries and accessing movies that they may not have the copyright to in those countries. So there are definitely limitations but it's certainly one way to try and protect yourself.
3. Nothing will keep your search history totally private.
That's a plain as you can say it.
Now that we have laws in place contrary to the FCC's intentions to regulate how data is used, as a country, we have a philosophical question on our hands.
You kind of go back to square one after this vote and say, do we think that in this country people have any control over the online data they put out in the world? And we had been moving in a direction where it seemed like the answer to that was going to be yes. And now I think, we're going to have to revisit that and say, is that actually true that our government thinks people should have some control– should have some ability to decide who collects their data and how it's used? And are we in that case going to try and put that into regulation or are we just going to decide companies get to do whatever they want with our data?
*Quotes edited for clarity.