Yesterday, the U.S. Senate voted to remove a broadband provider rule that prevents internet service providers (ISP) from selling your personally identifiable information (PII) to advertisers without your explicit consent. If this ruling also passes the House, ISPs will be able to sell your browsing habits, and other personal information, at their whim. Many have pointed out the serious privacy implications of this change, and suggest ISP should now stand for “invading subscriber privacy.” Beyond the privacy risks, I also argue that this change puts your security at risk. Watch today’s video to hear more about this vote, my opinions about it, and what you can do to get involved.
Episode Runtime: 4:10
Direct YouTube Link: https://www.youtube.com/watch?v=oOwjEcr02dU
- U.S. Senate votes to allow ISPs to sell your data to advertisers – Ars Technica
- EFF’s take on Senate putting profits over privacy – EFF
- Malvertising still a significant threat – Infosec Island
Corey Nachreiner, CISSP (@SecAdept)
With all due respect for the great WG Security Guru, online privacy is a myth. I applaud this undoing of an 11th hour Obama regulation that HAS NOT YET TAKEN AFFECT. Nothing has changed and only levels the playing field and prevents the FCC from making similar future regulations that maybe you WON’T like. Never let our defenses down on security, whether or not a law is passed by government. Think of all the tracking Google does. Who has come down on them? Google has a powerful monopoly and are useful to governments (including now censoring free speech), whereas others aren’t so much.
Corey Nachreiner says
Heh… I won’t claim “great” but thanks for the honorific…
In many ways, I do agree with you that some of privacy is dead, and there is NO doubt that many sites/apps like Google and Facebook do already track many of the things you do, and some tracking cookies can extend their view into what you do well beyond their own site. However, I do differ with your opinion on ISPs specifically. Here’s why:
1) Facebook, Google, other are somewhat limited in what they can track of your browsing habits. They don’t see everything you do. Yes, there are certain Ad cookies that do “follow you around” and give more data to these entities, but there are easy technical ways to disable them if you really want (another benefit of script blockers, among other things). However, EVERYTHING you do goes through your ISP. They can see every DNS query, and frankly, every packet if they wanted to. The scope of privacy loss is greater with an ISP, IMHO.
2) ISP are unavoidable. Facebook, Gmail, and Google are avoidable. If you are someone that is concerned with your privacy, you do NOT have to use them. On the other hand, you require and ISP to get to the Internet. In many some countries/states, you also have very few choices, so it’s harder to find other options.
3) You already pay for an ISP. This service is monetized directly, but us giving them money. Facebook, Gmail, and Google search are free because you are making the choice to give up some privacy in order to use that free service. Unless ISPs are going to give us access for free, this behavior is not acceptable.
In any case, even though I too think most of the world has already given up way more of their privacy than they know, I don’t believe this should be an acceptable status quo. We can continue to do things to get it back. I personally think having ISPs be common carriers, and have to live up to more rigorous customer privacy rules makes perfect sense.
That said, thanks for your reply. I really like to hear others well thought out opinions. I think this kind of debate is crucial for society to come to the right answers, what ever that answer may be. Really appreciate your thoughts.
Thank you, and you of course mentioned things I hadn’t thought of; however, wouldn’t our Watchguard VPN protect from ISP snooping our traffic other than seeing the destination and receiving ips?
If that is true, I guess my point is that there are things that can be done to protect ourselves from ISPs as well as from Google and FB and Twitter and so why would there be a law to discriminate between one provider and another if only to allow a monopoly to continue? I do get your point about not paying for free services and giving up privacy, but that still doesn’t sit well. Online ads should be no different than TV ads or newspaper ads or billboards that do not track. When did that become so acceptable to us and do they have to do that as a search engine? If so why? True, I don’t have a FB account, but I do use Google. Trying out Duck Duck Go.
How could our Watchguard firewall be configured to provide that level of encryption for all our users’ traffic like those using the VPN enjoy or perhaps a browser recommendation?
As a WG customer for years, I’d like to use this opportunity to say how pleased I am with your products and also the tutorials you provide.