Photo via file404/Shutterstock (Licensed)
Let’s get real: There are steps you can take to shield your data—but they’re not enough.
Do you feel dissatisfied over the state of online privacy, and wish regulators would do more, not less, to protect your privacy? For most Americans, the answer to that question is yes. Unfortunately, Congress is about to move online privacy in the wrong direction.
Despite the fact that Americans overwhelmingly want more privacy protections, Congress is on the verge of doing a huge favor to corporate benefactors this week by eliminating some of the strongest privacy protections we have—rules that prevent internet providers from spying on their customers and selling or sharing private information about what their customers do online without permission. The rules also require internet providers to take steps to protect that information from harmful attackers.
Last week the Senate voted along party lines to eliminate those rules, and the House of Representatives is scheduled to vote on it later today. If the House vote goes through and the president signs the anti-privacy resolution into law, you can say goodbye to privacy protections against spy-prone internet providers.
If you feel strongly about your elected representatives in Congress working to dismantle privacy protections you value, then, of course, you should reach out to them and tell them how you feel before it’s too late.
But if Congress acts to eliminate privacy anyway, you might be left wondering: What next? What can I do to protect my own privacy if Congress is working to destroy it? You can’t very well forgo using the internet, which in today’s world is essential for education, job applications, healthcare, finance, and more. You might not even have the ability to switch providers if you don’t like the invasive practices of your provider—many Americans only have one option when it comes to high-speed internet. And your internet provider has both the ability and incentive to spy on you. In the words of the founder and CEO of one internet provider in Maine, “Your ISP can look at your traffic and discover the most intimate details of your life, and selling that information will ultimately be more valuable than selling the internet connection.”
The depressing reality is that if and when Congress eliminates internet privacy protections, you’ll be left with few options to defend yourself—the little you can do will pale in comparison to having concrete rules that strictly limit internet providers’ ability to share or sell private information. Your self-help privacy options will be neither appealing nor effective:
Take advantage of privacy options offered by your provider (maybe). If you’re lucky, your provider might make limited privacy options available to you on what’s known as an “opt-out” basis—meaning they will share your information by default, but allow you to tell them to stop doing that if you can figure out how. Unfortunately, if Congress eliminates existing privacy rules, the details about what information your internet provider collects will probably become even more difficult to find and understand, and internet providers will probably gut many of their more privacy-protective options.
Subscribe to a “virtual private network.” In addition to your already-expensive internet bill, you could decide to pay for a VPN service that helps to shield some of your Internet traffic from your provider. But it’s not as easy as it sounds: You have to have a bit of geek know-how to properly configure your VPN, and (annoyingly) you’ll also have to remember to turn on your VPN every single time you connect to the internet. Not only that, but tunneling all of your traffic through a VPN will substantially slow down your internet experience. And if that wasn’t bad enough, it might not even address your privacy concerns: Just like your internet provider, your VPN provider could also track and sell your online activities. Needless to say, VPNs are not a magic cure for internet privacy.*
Install HTTPS Everywhere. This is a free extension for your web browser that routes you automatically to the HTTPS version of the websites you visit. This means you’ll see the friendly green lock icon more often, which indicates that your connection is encrypted and fewer details of your browsing activities will be available to your provider. The HTTPS Everywhere extension is wonderful because everything works automatically once you’ve installed it. But here’s the problem: Many popular sites don’t even support HTTPS. A study by Google last year found that a shockingly high number of sites either use outdated encryption or offer none at all. This means that HTTPS Everywhere can’t help protect your privacy on those sites, even though there are other sites that it helps with. So you should go install HTTPS Everywhere—it’s easy to use, and it does provide some protection—but it’s a far cry from the strong privacy protections that Congress is trying to do away with.
It should be clear that the things you can do to protect your own privacy from your internet provider are at best suboptimal and at worst horribly insufficient. Indeed, there are several other things not worth discussing here because they are so technically difficult as to be effectively unavailable to the average internet user: Things like swapping out your DNS server, installing your own wireless router (and retiring the one your internet provider gave you), setting up a private email server, encrypting your emails, using the Tor Browser, and periodically changing the MAC addresses of your connected devices.
And none of these solutions—or all of them together, for that matter—are as good as having rules on the books that just prohibit internet providers from spying on their customers and selling their private information without permission. We have those rules today, but tomorrow they could be gone.
Good luck, internet users. You may soon be on your own.
* If you do decide to subscribe to a VPN, it’s worth noting here that one VPN provider, PrivateInternetAccess.com, is speaking out in defense of federal privacy rules. I emailed PIA to confirm that they don’t collect their clients’ web browsing histories, and they said, “Correct. We do not collect our clients’ web browsing history as a matter of practice and pride.”
Laura Moy is deputy director of the Center on Privacy & Technology at the Georgetown University Law Center.