back to article So my ISP can now sell my browsing history – what can I do?

So, the US House of Representatives has voted away internet privacy (in concert with the Senate), and the legislation will be heading to the White House for Trump's imprimatur. He's expected to sign quickly, so as internet users it's time to get really serious about privacy. Under the terms of the legislation, your ISP would …

Page:

  1. Anonymous Coward
    Anonymous Coward

    VPN

    It sucks that a VPN is becoming mandatory for all internet access.

    A massive burden on the less well off, as they're forced to choose between having privacy, or a better connection etc.

    Great for European VPN businesses though. Thanks house of representatives.

    1. Anonymous Coward
      Anonymous Coward

      Re: VPN

      Next Tuesday your ISP will introduce "Ultra-Turbo Data Rates", which guarantee[*] wonderful performance through the use of the new snake-oil-a-licious UTDR proxy. Thoughtfully it comes with an additional CA certificate so your HTTPS sessions can also benefit. Unfortunately owing to profound but hard to explain technical reasons most VPN technologies become unreliable at the same time, except for HTTPS-tunnelled, and because of the "unprecedented demand for the Ultra Turbo proxy" non-UTDR-proxy traffic rates drop to < 1Mbps, also for profound technical reasons...

      [*] except not in any enforceable way, and all disputes via mandatory arbitration

    2. paulnick2

      Re: VPN

      infact you can't use 14 eyes countries as explained here http://www.geektime.com/2017/03/28/how-to-protect-your-data-from-being-sold-by-your-isp/

    3. DkSimmon

      Re: VPN

      I must say after this law only VPN can be good choice to stay safe. Although most of the VPN do maintain logs but very few top notch ones don't do that includding Pure VPn and tunnel bear.

  2. Pascal Monett Silver badge

    Well now it's final

    The Land of the Used to be Free has finally entered its sunset period. The Empire is waning, and all this will end in tears.

    President Eisenhower warned you, but it was too late.

    Oh well, we'll just have to wait for the storm to pass. It'll take years, but it will pass.

    1. Anonymous Coward
      Anonymous Coward

      Re: Well now it's final

      If the reanimated corpse of Ike tossed his hat in the ring today he'd be derided as a liberal communist appeaser, 5th columnist dupe, and Breitbart would feature countless links to YouTube videos that prove he actually spent WW2 teaching home economics in a Heidelberg convent school (while under the alias of BJ Blazkowicz the zygotic form of Donald Trump was rampaging across Nazistan)

  3. This post has been deleted by its author

    1. Anonymous Coward
      Headmaster

      Re: Will This Data Be Misused....?

      Here in the U.K. We haven't had DRIPA since 31st Dec 2016 when it expired. We do have IPA which illegally (up until about 2 years tomorrow) allows theoretical access.

      1. This post has been deleted by its author

        1. Mark 85

          Re: Will This Data Be Misused....?

          They are all democracies in name only. Once the politico is in office, they are our masters.

  4. frank ly

    Dual VPN?

    I have a PIA VPN service and my Firefox browser has the Zenmate VPN plugin and my Opera browser has its own built-in VPN capability. If I activate the PIA VPN and enable the browser VPN, then I get a dual hop whereby my exit point and website destination is known by the browser VPN operator but they don't know where I come from. Similarly, PIA know where I come from but they don't know where my browser connection eventually goes to (they know it initially goes to another VPN provider).

    This seems to be more secure in terms of privacy if you're very concerned about that. I think you'd have to clear all cookies and maybe randomise your User Agent string, etc.

    1. Adam 52 Silver badge

      Re: Dual VPN?

      I don't know. On the one hand you've obscured your traffic, on the other you've now got a cryptographically provable link to your VPN payment method.

      Guess it depends on your threat model.

    2. Mark 85

      Re: Dual VPN?

      Careful citizen. At some point, you will come to the attention of the authorities who want to know what you are trying to hide.

      1. Tom 64
        Coffee/keyboard

        Re: Dual VPN?

        Good luck streaming video over that link

    3. Two Lips
      FAIL

      Re: Dual VPN?

      Opera? And you think your data is safe in their hands? Think again.

  5. Anonymous Coward
    Anonymous Coward

    Cheap VPN

    Get an el cheapo offshore VPS plan with unlimited bandwidth (NAT/shared IP is perfect) and install OpenVPN on it - which takes 5 minutes. Job done. Total cost: £2.50/year

    1. CAPS LOCK

      Re: Cheap VPN

      Speaking on behalf of the lazy and hopeless "Details plz"

      1. Kane
        Go

        Re: Cheap VPN

        "Speaking on behalf of the lazy and hopeless "Details plz""

        I meet 1.4 of those criteria1 - more details please Anon.

        1 I am entirely lazy, and .4 hopeless

        1. Anonymous Coward
          Anonymous Coward

          Re: Cheap VPN

          Yes... instructions/guide please.

          Taking it a bit further, here's a (probably fairly standard) situation - home broadband, used by the whole family. Want to protect privacy for everybody but don't want to cripple internet user experience e.g. not get hit with geoblocking for online TV services - Netflix, Amazon etc. etc.

          *Assuming* that a trusted provider can be found, can we set up a first VPS in our home country with routing set up so that (a) those TV services terminate there and get an IP address in our home country, and (b) everything else then gets routed via a second VPS (from a second provider) to a chosen "safe" country (e.g. Switzerland)? Then just set up the home router so that *all* traffic goes to the first VPS, and everything going via the home router is safe.

          In that scenario, domestic ISP then sees only encrypted traffic to the first VPS. Assuming that the first VPS isn't compromised, the only info available to parties in the home country is online TV viewing habits. All other traffic then goes via VPS2 and terminates in a "safe" country.

          Is that possible? Practical? Already being done?...

          1. Sir Runcible Spoon

            Re: Cheap VPN

            @AC You could do that with Enterprise kit, but with home routers you are best off doing it with multiple devices.

            For example, have a single ADSL router that connects to your ISP.

            Inside that you have two routers, one which will create VPN#1 and the other will create VPN#2.

            Everything you want to go via VPN#1 you send to the IP for that device, same with VPN#2.

            Bobsherunkle!

  6. Blotto Silver badge

    Land of the free

    we used to believe that only oppressive regimes like North Korea, China and Russia behaved in this way.

    Seems the tables are now turned and the USofA are the ones micromanaging their citizens to extent they are listening in on their conversations and observing their unguarded behaviour.

    1. Rich 11

      Re: Land of the free

      listening in on their conversations and observing their unguarded behaviour.

      But it's for their own good! They couldn't be kept safe otherwise.

      Suggesting otherwise makes you a freedom-hating pinko Nazi liberal Commie threat to democracy.

    2. fidodogbreath

      Re: Land of the free

      It both cracks me up and terrifies me that so many people slavishly believe the Republicans' claim to be the party of liberty and personal freedom.

      Sure, they believe in freedom for large corporations; but for the peasants, it consists mostly of things like the "freedom" to die of a curable disease, content in the knowledge that the evil gummint did not force you to have access to health care.

  7. Anonymous Coward
    Anonymous Coward

    I would take another route

    I think we have enough technology to lessen the consequences, but we're not solving it at source.

    What we need are tools that allow us to re-attribute those histories. I'm thinking about ways to cross link browser histories so it confuses the identity - maybe even bust the collection database and re-assign a whole host of dodgy links to, say, a couple of very prominent members of the government.

    As yet I have no idea of how to achieve this, but hiding isn't going to solve this. This nonsense needs a firm handful of nuts thrown into its gears because nothing else seems to stop the recurrence of this nonsensical breach of your Human Rights.

    1. Anonymous Coward
      Anonymous Coward

      Re: I would take another route

      Wouldn't that be like a less ambitious form of TOR? Used on a small scale it will probably work, but if popular enough you'll probably see some of (a) exit node hampering (b) ISP terms & services barring traffic redirection/running servers being enforced (c) ISP deeming traffic obscuration a "business service" and requiring a more expensive subscription

      1. Martin-73 Silver badge

        Re: I would take another route

        The latter two would lead to the isp becoming a wasteland of only fools remaining. See 'AOL' for an example

        1. Sir Runcible Spoon

          Re: I would take another route

          "Atm, not sure if wiser to secure yourself, or attempt to get lost in the noise."

          If we're talking about serious TLA's then hiding yourself in the noise is reasonable, but since we are now talking about people having access to your details and selling the info then I would go secure.

          Personally, I'm not going to go to the bother of VPN's outside my country (I prefer the speed benefits of local connections) so the spooks/law can still get my data if they think it's necessary for some reason, but the bottom feeders won't be getting my details.

    2. Anonymous Coward
      Anonymous Coward

      "As yet I have no idea of how to achieve this,"

      Me neither.. But I suspect the answer lies in some kind of community sharing... Where users agree to route each others traffic somehow. After all every corporate that claims to be neutral will probably succumb eventually. So we need community spirit to be part of the fight-back.. Its sad / dystopian news though. How did things get this way... Privacy after a thousand cuts... Politicians are all pawns... Feels like watching 'Homeland' or something...

      1. Meph

        Re: "As yet I have no idea of how to achieve this,"

        You could always try a decentralized browsing stream, similar to current generation peer to peer file sharing. If 0.5% of your browsing comes from multiple sources, then the tracking data won't be worth much. In suggesting this, I think I can already feel the ire of millions of programmers though.

        The alternative would be to confuse the held data by randomly accessing resources with no discernible pattern. This might lead to some unusual adds being served though.

        1. Anonymous Coward
          Anonymous Coward

          'try a decentralized browsing stream, similar to current generation peer to peer file sharing.'

          What are we really talking about here The-Pirate-Bay's PirateBrowser etc.... Anyone got some recommendations for decentralized web browsers???

          1. Swarthy
            Devil

            Re: 'try a decentralized browsing stream, similar to current generation peer to peer file sharing.'

            Hmm.. I wonder what would happen if I appended ?fnord=");DROP TABLE history;-- onto all of my URL entries.

            Or maybe a browser plugin that would rotate through history, userhistory, browsing, and the like; or maybe users, customers, billing, or just * for the nuclear option. Perhaps the plugin could add those as HTTP headers, so as not to risk buggering up legit query strings.

    3. Ogi

      Re: I would take another route

      Sounds like what you want is a big distributed VPN. Essentially what the internet is already, but fully encrypted.

      the i2p project is what I looked into: https://geti2p.net/

      Sounds very much like what would be the solution. The only problem is that unless you have a gateway to the wider internet, you are stuck to what services are run on the I2P network. However you (and your mates) can host whatever you want on it, including IM, web, etc... and you go from there.

      I might have another look it, however the other problem is if all my traffic becomes encrypted, that will just single me out as someone that the powers should "pay close attention to".

      Atm, not sure if wiser to secure yourself, or attempt to get lost in the noise. For now running a yacy search engine spider on my machines. That way the bot is constantly spidering the web so we get an open source P2P search engine that is usable with an up to date index, and my browsing hopefully gets lost in the noise.

    4. Kiwi
      Holmes

      Re: I would take another route

      maybe even bust the collection database and re-assign a whole host of dodgy links to, say, a couple of very prominent members of the government.

      Looking at El Presidente, I don't think any manipulation of the data would be necessary.

      I'll bet he wants his data kept free from this. I'll also bet his ISP will be getting some pretty big offers for his history - and much the same for any other high-ranking politician/military person/other official.

      Just thought of the blackmailing opportunities this could open up. Pay your $60/mo for chump's browsing history, blackmail him with it. Course you'll have to pay massive counseling fees for the poor pleb you go tot troll through it for whatever filth that thing the yanks call a president is in to, but hey - you'll be a billionaire and the pleb (and counsellors) will walk away with more money than the GDP of a small nation, so it could be worth it...

      [orders truckload of popcorn]

  8. Blake St. Claire
    Holmes

    Silly, that's what bots are for

    I'll just run a slow spider of the web. I'm happy to let them sell that history to someone.

    1. Anonymous Coward
      Anonymous Coward

      Re: Silly, that's what bots are for

      And pray it doesn't bumble into some strict liability material... before that happens make sure to share the good news that St Claire's Spidery Services seeks to improve its boardroom with the the valuable experience of soon-to-retire senior policemen and cabinet ministers, stipend to be arranged. Going to play at being Google? need to play at "don't be evil" too.

      1. Blake St. Claire

        Re: Silly, that's what bots are for

        pfft. Trivial problem to solve. Spybot – amongst probably others – has a long list of known malware and porn sites that it inoculates your system with. It blackholes the known sites in your system's (/etc/)hosts file. And I've tripped over a few other sites on my own that I've added to the list. (Which reminds me, it's been a few years since I updated the list). The bot can start with those and be updated on a regular basis. It's also easy to avoid anything/everything in the .xxx TLD – thanks ICANN.

        And if I ever decide to run for Parliament or Congress and someone goes muckraking through my browsing history I've got an easy answer: the bot did it. On top of which, there's also the Get Out of Jail Free Card, er, I mean the Grab 'Em By The Pussy card. It worked for Twitler, it ought to work for everyone. I mean honestly, who gives a rats ass if I've looked at porn? Aren't we over that yet?

        Next!

  9. Anonymous Coward
    Anonymous Coward

    Opportunity for Amazon here...

    Amazon could offer a consumer VPN, powered by the fairly powerful AWS machine, to their long-suffering Prime customers. Give us something to play with in-between waiting for the next Grand Tour season, and sitting around nearly a week waiting for our "2-day" shipments to arrive.

    PS: 'Manchester By The Sea' is horrific. Cheers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Opportunity for Amazon here...

      You can probably also set up your own VPN server on AWS outside the US...

  10. LaeMing
    Boffin

    Track Me Not

    Suggested over at ArsTechnica was https://cs.nyu.edu/trackmenot/

    I haven't looked into it in detail yet though.

    1. Timbo

      Re: Track Me Not

      TrackMeNot can be installed into Chrome, but trying to do the same in Firefox causes the browser to prevent installation as it is an unsigned extension :-(

      1. MiguelC Silver badge

        Re: Track Me Not

        You can install it from the firebox official add-ons site https://addons.mozilla.org/en-US/firefox/addon/trackmenot

        1. oneeye

          Re: Track Me Not

          Hi all,

          Read this article by Bruce Schneier about "Track Me Not" and have a good laugh. He makes many common sense statements why this won't work.

          https://www.schneier.com/blog/archives/2006/08/trackmenot_1.html

          Now, they may have made numerous improvements over the years, but much of what is in the article still applies.

      2. DkSimmon

        Re: Track Me Not

        Preferable this would help.

        http://bit.ly/extension-VPN

  11. Anonymous Coward
    Anonymous Coward

    "Corporate America is all about a race to the bottom,"

    ...."Corporate America is all about a race to the bottom," .... "What are these companies going to do when shareholders demand they take advantage of the new revenue stream? I don't buy it that they'll take the high road."....

    Now the worrying question is, which countries will follow.....?

    So many countries still worship the US way of doing things...

    From Hacking Team leaks: US-DEA taps Colombia's entire internet etc.

  12. vallor

    The article includes one of the interviewees being skeptical that various ISP will be safe from this sort of overreach (specifically, Sonic), as he says they are all in a "race to the bottom".

    Thankfully, Sonic is privately-held, so the spectre of shareholders demanding violating their customers' privacy is not a concern.

    Full disclosure: I'm one of the owners, and we have always taken the privacy of our customers very seriously. We've used the analogy of the phone company listening in on phone calls for marketing purposes -- that would be very creepy, and so is this bill from Congress.

  13. Anonymous Coward
    Anonymous Coward

    Do all readers live in USA

    I stopped reading the article because I got the feeling that this article seems to me to assume that every reader is subject to this USA law, or am I just a non-native-english speaker/reader and/or missing the point completely?

    Nevertheless I am annoyed and perhaps worried 'bout this insane murrican lawmaking...

    So now I will continue reading the article.

    1. Kane
      Big Brother

      Re: Do all readers live in USA

      "I stopped reading the article because I got the feeling that this article seems to me to assume that every reader is subject to this USA law, or am I just a non-native-english speaker/reader and/or missing the point completely?"

      It's a fair point, but what is to stop these ISP's collecting data from connections arriving from outside the USA; as an example, visiting a site that sits within an American server/network. If I'm in Blighty, my data and connections traverse the inter'tubes. Won't they be picking up this info as well? Won't that info be compiled into a sell-able package as well? Can this be confirmed?

      1. Sir Runcible Spoon

        Re: Do all readers live in USA

        This might be in the US for now, but you can bet the UK will be hot on their heels (if not already ahead of the game with your Internet Records).

  14. Anonymous Coward
    Anonymous Coward

    We are supposed to live in a free market in the US, ......

    Yes, The Reg is based in the USA.

    1. Anonymous Coward
      Joke

      Re: We are supposed to live in a free market in the US, ......

      Be calm, Brexit just happened today, it will still take some time before UK becomes a colony of its ex-colonies...

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like