What does it mean that American ISPs can trade with user data
A few days ago we talked about the fact that the users of the United States could no longer prevent their personal data from being trade material for the ISPs of the North American country. After having started a frontal attack against the neutrality of the network, this was perhaps the next step of the government.
Yesterday we voted in the House of Representatives the elimination of privacy rules of the FCC as published in Ars Technica among many other international media that have echoed the news. Now it is official: user data are for sale.
For now the great ones of the technology have not pronounced themselves. Some US carriers have been pushing for a long time to knock down FCC regulations, which had been established under the Obama Administration. The current FCC has a Republican majority, which seems to mean that private companies and their demands will be much more protected.
Towards the end of the year, the new reforms will enter into action. Until then, American Internet providers will not be able to share their customers’ personal information, but what does that mean for users worldwide? Does this feel a dangerous precedent? It is what we intend to clarify.
Let’s go by parts. The regulation that has been repealed was approved last year, and was intended to protect the privacy of users. If an ISP wanted to trade or share a user’s data, before the user had to grant permission to do so.
From the moment it was approved, Internet lobbies pressured the government to reverse the legislation . The director of the FCC, Ajit Pai, in keeping with the speech delivered by the MWC in which he spoke of a “light regulation” in terms of privacy and net neutrality, was always in favor of the lobbies.
Now the lobbies have achieved what they wanted last year: to trade with the user data under the protection of the FCC , since they have helped regulate in favor of pressure groups and have had the support of the Republican majority in the House of Representatives.
To whom are those data going to be sold?
The set of data that will be collected are, as we have already mentioned, from financial or health details. These sensitive details could then be sold to third-party companies to, for example, present personalized advertising to users.
In social networks, for example Facebook, user data is used to show relevant advertising. That is, if for example the user is very interested in Linux, then you will receive a lot of related advertising: courses, workstations, laptops … it’s nothing new in these environments.
However, it had never happened with the ISPs, which until recently had to act as an “institutional defense line” of the user’s privacy. It is an unprecedented fact.
Is it useful to use the incognito mode of the browser?
As we explained in a previous article, the incognito mode is not really anonymous. Why? Well basically because it is local and more a “compromise” of the browser than something technical. The sites you visit work exactly the same with or without private mode, and for them a request from your browser is the same in both cases.
This means that if they want to follow you, the pages can do it. And is that although the usual cookies do not work because they are deleted, there are many methods to identify you. Some of them are very advanced, such as canvas fingerprinting or HSCO supercookies.
The private mode also does not prevent someone who monitors your connection (in this case the ISP) to see where you are getting , unless you use an encrypted connection through HTTPS. Perhaps now the only thing that can prevent ISPs from accessing the user’s browsing data is using Tor and VPNs, and even that is not entirely secure.
What will the ISPs see?
As it has been collected in Ars Technica, all Internet activity that users have. We already said it before: the information will be sold to show users relevant advertising, and that is that US operators are expanding into the advertising business.
Based on this, the Federal Trade Commission (FTC) has recommended that Internet providers continue to seek the consent of users before selling their most sensitive information. But the FTC also says that, for everything else, there is no need.
Does this feel a precedent?
The revocation of the FCC rules can set a dangerous precedent in other countries. The telecommunications lobbies have even managed to carry out these activities under the protection of the FCC, which is not exactly trivial.
But nevertheless, for the general public this fact seems to have gone unnoticed and is that, as Alonso points out in the interview, “people are not aware that their data have value”.
For now, the only thing that “saves” users is that they have to give their permission before trades with their data, but the corporate world in our country has a lot of power. Looking at the model adopted by the USA, we may not take long to see similar requests here and in the rest of the world.