All your private online data—the websites you visit, the content of your chats and emails, your health info, and your location—just became suddenly less secure. Not because of hackers, but because Congress just blocked crucial privacy regulations. This will allow your internet service provider to collect all your data and sell that info to the highest bidder without asking you first. Welcome to a brave new world.
A pair of resolutions, which passed through the Senate and House with exclusively Republican votes, roll back rules put in place by the Democratic leadership of the Federal Communications Commission during the Obama administration. Those rules would have required ISPs to get explicit opt-in approval from customers before selling any of their data. The rules—which will be completely dead following the expected signature of President Trump—would have prevented the sale of the following "sensitive data" without consent:
Now, sharing that information without your explicit permission will now be fine and dandy.
In theory, this information will be collected and stored under some sort of ID separate from your actual name. But that's a cold comfort considering the level of detail in this sort of information would make your identity a dead giveaway, and ISPs can hardly be trusted to keep your identifying information suitably safe from prying eyes. After all, they'll be building dossiers any hacker would love to steal.
What to do? There are a few things you can do to try and keep your data safe, and while they aren't necessarily easy or free, they're worth it if you value your privacy.
Opt out with your ISP
Your ISP may not need your permission to sell your data, but you can still go to them and tell them not to do it. The catch, of course, is this requires you to be proactive, and there's no real guarantee that this will protect you completely. Still, do it. Get on the phone or visit the website of your ISP and opt out of every ad-related thing—and into every privacy-related thing—you can find. The process can be a little arduous—often requiring the use of your ISP-given email address that you probably never use—and it may not take effect immediately either. All the better reason to do it now.
Time Warner/Spectrum customers can find their privacy dashboard here. Comcast customers can opt out of some targeted programs using these instructions. Verizon customers can find opt out options here. Remember, your phone company is technically an ISP too, so look up your options on that front as well.
Opting out is an important first step, but it is not enough to actually preserve your privacy. Your ISP is not necessarily giving you the opportunity to opt out of all its ad-targeting programs. As Eric Null, policy counsel at the Open Technology Institute, told Gizmodo, it is "highly unlikely" the new FCC will go after ISPs that aren't offering robust opportunities to opt-out.
Some smaller ISPs, which survive on small and satisfied customer bases as opposed to a large and captive audience, are more incentivized to protect your privacy with gusto. In fact, a whole host of small ISPs wrote a letter to Congress opposing this move. If you're lucky enough to have the option of switching to one, now might be a good time.
Keep your data out of your ISP's hands in the first place
Your ISP is uniquely suited to snoop on your information. Anything you put online has to pass through its hands. Email you send through Gmail, chats through Facebook Messenger—they all travel through your ISP before they reach the service that actually sends them on. But while it is impossible to cut your ISP out of this exchange entirely, you can hide the data as you are sending it.
Apps with end-to-end encryption can encrypt your private information on the phone or computer you're using, ensuring that it is coded and protected through the entire delivery process. So while your ISP can see the data go by, they can't make sense of it.
Secure chat apps like Signal will be crucial to keep your chats private not only from the government and hackers, but from your ISP. Just make sure these services have security measures that are open-source and trusted by experts who can help keep them honest. You can also encrypt data manually, using a standard like PGP, before you send it off into the web, but it can be an arduous process, because you have to ensure that the recipient has the means to decode that info and read it.
The most seamless solution is to pay for a Virtual Private Network—a VPN—which allows you to encrypt all the data that passes through your ISP. This means that while your ISP still doing the work of hauling your data around, it can't understand any of it. The downside to this is that VPNs (at least any VPNs you can trust) are not free. Most good ones will require a yearly subscription. Furthermore, you aren't hiding your personal data from everyone, you are just entrusting it to the VPN instead of your ISP, so do your research and choose a VPN you trust not to sell you out. Fortunately, since VPNs exist exclusively to keep your data private, they are pretty incentivized to keep you happy.
The short and uncomfortable truth is this: Until more robust privacy protections are put in place, the burden of protecting your online data falls on you. Keep it in mind, do your research, and remember that your monopolized ISP has every reason in the world to sell you out and wring your data for every dime that it is worth. The only one you can really trust to protect you is you.