Monday, 25 October 2021

FTC Study Confirms ISPs Collect a Scary Amount of Your Personal Data

Servers with CAT 5 cables on racks in a large computer server farm.

Frustration with Big Tech is reaching a crescendo, and we could be headed for legislative efforts to reduce the influence of companies like Google, Amazon, and Facebook, but another technology heavyweight has managed to fly under the radar: your Internet Service Provider (ISP). A new Federal Trade Commission (FTC) report examines what ISPs are doing with your data, and it’s not good news. Even when they promise not to sell your information, it often ends up in the hands of advertisers and other third parties. 

An internet stalwart like Google could have a vast amount of data on you — it’s the price you pay for using Google’s freely available services. That’s the catch: you have to use Google’s services before it has your data, and it doesn’t get everything. The same is true of Facebook, Twitter, and everyone else. If you don’t use the service, they have limited data on your online activities. Your ISP, on the other hand, is the gateway to the outside world, and it can see everything you do. 

The FTC report (PDF) analyzed the practices of six different ISPs and their advertising subsidiaries. While the report doesn’t name names, it would be safe to assume the misadventures laid out in the document are standard across the industry. For example, several of the ISPs included in the analysis promise not to share data with third parties, but the FTC found they still do so with the help of shady business deals. The agency says that while ISPs often claim they only retain user data for “business purposes,” this broad definition allows them to engage in these practices with impunity. 

Information exchanged by ISPs in the study.

Having a tap on the data leaving your modem gives ISPs deep insight into you as a person. Not only is your online browsing history recorded, but so is your search data, DNS records, financial records, video viewing stats, and even what smart home devices are active and when. The FTC notes that the business justification of keeping much of this data is shaky at best, and even when ISPs provide opt-outs for this sort of data collection, the FTC says these “illusory choices” are usually ignored by the ISP.

This all sounds like it should be illegal, right? Or at least in violation of some regulatory rules. The FTC did try to make rules preventing these excesses in 2017, which would have forced ISPs to get opt-in consent to collect data such as your precise location, browsing history, and app usage. However, the GOP-controlled Congress used the Congressional Review Act to block it.

The FTC voted unanimously (4-0) to release this report to the public, but it can’t do much about the problem when Congress has shown it will do whatever it takes to protect the broadband industry. Perhaps the best way to prevent this right now is to route your home broadband traffic through a Virtual Private Network (VPN). However, you will then have to trust the VPN more than your ISP. 

Now Read:



No comments:

Post a Comment