"SecurityGladiators via the buttons"

How does internet service providers sell user data and what you can do about it

ISPs are ready to sell your data and rake in profits.

You don’t need us to tell you first hand that the US Senate voted to destroy any remaining privacy rules.

That was about a week ago.

But how many of us really understand what the vote meant?

Let’s cut to the chase.

The US Senate vote means that ISPs (internet service providers) will no longer have to get user consent before they can sell user web browsing data and history along with app usage history to the highest bidder.

Mostly, these bidders come in the form of advertising companies.

And while we’re at it, perhaps this is a good time to mention that the House of Representatives could soon follow US Senate’s lead.

In fact, it could do so within a week or so.

If that indeed happens then there will be no one to Congress from annihilating the privacy rules which were approved by the Federal Communications Commission a year ago.

How Will Internet Users Get Affected?

In other words, what’s in it for the end users?

Well, legally/technically, nothing has changed as of now.


Because ISPs cannot act on the US Senate vote until at the very least December 4, 2017.

Only after that, at the earliest, will they be able to move ahead and start selling data without customer consent.

Of course, it is a whole another matter what ISPs were never required to follow any rules.

Not in the past and certainly not now.

And if the current privacy rules do eventually get eliminated, then there will be no rules for ISPs to follow even if they wanted to.

Regardless, the Senate vote was a huge thing.

In fact let’s call it a  giant step for ISPs that could even be considered as a small victory.

Because the US Senate vote could give ISPs enough momentum to eventually move forward in the advertising market with more aggression.

The US Senate referred to the Congressional Review Act.

This Act lets Congress get rid of regulations that it deems necessary.

Sometimes this Act is used by the Congress to eliminate things it doesn’t like.

Moreover, this act also enables congress to stop any agency from issuing identical privacy regulations in the future.

As far as the ISPs are concerned, the US Senate vote is a lot better than the FCC rolling back its own rulings.


It’s simple.

Because then, the FCC will not have the power neither the capacity to reintroduce these privacy rules later.

What About Trump?

What about him?

We can’t really expect President Donald Trump to somehow oppose the US Senate vote.

And since that won’t happen, ISPs don’t really have to give much thought to any future strong privacy rules.


No privacy rules will get in the way of ISPs and them using browsing history data to make money off.

In other words, they won’t have to conform to any particular rules which would force them to obtain an opt-in approval form before actually moving ahead and selling the browsing history.

If you really think about it, it doesn’t really matter if the ISPs sell the data of all their users or just one user.

Selling user data without consent is not justified even if ISPs try to anonymize it by aggregating one user’s data with the rest of the users’ data.

Some Senate Democrats rightly warned before the actual Senate vote that this vote could have some serious consequences.

These Democrats were of the opinion that if existing privacy rules were eliminated, the ISPs will be able to draw a literal map of where families went for shopping and where their children went to school.

They also said that ISPs would also have access to health information since most users used the internet to gather information on their health issues.

This would then allow these ISPs to build individual profiles on their users and will essentially everything that a particular user listened to or viewed on the internet.

The Only Positive Thing

The US Senate apparently doesn’t care about your privacy either.

Perhaps the only positive side of the US Senate vote is that it was 50-48.

All Republican voted to annihilate privacy rules while all Democrats voted to keep existing privacy rules.

On this note, users should know that ISPs can’t really snoop on encrypted traffic.

To put it another way, if the site you visit is an HTTPS site, ISPs will have nothing to look at apart from the domain address.

The individual pages a user visits will be safe from ISP snooping if you access them via HTTPS.

But who says if that isn’t enough already?

You obviously don’t want anyone else to know which websites you visit or do you?

At least that’s what Dallas Harris, who is an attorney and has specialized in broadband privacy and is also a policy fellow at a new consumer advocacy group by the name of Public Knowledge, thinks.

If things aren’t turned around soon enough, ISPs may also be able to find out where a particular user (you) banks.

They might also know everyone’s political views along with other sensitive information like sexual orientation.

ISPs will be able to know all of that based solely on the sites a particular user visits.

This is what Harris told Arstechnica.

Harris also said that ISPs did not need to see all the content of every communication.

ISPs could develop logical and accurate tracking methods without all that information.

Harris also said that the fact that a user was looking at a particular website was enough to reveal whether the user was at home or not.

But How?

The mechanism is simple when put into writing.

For example, ISPs can easily spot a tablet that visits websites that are for children.

From this simple fact ISPs can infer that the tablet must definitely belong to a child rather than an adult.

Consequently, these can send advertisements that are suited to kids.

Harris also revealed that the level of information that ISPs could figure out was beyond what most customers expected.

The Rules Have Changed. Here Is How

Internet Service Providers along with lobby groups want to sell user data to make a lot of money.

As far as legal changes are concerned, all of that stuff happened back in February 2015.

The FCC took the decision to reclassify mobile and home internet service providers as “common carriers”.

As you can probably imagine, FCC’s reclassification had significant and several effects.

For one, the reclassification allowed the Federal Communication Commission to enforce rules that were related to net neutrality.

But that’s not all.

It also did away with Federal Trade Commission’s authority over internet service providers.


Because, as it turns out, the FTC’s charter from nowhere else but Congress prevents FTC from doing any regulation on common carriers.

Before February 2015

It doesn’t take a genius to figure out that if FCC had not reclassified ISPs, the FTC could have punished ISPs for not conforming to consumer privacy rules.

We don’t really know why ISPs would take the US Senate vote route.

Even from the start, ISPs could have followed FTC rules without causing any problems.

Because those FTC rules weren’t at all burdensome.

All the FTC recommended was an opt-in consent from the customer before ISPs could sell and/or share the sensitive pieces of information on their users.

Do take note that regardless of anything else this “sharing and selling” of information would have included things like,

  • Social security numbers
  • Financial records
  • Health information
  • Contents of all communications
  • Information related to children
  • Precise data on geolocation

But ISPs even had a better deal than this.

They could have just used an opt-out system for all other types of data they wanted to profit from.

This “other type of data” would have included user app usage history and online web browsing history.

It Is Clear That ISPs Want To Be More Than Just Internet Providers

We’ve already told you that because of FCC’s reclassification scheme, FTC could not exercise any authority over ISPs.

But the reclassification did impose privacy demands as a result of Title II, Section 222 of the Communications Act.

So was there any hiccup?


Only that whoever wrote Section 222 did so in 1996 and that too for telephone services.

Naturally, the FCC stated that it wanted to write new rules which were broadband-specific.

The FCC also explained how Section 222 could be reasonably imposed on ISPs.

Those new rules recommended by the FCC were finalized roundabout in October of 2016 and included provisions for the opt-in requirements.

So, theoretically speaking, the Congress along with the FCC could potentially reinstate FTC in a position of authority.

They could do that by terminating existing privacy rules and removing the ISPs as common carrier classification.

All of that sounds great.

But it may not work.


Because the FTC can’t regulate a company that has a common carrier business.

That is what an August 2016 federal appeal court ruling said.

According to the ruling, it doesn’t matter if the company is offering services that aren’t offered by common carriers.

Other services such as landline telephone and mobile voice service also have the same designation.

That is, common carrier.

This means that the FTC can’t oversee the activities of ISPs such as,

  • Sprint
  • T-Mobile
  • AT&T
  • Verizon

The ISPs are exempted from any FTC supervision in other words.

What about cable companies?

In short, they aren’t as lucky as some of the ISPs.

Mainly because cable companies such as Comcast are common carriers for internet services for a specific reason.

That reason is that cable company VoIP phone are treated/regulated a bit differently.

Moreover, the FTC can easily bring them back into its oversight with a few changes in existing rules.

FTC Is Not As Effective As FCC

The reason for that is simple and perhaps why it would make little impact if the FTC were to somehow regain its jurisdiction.

FTC guidelines are weak.

At least when they are compared to the FCC existing privacy rules.

And that’s why that week old Senate vote is so important.

That US Senate vote could end up removing all privacy rules that prevented ISPs from selling user data related to web browsing history and app usage history to advertising companies.

No one is stopping ISPs to share that data with data brokers either.

As mentioned before, all of that will likely happen without any opt-in consumer consent.

AT&T Is Evil. Why? Here Is Why.

Everybody is looking forward to exploiting the gold mine of massive amounts of user data.

AT&T is the prime example of an ISP trying to make money from customer web browsing history.

In the year 2013, AT&T came up with a brilliant idea.

The ISP decided to charge fiber internet customers more than $29 extra money every month if they did not opt in to a new system that delivered them personalized advertisements by scanning their internet traffic.

Thankfully though, the AT&T killed its internet preferences program.

But it did so in the nick of time just before the FCC presented its new privacy rules.

Does that mean ISPs will never want to make money off user data again?


Dallas Harris (the attorney) said that ISPs want to be the new generation of advertising powerhouses.

It is precisely the reason why ISPs fought so hard against the new privacy rules.

Harris also pointed out that ISPs wanted to compete with Google and Facebook and even other edge providers in the advertising business.

In fact, the advertising space is going to the next “new frontier” for ISPs in a bid to increase profits.

ISP Lobby Groups Are Bad People

For long, ISP lobby groups have made the argument that privacy rules prevented all sides from benefiting from each other.

What they say is that without any privacy rules, ISPs could show internet users more targeted advertisements that were relevant to them.

All of the “relevant and targeted” advertisements are made possible via data-driven services.

These same lobby groups also assert that privacy rules also block ISPs from competing in new markets such as the advertising one.

Moreover, they have also contended that information such as app usage history along with online web browsing history should no longer be classified as something sensitive.

The US Senate vote has not gone unnoticed among advertising lobby groups either.

And perhaps advertising lobby groups are already looking forward to working closely with internet service providers.

This could also be the reason why advertising lobby groups recently credited Republican lawmakers for their efforts in making sure privacy rules are eliminated once and for all.

AT&T And Its Divisions

Did you know that AT&T also sold advertising?


The company does so through its Xandr division.

According to AT&T, its AdWorks department works great because it sends more targeted advertisements to more display screens.

AT&T also targets TV set-top boxes and other online video streaming websites.

And what do you know, Comcast, as it turns out, also sells online advertising.

Most of its advertisements appear on xfinity.com and other NBC websites.

What’s more?

Verizon is in on the act too and has boosted its reputation with its own online advertising technology.

Most of you would probably know that Verizon bought AOL a while ago and now looks all set to purchase Yahoo as well despite the billion-accounts-hacked revelations.

Harris told Ars Technica that ISPs have already started to market to advertisers.

In the process, they have explained to advertisers how they have the ability to track users on four different devices.

And because most of the ISPs also offer TV services, ISPs can combine that information with what the user is watching on TV and the user’s internet usage along with the user’s smartphone and tablets.

No wonder that ISPs have invested so heavily in this business opportunity and the reason for that is simple.

These ISPs think that they have got a lot of data that is just lying around.

This data can become valuable to advertising companies.

To achieve this new “business goal”, ISPs are slowly building up their advertising side of their business.

Does Interpretation Matter More Than The Actual Law?

You need to know your rights.

It shouldn’t be hard to understand that if customers had a choice, they would not want to opt-in to these tracking programs.

At least consciously they wouldn’t do it.

And that’s the problem.

ISPs know that people would not allow them to use their browsing history for making money.

Even if they do get some subscribers on board, the vast majority would simply opt-out or not even bother.

All of that changes if there are no privacy rules.

Failing that, ISPs are at least looking at an opt-out program for collecting browsing history.

That way, these ISPs will be able to share most and even all of their user data with advertising companies.

Of course, ISPs can’t really ignore the underlying requirements of other rules such as that of Section 222.

But no one really knows how Section 222 provisions would affect broadband internet providers.

For what’s it worth, Section 222 only limits ISPs in how they use customer proprietary network information.

It does not address the issue of what can be considered as web browsing data.

According to Harris, Section 222 only requires the internet service providers to allow customers an opportunity to opt out of their program (the sharing-information program).

She also told Arstechnica that it was not clear what information ISPs were going to require an opt-in for.

It was also unclear what information ISPs were going to require an opt-out for.

In fact, it looks like all would be left to ISPs to determine and figure out among themselves.

Of course, this would mean that the law would be what ISPs feel like it is.

As a result, ISPs would get a free reign as to what they would consider as opt-in information and opt-out information.

What Does Public Knowledge Think?

Public Knowledge is of the opinion that opt-in systems should be made mandatory in order to put end users in charge and control of their sensitive information.

Harris said that Public Knowledge believed that Web browsing history along with app usage history fell squarely under the category of sensitive information.

As expected, the CTIA does not share the same beliefs.

It asserts that Section 222 says nothing about personal information and hence could not be applied to broadband services.

In fact, FCC could potentially get sued if some specific Section 222 rules are enforced on broadband internet providers.

Ajit Pai, current FCC Chairman, knows that already and has, smartly, opposed consumer privacy rules in any case.

So What Or Who Is Going To Stop ISPs?

Why haven’t ISPs taken over the world already?

A couple of months ago almost all big ISP lobby groups came together the signed a document.

This document contained privacy principles that were based on the previous FTC framework.

Do take note that principles set by the document are all voluntary in nature.

In other words, ISPs pledged that they would follow FTC guidelines on opt-in consent.

They would do so before they share sensitive information with advertising companies.

ISPs also acknowledged that they would offer an opt-out choice when using non-sensitive customer information for the purposes of third-party personalized marketing.

To put it another way, users will have to go through an opt-out system if they did not want their browsing history to be sold to advertising companies.

What Can The End User Do?

Harris suggests that internet users should take their complaints directly to their ISPs website.

Or even call their staff in order to understand the opt-out program of tracking them better.

Of course, it is not convenient but this sort of option should always be considered.

How To Stop ISPs From Tracking You And Then Selling Your Data.

If you want to understand one thing from this situation then understand this.

You need to protect your browsing history and your app usage history from your internet service providers.

If you want to do that then you’re going to have to encrypt all of your internet traffic.

These are three tried and test methods of doing that.

  1. Use a VPN service (the best method)
  2. You can use the Tor network
  3. Try HTTPS

And that should be basically it.

Jeremy Gillula who is a Senior Staff Technologist at Electronic Frontier Foundation told Ars Technica that these were the three ways in which users could encrypt their browsing and make sure ISPs couldn’t see what they were doing.

Take This Note

ISPs can know if you’re using a VPN service or a Tor network.

But that is essentially all they can see says Gillula.

What Does A VPN Service Do?

When you buy a VPN service, you basically pay a company to encrypt your online traffic.

All of it.

And hence you prevent entities like your ISP and governments from spying on you or tracking you.

Or even record your web browsing activity.

When you use a VPN service, no one will be able to track any internet activity back to your IP Address.

Of course, you are going to trust the VPN company to not keep a log of your online activities itself.

But generally speaking, VPN services do tend to respect user privacy much more than the average ISP.

So which is the best VPN service provider?

Every year tons of websites all over the internet publish their rankings and come up with a new VPN king.

From our research, we have found that IPVanish is the best VPN service when it comes to privacy and speed.

You can sign up for IPVanish by going to the

But really, there is no single way to come up with the best VPN service.

IPVanish comes the closest to being perfect though.

You can search the internet if your VPN service provider follows through its promise of not keeping any logs on your internet activities.

But truth be told, there is no legitimate way to find out or verify whether your VPN service provider really records your activities and keeps logs.

You’re just going to have to trust VPN reviews and guidance sites like Securitygladiators.com

How Does A VPN Work?

A VPN service see everything that your ISP sees.

As mentioned before, even with that, it is better to trust a VPN service than an ISP.

Because, as you now know, ISPs don’t have any qualms about snooping on your online browsing history and then selling it.

You can read this simple VPN guide to know which are the best VPN service providers in the market today.

Moreover, if you want to learn more about the VPN technology then you should go here and read this beginner’s guide and boost your knowledge on privacy and anonymity online.

What About Tor?

Tor is different from a VPN service.

Each VPN service is provided by a single company.

Tor is essentially a hidden distributed network.

In other words, Tor tries to protect users by providing them with complete anonymity.

It does that by routing their internet traffic through a long series of online relays.

EFF says that when users make use of the Tor software, their IP address remains hidden.

Moreover, it seems to others like the user connection is coming from the IP address of another Tor exit relay.

This Tor exit relay can be located in any place in the world.

Tor is not a perfect system though.

It does have its vulnerabilities.

But for most users, Tor should be enough.

See, Tor exit nodes have these things called operators.

Operators can see the traffic that goes back and forth.

But even then, these operators can’t trace the traffic back to the user.

In other words, they can know that someone or something is visiting some specific websites (and of course you’re the one who is doing all the visiting) but they can’t know if the traffic originated from your computer machine IP address.

And hence Tor might be more effective at ensuring user privacy than a VPN service.

But the jury is still out.

VPN Advantages Over The Tor Network

For starters, a VPN service is way more easier to use than the Tor network.

Configuring your internet router to send all of your internet traffic through the VPN is very easy using a VPN software.

Tor also does that but it takes more time and more expertise to set it up properly.

Users will have to be more tech savvy if they want to use Tor for privacy.

Moreover, there are some guidelines users have to follow if they want privacy using the Tor browser bundle.

The Tor browser bundle is great but it only encrypts internet traffic that goes in and out of the Tor browser itself.

It doesn’t protect the rest of your home network.

Fortunately, you can find Tor-enabled internet routers in the market quite easily these days but they are not as cheap as a VPN service.

And of course, a single VPN service can protect everything you have in this whole wide world.

HTTPS Method

Your third option to protect yourself from ISPs is the HTTPS technology.

It should be present in the URL bar of your internet browser.

An HTTPS sign usually indicated that a user’s online connection with a specific website is fully encrypted.

That means a lot of things.

As we mentioned before, your ISP can still see your online activity even when HTTPS is enabled on a website.

Just to take an example, your ISP would know that you visited nytimes.com.

But and it is a big but.

Your ISP cannot know which pages you visited when you went to nytimes.com

You can try out this handy HTTPS Everywhere browser extension to protect your privacy.

It is offered by EFF and The Tor Project.

The browser extension offer enhanced protection on websites that don’t fully support encryption through the HTTPS technology.

Gillula says that HTTPS Everywhere only upgrades a user’s connection if the website supports HTTPS.

And it can only do so if the website is listed in EFF’s support-HTTPS website list.

Websites that don’t offer HTTPS support will not get affected by HTTPS Everywhere.

Incognito Mode Is Of No Use

Web browsers of today offer this private or incognito mode.

Remember, that these modes will not stop your ISPs from tracking your online activity.

Of course, Google is going to say that Google Incognito Mode protects users from the Chrome browser itself.


By not allowing Chrome browser to save the websites that you visit on a regular basis.

That may be true.

But it does nothing against ISPs.

They can still see which websites and website pages you have visited in the past.

In other words, VPN is the way to go if you want to ensure your privacy and anonymity.

As mentioned before, we think IPVanish is the best VPN service when it comes to privacy.

Go to this

You Can Always Make A Call To Your Rep In The Congress

FCC privacy rules are not going to live long.

The situation is dire, to say the least.

But there is no reason for consumer advocates to give up.

Remember, that the Senate’s resolution to kill privacy rules still has to go through House of Representatives.

The bad news is that The House is also under the control of Republicans.

Gillula says, there is still a  change.

The House will vote on the issue in the next couple of days.

So, there is still some time left for users to contact their legislators and change their mind.

Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.