If you spend any time at all online, you’re probably used to targeted ads. Google the price of a pair of galoshes or an iPhone charger, and before long, you’ll see ads for boots and smartphone accessories.
Most of us have grown accustomed to these ads, even if we sometimes find them intrusive. But a recent move by Congress to roll back privacy rules for internet service providers has raised concerns that deeply personal information—not just our taste in boots—could be repackaged and sold to the highest bidder.
The rules, which were approved by the Federal Communications Commission last October, would have barred ISPs, such as Verizon, AT&T and Sprint, from collecting and selling information about your online activities without your consent. Congress voted to repeal the changes before they took effect, so technically, nothing has changed. But privacy advocates worry that the rollback will encourage ISPs to ramp up efforts to sell their customers’ browsing history to advertisers and third-party data brokers.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
The ISPs argue that they simply want to do what Google and Facebook have been doing for years. If you use those services, they argue, the horse has already left the barn, and it knows your birthday, your dog’s name and your favorite rock band. Supporters of the now-defunct FCC rules counter that although you can choose to stay off Facebook and to use a search engine that doesn’t track you, such as DuckDuckGo, you’re pretty much stuck with the ISP you use at home. “A huge part of the country has only one option when it comes to broadband internet,” says Amul Kalia, an analyst with the Electronic Frontier Foundation, which advocates for internet privacy.
A Georgia Tech study shows that is changing, however, as the number of internet-connected devices increases. The study found that the average internet user has six connected devices, many of them mobile and served by multiple ISPs, so any one ISP has access to a limited amount of information. Still, if you’re concerned about privacy, check an ISP’s privacy policy. Some, such as Verizon, allow you to opt out of having your information collected and sold to third parties.
When searching for information you’d prefer to keep to yourself, make sure the website you’re visiting is encrypted. You’ll see a small lock in front of the address, followed by https (versus http for an unencrypted site). Most sites for financial institutions, hospitals and other sources of sensitive personal information are already encrypted, and the Georgia Tech study estimates that 70% of internet traffic will be encrypted soon. The Electronic Frontier Foundation offers a free “HTTPS Everywhere” browser extension that will force your browser to use encryption.
For more-comprehensive protection, consider installing a virtual private network. When you use a VPN, your internet traffic goes through the VPN’s servers, so an ISP can’t even see the domain name you’re visiting. If you use public Wi-Fi, a VPN will also help protect you from identity thieves. Since Congress scrapped the FCC rules, interest in VPNs has increased, and some are aggressively marketing their services. Be aware, though, that your VPN will have access to your browsing history, so make sure you choose a provider you can trust, says Jules Polonetsky, chief executive of the nonprofit Future of Privacy Forum. Look for a VPN that has been around for a while, and review policies and practices carefully to make sure it won’t sell your information.
