This week the House approved a bill (already passed by the Senate) that would overturn an Obama-sponsored rule change keeping ISPs from selling logs of users’ internet activity. The new rule would have gone into effect at the end of the year, so the result of reversal is actually the status quo. So ISPs all promise to allow users to opt out of any tracking/profiling, but there’s nothing legally keeping them to that promise or insuring that users actually know how to opt out.
Needless to say, the administration-that-shall-not-be-named is likely to sign the bill, meaning legislative avenues of resistance are now limited, but there may still be campaigns to keep the pressure on ISPs to make their policies transparent. In the meantime, if you are interested in protecting your own internet activity, there are basically two options, each with it’s own limitations. One is to use a virtual private network (VPN), a system that encrypts web traffic before it goes through your ISP. That protects you from revealing activities to your ISP, but requires instead that you reveal your activities to the company providing the VPN service. Turns out many of these companies have marketing practices that don’t inspire trust, and many seem to have less interest in updating their own systems to more secure protocols than in making preposterous sales claims.
The other option is to use the Tor network, a system that relays internet traffic through a widely distributed network of servers, none of which have enough information to trace activity back to a particular user. In theory at least, this should be highly secure and anonymous, but reliance on the kindness of strangers to bounce your packets all over the world can make Tor quite slow.
In truth, when it comes to computer security most of us are probably under more threat from hard drive crashes and data breaches than from ISP profiteering or FBI surveillance, but that doesn’t mean we have to give up the bigger fight.