RSS
Twitter
Is Your ISP Selling Your Clickstream Data? Do You Have Any Privacy At All?
from the privacy-nightmare dept
Alexa-competitor Compete Inc.'s CEO CTO David Cancel told conference attendees Tuesday that there's a pretty good business for ISPs to sell your (just slightly) anonymized clickstream data. This explains how Compete Snapshot gets its data -- though, early reviews suggest the data isn't very good. This isn't aggregate data. The ISPs are literally selling the fact that "user 1" went to this particular list of sites in this order. He doesn't say who's buying the data (besides making it clear that he's a customer), but you can bet some of the hedge funds are making good use of it in determining what's hot as well. Still, as is noted in the article, this is "much worse" than last summer when AOL released search stream data. In that case, at least, AOL meant well in releasing the data for research purposes. In this case, it's selling your surfing habits for pure profit -- though, the "risks" are smaller since it's not nearly as easy for anyone to get their hands on the data. Of course, it probably isn't particularly hard to take that data and figure out who many of the "anonymous" users are, if someone wanted to do so. It would be interesting to see if users could make a case for this violating their privacy -- though, it would be quite difficult for any particular individual to find out if their ISP is doing this since, once again, the data is private. It's just one more reminder that your privacy may not be as private as you believe -- and also a reminder that figuring out how to surf the web over an encrypted system isn't a bad idea if you want to keep your surfing habits private.
Reader Comments (rss)
(Flattened / Threaded)
Much ado about nothing
Compete gets anonymous data that it then sells in aggregate form. So many articles about privacy are about how someone might be able to figure something out about you, not how it really happened. How good are we at assessing the odds that it might happen?
I'm going back to worrying about lightning and seeing if I won the PowerBall.
(reply to this comment) (link to this comment)
If my clickstream is sold..
then I want some of the money.
Whether this is moral or legal (or both), if it can be done, it will be done. If someone can make money from selling digital data thru their network, then someone will sell the digital data thru their network.
Oh, and I'm first.
(reply to this comment) (link to this comment)
He mentions at the end, "figuring out how to surf through an encrypted system"
anyone have ideas, cause i have been looking for something like this for a while, maybe keep the p2p encrypted. much more difficult for RIAA bastards
(reply to this comment) (link to this comment)
Re:
There are VPN relays you can rent for about 5$/month (unlimited bandwidth) from companies in other countries.
All yor traffic gets encrypted, and your ISP sees nothing but the vpn connection. I even saw an open source WRT54G router firmware that was programmed to do all the work for you...
But I cant seem to remember what the name was...
(reply to this comment) (link to this comment)
https://www.relakks.com/
or the free one
secureix
(reply to this comment) (link to this comment)
Use Tor
Tor, http://tor.eff.org, is an alternative.
(reply to this comment) (link to this comment)
There are VPN relays you can rent for about 5$/month (unlimited bandwidth) from companies in other countries.
All yor traffic gets encrypted, and your ISP sees nothing but the vpn connection. I even saw an open source WRT54G router firmware that was programmed to do all the work for you...
But I cant seem to remember what the name was
This is not a bad idea. There are a couple of concerns.
What is the latency? There could be lag when gaming.
Do you trust the company at the other end of the vpn connection? They still have access to intercept your passwords and other secure data
(reply to this comment) (link to this comment)
Privacy
There is a difference between "post", and "get" data when browsing websites. If a website uses "get" as its data transport, then the ISP will collect that data in their clickstream report. There can be very private pieces of information in that "get" stream such as your name, address, usernames, accountids, passwords, search queries...
Though sites should use "post" there are some circumstances where it is better to use "get". Because of this, ISP's should not be allowed to record your clickstreams.
(reply to this comment) (link to this comment)
Is this any different than if the phone company started selling your phone records for profit, and claiming they weren't invading your privacy because they didn't include your name?? Of course, if this were the phone company people would be up in arms because they understand how the information can be abused, but somehow people can't (yet) imagine how this data will be used, and so don't see it as a threat. Even Mike says "an encrypted system isn't a bad idea if you want to keep your surfing habits private." I'd argue it's a good idea, period.
(reply to this comment) (link to this comment)
Encrypted link?
It's not particularly possible to 'surf the web' via an encrypted link. All you get is an encrypted tunnel which ends up somewhere else. There's still a point through which your traffic flows, and anyne watching that can see all the traffic.
True, systems like tor which implement an onion protocol get around user specificity, but the packets you send do eventually end up out there on the big, bad internet. More importantly, tor has several seconds of latency, and massively more traffic than the network should be able to handle [doesn't stop me running a tor server, though] *sigh*.
(reply to this comment) (link to this comment)
Your ISP
If you're the kind of person who reads Techdirt, your ISP is probably not selling their data (your data, really) to Compete. There's always the possibly that they're selling it to someone else, but I used to work with Compete data and it was overwhelmingly filled with data mined from the usage patterns of Red State users on bargain dialup providers (Netzero, etc). As a consumer of internet access you get what you pay for, including the right to increased privacy.
(reply to this comment) (link to this comment)
It is much worse that phone companies selling your records, because those are more anonymous than clickstreams. clickstreams can include information like your email address. spammers can pay the ISP's for the list and farm active email addresses.
(reply to this comment) (link to this comment)
Of course they sell your clickstream data, and selling it sure doesn't make it safer for consumers. Thats how Choicepoint got in trouble. They sold personal information on 163,000 people to a criminal organization.
Nice to see the CEO of ChoicePoint got a 6 million dollar bonus last year.
(reply to this comment) (link to this comment)
Aggregate the Data
Some click stream data, especially searches, contain what the user is searching for and hence may easily reveal his/her identity. An aggregate form of the data, like how many searched for keyword X with Google, is a lot more responsible to provide and won't compromise anyone's privacy.
(reply to this comment) (link to this comment)
Add Your Comment