ISPs On Selling Your Clickstream Data: No Comment

from the move-along-now-nothing-to-see-here dept

Last month there was a story floating around about how ISPs are making a lot of money selling off your clickstream data -- something they don't advertise, but which could have tremendous privacy implications. ISPs stayed pretty quiet following that and hoped the story would blow over -- but Broadband Reports points us to the news that the intrepid reporters over at Wired are calling up various ISPs to try to get a straight answer as to whether any of the big names are selling data on what you do online. So far, there seem to be an awful lot of "no comments" (or similar answers) on the list. While the ISPs seem to hope that this story will disappear, it has the makings of something that will come back to bite them in the future. Generally speaking, if ISPs are unwilling to admit to a reporter that they're selling customer data to third parties, that probably means they shouldn't be doing it...


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Fabien, Apr 11th, 2007 @ 9:49am

    Wow that is some powerful information

    When you think you are at the privacy of your home, there is always someone somewhere watching your every...mmhhhhh click?

    Where is privacy? do I look like I want everybody to know what I am doing on the net at 3 am????

    this is getting ridiculous

    Fab

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    anon, Apr 11th, 2007 @ 9:51am

    This blog needs some sort of spam filter that will automatically delete the first comment on any article.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    anon, Apr 11th, 2007 @ 9:55am

    Yeah, a while loop that continuously deletes the first reply to any post. while (posts.length > 1) post[0].delete;

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Bill, Apr 11th, 2007 @ 10:03am

    Honesty...

    Hi. My name is Bill and I'm a porn surfer...

    (cue crowd): Hi Bill!

    -------------------

    All jokes aside, as a consumer, I fully expected my ISP was selling my surfing habits, but hoped that they were selling them in an aggregated fashion (e.g. this demographic visits these types of sites 3-5 times per month, etc.). I have AT&T, and from their response, it looks like I'm slightly better off than I thought - they say they only track within the AT&T network. Still, given their size, that could be a rather large number of sites... :-(

    Fortunately, I'm lucky enough to have multiple machines for multiple members of the family, so even just the data on my account is an aggregation of multiple users anyway. In the end, it comes down to something I was told to "assume" back in the mid-90's:

    Whenever you do anything on the Internet, assume at least one other person can see EVERYTHING you are doing.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Casper, Apr 11th, 2007 @ 10:48am

    Personal Info

    *Off Topic*
    I often thought my old ISP was selling my email address. We joked about it until it looked like we were proven correct. I opened a new email, never handed out the address, never used it, just created it. After a few months I checked it and sure enough, it was getting junk mail. That's when I said screw that, switched ISPs and only use Gmail now... at least Gmail has a good filter in place for dealing with spam and they don't delete all my messages after a month or so.

    *Back On Topic*
    I think the selling statistical, non personal, information is fine. Things like "we have x number of users looking for this" or "we found that this demographic gravitate toward this kind of material" are ok in my book due to the impersonal nature. On the other hand, I don't think they should be keeping archives of your history or distributing surfing habits of individuals. If they can look up an account with the info then it's too specific.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Chris Maresca, Apr 11th, 2007 @ 11:05am

    Re: Personal Info

    They probably weren't selling it. There are spambots out there that use dictionaries to send mail to millions of addresses, regardless of whether they exist or not.

    So if your address was john.smith@isp.com, then you would eventually get spam as spambots cataloged that address as real (as in the mail server did not respond with a 301 - no such user). Even if you use a pseudo random address, as long it contains a proper name, dictionary word or numbers, a spambot will eventually stumble across it.

    That's particularly true of large email hosters like Yahoo, Gmail and HotMail as they are juicy targets for such spambots. One way to combat this is greylisting, but it has other negative side effects.

    Chris.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Fatali, Apr 11th, 2007 @ 11:18am

    Re: Personal Info

    In regards to your off topic comment, it may not have been that your ISP sold your email. Spammers can set up bots that send email to a range of email addresses, even addresses that they don't know exist or not. They can give the bot some parameters as to what range of possible email addresses to try, and then it tries them all. Since it's spam, they don't care if they get some wrong they just keep trying new combinations.



    As for the article topic, I agree. Isn't it a violation of privacy for them to keep that information? Demographics would be OK I guess, but user specific information shouldn't be allowed.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Casper, Apr 11th, 2007 @ 11:21am

    Re: Re: Personal Info

    "In regards to your off topic comment, it may not have been that your ISP sold your email. Spammers can set up bots that send email to a range of email addresses, even addresses that they don't know exist or not. They can give the bot some parameters as to what range of possible email addresses to try, and then it tries them all. Since it's spam, they don't care if they get some wrong they just keep trying new combinations."

    I know bots search key words, the test email was a random generated alpha numeric key I got from a little .NET app I wrote for the purpose. I think it was something like 15 characters long or so. If a bot hit it I would have been extremely surprised... but that was also the reason I never planed on handing it out... I couldn't remember it if I wanted to other then when I entered it into the email app.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Bill, Apr 11th, 2007 @ 11:37am

    Spam bots and my clicks

    First off, they're MY clicks. I did all the work pressing that little mouse button and typing in addresses. So, if they're going to sell my click data they OWE ME. Dslreports.com reports that ISPs get about $5 per user per month. This should filter back to our bills being reduced by $2/mo.

    About spam bots, I signed up for a Yahoo account, hadn't used it and when I first logged in (a few hours later) I had 1 automated Yahoo greeting and 10 spam msgs. That pretty much rules out a bot.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Steve R. (profile), Apr 11th, 2007 @ 11:40am

    If the content providers can claim that we owe them fees every time we use their so-called "intellectual property", how about their use of our personnel information????

    I think that they should pay us a royalty every time our personal information is bought and sold!!!!! The reason this personal information has intellectual property value is that the purchasers of this private information hope to extort money out of us. So why not have a toll booth for access to this information?

    My real hope of course is not getting paid, but eliminating draconian restrictions by the content industry on the consumer.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    YAY!, Apr 11th, 2007 @ 11:54am

    Re:

    LOL, you're just mad that I beat you to it.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Apr 11th, 2007 @ 12:00pm

    Re: Personal Info

    "*Back On Topic*
    I think the selling statistical, non personal, information is fine. Things like "we have x number of users looking for this" or "we found that this demographic gravitate toward this kind of material" are ok in my book due to the impersonal nature. On the other hand, I don't think they should be keeping archives of your history or distributing surfing habits of individuals. If they can look up an account with the info then it's too specific."


    You should be worried, very worried. If sites use "get" instead of "post" to transfer data, then your ISP could be selling your private information. "GET" information is definately part of a clickstream. I wouldnt be surprised if "post" was also part of the clickstream.

    What values could be in your clickstream? Try your social security number, your email address, your name, even wierd things that you might search for.

    I saw a study once where someone was able to identify a group of people based on the clickstreams extended information.

    Remember that many ISP's are monopolies. This means you have no choice. The government should regulate privacy.

    Also consider that you are paying a premium for your internet service and are not happy with them selling your activity to others.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    NoOneSpecial, Apr 11th, 2007 @ 12:12pm

    If they have nothing to hide....

    Well if the ISP has nothing to hide then why not reveal what data is released?

    You know the excuse, 'if your doing nothing wrong you have nothing to hide'.

    Well if the ISPs are doing nothing wrong then release the information, go on, just like AOL did. Just like AOL released 'anonimized data' which could be used to personally identify people and result in sackings at AOL.

    Go one. I dare you to come clean.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This