Is Your ISP Selling Your Clickstream Data? Do You Have Any Privacy At All?
from the privacy-nightmare dept
Alexa-competitor Compete Inc.’s CEO CTO David Cancel told conference attendees Tuesday that there’s a pretty good business for ISPs to sell your (just slightly) anonymized clickstream data. This explains how Compete Snapshot gets its data — though, early reviews suggest the data isn’t very good. This isn’t aggregate data. The ISPs are literally selling the fact that “user 1” went to this particular list of sites in this order. He doesn’t say who’s buying the data (besides making it clear that he’s a customer), but you can bet some of the hedge funds are making good use of it in determining what’s hot as well. Still, as is noted in the article, this is “much worse” than last summer when AOL released search stream data. In that case, at least, AOL meant well in releasing the data for research purposes. In this case, it’s selling your surfing habits for pure profit — though, the “risks” are smaller since it’s not nearly as easy for anyone to get their hands on the data. Of course, it probably isn’t particularly hard to take that data and figure out who many of the “anonymous” users are, if someone wanted to do so. It would be interesting to see if users could make a case for this violating their privacy — though, it would be quite difficult for any particular individual to find out if their ISP is doing this since, once again, the data is private. It’s just one more reminder that your privacy may not be as private as you believe — and also a reminder that figuring out how to surf the web over an encrypted system isn’t a bad idea if you want to keep your surfing habits private.
Comments on “Is Your ISP Selling Your Clickstream Data? Do You Have Any Privacy At All?”
Much ado about nothing
Compete gets anonymous data that it then sells in aggregate form. So many articles about privacy are about how someone might be able to figure something out about you, not how it really happened. How good are we at assessing the odds that it might happen?
I’m going back to worrying about lightning and seeing if I won the PowerBall.
If my clickstream is sold..
then I want some of the money.
Whether this is moral or legal (or both), if it can be done, it will be done. If someone can make money from selling digital data thru their network, then someone will sell the digital data thru their network.
Oh, and I’m first.
He mentions at the end, “figuring out how to surf through an encrypted system”
anyone have ideas, cause i have been looking for something like this for a while, maybe keep the p2p encrypted. much more difficult for RIAA bastards
Re: Re:
There are VPN relays you can rent for about 5$/month (unlimited bandwidth) from companies in other countries.
All yor traffic gets encrypted, and your ISP sees nothing but the vpn connection. I even saw an open source WRT54G router firmware that was programmed to do all the work for you…
But I cant seem to remember what the name was…
https://www.relakks.com/
or the free one
secureix
Use Tor
Tor, http://tor.eff.org, is an alternative.
There are VPN relays you can rent for about 5$/month (unlimited bandwidth) from companies in other countries.
All yor traffic gets encrypted, and your ISP sees nothing but the vpn connection. I even saw an open source WRT54G router firmware that was programmed to do all the work for you…
But I cant seem to remember what the name was
This is not a bad idea. There are a couple of concerns.
What is the latency? There could be lag when gaming.
Do you trust the company at the other end of the vpn connection? They still have access to intercept your passwords and other secure data
Privacy
There is a difference between “post”, and “get” data when browsing websites. If a website uses “get” as its data transport, then the ISP will collect that data in their clickstream report. There can be very private pieces of information in that “get” stream such as your name, address, usernames, accountids, passwords, search queries…
Though sites should use “post” there are some circumstances where it is better to use “get”. Because of this, ISP’s should not be allowed to record your clickstreams.
Is this any different than if the phone company started selling your phone records for profit, and claiming they weren’t invading your privacy because they didn’t include your name?? Of course, if this were the phone company people would be up in arms because they understand how the information can be abused, but somehow people can’t (yet) imagine how this data will be used, and so don’t see it as a threat. Even Mike says “an encrypted system isn’t a bad idea if you want to keep your surfing habits private.” I’d argue it’s a good idea, period.
Encrypted link?
It’s not particularly possible to ‘surf the web’ via an encrypted link. All you get is an encrypted tunnel which ends up somewhere else. There’s still a point through which your traffic flows, and anyne watching that can see all the traffic.
True, systems like tor which implement an onion protocol get around user specificity, but the packets you send do eventually end up out there on the big, bad internet. More importantly, tor has several seconds of latency, and massively more traffic than the network should be able to handle [doesn’t stop me running a tor server, though] *sigh*.
Your ISP
If you’re the kind of person who reads Techdirt, your ISP is probably not selling their data (your data, really) to Compete. There’s always the possibly that they’re selling it to someone else, but I used to work with Compete data and it was overwhelmingly filled with data mined from the usage patterns of Red State users on bargain dialup providers (Netzero, etc). As a consumer of internet access you get what you pay for, including the right to increased privacy.
It is much worse that phone companies selling your records, because those are more anonymous than clickstreams. clickstreams can include information like your email address. spammers can pay the ISP’s for the list and farm active email addresses.
Of course they sell your clickstream data, and selling it sure doesn’t make it safer for consumers. Thats how Choicepoint got in trouble. They sold personal information on 163,000 people to a criminal organization.
Nice to see the CEO of ChoicePoint got a 6 million dollar bonus last year.
Aggregate the Data
Some click stream data, especially searches, contain what the user is searching for and hence may easily reveal his/her identity. An aggregate form of the data, like how many searched for keyword X with Google, is a lot more responsible to provide and won’t compromise anyone’s privacy.
Re
It’s not so simply to buy a great essays written, especially if you are booked. I give advice you to set buy essay and to be devoid from scruple that your work will be done by paper writing service
comment
thanks for giving useful information.
Thank you for another great blog. Where else could I get that kind of information written in such a perfect way? I have a project that I am presently working on, and I have been on the look out for such info.
honeymoons
Th4t be an epic da shizzi4 post, th4nkie 4it & in da futures we’ll be seeing more of it
We7ll I8be dat9 ogr6e speekie da speekie, gratz & than4x
heb7e sh8at be th34nkie 4it on da posting left & righ8ty
hey, you must be kidding. it cannot be true
Bounce Houses
After reading your article and checking your blog out i strongly recommend your blog. Thanks for sharing such an informative post and will be waiting for more in future.
Good post. Thanks for sharing this useful information with us.
This is why I love being in the UK, the government doesn’t block any websites and although ISP’s can I don’t think many actually follow through. I know my ISP doesn’t.