Wednesday, July 16, 2008

Do You Trust Your ISP?

There is a scary new trend occurring in the Internet world. Some Internet Service Providers, trying to increase their bottom line revenues, are allowing third party companies to install hardware in their facilities that track user's Internet habits. Another word for this would be spying. These companies track your web page habits, search terms, and even your e-mail's looking for key words that allow them to classify you in one of their one-thousand categories. Cookies identifying you are then put on your computer without your knowledge. Then, as you browse the Net, you are targeted for advertisements based on the cookies on your computer. For this, your local ISP gets a commission.

The two biggest companies that are doing this are NebuAd and Phorm. Other companies that are doing this are Front Porch, Adzilla, and Project Rialto. Phorm's use in Britain has caused a firestorm of criticism as some of Britain's largest ISP's use them. Their method of tracking you is insidious as they redirect you to fake Web sites that makes your browser think it is the real web site. Then you get a first party cookie on you computer before you get to the real Web site you requested.

These companies are deploying their equipment to ISP's all over the US, but to whom is a mystery as they refuse to release their customer lists. Charter Communications, CenturyTel, and Wide Open West did have plans to implement these systems, but have backed off recently as this form of spying has now come under Congressional scrutiny. One senator has called it nothing less than illegal wire tapping. Its like having someone standing over your shoulder when you are using your computer and taking copious notes about what you are doing...then selling that info.

The Senate has held hearings to investigate this new intrusive way of spying on you. It turns out that a series of federal laws written back in the 1980s provide some protection for us. Some of those laws restrict deep packet inspection by any broadband provider; the Cable TV Privacy Act singles out cable providers for the most extensive opt-in regulations, meaning they must notify their customers first and let them opt in to be tracked. But today, they are using opt-out tactics meaning the customer has to contact the ISP and tell them they don't want to be tracked.

For their part, these spying companies insist they are not violating any laws...in fact, they say they are providing a useful service so users can get advertisements that fit their lifestyle. NebuAd says that it does not collect or use personally identifiable information and does not store raw data linked to "identifiable individuals." Rather, it says, it creates and continually updates anonymized profiles with information "about the user's level of qualification" for certain types of ad. But, who is to stop them from taking the next step, which is to attach your name to their collected data?

The bottom line is that your ISP, which handles everything you do on the Web, may or may not be allowing third parties to spy on you without your knowledge. To my way of thinking, this is a clear betrayal of trust and violates your right of privacy. Laws should be passed to prevent this.

Until this happens, is there a way to thwart this type of spying? You bet there is! All you need to do is encrypt your Web surfing before it leaves your computer. This is done by installing a special program that encrypts your data, then sends it to a specified proxy server, which then un-encrypts it and sends your request to its final destination. The web page you request is then sent back to you via the same proxy server that encrypts it and sends it to your computer. The data that flows through your ISP is encrypted and can't be tracked or used by anyone except you.

This type of technology does exist and if you use a laptop on public Wi-Fi networks, you should be using it anyway to prevent hijacking of your personal information. I have been experimenting with some of this software while on the road this summer and will shortly write a blog on my results. Until then, just be aware that this new type of spying is happening.

No comments: