You’ve probably seen the confusing, contradictory headlines: There was a rule that was set to go into effect by the end of the year that would require ISPs to get our approval before they used or sold our usage history, location information and browsing history. There are rules permitting ISPs to use and sell our Social Security numbers. Breaking! ISPs indicate that they already give us the option to opt in or out of the information they collect! With all this contradictory coverage, one thing is clear: privacy as a user perk — or right — is becoming big news.
Given the changes and the improved disclosure that Windows 10 Creators Update is bringing to privacy options, it’s clear that it’s not just the ISPs that need to be more transparent with what they do with their collected data. We all want our vendors to tell us what they are doing and what they are collecting.
I disagree with the articles and headlines that infer that ISPs can sell our Social Security numbers. In the United States, Social Security numbers and credit card numbers are considered PII or Personally Identifiable Information. This is normally an item that is legally protected — and safeguarding that data should be considered good business. If any business used, abused, or exposed PII data on a regular basis, it would probably not be in business for too long.
Also be aware of how the basic building block of the Internet security – the SSL certificate — protects your information from your ISP’s prying eyes. When your browser makes a secure connection to another Web site, it is protected by an SSL “handshake” that encrypts the connection between your computer and that server. Your ISP cannot see the exact details of the transaction you make in that SSL encrypted tunnel. Your browser can see when you are going to a site, but not what you do on that site.
Are We Really Private?
I was reminded of a 2014 radio story called “Project Eavesdrop: An Experiment At Monitoring My Home Office.” A journalist from NPR, Steve Henn, joined forces with Sean Gallagher, a reporter at the technology site Ars Technica, and Dave Porcello, a computer security expert at Pwnie Express. He purposely allowed them to intercept all of his internet traffic and see what they could tell him about himself. They used an eavesdropping device to review what was transferred to and from his computer and cell phone. The device called “Pwn Plug” was connected to his home network connection.