ISPs On Selling Your Clickstream Data: No Comment
from the move-along-now-nothing-to-see-here dept
Last month there was a story floating around about how ISPs are making a lot of money selling off your clickstream data — something they don’t advertise, but which could have tremendous privacy implications. ISPs stayed pretty quiet following that and hoped the story would blow over — but Broadband Reports points us to the news that the intrepid reporters over at Wired are calling up various ISPs to try to get a straight answer as to whether any of the big names are selling data on what you do online. So far, there seem to be an awful lot of “no comments” (or similar answers) on the list. While the ISPs seem to hope that this story will disappear, it has the makings of something that will come back to bite them in the future. Generally speaking, if ISPs are unwilling to admit to a reporter that they’re selling customer data to third parties, that probably means they shouldn’t be doing it…
Comments on “ISPs On Selling Your Clickstream Data: No Comment”
Wow that is some powerful information
When you think you are at the privacy of your home, there is always someone somewhere watching your every…mmhhhhh click?
Where is privacy? do I look like I want everybody to know what I am doing on the net at 3 am????
this is getting ridiculous
Fab
This blog needs some sort of spam filter that will automatically delete the first comment on any article.
Re: Re:
LOL, you’re just mad that I beat you to it.
Yeah, a while loop that continuously deletes the first reply to any post. while (posts.length > 1) post[0].delete;
Honesty...
Hi. My name is Bill and I’m a porn surfer…
(cue crowd): Hi Bill!
——————-
All jokes aside, as a consumer, I fully expected my ISP was selling my surfing habits, but hoped that they were selling them in an aggregated fashion (e.g. this demographic visits these types of sites 3-5 times per month, etc.). I have AT&T, and from their response, it looks like I’m slightly better off than I thought – they say they only track within the AT&T network. Still, given their size, that could be a rather large number of sites… 🙁
Fortunately, I’m lucky enough to have multiple machines for multiple members of the family, so even just the data on my account is an aggregation of multiple users anyway. In the end, it comes down to something I was told to “assume” back in the mid-90’s:
Whenever you do anything on the Internet, assume at least one other person can see EVERYTHING you are doing.
Personal Info
*Off Topic*
I often thought my old ISP was selling my email address. We joked about it until it looked like we were proven correct. I opened a new email, never handed out the address, never used it, just created it. After a few months I checked it and sure enough, it was getting junk mail. That’s when I said screw that, switched ISPs and only use Gmail now… at least Gmail has a good filter in place for dealing with spam and they don’t delete all my messages after a month or so.
*Back On Topic*
I think the selling statistical, non personal, information is fine. Things like “we have x number of users looking for this” or “we found that this demographic gravitate toward this kind of material” are ok in my book due to the impersonal nature. On the other hand, I don’t think they should be keeping archives of your history or distributing surfing habits of individuals. If they can look up an account with the info then it’s too specific.
Re: Personal Info
They probably weren’t selling it. There are spambots out there that use dictionaries to send mail to millions of addresses, regardless of whether they exist or not.
So if your address was john.smith@isp.com, then you would eventually get spam as spambots cataloged that address as real (as in the mail server did not respond with a 301 – no such user). Even if you use a pseudo random address, as long it contains a proper name, dictionary word or numbers, a spambot will eventually stumble across it.
That’s particularly true of large email hosters like Yahoo, Gmail and HotMail as they are juicy targets for such spambots. One way to combat this is greylisting, but it has other negative side effects.
Chris.
Re: Personal Info
In regards to your off topic comment, it may not have been that your ISP sold your email. Spammers can set up bots that send email to a range of email addresses, even addresses that they don’t know exist or not. They can give the bot some parameters as to what range of possible email addresses to try, and then it tries them all. Since it’s spam, they don’t care if they get some wrong they just keep trying new combinations.
As for the article topic, I agree. Isn’t it a violation of privacy for them to keep that information? Demographics would be OK I guess, but user specific information shouldn’t be allowed.
Re: Re: Personal Info
“In regards to your off topic comment, it may not have been that your ISP sold your email. Spammers can set up bots that send email to a range of email addresses, even addresses that they don’t know exist or not. They can give the bot some parameters as to what range of possible email addresses to try, and then it tries them all. Since it’s spam, they don’t care if they get some wrong they just keep trying new combinations.”
I know bots search key words, the test email was a random generated alpha numeric key I got from a little .NET app I wrote for the purpose. I think it was something like 15 characters long or so. If a bot hit it I would have been extremely surprised… but that was also the reason I never planed on handing it out… I couldn’t remember it if I wanted to other then when I entered it into the email app.
Re: Personal Info
“*Back On Topic*
I think the selling statistical, non personal, information is fine. Things like “we have x number of users looking for this” or “we found that this demographic gravitate toward this kind of material” are ok in my book due to the impersonal nature. On the other hand, I don’t think they should be keeping archives of your history or distributing surfing habits of individuals. If they can look up an account with the info then it’s too specific.”
You should be worried, very worried. If sites use “get” instead of “post” to transfer data, then your ISP could be selling your private information. “GET” information is definately part of a clickstream. I wouldnt be surprised if “post” was also part of the clickstream.
What values could be in your clickstream? Try your social security number, your email address, your name, even wierd things that you might search for.
I saw a study once where someone was able to identify a group of people based on the clickstreams extended information.
Remember that many ISP’s are monopolies. This means you have no choice. The government should regulate privacy.
Also consider that you are paying a premium for your internet service and are not happy with them selling your activity to others.
Spam bots and my clicks
First off, they’re MY clicks. I did all the work pressing that little mouse button and typing in addresses. So, if they’re going to sell my click data they OWE ME. Dslreports.com reports that ISPs get about $5 per user per month. This should filter back to our bills being reduced by $2/mo.
About spam bots, I signed up for a Yahoo account, hadn’t used it and when I first logged in (a few hours later) I had 1 automated Yahoo greeting and 10 spam msgs. That pretty much rules out a bot.
If the content providers can claim that we owe them fees every time we use their so-called “intellectual property”, how about their use of our personnel information????
I think that they should pay us a royalty every time our personal information is bought and sold!!!!! The reason this personal information has intellectual property value is that the purchasers of this private information hope to extort money out of us. So why not have a toll booth for access to this information?
My real hope of course is not getting paid, but eliminating draconian restrictions by the content industry on the consumer.
If they have nothing to hide....
Well if the ISP has nothing to hide then why not reveal what data is released?
You know the excuse, ‘if your doing nothing wrong you have nothing to hide’.
Well if the ISPs are doing nothing wrong then release the information, go on, just like AOL did. Just like AOL released ‘anonimized data’ which could be used to personally identify people and result in sackings at AOL.
Go one. I dare you to come clean.
Personal Info
Gmail? Seriously?
If they have nothing to hide....
They have secret agreements to supply bulk data for surveillance purposes, and commercial agreements to sell data for money with no oversight.
The police can’t even provide accounts of who is accessing that data, let alone commercial data brokers. The access is very cheap and getting cheaper all the time.
You only need look at SolarWind’s NetFlow data security, or Cisco, or the many data sets available and sold on the black market. Many of theses products are available to anyone. Increasingly backbone data is being commercialized and sold, and this data contains the keys to the kingdom.