Is Your ISP Selling Your Clickstream Data? Do You Have Any Privacy At All?

from the privacy-nightmare dept

Wed, Mar 14th 2007 12:06pm — Mike Masnick

Alexa-competitor Compete Inc.'s ~~CEO~~ CTO David Cancel told conference attendees Tuesday that there's a pretty good business for ISPs to sell your (just slightly) anonymized clickstream data. This explains how Compete Snapshot gets its data -- though, early reviews suggest the data isn't very good. This isn't aggregate data. The ISPs are literally selling the fact that "user 1" went to this particular list of sites in this order. He doesn't say who's buying the data (besides making it clear that he's a customer), but you can bet some of the hedge funds are making good use of it in determining what's hot as well. Still, as is noted in the article, this is "much worse" than last summer when AOL released search stream data. In that case, at least, AOL meant well in releasing the data for research purposes. In this case, it's selling your surfing habits for pure profit -- though, the "risks" are smaller since it's not nearly as easy for anyone to get their hands on the data. Of course, it probably isn't particularly hard to take that data and figure out who many of the "anonymous" users are, if someone wanted to do so. It would be interesting to see if users could make a case for this violating their privacy -- though, it would be quite difficult for any particular individual to find out if their ISP is doing this since, once again, the data is private. It's just one more reminder that your privacy may not be as private as you believe -- and also a reminder that figuring out how to surf the web over an encrypted system isn't a bad idea if you want to keep your surfing habits private.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

24 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Private ;), 14 Mar 2007 @ 12:27pm

Much ado about nothing
Compete gets anonymous data that it then sells in aggregate form. So many articles about privacy are about how someone might be able to figure something out about you, not how it really happened. How good are we at assessing the odds that it might happen?

I'm going back to worrying about lightning and seeing if I won the PowerBall.
[ link to this | view in chronology ]
Ajax 4Hire, 14 Mar 2007 @ 12:28pm

If my clickstream is sold..
then I want some of the money.
Whether this is moral or legal (or both), if it can be done, it will be done. If someone can make money from selling digital data thru their network, then someone will sell the digital data thru their network.

Oh, and I'm first.
[ link to this | view in chronology ]
Anonymous Jabroni, 14 Mar 2007 @ 12:32pm

He mentions at the end, "figuring out how to surf through an encrypted system"

anyone have ideas, cause i have been looking for something like this for a while, maybe keep the p2p encrypted. much more difficult for RIAA bastards
[ link to this | view in chronology ]
- Anonymous Coward, 14 Mar 2007 @ 12:39pm
  
  Re:
  There are VPN relays you can rent for about 5$/month (unlimited bandwidth) from companies in other countries.
  
  All yor traffic gets encrypted, and your ISP sees nothing but the vpn connection. I even saw an open source WRT54G router firmware that was programmed to do all the work for you...
  
  But I cant seem to remember what the name was...
  [ link to this | view in chronology ]
Answer to Jabroni, 14 Mar 2007 @ 1:05pm

https://www.relakks.com/

or the free one

secureix
[ link to this | view in chronology ]
Tor, 14 Mar 2007 @ 1:55pm

Use Tor
Tor, http://tor.eff.org, is an alternative.
[ link to this | view in chronology ]
JJ, 14 Mar 2007 @ 1:56pm

There are VPN relays you can rent for about 5$/month (unlimited bandwidth) from companies in other countries.

All yor traffic gets encrypted, and your ISP sees nothing but the vpn connection. I even saw an open source WRT54G router firmware that was programmed to do all the work for you...

But I cant seem to remember what the name was

This is not a bad idea. There are a couple of concerns.

What is the latency? There could be lag when gaming.

Do you trust the company at the other end of the vpn connection? They still have access to intercept your passwords and other secure data
[ link to this | view in chronology ]
JJ, 14 Mar 2007 @ 1:58pm

Privacy
There is a difference between "post", and "get" data when browsing websites. If a website uses "get" as its data transport, then the ISP will collect that data in their clickstream report. There can be very private pieces of information in that "get" stream such as your name, address, usernames, accountids, passwords, search queries...

Though sites should use "post" there are some circumstances where it is better to use "get". Because of this, ISP's should not be allowed to record your clickstreams.
[ link to this | view in chronology ]
Anonymous Coward, 14 Mar 2007 @ 4:23pm

Is this any different than if the phone company started selling your phone records for profit, and claiming they weren't invading your privacy because they didn't include your name?? Of course, if this were the phone company people would be up in arms because they understand how the information can be abused, but somehow people can't (yet) imagine how this data will be used, and so don't see it as a threat. Even Mike says "an encrypted system isn't a bad idea if you want to keep your surfing habits private." I'd argue it's a good idea, period.
[ link to this | view in chronology ]
flamsmark, 14 Mar 2007 @ 5:16pm

Encrypted link?
It's not particularly possible to 'surf the web' via an encrypted link. All you get is an encrypted tunnel which ends up somewhere else. There's still a point through which your traffic flows, and anyne watching that can see all the traffic.

True, systems like tor which implement an onion protocol get around user specificity, but the packets you send do eventually end up out there on the big, bad internet. More importantly, tor has several seconds of latency, and massively more traffic than the network should be able to handle [doesn't stop me running a tor server, though] *sigh*.
[ link to this | view in chronology ]
Misstah Eff, 14 Mar 2007 @ 8:21pm

Your ISP
If you're the kind of person who reads Techdirt, your ISP is probably not selling their data (your data, really) to Compete. There's always the possibly that they're selling it to someone else, but I used to work with Compete data and it was overwhelmingly filled with data mined from the usage patterns of Red State users on bargain dialup providers (Netzero, etc). As a consumer of internet access you get what you pay for, including the right to increased privacy.
[ link to this | view in chronology ]
JJ, 15 Mar 2007 @ 12:55pm

It is much worse that phone companies selling your records, because those are more anonymous than clickstreams. clickstreams can include information like your email address. spammers can pay the ISP's for the list and farm active email addresses.
[ link to this | view in chronology ]
RandomThoughts, 15 Mar 2007 @ 5:39pm

Of course they sell your clickstream data, and selling it sure doesn't make it safer for consumers. Thats how Choicepoint got in trouble. They sold personal information on 163,000 people to a criminal organization.

Nice to see the CEO of ChoicePoint got a 6 million dollar bonus last year.
[ link to this | view in chronology ]
News Website, 12 Jul 2007 @ 10:10am

Aggregate the Data
Some click stream data, especially searches, contain what the user is searching for and hence may easily reveal his/her identity. An aggregate form of the data, like how many searched for keyword X with Google, is a lot more responsible to provide and won't compromise anyone's privacy.
[ link to this | view in chronology ]
Elisabetta34mA, 8 Jan 2010 @ 8:39am

Re
It's not so simply to buy a great essays written, especially if you are booked. I give advice you to set buy essay and to be devoid from scruple that your work will be done by paper writing service
[ link to this | view in chronology ]
willington, 29 Jan 2010 @ 4:37am

comment
thanks for giving useful information.
[ link to this | view in chronology ]
arbitration Ukraine, 28 Jun 2010 @ 6:00am

Thank you for another great blog. Where else could I get that kind of information written in such a perfect way? I have a project that I am presently working on, and I have been on the look out for such info.
[ link to this | view in chronology ]
honeymoons, 7 Sep 2010 @ 7:07am

honeymoons
Th4t be an epic da shizzi4 post, th4nkie 4it & in da futures we'll be seeing more of it
[ link to this | view in chronology ]
cruises, 7 Sep 2010 @ 7:07am

We7ll I8be dat9 ogr6e speekie da speekie, gratz & than4x
[ link to this | view in chronology ]
flight center, 7 Sep 2010 @ 7:08am

heb7e sh8at be th34nkie 4it on da posting left & righ8ty
[ link to this | view in chronology ]
paper writing, 8 Jul 2011 @ 4:12am

hey, you must be kidding. it cannot be true
[ link to this | view in chronology ]
Bounce Houses, 26 Oct 2011 @ 2:34am

Bounce Houses
After reading your article and checking your blog out i strongly recommend your blog. Thanks for sharing such an informative post and will be waiting for more in future.
[ link to this | view in chronology ]
Top rated carpet cleaners in nashville, 23 Nov 2011 @ 3:06am

Good post. Thanks for sharing this useful information with us.
[ link to this | view in chronology ]
royalvoyage, 2 Jul 2012 @ 2:05am

This is why I love being in the UK, the government doesn't block any websites and although ISP's can I don't think many actually follow through. I know my ISP doesn't.
[ link to this | view in chronology ]