Is Your ISP Selling Your Clickstream Data? Do You Have Any Privacy At All?

from the privacy-nightmare dept

Alexa-competitor Compete Inc.'s CEO CTO David Cancel told conference attendees Tuesday that there's a pretty good business for ISPs to sell your (just slightly) anonymized clickstream data. This explains how Compete Snapshot gets its data -- though, early reviews suggest the data isn't very good. This isn't aggregate data. The ISPs are literally selling the fact that "user 1" went to this particular list of sites in this order. He doesn't say who's buying the data (besides making it clear that he's a customer), but you can bet some of the hedge funds are making good use of it in determining what's hot as well. Still, as is noted in the article, this is "much worse" than last summer when AOL released search stream data. In that case, at least, AOL meant well in releasing the data for research purposes. In this case, it's selling your surfing habits for pure profit -- though, the "risks" are smaller since it's not nearly as easy for anyone to get their hands on the data. Of course, it probably isn't particularly hard to take that data and figure out who many of the "anonymous" users are, if someone wanted to do so. It would be interesting to see if users could make a case for this violating their privacy -- though, it would be quite difficult for any particular individual to find out if their ISP is doing this since, once again, the data is private. It's just one more reminder that your privacy may not be as private as you believe -- and also a reminder that figuring out how to surf the web over an encrypted system isn't a bad idea if you want to keep your surfing habits private.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Private ;), 14 Mar 2007 @ 12:27pm

    Much ado about nothing

    Compete gets anonymous data that it then sells in aggregate form. So many articles about privacy are about how someone might be able to figure something out about you, not how it really happened. How good are we at assessing the odds that it might happen?

    I'm going back to worrying about lightning and seeing if I won the PowerBall.

    link to this | view in chronology ]

  • identicon
    Ajax 4Hire, 14 Mar 2007 @ 12:28pm

    If my clickstream is sold..

    then I want some of the money.
    Whether this is moral or legal (or both), if it can be done, it will be done. If someone can make money from selling digital data thru their network, then someone will sell the digital data thru their network.



    Oh, and I'm first.

    link to this | view in chronology ]

  • identicon
    Anonymous Jabroni, 14 Mar 2007 @ 12:32pm

    He mentions at the end, "figuring out how to surf through an encrypted system"

    anyone have ideas, cause i have been looking for something like this for a while, maybe keep the p2p encrypted. much more difficult for RIAA bastards

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Mar 2007 @ 12:39pm

      Re:

      There are VPN relays you can rent for about 5$/month (unlimited bandwidth) from companies in other countries.

      All yor traffic gets encrypted, and your ISP sees nothing but the vpn connection. I even saw an open source WRT54G router firmware that was programmed to do all the work for you...

      But I cant seem to remember what the name was...

      link to this | view in chronology ]

  • identicon
    Answer to Jabroni, 14 Mar 2007 @ 1:05pm

    https://www.relakks.com/

    or the free one

    secureix

    link to this | view in chronology ]

  • identicon
    Tor, 14 Mar 2007 @ 1:55pm

    Use Tor

    Tor, http://tor.eff.org, is an alternative.

    link to this | view in chronology ]

  • identicon
    JJ, 14 Mar 2007 @ 1:56pm

    There are VPN relays you can rent for about 5$/month (unlimited bandwidth) from companies in other countries.

    All yor traffic gets encrypted, and your ISP sees nothing but the vpn connection. I even saw an open source WRT54G router firmware that was programmed to do all the work for you...

    But I cant seem to remember what the name was


    This is not a bad idea. There are a couple of concerns.

    What is the latency? There could be lag when gaming.

    Do you trust the company at the other end of the vpn connection? They still have access to intercept your passwords and other secure data

    link to this | view in chronology ]

  • identicon
    JJ, 14 Mar 2007 @ 1:58pm

    Privacy

    There is a difference between "post", and "get" data when browsing websites. If a website uses "get" as its data transport, then the ISP will collect that data in their clickstream report. There can be very private pieces of information in that "get" stream such as your name, address, usernames, accountids, passwords, search queries...

    Though sites should use "post" there are some circumstances where it is better to use "get". Because of this, ISP's should not be allowed to record your clickstreams.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Mar 2007 @ 4:23pm

    Is this any different than if the phone company started selling your phone records for profit, and claiming they weren't invading your privacy because they didn't include your name?? Of course, if this were the phone company people would be up in arms because they understand how the information can be abused, but somehow people can't (yet) imagine how this data will be used, and so don't see it as a threat. Even Mike says "an encrypted system isn't a bad idea if you want to keep your surfing habits private." I'd argue it's a good idea, period.

    link to this | view in chronology ]

  • identicon
    flamsmark, 14 Mar 2007 @ 5:16pm

    Encrypted link?

    It's not particularly possible to 'surf the web' via an encrypted link. All you get is an encrypted tunnel which ends up somewhere else. There's still a point through which your traffic flows, and anyne watching that can see all the traffic.

    True, systems like tor which implement an onion protocol get around user specificity, but the packets you send do eventually end up out there on the big, bad internet. More importantly, tor has several seconds of latency, and massively more traffic than the network should be able to handle [doesn't stop me running a tor server, though] *sigh*.

    link to this | view in chronology ]

  • identicon
    Misstah Eff, 14 Mar 2007 @ 8:21pm

    Your ISP

    If you're the kind of person who reads Techdirt, your ISP is probably not selling their data (your data, really) to Compete. There's always the possibly that they're selling it to someone else, but I used to work with Compete data and it was overwhelmingly filled with data mined from the usage patterns of Red State users on bargain dialup providers (Netzero, etc). As a consumer of internet access you get what you pay for, including the right to increased privacy.

    link to this | view in chronology ]

  • identicon
    JJ, 15 Mar 2007 @ 12:55pm

    It is much worse that phone companies selling your records, because those are more anonymous than clickstreams. clickstreams can include information like your email address. spammers can pay the ISP's for the list and farm active email addresses.

    link to this | view in chronology ]

  • identicon
    RandomThoughts, 15 Mar 2007 @ 5:39pm

    Of course they sell your clickstream data, and selling it sure doesn't make it safer for consumers. Thats how Choicepoint got in trouble. They sold personal information on 163,000 people to a criminal organization.

    Nice to see the CEO of ChoicePoint got a 6 million dollar bonus last year.

    link to this | view in chronology ]

  • identicon
    News Website, 12 Jul 2007 @ 10:10am

    Aggregate the Data

    Some click stream data, especially searches, contain what the user is searching for and hence may easily reveal his/her identity. An aggregate form of the data, like how many searched for keyword X with Google, is a lot more responsible to provide and won't compromise anyone's privacy.

    link to this | view in chronology ]

  • identicon
    Elisabetta34mA, 8 Jan 2010 @ 8:39am

    Re

    It's not so simply to buy a great essays written, especially if you are booked. I give advice you to set buy essay and to be devoid from scruple that your work will be done by paper writing service

    link to this | view in chronology ]

  • identicon
    willington, 29 Jan 2010 @ 4:37am

    comment

    thanks for giving useful information.

    link to this | view in chronology ]

  • identicon
    arbitration Ukraine, 28 Jun 2010 @ 6:00am

    Thank you for another great blog. Where else could I get that kind of information written in such a perfect way? I have a project that I am presently working on, and I have been on the look out for such info.

    link to this | view in chronology ]

  • identicon
    honeymoons, 7 Sep 2010 @ 7:07am

    honeymoons

    Th4t be an epic da shizzi4 post, th4nkie 4it & in da futures we'll be seeing more of it

    link to this | view in chronology ]

  • identicon
    cruises, 7 Sep 2010 @ 7:07am

    We7ll I8be dat9 ogr6e speekie da speekie, gratz & than4x

    link to this | view in chronology ]

  • identicon
    flight center, 7 Sep 2010 @ 7:08am

    heb7e sh8at be th34nkie 4it on da posting left & righ8ty

    link to this | view in chronology ]

  • identicon
    paper writing, 8 Jul 2011 @ 4:12am

    hey, you must be kidding. it cannot be true

    link to this | view in chronology ]

  • identicon
    Bounce Houses, 26 Oct 2011 @ 2:34am

    Bounce Houses

    After reading your article and checking your blog out i strongly recommend your blog. Thanks for sharing such an informative post and will be waiting for more in future.

    link to this | view in chronology ]

  • Good post. Thanks for sharing this useful information with us.

    link to this | view in chronology ]

  • identicon
    royalvoyage, 2 Jul 2012 @ 2:05am

    This is why I love being in the UK, the government doesn't block any websites and although ISP's can I don't think many actually follow through. I know my ISP doesn't.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.