ISPs On Selling Your Clickstream Data: No Comment
from the move-along-now-nothing-to-see-here dept
Last month there was a story floating around about how ISPs are making a lot of money selling off your clickstream data -- something they don't advertise, but which could have tremendous privacy implications. ISPs stayed pretty quiet following that and hoped the story would blow over -- but Broadband Reports points us to the news that the intrepid reporters over at Wired are calling up various ISPs to try to get a straight answer as to whether any of the big names are selling data on what you do online. So far, there seem to be an awful lot of "no comments" (or similar answers) on the list. While the ISPs seem to hope that this story will disappear, it has the makings of something that will come back to bite them in the future. Generally speaking, if ISPs are unwilling to admit to a reporter that they're selling customer data to third parties, that probably means they shouldn't be doing it...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Wow that is some powerful information
Where is privacy? do I look like I want everybody to know what I am doing on the net at 3 am????
this is getting ridiculous
Fab
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Honesty...
(cue crowd): Hi Bill!
-------------------
All jokes aside, as a consumer, I fully expected my ISP was selling my surfing habits, but hoped that they were selling them in an aggregated fashion (e.g. this demographic visits these types of sites 3-5 times per month, etc.). I have AT&T, and from their response, it looks like I'm slightly better off than I thought - they say they only track within the AT&T network. Still, given their size, that could be a rather large number of sites... :-(
Fortunately, I'm lucky enough to have multiple machines for multiple members of the family, so even just the data on my account is an aggregation of multiple users anyway. In the end, it comes down to something I was told to "assume" back in the mid-90's:
Whenever you do anything on the Internet, assume at least one other person can see EVERYTHING you are doing.
[ link to this | view in chronology ]
Personal Info
I often thought my old ISP was selling my email address. We joked about it until it looked like we were proven correct. I opened a new email, never handed out the address, never used it, just created it. After a few months I checked it and sure enough, it was getting junk mail. That's when I said screw that, switched ISPs and only use Gmail now... at least Gmail has a good filter in place for dealing with spam and they don't delete all my messages after a month or so.
*Back On Topic*
I think the selling statistical, non personal, information is fine. Things like "we have x number of users looking for this" or "we found that this demographic gravitate toward this kind of material" are ok in my book due to the impersonal nature. On the other hand, I don't think they should be keeping archives of your history or distributing surfing habits of individuals. If they can look up an account with the info then it's too specific.
[ link to this | view in chronology ]
Re: Personal Info
So if your address was john.smith@isp.com, then you would eventually get spam as spambots cataloged that address as real (as in the mail server did not respond with a 301 - no such user). Even if you use a pseudo random address, as long it contains a proper name, dictionary word or numbers, a spambot will eventually stumble across it.
That's particularly true of large email hosters like Yahoo, Gmail and HotMail as they are juicy targets for such spambots. One way to combat this is greylisting, but it has other negative side effects.
Chris.
[ link to this | view in chronology ]
Re: Personal Info
As for the article topic, I agree. Isn't it a violation of privacy for them to keep that information? Demographics would be OK I guess, but user specific information shouldn't be allowed.
[ link to this | view in chronology ]
Re: Re: Personal Info
I know bots search key words, the test email was a random generated alpha numeric key I got from a little .NET app I wrote for the purpose. I think it was something like 15 characters long or so. If a bot hit it I would have been extremely surprised... but that was also the reason I never planed on handing it out... I couldn't remember it if I wanted to other then when I entered it into the email app.
[ link to this | view in chronology ]
Re: Personal Info
I think the selling statistical, non personal, information is fine. Things like "we have x number of users looking for this" or "we found that this demographic gravitate toward this kind of material" are ok in my book due to the impersonal nature. On the other hand, I don't think they should be keeping archives of your history or distributing surfing habits of individuals. If they can look up an account with the info then it's too specific."
You should be worried, very worried. If sites use "get" instead of "post" to transfer data, then your ISP could be selling your private information. "GET" information is definately part of a clickstream. I wouldnt be surprised if "post" was also part of the clickstream.
What values could be in your clickstream? Try your social security number, your email address, your name, even wierd things that you might search for.
I saw a study once where someone was able to identify a group of people based on the clickstreams extended information.
Remember that many ISP's are monopolies. This means you have no choice. The government should regulate privacy.
Also consider that you are paying a premium for your internet service and are not happy with them selling your activity to others.
[ link to this | view in chronology ]
Re: Personal Info
[ link to this | view in chronology ]
Spam bots and my clicks
About spam bots, I signed up for a Yahoo account, hadn't used it and when I first logged in (a few hours later) I had 1 automated Yahoo greeting and 10 spam msgs. That pretty much rules out a bot.
[ link to this | view in chronology ]
I think that they should pay us a royalty every time our personal information is bought and sold!!!!! The reason this personal information has intellectual property value is that the purchasers of this private information hope to extort money out of us. So why not have a toll booth for access to this information?
My real hope of course is not getting paid, but eliminating draconian restrictions by the content industry on the consumer.
[ link to this | view in chronology ]
If they have nothing to hide....
You know the excuse, 'if your doing nothing wrong you have nothing to hide'.
Well if the ISPs are doing nothing wrong then release the information, go on, just like AOL did. Just like AOL released 'anonimized data' which could be used to personally identify people and result in sackings at AOL.
Go one. I dare you to come clean.
[ link to this | view in chronology ]
Re: If they have nothing to hide....
[ link to this | view in chronology ]