ISPs On Selling Your Clickstream Data: No Comment

from the move-along-now-nothing-to-see-here dept

Last month there was a story floating around about how ISPs are making a lot of money selling off your clickstream data -- something they don't advertise, but which could have tremendous privacy implications. ISPs stayed pretty quiet following that and hoped the story would blow over -- but Broadband Reports points us to the news that the intrepid reporters over at Wired are calling up various ISPs to try to get a straight answer as to whether any of the big names are selling data on what you do online. So far, there seem to be an awful lot of "no comments" (or similar answers) on the list. While the ISPs seem to hope that this story will disappear, it has the makings of something that will come back to bite them in the future. Generally speaking, if ISPs are unwilling to admit to a reporter that they're selling customer data to third parties, that probably means they shouldn't be doing it...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Fabien, 11 Apr 2007 @ 9:49am

    Wow that is some powerful information

    When you think you are at the privacy of your home, there is always someone somewhere watching your every...mmhhhhh click?

    Where is privacy? do I look like I want everybody to know what I am doing on the net at 3 am????

    this is getting ridiculous

    Fab

    link to this | view in chronology ]

  • identicon
    anon, 11 Apr 2007 @ 9:51am

    This blog needs some sort of spam filter that will automatically delete the first comment on any article.

    link to this | view in chronology ]

  • identicon
    anon, 11 Apr 2007 @ 9:55am

    Yeah, a while loop that continuously deletes the first reply to any post. while (posts.length > 1) post[0].delete;

    link to this | view in chronology ]

  • identicon
    Bill, 11 Apr 2007 @ 10:03am

    Honesty...

    Hi. My name is Bill and I'm a porn surfer...

    (cue crowd): Hi Bill!

    -------------------

    All jokes aside, as a consumer, I fully expected my ISP was selling my surfing habits, but hoped that they were selling them in an aggregated fashion (e.g. this demographic visits these types of sites 3-5 times per month, etc.). I have AT&T, and from their response, it looks like I'm slightly better off than I thought - they say they only track within the AT&T network. Still, given their size, that could be a rather large number of sites... :-(

    Fortunately, I'm lucky enough to have multiple machines for multiple members of the family, so even just the data on my account is an aggregation of multiple users anyway. In the end, it comes down to something I was told to "assume" back in the mid-90's:

    Whenever you do anything on the Internet, assume at least one other person can see EVERYTHING you are doing.

    link to this | view in chronology ]

  • identicon
    Casper, 11 Apr 2007 @ 10:48am

    Personal Info

    *Off Topic*
    I often thought my old ISP was selling my email address. We joked about it until it looked like we were proven correct. I opened a new email, never handed out the address, never used it, just created it. After a few months I checked it and sure enough, it was getting junk mail. That's when I said screw that, switched ISPs and only use Gmail now... at least Gmail has a good filter in place for dealing with spam and they don't delete all my messages after a month or so.

    *Back On Topic*
    I think the selling statistical, non personal, information is fine. Things like "we have x number of users looking for this" or "we found that this demographic gravitate toward this kind of material" are ok in my book due to the impersonal nature. On the other hand, I don't think they should be keeping archives of your history or distributing surfing habits of individuals. If they can look up an account with the info then it's too specific.

    link to this | view in chronology ]

    • identicon
      Chris Maresca, 11 Apr 2007 @ 11:05am

      Re: Personal Info

      They probably weren't selling it. There are spambots out there that use dictionaries to send mail to millions of addresses, regardless of whether they exist or not.

      So if your address was john.smith@isp.com, then you would eventually get spam as spambots cataloged that address as real (as in the mail server did not respond with a 301 - no such user). Even if you use a pseudo random address, as long it contains a proper name, dictionary word or numbers, a spambot will eventually stumble across it.

      That's particularly true of large email hosters like Yahoo, Gmail and HotMail as they are juicy targets for such spambots. One way to combat this is greylisting, but it has other negative side effects.

      Chris.

      link to this | view in chronology ]

    • identicon
      Fatali, 11 Apr 2007 @ 11:18am

      Re: Personal Info

      In regards to your off topic comment, it may not have been that your ISP sold your email. Spammers can set up bots that send email to a range of email addresses, even addresses that they don't know exist or not. They can give the bot some parameters as to what range of possible email addresses to try, and then it tries them all. Since it's spam, they don't care if they get some wrong they just keep trying new combinations.



      As for the article topic, I agree. Isn't it a violation of privacy for them to keep that information? Demographics would be OK I guess, but user specific information shouldn't be allowed.

      link to this | view in chronology ]

      • identicon
        Casper, 11 Apr 2007 @ 11:21am

        Re: Re: Personal Info

        "In regards to your off topic comment, it may not have been that your ISP sold your email. Spammers can set up bots that send email to a range of email addresses, even addresses that they don't know exist or not. They can give the bot some parameters as to what range of possible email addresses to try, and then it tries them all. Since it's spam, they don't care if they get some wrong they just keep trying new combinations."

        I know bots search key words, the test email was a random generated alpha numeric key I got from a little .NET app I wrote for the purpose. I think it was something like 15 characters long or so. If a bot hit it I would have been extremely surprised... but that was also the reason I never planed on handing it out... I couldn't remember it if I wanted to other then when I entered it into the email app.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Apr 2007 @ 12:00pm

      Re: Personal Info

      "*Back On Topic*
      I think the selling statistical, non personal, information is fine. Things like "we have x number of users looking for this" or "we found that this demographic gravitate toward this kind of material" are ok in my book due to the impersonal nature. On the other hand, I don't think they should be keeping archives of your history or distributing surfing habits of individuals. If they can look up an account with the info then it's too specific."


      You should be worried, very worried. If sites use "get" instead of "post" to transfer data, then your ISP could be selling your private information. "GET" information is definately part of a clickstream. I wouldnt be surprised if "post" was also part of the clickstream.

      What values could be in your clickstream? Try your social security number, your email address, your name, even wierd things that you might search for.

      I saw a study once where someone was able to identify a group of people based on the clickstreams extended information.

      Remember that many ISP's are monopolies. This means you have no choice. The government should regulate privacy.

      Also consider that you are paying a premium for your internet service and are not happy with them selling your activity to others.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Mar 2018 @ 6:42pm

      Re: Personal Info

      Gmail? Seriously?

      link to this | view in chronology ]

  • identicon
    Bill, 11 Apr 2007 @ 11:37am

    Spam bots and my clicks

    First off, they're MY clicks. I did all the work pressing that little mouse button and typing in addresses. So, if they're going to sell my click data they OWE ME. Dslreports.com reports that ISPs get about $5 per user per month. This should filter back to our bills being reduced by $2/mo.

    About spam bots, I signed up for a Yahoo account, hadn't used it and when I first logged in (a few hours later) I had 1 automated Yahoo greeting and 10 spam msgs. That pretty much rules out a bot.

    link to this | view in chronology ]

  • icon
    Steve R. (profile), 11 Apr 2007 @ 11:40am

    If the content providers can claim that we owe them fees every time we use their so-called "intellectual property", how about their use of our personnel information????

    I think that they should pay us a royalty every time our personal information is bought and sold!!!!! The reason this personal information has intellectual property value is that the purchasers of this private information hope to extort money out of us. So why not have a toll booth for access to this information?

    My real hope of course is not getting paid, but eliminating draconian restrictions by the content industry on the consumer.

    link to this | view in chronology ]

  • identicon
    NoOneSpecial, 11 Apr 2007 @ 12:12pm

    If they have nothing to hide....

    Well if the ISP has nothing to hide then why not reveal what data is released?

    You know the excuse, 'if your doing nothing wrong you have nothing to hide'.

    Well if the ISPs are doing nothing wrong then release the information, go on, just like AOL did. Just like AOL released 'anonimized data' which could be used to personally identify people and result in sackings at AOL.

    Go one. I dare you to come clean.

    link to this | view in chronology ]

    • identicon
      AnonymousCoward, 27 Aug 2021 @ 11:59pm

      Re: If they have nothing to hide....

      They have secret agreements to supply bulk data for surveillance purposes, and commercial agreements to sell data for money with no oversight. The police can't even provide accounts of who is accessing that data, let alone commercial data brokers. The access is very cheap and getting cheaper all the time. You only need look at SolarWind's NetFlow data security, or Cisco, or the many data sets available and sold on the black market. Many of theses products are available to anyone. Increasingly backbone data is being commercialized and sold, and this data contains the keys to the kingdom.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.