A new government report suggests your internet provider is already working to monetize the fact that you’re on PCMag’s site right now.
The Federal Trade Commission on Thursday released a staff report detailing the privacy practices of six major providers. The bad news from this investigation, launched by the FTC in 2019, comes in boldface, bullet-point observations:
- Many ISPs in Our Study Amass Large Pools of Sensitive Consumer Data.
- Several ISPs in Our Study Gather and Use Data in Ways Consumers Do Not Expect and Could Cause Them Harm.
- Although Many ISPs in Our Study Purport to Offer Consumers Choices, These Choices are Often Illusory.
- Many ISPs in Our Study Can be At Least As Privacy-Intrusive as Large Advertising Platforms.
The report relies on submissions from AT&T, Charter, Comcast, Google Fiber, T-Mobile, and Verizon but doesn’t specify particular companies when discussing certain tracking practices and interfaces, which can make it a frustrating read.
For example, which firm “specifically disclaimed combining consumer data collected through its ISP services with these other services”? As a Verizon Fios customer, I hope that refers to a line in its “Relevant Online Advertising” explainer saying it “does not use information about non-Verizon websites you visit.”
But the report is clear that broadband providers, broadly speaking, see online advertising as a lucrative side hustle that lets them file customers into such interest groups as “Gotham Blend” and “Birkenstocks and Beemers,” against which they can target ads and promotions.
Most sites employ encryption to stop your ISP and other outsiders from seeing a page’s contents—Google reports that 91% of pages loaded in Chrome for Windows came encrypted—but their domain names along can still reveal your interests. (A footnoted reference to one ISP supporting encrypted domain-name lookups—that’s Comcast—hints at what customers can do to stop that, which is to use encrypted DNS like Cloudflare’s 1.1.1.1.)
Many ISPs can amass further data about their customers from such extra services as TV and home security, the report warns. And it scolds the industry for making so many of its privacy interfaces a series of dark patterns that invite people to make the wrong choices.
For example, it cites an unnamed firm’s “Do Not Sell my personal information” setting for presenting that with an off-switch toggle: “It is not clear whether the consumer needs to toggle the setting off to prohibit sale, or set it to on to turn on ‘Do Not Sell.’”
It also cites what sounds like T-Mobile’s privacy interface—except the description suggests the process involves far more clicks than the app on my phone requires. (Tap “More,” then “Advertising & Analytics.”)
The report compares all this surveillance to the tracking of major social networks but leaves out one way in which the ISPs do worse: Facebook and Google at least let you eyeball and edit the behavioral profiles they’ve built of you.
This document does not make policy recommendations, but FTC Chair Lina Khan shared her own in a statement, saying “the Federal Communications Commission has the clearest legal authority and expertise to fully oversee internet service providers.”
The FCC’s previous attempt to do that ended when Republicans in Congress quickly passed a bill in early 2017 undoing its pending broadband-privacy rules. Then-FCC Chairman Ajit Pai cheered President Trump signing that, saying the privacy rules were “designed to benefit one group of favored companies, not online consumers.”
Weeks later, Pai moved to scrap the 2015 net-neutrality rules that provided a legal footing for those regulations, a job the FCC finished in December of that year.
