Good news, everyone: Your privacy online did not vanish when Congress voted Tuesday to throw out planned rules that would have stopped Internet providers from tracking your browsing history and selling that data to advertisers. Bad news: Your privacy on the Internet wasn’t in great shape before that vote either.
In other words, the death of pending Federal Communications Commission regulations is a reminder to perform the privacy check-up that you should have done anyway.
Check your provider’s policies
The telecom companies that fought the FCC rules say they wouldn’t do the things banned by them anyway. At the end of January, most major ISPs and their trade associations signed a pledge to let you opt out of having your data used for third-party marketing.
Take them at their word: Visit your provider’s privacy-policy page, as painful as digesting that legalese might be, and opt out of marketing options you don’t like.
Since Tuesday’s vote, AT&T, Comcast and Verizon have each said they won’t sell browsing data to third parties. Since AT&T and Verizon had earlier done just that — the former with an “Internet Preferences” scheme on its gigabit fiber-optic service, the latter with a “supercookie” tracking header added to wireless traffic — one can only hope they’ve learned from those efforts.
Prefer encrypted sites
Sites that encrypt the connection between themselves and your browser — most often identified with an “https” prefix to an address or a lock icon in the address bar — stop third parties, including your Internet provider, from monitoring the data going back and forth. Your ISP will only see the domain name you visit… which, if it belongs to a political-advocacy group, can still be revealing.
Some experts will advise employing a virtual private network (VPN) service to scramble all of your traffic, but I don’t recommend that unless you’re on a connection you know to be dicey, like at a random store. Good ones cost extra, and choosing one can be tricky when, as cybersecurity expert Brian Krebs wrote Thursday, many exhibit sketchy business practices of their own.
See how sites see you
A common critique of the FCC rules was they did nothing about sites like Facebook and Google tracking you. That’s true.
But unlike ISPs that have collected user data, those two firms and others (for instance, Amazon) let you inspect and edit the advertising profile based on your activity there. Visit facebook.com/ads/preferences and google.com/ads/preferences; you may be surprised by each site’s depiction of you.
Spread your business around
Another key difference between a search engine and an ISP: Giving Google a rest is much easier than cutting back on Comcast. Take advantage of that by relying less often on your usual sites. For instance, instead of hitting Google every time, switch among such competitors as the https://duckduckgo.com/privacy-optimized Duck Duck Go.
(Disclosure: I also write for Yahoo Finance, a news site run by a Google rival.)
Don’t forget the private- or incongito-browsing options offered by all of the major browsers, which leave sites with almost no usable data on you once you close that window. Your Internet provider, however, will still see at least the domain names you visit.
Take your business elsewhere — if you can
If your Internet provider does abuse your privacy, fire it and use another — if you can. Unfortunately, many of you can’t.
According to an FCC report posted in November, at the end of 2015, only 24% of Census blocks had two or more providers selling connections with download speeds of at least 25 megabits per second and uploads of at least 3 Mbps — the FCC’s definition of usable broadband.