What creepy stuff will your ISP do once the FCC allows them to spy on your internet usage?

Senate Republicans have introduced a bill to ensure that the FCC won't be able to prevent your ISP from spying on your internet usage and selling your private information. What does that mean in practice?


We don't need to guess: we just need to look at what America's ISPs did before they were banned from spying on their customers and selling their data, namely: selling data to marketers; hijacking search-results; snooping through your web-traffic and inserting ads; pre-installing spyware on your phone and spying on every click you make; and injecting undetectable, undeletable tracking cookies in all of your HTTP traffic.

If this sounds like a bad idea to you write to Congress using EFF's action center and tell 'em so.


1. Injecting undetectable, undeletable tracking cookies in all of your HTTP traffic

Which ISPs did it before? AT&T, Verizon

The number one creepiest thing on our list of privacy-invasive practices comes courtesy of Verizon (and AT&T, which quickly killed a similar program after Verizon started getting blowback).

Back in 2014 Verizon Wireless decided that it was a good idea to insert supercookies into all of its mobile customers' traffic. Yes, you read that right—it's as if some Verizon exec thought "inserting tracking headers into all our customers' traffic can't have a down side, can it?" Oh, and, for far too long, they didn't bother to explicitly tell their customers ahead of time.

But it gets worse. Initially, there was no way for customers to turn this "feature" off. It didn't matter if you were browsing in Incognito or Private Browsing mode, using a tracker-blocker, or had enabled Do-Not-Track: Verizon ignored all this and inserted a unique identifier into all your unencrypted outbound traffic anyway. According to the FCC, it wasn't until "two years after Verizon Wireless first began inserting UIDH, that the company updated its privacy policy to disclose its use of UIDH and began to offer consumers the opportunity to opt-out of the insertion of unique identifier headers into their Internet traffic."

As a result, anyone—not just advertisers—could track you as you browsed the web. Even if you cleared your cookies, advertisers could use Verizon's tracking header to resurrect them, which led to something called "zombie cookies." If that doesn't sound creepy, we don't know what does.

As you can see, there's a lot at stake in this fight. The FCC privacy rules congress is trying to kill would limit all of these creepy practices (and even ban some of them outright). So don't forget to call your senators and representative right now—because if we don't stop Congress from killing the FCC's ISP privacy rules now, we may end up with a lot more than five creepy ISP practices in the future.


Five Creepy Things Your ISP Could Do if Congress Repeals the FCC's Privacy Protections

[Jeremy Gillula/EFF]