back to article So my ISP can now sell my browsing history – what can I do?

So, the US House of Representatives has voted away internet privacy (in concert with the Senate), and the legislation will be heading to the White House for Trump's imprimatur. He's expected to sign quickly, so as internet users it's time to get really serious about privacy. Under the terms of the legislation, your ISP would …

  1. Anonymous Coward
    Anonymous Coward


    It sucks that a VPN is becoming mandatory for all internet access.

    A massive burden on the less well off, as they're forced to choose between having privacy, or a better connection etc.

    Great for European VPN businesses though. Thanks house of representatives.

    1. Anonymous Coward
      Anonymous Coward

      Re: VPN

      Next Tuesday your ISP will introduce "Ultra-Turbo Data Rates", which guarantee[*] wonderful performance through the use of the new snake-oil-a-licious UTDR proxy. Thoughtfully it comes with an additional CA certificate so your HTTPS sessions can also benefit. Unfortunately owing to profound but hard to explain technical reasons most VPN technologies become unreliable at the same time, except for HTTPS-tunnelled, and because of the "unprecedented demand for the Ultra Turbo proxy" non-UTDR-proxy traffic rates drop to < 1Mbps, also for profound technical reasons...

      [*] except not in any enforceable way, and all disputes via mandatory arbitration

    2. paulnick2

      Re: VPN

      infact you can't use 14 eyes countries as explained here

    3. DkSimmon

      Re: VPN

      I must say after this law only VPN can be good choice to stay safe. Although most of the VPN do maintain logs but very few top notch ones don't do that includding Pure VPn and tunnel bear.

  2. Pascal Monett Silver badge

    Well now it's final

    The Land of the Used to be Free has finally entered its sunset period. The Empire is waning, and all this will end in tears.

    President Eisenhower warned you, but it was too late.

    Oh well, we'll just have to wait for the storm to pass. It'll take years, but it will pass.

    1. Anonymous Coward
      Anonymous Coward

      Re: Well now it's final

      If the reanimated corpse of Ike tossed his hat in the ring today he'd be derided as a liberal communist appeaser, 5th columnist dupe, and Breitbart would feature countless links to YouTube videos that prove he actually spent WW2 teaching home economics in a Heidelberg convent school (while under the alias of BJ Blazkowicz the zygotic form of Donald Trump was rampaging across Nazistan)

  3. This post has been deleted by its author

    1. Anonymous Coward

      Re: Will This Data Be Misused....?

      Here in the U.K. We haven't had DRIPA since 31st Dec 2016 when it expired. We do have IPA which illegally (up until about 2 years tomorrow) allows theoretical access.

      1. This post has been deleted by its author

        1. Mark 85 Silver badge

          Re: Will This Data Be Misused....?

          They are all democracies in name only. Once the politico is in office, they are our masters.

  4. frank ly

    Dual VPN?

    I have a PIA VPN service and my Firefox browser has the Zenmate VPN plugin and my Opera browser has its own built-in VPN capability. If I activate the PIA VPN and enable the browser VPN, then I get a dual hop whereby my exit point and website destination is known by the browser VPN operator but they don't know where I come from. Similarly, PIA know where I come from but they don't know where my browser connection eventually goes to (they know it initially goes to another VPN provider).

    This seems to be more secure in terms of privacy if you're very concerned about that. I think you'd have to clear all cookies and maybe randomise your User Agent string, etc.

    1. Adam 52 Silver badge

      Re: Dual VPN?

      I don't know. On the one hand you've obscured your traffic, on the other you've now got a cryptographically provable link to your VPN payment method.

      Guess it depends on your threat model.

    2. Mark 85 Silver badge

      Re: Dual VPN?

      Careful citizen. At some point, you will come to the attention of the authorities who want to know what you are trying to hide.

      1. Tom 64

        Re: Dual VPN?

        Good luck streaming video over that link

    3. Two Lips

      Re: Dual VPN?

      Opera? And you think your data is safe in their hands? Think again.

  5. Anonymous Coward
    Anonymous Coward

    Cheap VPN

    Get an el cheapo offshore VPS plan with unlimited bandwidth (NAT/shared IP is perfect) and install OpenVPN on it - which takes 5 minutes. Job done. Total cost: £2.50/year

    1. CAPS LOCK

      Re: Cheap VPN

      Speaking on behalf of the lazy and hopeless "Details plz"

      1. Kane Silver badge

        Re: Cheap VPN

        "Speaking on behalf of the lazy and hopeless "Details plz""

        I meet 1.4 of those criteria1 - more details please Anon.

        1 I am entirely lazy, and .4 hopeless

        1. Anonymous Coward
          Anonymous Coward

          Re: Cheap VPN

          Yes... instructions/guide please.

          Taking it a bit further, here's a (probably fairly standard) situation - home broadband, used by the whole family. Want to protect privacy for everybody but don't want to cripple internet user experience e.g. not get hit with geoblocking for online TV services - Netflix, Amazon etc. etc.

          *Assuming* that a trusted provider can be found, can we set up a first VPS in our home country with routing set up so that (a) those TV services terminate there and get an IP address in our home country, and (b) everything else then gets routed via a second VPS (from a second provider) to a chosen "safe" country (e.g. Switzerland)? Then just set up the home router so that *all* traffic goes to the first VPS, and everything going via the home router is safe.

          In that scenario, domestic ISP then sees only encrypted traffic to the first VPS. Assuming that the first VPS isn't compromised, the only info available to parties in the home country is online TV viewing habits. All other traffic then goes via VPS2 and terminates in a "safe" country.

          Is that possible? Practical? Already being done?...

          1. Sir Runcible Spoon

            Re: Cheap VPN

            @AC You could do that with Enterprise kit, but with home routers you are best off doing it with multiple devices.

            For example, have a single ADSL router that connects to your ISP.

            Inside that you have two routers, one which will create VPN#1 and the other will create VPN#2.

            Everything you want to go via VPN#1 you send to the IP for that device, same with VPN#2.


  6. Blotto Silver badge

    Land of the free

    we used to believe that only oppressive regimes like North Korea, China and Russia behaved in this way.

    Seems the tables are now turned and the USofA are the ones micromanaging their citizens to extent they are listening in on their conversations and observing their unguarded behaviour.

    1. Rich 11

      Re: Land of the free

      listening in on their conversations and observing their unguarded behaviour.

      But it's for their own good! They couldn't be kept safe otherwise.

      Suggesting otherwise makes you a freedom-hating pinko Nazi liberal Commie threat to democracy.

    2. fidodogbreath Silver badge

      Re: Land of the free

      It both cracks me up and terrifies me that so many people slavishly believe the Republicans' claim to be the party of liberty and personal freedom.

      Sure, they believe in freedom for large corporations; but for the peasants, it consists mostly of things like the "freedom" to die of a curable disease, content in the knowledge that the evil gummint did not force you to have access to health care.

  7. Anonymous Coward
    Anonymous Coward

    I would take another route

    I think we have enough technology to lessen the consequences, but we're not solving it at source.

    What we need are tools that allow us to re-attribute those histories. I'm thinking about ways to cross link browser histories so it confuses the identity - maybe even bust the collection database and re-assign a whole host of dodgy links to, say, a couple of very prominent members of the government.

    As yet I have no idea of how to achieve this, but hiding isn't going to solve this. This nonsense needs a firm handful of nuts thrown into its gears because nothing else seems to stop the recurrence of this nonsensical breach of your Human Rights.

    1. Anonymous Coward
      Anonymous Coward

      Re: I would take another route

      Wouldn't that be like a less ambitious form of TOR? Used on a small scale it will probably work, but if popular enough you'll probably see some of (a) exit node hampering (b) ISP terms & services barring traffic redirection/running servers being enforced (c) ISP deeming traffic obscuration a "business service" and requiring a more expensive subscription

      1. Martin-73 Silver badge

        Re: I would take another route

        The latter two would lead to the isp becoming a wasteland of only fools remaining. See 'AOL' for an example

        1. Sir Runcible Spoon

          Re: I would take another route

          "Atm, not sure if wiser to secure yourself, or attempt to get lost in the noise."

          If we're talking about serious TLA's then hiding yourself in the noise is reasonable, but since we are now talking about people having access to your details and selling the info then I would go secure.

          Personally, I'm not going to go to the bother of VPN's outside my country (I prefer the speed benefits of local connections) so the spooks/law can still get my data if they think it's necessary for some reason, but the bottom feeders won't be getting my details.

    2. Anonymous Coward
      Anonymous Coward

      "As yet I have no idea of how to achieve this,"

      Me neither.. But I suspect the answer lies in some kind of community sharing... Where users agree to route each others traffic somehow. After all every corporate that claims to be neutral will probably succumb eventually. So we need community spirit to be part of the fight-back.. Its sad / dystopian news though. How did things get this way... Privacy after a thousand cuts... Politicians are all pawns... Feels like watching 'Homeland' or something...

      1. Meph

        Re: "As yet I have no idea of how to achieve this,"

        You could always try a decentralized browsing stream, similar to current generation peer to peer file sharing. If 0.5% of your browsing comes from multiple sources, then the tracking data won't be worth much. In suggesting this, I think I can already feel the ire of millions of programmers though.

        The alternative would be to confuse the held data by randomly accessing resources with no discernible pattern. This might lead to some unusual adds being served though.

        1. Anonymous Coward
          Anonymous Coward

          'try a decentralized browsing stream, similar to current generation peer to peer file sharing.'

          What are we really talking about here The-Pirate-Bay's PirateBrowser etc.... Anyone got some recommendations for decentralized web browsers???

          1. Swarthy Silver badge

            Re: 'try a decentralized browsing stream, similar to current generation peer to peer file sharing.'

            Hmm.. I wonder what would happen if I appended ?fnord=");DROP TABLE history;-- onto all of my URL entries.

            Or maybe a browser plugin that would rotate through history, userhistory, browsing, and the like; or maybe users, customers, billing, or just * for the nuclear option. Perhaps the plugin could add those as HTTP headers, so as not to risk buggering up legit query strings.

    3. Ogi

      Re: I would take another route

      Sounds like what you want is a big distributed VPN. Essentially what the internet is already, but fully encrypted.

      the i2p project is what I looked into:

      Sounds very much like what would be the solution. The only problem is that unless you have a gateway to the wider internet, you are stuck to what services are run on the I2P network. However you (and your mates) can host whatever you want on it, including IM, web, etc... and you go from there.

      I might have another look it, however the other problem is if all my traffic becomes encrypted, that will just single me out as someone that the powers should "pay close attention to".

      Atm, not sure if wiser to secure yourself, or attempt to get lost in the noise. For now running a yacy search engine spider on my machines. That way the bot is constantly spidering the web so we get an open source P2P search engine that is usable with an up to date index, and my browsing hopefully gets lost in the noise.

    4. Kiwi

      Re: I would take another route

      maybe even bust the collection database and re-assign a whole host of dodgy links to, say, a couple of very prominent members of the government.

      Looking at El Presidente, I don't think any manipulation of the data would be necessary.

      I'll bet he wants his data kept free from this. I'll also bet his ISP will be getting some pretty big offers for his history - and much the same for any other high-ranking politician/military person/other official.

      Just thought of the blackmailing opportunities this could open up. Pay your $60/mo for chump's browsing history, blackmail him with it. Course you'll have to pay massive counseling fees for the poor pleb you go tot troll through it for whatever filth that thing the yanks call a president is in to, but hey - you'll be a billionaire and the pleb (and counsellors) will walk away with more money than the GDP of a small nation, so it could be worth it...

      [orders truckload of popcorn]

  8. Blake St. Claire

    Silly, that's what bots are for

    I'll just run a slow spider of the web. I'm happy to let them sell that history to someone.

    1. Anonymous Coward
      Anonymous Coward

      Re: Silly, that's what bots are for

      And pray it doesn't bumble into some strict liability material... before that happens make sure to share the good news that St Claire's Spidery Services seeks to improve its boardroom with the the valuable experience of soon-to-retire senior policemen and cabinet ministers, stipend to be arranged. Going to play at being Google? need to play at "don't be evil" too.

      1. Blake St. Claire

        Re: Silly, that's what bots are for

        pfft. Trivial problem to solve. Spybot – amongst probably others – has a long list of known malware and porn sites that it inoculates your system with. It blackholes the known sites in your system's (/etc/)hosts file. And I've tripped over a few other sites on my own that I've added to the list. (Which reminds me, it's been a few years since I updated the list). The bot can start with those and be updated on a regular basis. It's also easy to avoid anything/everything in the .xxx TLD – thanks ICANN.

        And if I ever decide to run for Parliament or Congress and someone goes muckraking through my browsing history I've got an easy answer: the bot did it. On top of which, there's also the Get Out of Jail Free Card, er, I mean the Grab 'Em By The Pussy card. It worked for Twitler, it ought to work for everyone. I mean honestly, who gives a rats ass if I've looked at porn? Aren't we over that yet?


  9. Anonymous Coward
    Anonymous Coward

    Opportunity for Amazon here...

    Amazon could offer a consumer VPN, powered by the fairly powerful AWS machine, to their long-suffering Prime customers. Give us something to play with in-between waiting for the next Grand Tour season, and sitting around nearly a week waiting for our "2-day" shipments to arrive.

    PS: 'Manchester By The Sea' is horrific. Cheers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Opportunity for Amazon here...

      You can probably also set up your own VPN server on AWS outside the US...

  10. LaeMing

    Track Me Not

    Suggested over at ArsTechnica was

    I haven't looked into it in detail yet though.

    1. Timbo

      Re: Track Me Not

      TrackMeNot can be installed into Chrome, but trying to do the same in Firefox causes the browser to prevent installation as it is an unsigned extension :-(

      1. MiguelC Silver badge

        Re: Track Me Not

        You can install it from the firebox official add-ons site

        1. oneeye

          Re: Track Me Not

          Hi all,

          Read this article by Bruce Schneier about "Track Me Not" and have a good laugh. He makes many common sense statements why this won't work.

          Now, they may have made numerous improvements over the years, but much of what is in the article still applies.

      2. DkSimmon

        Re: Track Me Not

        Preferable this would help.

  11. Anonymous Coward
    Anonymous Coward

    "Corporate America is all about a race to the bottom,"

    ...."Corporate America is all about a race to the bottom," .... "What are these companies going to do when shareholders demand they take advantage of the new revenue stream? I don't buy it that they'll take the high road."....

    Now the worrying question is, which countries will follow.....?

    So many countries still worship the US way of doing things...

    From Hacking Team leaks: US-DEA taps Colombia's entire internet etc.

  12. vallor

    The article includes one of the interviewees being skeptical that various ISP will be safe from this sort of overreach (specifically, Sonic), as he says they are all in a "race to the bottom".

    Thankfully, Sonic is privately-held, so the spectre of shareholders demanding violating their customers' privacy is not a concern.

    Full disclosure: I'm one of the owners, and we have always taken the privacy of our customers very seriously. We've used the analogy of the phone company listening in on phone calls for marketing purposes -- that would be very creepy, and so is this bill from Congress.

  13. Anonymous Coward
    Anonymous Coward

    Do all readers live in USA

    I stopped reading the article because I got the feeling that this article seems to me to assume that every reader is subject to this USA law, or am I just a non-native-english speaker/reader and/or missing the point completely?

    Nevertheless I am annoyed and perhaps worried 'bout this insane murrican lawmaking...

    So now I will continue reading the article.

    1. Kane Silver badge
      Big Brother

      Re: Do all readers live in USA

      "I stopped reading the article because I got the feeling that this article seems to me to assume that every reader is subject to this USA law, or am I just a non-native-english speaker/reader and/or missing the point completely?"

      It's a fair point, but what is to stop these ISP's collecting data from connections arriving from outside the USA; as an example, visiting a site that sits within an American server/network. If I'm in Blighty, my data and connections traverse the inter'tubes. Won't they be picking up this info as well? Won't that info be compiled into a sell-able package as well? Can this be confirmed?

      1. Sir Runcible Spoon

        Re: Do all readers live in USA

        This might be in the US for now, but you can bet the UK will be hot on their heels (if not already ahead of the game with your Internet Records).

  14. Anonymous Coward
    Anonymous Coward

    We are supposed to live in a free market in the US, ......

    Yes, The Reg is based in the USA.

    1. Anonymous Coward

      Re: We are supposed to live in a free market in the US, ......

      Be calm, Brexit just happened today, it will still take some time before UK becomes a colony of its ex-colonies...

  15. Anonymous Coward
    Anonymous Coward

    Big Brother is watching you

    George Orwell's 1984 is literally becoming reality supported by law.

  16. wolfetone Silver badge

    Well, it hasn't taken too long for America to catch up with the UK in terms of internet privacy issues. Where have you been guys?

    Since the UK passed its own Orwellian laws in regards to the internet, I've looked at a lot of pro's and con's concerning VPN's. It might be something El Reg should cover, because I don't really think anyone here knows what to look for in a VPN.

    In that respect, and for brevity, I would recommend people look at NordVPN. It has a lot of options, VPN's for video on demand services, dual VPN's (as someone mentioned earlier), based in Panama so outside of the "X eyes" cabal of countries. While you are passing the issue of trust on to someone else, there were a lot less alarm bells with this provider than others.

    Furthermore, you can always buy a VPS from Linode or Digital Ocean and set that up to be a VPN yourself.

  17. Anonymous Coward
    Anonymous Coward


    Anyone here has experience using SoftEther? Are there any know issue about it, or something that one should be aware of when using it?

  18. Captain Hogwash

    Re: "...getting Tor running on a Chromebook is very difficult..."

    If you're using a Chromebook then it's likely you're not interested in privacy anyway.

  19. jMcPhee

    Make Junk Data?

    So, what would happen if enough of us got an old PC and set up a (linux) client which made countless random web queries during off hours when the bandwidth wasn't needed? OK, the tone and content of junk mail would change. But, could it crap up analytics to the point where no advertiser in their right mind would pay for it?

    1. John Brown (no body) Silver badge

      Re: Make Junk Data?

      IIRC someone made a browser plug-in during the UK Phorm debacle to do ust that, ie pollute browser histories.

  20. j j

    Tor is so clearly the easiest option here

    Am I missing something?

    Are Chromebook user numbers really that high?

    1. stephanh

      Re: Tor is so clearly the easiest option here

      Well, good luck visiting the Register using Tor. Cloudflare effectively blocks Tor.

      1. Trey Pattillo

        Re: Tor is so clearly the easiest option here...really?

        don't know if your tried by I did and ...... Fake News

        Located in Texas USA

        there was a 5 second "notice" of delay and there it is

        Looks like crap due to lots of crap-code sections reading like

        https[://][/..........with inline script [ext.js]

        Articles them selves are linked and same as above for crap-code.

      2. Kiwi

        Re: Tor is so clearly the easiest option here

        Well, good luck visiting the Register using Tor. Cloudflare effectively blocks Tor.

        Posting this via TOR now. Though I did get a clodfool "please enable javashit and reload the page" on my first attempt. However, reloading seems to have fixed that.

        That said, coldturd has often been a pain when trying to post on El Reg in the past (back when they first started using it), but having all google JS blocked (thanks NoScript!) fixed that. Hopefully soon El Reg will go elsewhere. Assuming there is a worthwhile "elsewhere" that provides the DDoS protection El Reg probably needs these days...

    2. John Brown (no body) Silver badge

      Re: Tor is so clearly the easiest option here

      How long will Tor be usable if there's sudden large influx users

  21. fidodogbreath Silver badge
    Big Brother

    Chromebook privacy? Is that even a thing?

    If you're using a Chromebook and you're concerned about privacy, ISP tracking is the least of your problems...

  22. Adrian 4 Silver badge

    You can help hit them where it hurts

    Apparently the fight back has started.

    has already raised $100,000 to buy the browsing histories of the politicians who voted this through.

    1. Kiwi
      Thumb Up

      Re: You can help hit them where it hurts

      has already raised $100,000 to buy the browsing histories of the politicians who voted this through.

      Cool. Just think of the blackmail potential! They could probably pay back the donators 10-fold and still walk away with a profit!

      Except where drumpf is concerned. We already have some idea of how sick that thing is.

      [Edit] : Just looked at the page (2:22am NZ.. Er NZ DST or NZ ST? Dunno, anyway April 02 2017) - "$197,089 of $10k goal" - I wish I could exceed my goals by that much!

  23. Chemical Bob


    Just turn off all wifi security on your access point and change the SSID to "Free WiFi".

    Yeah, if it works and enough people outside your house use it you'll have a slower connection but it'll probably be faster than using TOR and won't flag you as someone to watch because you're using a VPN and it totally pollutes the well.

    1. Tom Paine

      Re: simples

      Just turn off all wifi security on your access point and change the SSID to "Free WiFi".

      All fun and games until the Federales knock on your door asking about all this child porn you've been downloading...

      1. Anonymous Coward
        Anonymous Coward

        Re: simples

        Which won't even be on your computers so you can sue them for false arrest.

  24. Tom Paine

    Fundamental problem

    "The irony is that if you had proper competition, with six or seven ISPs to choose from, then all these problems with privacy and net neutrality would wither and die," Jaspers opined. "Companies could differentiate and the market could shake down the best solutions for people."

    Exactly, and this is my problem with Net Neutrality as well. It's a bandaid workaround for a broken market. Fix the market, need for NN goes away.

    yeah yeah, I know, easier said than done.

  25. oneeye

    The Guardian Project

    The Guardian Project ( ) has multitudes of apps for Android devices. You might not cover everything, but can certainly go a long ways toward blunting your ISP. And don't forget about adblocker that work globally on Android devices. They are a VPN that filters your traffic, and so, if you need to pay a subscription, why not get more bang for your buck? Two well known options are Disconnect and Adgaurd. They have options for all platforms. And then there are more than those, just do a search.

    Now, one comment suggested that elreg should do a write-up on VPN services, but they did last year. A very comprehensive review of many of the top VPN's, but be warned, the reviews were not very flattering because of various bad practices by said VPN's.

  26. oneeye

    VPN Articles from ElReg!

    Here are a few from last year. The first is about Android options, and the article I referenced above.

    This one concerns desktop,and laptop. Specific to business I think.

    Now, there are lots of other reviews out there, but do your homework folks, it's a jungle.

  27. aim11

    Protect your kids

    I foresee what our future generations will see.

  28. Anonymous Coward
    Anonymous Coward

    Re. High energy physics

    Seems that this is being done already, I had my Internet connection crippled a while back.

    After asking a question about why such specific sites were blocked the problem went away about 4 days later, and hasn't come back since.

  29. katherinehurley

    This is nothing new! ever heard of Prism!

    So if anyone reappeals or not, whether they pretend that its not gonna implement right away or not! i know this has been going on for a while now! NSA along with google, fb, yahoo and likes of other few giants has been doing it and naming it Prism! Not its legit as per the laws so what else can you do, lets go for a solution that is long term! pick a vpn service that has servers in usa but is not based in USA! so atleast they don't have to comply with USA's govt polcies!

    i prefer, purevpn, ivacy or even nordvpn

  30. William.T


    yes its a great threat. using VPN is essintial now. i am currently using IVACY as its cheap and effective.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like