The privacy discussion – How ISPs, search engines, and social media services collect your information

The repeal of the FCC Internet privacy rules has spurred on many discussions on privacy online and how companies collect and use that information.  I have fielded many questions on what this means for consumers and their privacy when going online, using search engines, and social media.  Some have wondered how Internet Service Providers (ISPs) differ from search engines and social media in how they collect consumer data.

The difference between how ISPs and social networks or search providers collect and use data comes down to the how easy it is for consumers to switch from one provider to another, the ability to opt out, and the ability to circumvent data collection.

Switching services

The primary difference is in how easy it is for consumers to switch providers.  Search engines are the easiest.  Simply navigate to another search engine, such as DuckDuckGo which does not track its users, and issue the same search.  Yes, the results may vary, and you may be less satisfied with the results, but the process is simple.  It takes very little time, and the impact is not great.  However, search providers offer more than just searching.  Email, cloud services, stock tracking, shopping and other services may also be tied into your search account, so for consumers to fully move away from the platform, they must also adopt new providers for each of these services.

It is a little more difficult with social networks because not all users are on all social networks and social networks cater to certain types of social sharing.  If a user decides they do not like how one social network uses their data, so they decide to leave, they may be unable to communicate with some people who are not on the next social platform of choice, or they may miss out on updates from some of their contacts.

Now let’s look at ISPs.  To change ISPs, a user must contact the ISP, which might involve breaking a contract and paying fees.  They must then pay for new service from a different ISP and wait until that provider can connect their service.  This might result in a period where the user cannot connect online.  There are some cases where there is only one ISP in the user’s region, so they have no choice but to work with that ISP no matter what their privacy policy is.

It is clear that it is more difficult for consumers to change their ISP or their social network than it is for them to change their search engine.  However, it is not clear whether it is more impactful for consumers to change their ISP than their social network.  It may also be more difficult for consumers to switch their search provider if they intend on fully disconnecting from that provider because this involves changing email, shopping, and other services as well.

Opting out

There is also a difference between ISPs and social or search providers in the ability for users to opt out.  Prior to the privacy rules that were recently repealed, ISPs opted in each user but allowed them the ability to opt out.  This is something that Facebook and Google do not do.  If you want to use Facebook and Google, you will be tracked and your data used.

Circumventing data collection

I believe the largest difference between the ISP and the social network or search providers and their collection of data is that ISP data collection can be circumvented with the use of a VPN.  ISP data collection takes place because they are an intermediary to the communication channel.   This gives them a broad view of the myriad tasks a household performs online which can be valuable in building a profile of a household.  However, the entire process can be circumvented by utilizing a VPN.  When users are on a VPN, the ISP only sees connections originating from the household (IP address) and going to the VPN service.  They do not see the traffic that goes over the connection since it is encrypted.  However, the services at the other end still do see the traffic since the traffic is designated for them.  In order to use a social network, a user must log in, and requests must be sent to the social network.  Requests cannot be sent to an intermediary to perform on their behalf.   The only alternative would be for users to set up fake or random accounts that are used for perusing social networks and then discarded but the use case of such a system would be limited due to the requirement of sending friend requests, and it would violate many social network’s terms of use.



Published by Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage.Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

2 Comments

Gary R Cook
June 6, 2017 at 1:05 am23

Couple of personal experiences include renting a device month-to-month that provides stop-gap ISP service or tethering an inexpensive burner phone to ones computer.

Also Switzerland and one or more of the Scandanavian countries have the strictest privacy laws. Getting services for email (i.e. Protonmail.com), or a browser like Tor go a long way to help ensure privacy for browsing, as does Signal for text and calls.

I had an experience recently purchasing an inexpensive phone and discount service which the underlying carrier refused to update the phone operating system.

http://Www.cybersleuth.us (your website box doesnt accept this)

Reply
Eric Vanderburg
June 6, 2017 at 9:32 am23

Gary,

Thank you for the tips you provided.

Reply

Leave a Reply