How will ISPs collect and sell your browser history?

The internet has been abuzz since the House of Representatives voted Tuesday to give internet service providers (ISPs) such as AT&T and Verizon the ability to collect and sell your browsing history for advertising purposes. With the bill increasingly looking like it will be signed by President Trump, many are wondering how it will impact consumers.

How will it work?

Assuming passage of the bill, ISPs will have the ability to collect, store, share and sell certain types of data -- including browsing history, app usage data, location information, all without users’ consent.

Aside from simply retaining the data itself, there are four major ways that ISPs can collect the data, according to NordVPN, which bills itself as “the world’s most advanced [virtual private network] service provider.”

1. Deep packet inspection.

Deep packet inspection allows the ISP to go through certain pockets of data that are sent across the web and data that’s used for user protection. This can also be batched together to include information like age, location, name and other personal data.

2. Monitoring Internet activity.


ISPs can simply monitor the websites that users are visiting and get the information, store and sell it that way. Since this is a direct method, it’s highly lucrative for advertisers.

3. Tracking user location through mobile devices.

ISPs such as Comcast or AT&T can access user location thanks to GPS-enabled smart devices and monitor them. Companies such as Apple and other retailers do this already, using beacons (i.e. when you walk past an Apple Store and you get an alert telling you you’re near), but the difference is ISPs are looking to generate revenue from location tracking.

4. Helping out the government.

ISPs can get requests from governments around the globe for data collecting purposes, including trying to stop hacks or monitoring suspected terrorists. Different governments have different laws as well as different amounts of time that they can hold onto the data.


By collecting the data from users, companies such as AT&T or Verizon will be able to target advertisements better to users, much as Google or Facebook already do. For instance, AT&T could serve up an ad for a particular brand of sneakers on its nascent advertising serving platform if it knows you’ve searched for that in the past.


A spokesman for the cable industry said many ISPs have no plans to step on their customer's privacy, using a set of voluntary set of rules that limit them selling or sharing data. "ISPs haven’t done this to date and don’t plan to because they respect the privacy of their customers," Brian Dietz, a spokesman for NCTA — The Internet & Television Association told  The Washington Post. "Regardless of the legal status of the FCC’s broadband privacy rules, we remain committed to protecting our customers’ privacy and safeguarding their information because we value their trust."

USTelecom CEO Jonathan Spalter said in a statement that the recent passing of the bill was “another step to remove unnecessary rules and regulations that handicap economic growth and innovation, and moves the country one step closer to ensuring that consumers’ private information is protected uniformly across the entire internet ecosystem.”

Google and Facebook -- regulated by the Federal Trade Commission -- dominate the digital advertising market, according to research firm eMarketer. Republicans in the House and the Senate, in particular, Rep. Michael Burgess (R-Texas) said the rules set forth by the Federal Communications Commission that limited the ability of ISPs in the past to collect, share and sell data "unfairly skew the market" towards social networks and search engines and is an example of government overreach, ArsTechnica reports.

If Trump does indeed sign the bill into law, the FTC would have to regulate the internet service providers as well.


Consumers, as well as consumer privacy advocates, have championed the idea of a virtual private network (VPN) or other forms of private browsing to ward off some of the potential intrusions being made by the ISPs, but it may not be enough.

House Minority Leader Nancy Pelosi said that even if consumers enable their private mode on their Web browsers, the traffic is not encrypted.

"Americans' private browsing history should not be up for sale," Pelosi said when debating the bill.

NordVPN’s Chief Marketing Officer Marty P. Kamden said that interest in VPNs has spiked as a result of the bill, something that isn’t unusual when privacy laws are touched or there is the potential for increased surveillance, either by big corporations or the government itself.

“We saw similar spikes back in November when UK passed the law dubbed ‘The Snoopers Charter’ or after the revelation about CIA surveillance by the Wikileaks,” Kamden said in a statement. "We are worried about the global tendency to invade Internet users’ privacy, and … [w]e want to stress that privacy tools are needed every day, not only during such moments - to protect yourself from ever-growing online security threats and increasing surveillance.”