Every day, we do things like look up the location of a doctor’s office, read the news, donate to a charity, and chat with someone on social media. We do these sorts of mundane activities so much that we barely even think about them.

But our online actions paint a vivid portrait of who we are: everything from our medical history to how we spend our money to our political beliefs. And that intimate information is available for our Internet providers to see and to harvest for a profit.

In 2017, Congress and the Trump administration eliminated privacy regulations on internet service providers (ISPs) through the Congressional Review Act. This repeal has left a gaping hole in the rights of internet users by allowing the invasive collection and sharing of their web traffic.

ISPs can track and sell user data without any notice or consent. Unbeknownst to customers, their browsing activities generate data that can leave them vulnerable to intrusive analysis. The ISPs take that data and sell it for a profit to companies anxious for critical insights into potential customers.

A person’s web activity can reveal sensitive information like their age, gender, race, profession, education, socioeconomic status, banking details, political activities, sexual orientation, recreational interests, religious beliefs, personal relationships, health conditions, and substance use.

Companies often claim that buying information about consumers helps provide more tailored information and services. But this information can lead to discrimination and can increase inequality through digital redlining and predatory marketing. Digital profiling, for example, lets advertisers offer the same goods at different prices to different people. It can also allow advertisers to target certain people to sign up for predatory loans or subprime mortgages, based on the data they’ve obtained from specific users. And it can feed into classification systems that decide whether someone is rejected by banks, insurers, employers, or landlords.

We cannot simply surrender to ISPs and allow them to have total control of our data.

Making matters worse, a lack of competition in the ISP market means that a customer fed up with how their data is being used by one provider can’t necessarily turn around and take their business elsewhere. In many places in New York and across the country, there is only one or maybe two options for broadband service.

But all hope is not lost. Below are five steps you can take right now that will limit the amount of personal data that can go to your ISP and other companies looking to harvest your info. And in New York City, there is legislation that would create meaningful privacy protections for cable broadband subscribers.

Install Browser Plug-ins

An easy first step to safeguarding your data is installing browser plugins that strengthen encryption and block web trackers. We like the Electronic Frontier Foundation’s HTTPS Everywhere and Privacy Badger, which are available free for Chrome, Firefox, and Opera web browsers. These won’t deliver complete protection but can limit the breadth of browsing information that is disclosed to your ISP and other third parties.

Use DNS Resolvers

Domain Name System (DNS) resolvers play an important role in every website you visit. They are responsible for translating the website (like nyclu.org) into its corresponding address (like 23.185.0.4). This process often happens through your ISP. Instead you can use a service that protects privacy and is transparent about their practices. Cloudflare and Quad9 are examples of DNS resolvers that are committed to privacy (Cloudflare’s Privacy Policy; Quad9’s Privacy Policy) and can help minimize exposing your browsing to third parties. It is easy to set up by following these simple step-by-step guides for Cloudflare and Quad9.

Use a responsible Virtual Private Network

Virtual private networks (VPN) tunnel your entire web traffic through their network. Using a VPN moves the trust from your ISP to the VPN operator. Thus, they can be but are not always a recommended option and strongly depend on the individual implementation. You should take the time to look into the various VPN’s that are available. Some VPNs are more trustworthy in terms of what they do with your data than others.

Download the Tor Browser

The Tor browser offers the most comprehensive protections for your data. It prevents anyone from learning your location or browsing habits by sending your encrypted web traffic anonymously. Tor is free for Windows, Mac, Linux, and Android. 

Government Action

In New York City, Councilmember Peter Koo introduced legislation that would help New Yorkers take control of their personal information. The bill would require cable broadband providers to get consent from customers before they collect, use, and disclose personal information, and give consumers the right to access and delete the data collected on them.

The legislation would also require that companies quickly notify customers of any data breaches and it would provide mechanisms for customers and the city government to hold companies accountable for violating the law.

This week, the New York Civil Liberties Union, along with a coalition of civil rights, community, privacy, and advocacy organizations, sent letters to city councilmembers urging them to support Koo’s bill.

We cannot simply surrender to ISPs and allow them to have total control of our data. People deserve to have power over their personal information.

Stay informed

The New York Civil Liberties Union is a state affiliate of the ACLU

Learn more about ACLU National