Your Browsing History Is for Sale — Here's What You Can Do About It

Credit: Getty Images

On April 3 President Trump signed a bombshell act of legislation, a bill that removes what few restrictions there were on the sale of your online activity. The bill pulls browsing histories out of the murky gray market of the already sleazy data-resale market and turns these data trails into just another digital commodity. This is a body blow for privacy. Browser histories connect nearly every dot of our daily lives, from the financial and e-mail services that we regularly access to the searches we run. The nightmare scenarios created by this bill's passage are as dark as they are feasible, if not inevitable, and now’s the time to learn how to be stealthy online. These are perfectly manageable strategies to limit tracking, now that tracking is more ubiquitous than ever. 

What Doesn't Work

Incognito or Private Browsing
There are excellent reasons to go incognito, private, or whatever your Web browser calls its discreet browsing mode. These features prevent the browser itself from automatically generating its own saved logs of where you've gone. There's real privacy here, but only in relation to other people you already know — usually friends or family — who might hop onto your device, start tapping in a Google search, and get a list of suggestions or previously entered words that raise uncomfortable questions. But internet service providers (ISPs) and the companies that specialize in data tracking aren't so easily fooled. They're tracking raw activity, generating their own detailed logs even when your browser isn't.

Clearing Your History
Manually clearing your history is a retroactive version of going incognito, flushing your browser of saved URLs. But data trackers don't often raid your local files to piece together your online activity. Why bother, when they can just connect your unique internet protocol (IP) address to every stop you make on the internet? There have been scattered cases of companies running code that actually digs into your locally stored history, but those are outliers, and this new bill doesn’t make that sort of trap easier to spring or more permissible. In general, a cleared browser history is either about tidying up, or keeping those closest to you from snooping, whether by accident or design.

What Works a Little

Always Try to Visit HTTPS Websites
When you navigate through a domain that's on a standard Web server — one whose URL starts with “http” — ISPs and tracking firms can follow you through every link on that site. An https domain, on the other hand, acts as a data fortress. Trackers will know you entered the site, but have to sit outside the secure server, wondering at your activity within until you wander back out of the front gate. This limits the amount and the specificity of tracking, but it's impossible to restrict your online activity to https sites. But if given the choice between similar Web sites, and one has an https URL, head for the more secure option.

Stop Googling
The most common form of data tracking revolves around Web searches. Your search history is an ever-growing, increasingly detailed heat map of your public and private interests and activity. That this heat map can be misleading only makes its creation and collection more damaging. What if you're terrified of ISIS and regularly look for information related to their methods and targets? There's nothing preventing a third-party from misinterpreting that raw data, and flagging you as a threat. One relatively painless way to limit this form of tracking is to stop assuming that Google is the only way to find things online, and start using a search engine that's specifically designed to confound tracking. Our current favorite is Disconnect. It won't offer to finish your sentences or automatically serve up links to relevant locations on Google Maps, but that's the tradeoff. Everything has a cost, including convenience.

Clear Caches & Cookies
Internet cookies are the original internet tracking threat, tiny packages of data that load onto your device and report your activity back to their masters. Clearing them out on a regular basis will reduce the total amount of information that sites and data trackers pull from your activity but won't impact what your ISP collects.

Turn On Do-Not-Track Settings
Most browsers, and some services, allow you to automatically send Do-Not-Track (DNT) requests to advertisers, essentially begging them to not use your activity to feed you targeted ads, as well as build profiles. This is something of a gentleman's agreement, though, and doesn't apply to many dedicated tracking firms, or to ISPs. Still, it's worth taking a quick trip through your software and services, and enabling Do Not Track where possible. Lifehacker’s roundup of DNT options dates back to the original, and ultimately failed, campaign to stop ad-based tracking, but it’s still useful.

What Really Works

Use A Tor-Based Browser
It's almost impossible to do anything with a browser without leaving a trail of digital breadcrumbs. The above tips are all half-measures at best, especially since the tracking at issue in this latest bill is baseline data collection, and ISPs don't give a damn about Do Not Track requests. Neither do the least scrupulous data trackers, the exact firms that are most likely to sell your information to those who would abuse it the most. Big Data is done with such niceties, and if you're serious about limiting your exposure, you should be, too.

The proper response to this latest erosion of digital privacy is to go anonymous while browsing, or as close to anonymous as you feel like attempting. The easiest tool for this is the Tor browser, which is a free download for Mac OS and Windows. A Tor-based browser called OrFox is available for Android, but installing it is a multistep process. And the iOS version, Onion Browser, is a step down in effectiveness. None of these applications offer a pretty or effortless browsing experience, and you’ll notice the downgrade in polish, load times, and features compared to Chrome or Safari. They're also only a partial solution. By bouncing your data transfers around a network of servers, the browser complicates the efforts of data trackers that are effectively stalking you, attaching your browsing history in a new session to previous sessions. Those unsettling data profiles can also tie your activity to a specific physical location. But Tor isn't perfect. It's hard but still possible for algorithms to see through the software's shell game, and start piecing together a comprehensive profile, possibly even identifying you. Still, Tor browsers, in all of their forms, are an excellent first line of defense. And this goes for whatever you do with a Web browser, whether it's shopping (where companies like Amazon will happily store your search and purchase histories), tumbling down YouTube rabbit holes, or, of course, looking at porn. Features like Chrome's Incognito mode can wall off portions of your activity, but only a more drastic measure, such as using Tor, has a chance of throwing tracking algorithms off your scent.

We realize, by the way, that making the leap to a Tor browser is a hassle. But the war on privacy is real, and one-sided. The choice is clear — either you take direct and sometimes annoying action to avoid persistent, pervasive snooping, or you admit defeat. Both choices are yours to make, but don't kid yourself. No one is going to safeguard your privacy for you, or restore it once it's gone.


What You Don't Have To Worry About, More Than You Already Did

Making Calls
Though this bill allows for a wide range of online tracking — or wider than what was already considered legal — it doesn't change the security or data footprint of phone calls made over standard cellular networks. We still recommend using the free Signal app for encrypted smartphone calls, but the only vulnerability related to the bill in question is in standard internet-based calls, such as using Skype or FaceTime, both of which encrypt their actual calls. Internet service providers can sell records showing when you accessed these services, and savvy trackers (whether they're legit firms or hackers) could possibly cross-reference those sessions with the activity of other users. But that's a bridge too paranoid to cross just yet. Unless you're a high-value target, it'll take a few more invasive acts of legislation before you need to worry about that level of sophistication in data snooping.

Sending Messages With An App
Internet service providers (ISPs) and even phone-makers will gladly monitor and share customers' mobile data use. That can include specifics related to apps. But these data aren't picked up by most traditional online tracking software, and don't tend to factor into the profiles that data brokers build. And since e-mail apps don’t generally ask for log-in credentials every time you check your inbox — and saved credentials are stored in the phone, and not in a browser — there’s less chance of tracking and paving the way for password-stealing malware. Texts are also no more or less secure in the aftermath of this bill. For ultra-secure messages, you can use the Signal app, but even your standard Gmail or Yahoo account isn’t significantly more vulnerable now, provided you avoid reaching them via Web browser. Remember, browsers are old, established internet tech, and code that spies on your activity through them is just as mature. Individual vulnerabilities and data breaches notwithstanding — see Facebook's woes below — apps are the more privacy-minded choice ... for now.

Using Social Media — Because Those Services Are Already A Privacy Nightmare
Long before this bill cleared Congress, Facebook had been the worst thing to happen to digital privacy since the internet. The company has sold the user data it collects, allowed third parties to scrape profiles themselves, and actively tries to connect you to complete strangers, to the extent that you have to dig through settings to keep from broadcasting your personal information to the world. Twitter, Instagram, Snapchat, and other social media services are less of a privacy threat, only because they ask for less personal information. But all of these outlets are a careful-what-you-wish-for proposition, empowering sharing while inviting snooping. This legislation doesn't significantly impact this tradeoff, except to potentially confirm to data brokers which services you're a member of, and therefore which ones to monitor for relevant posts. Creepy, sure, but it’s nothing new, because the trackers-that-be have been stalking those services since they launched.