Internet Society Joins Leading Internet Advocates to Call on ISPs to Commit to Basic User Privacy Protections Thumbnail
10 March 2021

Internet Society Joins Leading Internet Advocates to Call on ISPs to Commit to Basic User Privacy Protections

By Electronic Frontier FoundationMozilla, and The Internet Society

As people learn more about how companies like Google and Facebook track them online, they are taking steps to protect themselves. But there is one relatively unknown way that companies and bad actors can collect troves of data.

Internet Service Providers (ISPs) like Comcast, Verizon, and AT&T are your gateway to the Internet. These companies have complete, unfettered, and unregulated access to a constant stream of your browsing history that can build a profile that they can sell or otherwise use without your consent.

Last year, Comcast committed to a broad range of DNS privacy standards. Companies like Verizon, AT&T, and T-Mobile, which have a major market share of mobile broadband customers in the U.S., haven’t committed to the same basic protections, such as not tracking website traffic, deleting DNS logs, or refusing to sell users’ information. What’s more, these companies have a history of abusing customer data. AT&T,  Sprint, and T-Mobile, sold customer location data to bounty hunters, and Verizon injected trackers bypassing user control.

Every single ISP should have a responsibility to protect the privacy of its users – and as mobile internet access continues to grow, that responsibility rests even more squarely on the shoulders of mobile ISPs. As our partner, Consumer Reports, notes: even opting in to secondary uses of data can be convoluted for consumers. Companies shouldn’t be able to bury consent within a terms of service or use a dark pattern to get people to click “OK” – while claiming they are acting with users’ explicit consent.

Nearly every single website you visit transmits your data to dozens or even hundreds of companies. This pervasive and intrusive personal surveillance has become the norm, and it won’t stop without action from us.

In that vein, Mozilla, the Internet Society, and the Electronic Frontier Foundation are individually and collectively taking steps to protect consumers’ right to data privacy. A key element of that is an effective baseline federal privacy law that curbs data abuses by ISPs and other third parties and gives consumers meaningful control over how their personal data is used.

But effective regulatory action could be years away. We must proactively hold the ISPs accountable today. Laws and technical solutions can go a long way, but we also need better behavior from those who collect our sensitive DNS data.

Today we are publishing an open letter calling on AT&T, T-Mobile, and Verizon to publish a privacy notice for their DNS service that commits to deleting the data within 24 hours and to only use the data for providing the service. It is our hope that they heed the call, and that other ISPs take note as well.

Open Letter: ISPs Must Commit to Basic User Privacy Protections

Image by Viktor Talashuk via Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Deploy360 19 February 2019

DNS Privacy & IPv6 Security @ APTLD 75

The Internet Society will be actively contributing to the APTLD 75 meeting on 20-21 February 2019 in Dubai, United...