Web History Pollution Is No Privacy Panacea

In the wake of Congress' recent vote to reverse FCC rules that would require ISP's to obtain customers' permission before selling their browsing histories to marketers, concerned consumers have been searching for some way to prevent their providers from having a complete record of their browsing habits. VPN services seem to be the most often recommended solution, but as security researcher Brian Krebs explains, finding a trustworthy VPN is key—otherwise you might just be handing your browsing history to yet another third party, who may or may not have your best interests in mind. The complexity of setting up a safe VPN is probably beyond what most consumers are comfortable with, and the risks and security challenges are not well-understood by most. It stands to reason that well-meaning privacy advocates would propose alternative solutions.

One such alternative which seems to be making the rounds is the idea that ISP's can be fooled by dumping a massive amount of "fake" traffic into their logs. Scripts like Steve Smith's "ISP Data Pollution" are cropping up left and right, as are browser plugins like Noiszy. These solutions propose to add noise to the data your ISP collects on your habits by sending HTTP requests to a large number of "randomly" selected domains. This idea seems effective at first glance, and indeed it may work to some degree. Unfortunately, there are a number of problems with this approach as well, including the fact that there are multiple ways for your habits to be tracked. Your search provider (if it isn't DuckDuckGo) will still have records of your searches, to provide one such example. Beyond that, ISP's will probably find ways to sort through your history and weed out the fake requests anyway.

As with everything involving privacy online, there is no magic button you can press that will just make everything OK. A varied approach is necessary: use SSL/TLS-encrypted services whenever remotely possible, use a VPN if you are sure you can trust them with your traffic, pollute your history with false requests if it makes you feel better, etc. Most importantly: do your homework. When you are signing up for a new service, look into its security and privacy policies very carefully, and make sure the team behind the service is doing its part to keep your data safe.