[danderino]

Can someone explain what "selling web browsing and app usage data" really means?

I don't imagine they literally package sensitive information and distribute it to anyone who pays. In which case, "they sell your data" is completely misleading.

[veidr]

> * I don't imagine they literally package sensitive information and distribute it to anyone who pays.*

Why on earth don't you imagine that? On this website alone, there are quite literally stories every week about various companies doing that exact thing.

E.g.: http://daringfireball.net/linked/2017/04/23/heartbreaking

[acdha]

It means exactly what it say on the tin. This isn't a hypothetical, either, but a class of behaviour which has happened repeatedly in the past. Here are a few examples of things which the FCC & FTC eventually stopped; there's zero reason to believe that this behaviour won't resume as soon as it's safe to accept that money.

Large ISPs like Verizon altered HTTP traffic to inject a unique identifier which linked all of your traffic across devices and sites and sold a service linking those identifiers to demographic information. Even without paying, you could use that to reliably link user activity across every plain-text HTTP service:

https://www.eff.org/deeplinks/2014/11/verizon-x-uidh https://arstechnica.com/security/2014/10/verizon-wireless-in...

Going further back, a number of ISPs got heat for reselling access to customer activity to various tracking services:

http://www.washingtonpost.com/wp-dyn/content/article/2008/04...

Another interesting allegation came from Andreas Gal after he left Mozilla, claiming that Google's competitors were paying ISPs for copies of user's search activity so they could improve their search engine by using ranking closer to Google's. Given how many people search for sensitive or identifying terms, that's already a concern and, again, there's no reason to think companies with very limited competition won't expand their profits if it's safe:

https://andreasgal.com/2015/03/30/data-is-at-the-heart-of-se...

[grok2]

A lot of tracking happens through other means so that Internet advertising agencies (Google/Facebook/etc) can show targeted ads to you across networks of sites. Having the data from the ISP allows them and others who need the data to better fingerprint you and show more targeted ads. But apart from advertising, isn't it conceivable that if the law doesn't forbid it and there is a buyer for your data, that ISP's would sell it to make easy money? There was that recent news of how Uber was buying Lyft email receipt data from a company whose product helped it's customer's manage their email.