Skip to content
Naked Security Naked Security

New project to expose congress’ Browsing Habits

The latest “let’s see how YOU like it” project aims to track what government employees are up to online.

So, how much porn do you think our elected officials are watching while they’re on the job? And where do you think the White House gets most of its news – or, as the case may be, “news” from? CNN? Fox? Breitbart?

With an American populace still seething over ISPs being given the right to milk our browsing habits for sweet payola, it’s not surprising that there are those keen to spin it all around and milk the milkers.

The latest “let’s see how YOU like it” iteration is a bit of code for your website that aims to track what government employees – be they in the US Congress, the White House, or the Federal Communications Commission (FCC) – are up to online.

You’ll remember the FCC, of course? It’s the agency that, last October, came up with a privacy order (PDF) requiring ISPs to get permission before doing anything with our sensitive data: our geographic locations, app usage histories and web browsing histories, for example.

The ISPs loathed that law. So they asked lawmakers to please overturn it, and that’s exactly what lawmakers did.

In the weeks following Congress slapping a price tag on our browsing habits, multiple GoFundMe campaigners put out calls to turn the tables. They collected funds to buy the browsing history of each and every politician who voted to do away with the privacy rules via joint resolution S.J. Res. 34.

One of those campaigners, privacy activist and net neutrality advocate Adam McElhaney, said that the money he raised would go toward buying up the browsing records of “all legislators, congressmen, executives, and their families,” including “anything they have looked at, searched for, or visited on the internet,” from their medical browsing, their porn site visits, their visits to financial sites and their noodlings with infidelity, all made available for everyone and anyone to comb through.

It sounded like it would make for a sweet dish of justice, but the premise was flawed.

The idea that individuals can waltz right in and purchase de-anonymized internet data on politicians, CEOs or anybody else is flat-out wrong. TechDirt published a good explanation of what really happens with internet browsing data, which boils down to aggregation and sales to ad marketers who bid on what ads they want to show to a given demographic of people whose names have been stripped out of the datasets.

One reason it works that way is because, as Motherboard’s Louise Matsakis has pointed out, to do otherwise is illegal. The Telecommunications Act prohibits sharing or selling “individually identifiable” customer information except under special circumstances, such as to enable your carrier to bill you or to help emergency services to locate you. Sorry, GoFundMe campaigns, no porn-surfing lists of named politicians or ISP industry leaders for you.

The latest sticking-it-to-the-man (and the FCC) piece of technology comes from Matt Feld, the founder of several nonprofits including Speak Together.

What the software aims to do is to enable website administrators to track whether members of Congress, White House staff or FCC staff are visiting their sites.

That’s not as juicy as it sounds.

Feld’s code has been created in full knowledge that what it’s legally able to produce is a data set stripped of individuals’ names. Site admins who incorporate it won’t be able to tell if individuals such as Donald Trump or Steve Bannon are haunting their sites, per se. Rather, the plugin will be able to track a visitor to an IP block known to correspond with particular buildings, such as the White House or Congressional buildings.

The method is similar to how CongressEdits and function. CongressEdits, for one, is a bot that automatically posts whenever someone edits Wikipedia from a US Congress IP address. (The UK version for Parliament edits, FWIW, is ParliamentEdits.)

Feld explains that such tools work because Wikipedia publishes the IP address of anybody who makes an anonymous change. When the bots see a change, they compare the IP addresses to a set of IP blocks that correspond to buildings in the capitol.

The aim of the Congress-tracking plugin is to collect and release anonymous metadata about FCC and Congress patterns of behavior online, along with analysis and data science crunching of those patterns. Feld:

The goal here is show that even in that form, selling personal browsing data is harmful and a clear violation of our privacy as internet users.

The message we are trying to send is simple: we shouldn’t have to trade our personal privacy just to be able to get online.

Feld’s javascript is free. It comes with access to a dashboard with data and analytics about government visits and interactions with users’ sites. To set up an account, get involved, and set up a privacy policy to make it clear that a site is tracking Federal visits, site admins can write to Feld at

Is it worth the effort? Sadly, the answer is probably no.

As Naked Security’s Mark Stockley put it, the project realistically isn’t going anywhere. It would likely require millions of sites to sign on in order to be truly useful and if Google, Twitter and Facebook aren’t amongst them it will miss a massive chunk of all web traffic. If it ever did get off the ground users could easily mask their IP addresses by using VPNs (Virtual Private Networks) or Tor.

It can’t tell us the browsing history of individuals. I’m not even sure that the plugin could do something as useful as what The Telegraph did a few years back when it traced Wikipedia edits to Parliament IP addresses and came up with what it called “a deliberate attempt to hide embarrassing information from the electorate,” what with expunged sex scandals, excessive use of chauffeur driven cars, and lavish expenses used to spiff up MPs’ homes.

It’s an eye-catching idea but unless you’re a marketer who finds it interesting that FCC IP addresses are prone to, say, visit websites associated with golfing attire, are you even going to install the code on your site? Probably not. We might as well mark this down as yet another example of trying to stick it to the man, when the man is just an amorphous, anonymous blob that can’t be stuck.


As public officials, their browsing history should be a matter of public record.

You shouldn’t have to do more than put in an FOIA request.


They are also individual citizens with some right to privacy. As an example, you’re probably wouldn’t think it’s reasonable to put webcams in the bathrooms of public employees.


Every employer has the right to monitor their employees’ surfing habits if they communicate such surveillance up front. Since the employer of elected officials is the people, they should be able to request browser history from any computer congressmen and senators use in their official capacity.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!