First, they’re not getting away with anything. Most edge providers are still under the FTC’s jurisdiction, since they’re not broadband providers. A big exception is Alphabet/Google, which gets to play the ISP card because of its Fiber service. But as we noted before, that court decision doesn’t make anyone happy and probably doesn’t have long to live.
If people were really worried about the privacy threat of edge providers, well, the FCC is the wrong tree to bark up. They’ve got nothing to do with each other.
Second, ISPs may not have the same window as Facebook on your activity, but they have a unique and broad one. They can’t see what you do on Google (generally, queries and content are encrypted), but they can see that you went from Google to the WebMD page for a certain affliction, spent 15 minutes there, then to your healthcare provider, then the page of a local clinic, then your credit union. What information would you draw from that? Now imagine you have a few million more data points and a big team of machine learning experts ready to help.
The metadata you produce from ordinary activity on your home internet connection can paint a disturbingly accurate picture of your life, from your shopping preferences to your medical woes. And, of course, the things you carefully keep hidden in incognito mode are still visible to your ISP.
Data collected by ISPs is different from what’s collected by edge providers, but as a piece of the puzzle that is your online habits and persona, it’s very valuable nonetheless.
Third, users of services like Facebook and Gmail have other options. People make conscious decisions to limit what they post online, or to use an email service that doesn’t harvest data for ads. They’re aware, in using these services, that they are trading a bit of privacy for a free service. That isn’t the case with ISPs.
Not only are users unable to control what traffic the ISP sees, but frequently they have no alternative; no Protonmail, no DuckDuckGo, no Signal. Much of the population gets to choose between two or three providers if they have any choice at all. This lack of choice puts ISPs in a different category from edge providers.
So while privacy threats do come from many directions, ISPs are no exception, and, in fact, constitute a special case that, arguably, deserves special rules.
What can I do to protect myself?
Not a lot, honestly.
HTTPS Everywhere is a good start — that makes sure that when you connect to a website, you use a secure connection that, apart from the base URL, the ISP can’t snoop on. Other anti-tracking software (Adblock, Disconnect, etc.) will primarily affect what edge providers know.
VPNs are often suggested as a way to disguise your traffic, and they work, but you have to pay for them (I can’t recommend any free ones, at least).
Log into your account at your ISP and look through the options — you might be able to opt out of certain practices. You can try calling too, to see what you can get out of them on the phone. But keep in mind their hands aren’t really tied and their privacy policies are largely voluntary.
Are we all just up the creek forever, then?
It’s hard to say for certain, but things are going to get worse before they get better.