Create a scrip that eats up huge chunk of your monthly cap in a terrible attempt to create privacy. That will teach them!

I wish folks would stop referring to this change in terms of "Web history" or "search history."

First, the Web is just one of the many, many services delivered over the Internet. At this very moment, I'm streaming a radio program on my Roku, nothing to do with the Web, really. I did not follow a hyperlink to start listening to this stream. I subscribe to a VOIP service. Lots of folks use the Internet to effect multiplayer games. Although the Web might be a lot of people's Internet activity, there are lots and lots of other Internet uses. I'd also like folks to stop using the phrase "TCP/IP" because there is soooo much more than TCP which goes over IP, but that's a whole other matter.

Next, saying "Web history" will no doubt cause many people to think the ISP somehow reaches into your computer, phone, tablet, or whatever and retrieves the database which your browser(s) maintain(s), and nothing could be further from the truth. Saying "search history" implies the ISP can "see" everything transiting their network, which really all they know is the metadata of the IP address to which packets have been sent or from which packets have been received. If, like Google Search, the data have been encrypted, that's ALL they know, they do NOT know the search terms. In fact, until recently, Google Voice used the domain www dot google dot com (with /voice or /voice/m as the path), so to the casual observer an access might look like a "search" but it isn't. (Recently it has been changed to voice dot google dot com, unless you're using the "legacy" version.)

With greater and greater application of encryption, especially through efforts like HTTPS Everywhere and Let's Encrypt, at best an ISP has only metadata about IP addresses with which a customer exchanges packets. If they want to go through the trouble of DPI, they might also have the contents of DNS queries and replies. (Or, of course, they might log the recursive queries sent to their own caches provided for their customers, but a lot of customers would be using OpenDNS, Google Public DNS, their own recursing cache, etc.)

Besides, these regulations have only been in effect for how long? 6 months or something like that?
(CORRECTION: DGrossman informs us the regulations never went into effect.)

What happens when some federal agency decides they want to know every person who visited a particular website, say one that organizes protests against what many see as a government out of control and being run by an angry man baby...

Isps don't actually sell individual user data. What they do do (yes let the 14 year old in you giggle a little) is aggregate the data they collect about usersni to groups and buckets. A company comes to them (the isps content side) and says they want to advertise product X to groups of men aged 35 to 40 with these interests. And then the isp will feed those ads to the users on pages they control or provide advertising services to (this is why isps have been buying up content and advertising companies).

What we don't know is the isps data retention policy, and how the will handle lawful subpoenas. We all know that the isps jump to feed data streams to government agencies wholesale. Will they also then feed the content they are capturing rather than just tapping IP traffic. Additionally the isp cannot see th content of https, vpn, or any other encrypted service (unless they manage to install a root CA and operate ssl inspection and deep packet inspection points). What they can however see is header data and dns queries if you still use your isps dns servers.

This is a lot bigger than just your isp watching your porn habits, and if you think this current government is going to respect your privacy and rights, well then I have a bridge to sell you.