How do we protect ourselves when ISPs are selling our data?

Patriot Act and NSA stuff was Bush (look up who was president when they rammed the Patriot Act through)

You might want to get your facts straight. That bill was very bi-partisan. No one had to ram it through. The failings that led to 9-11 go across the aisle to both sides so take off your blue glasses and don't try to make this a republican issue.

I don't know how much you put into Michael Moore's movies, but he interviewed many congressmen for Fahrenheit 911 and ll (known senators) said that Bush and, especially, VP Cheney threatened many that, if they didn't vote FOR the Patriot Act, they would be blamed for the next terrorist attack. So, depending on your definition of "rammed" it may or may not have been "truly" bi-partisan. Certainly, nobody wanted to appear to be soft on terrorism back in those days.
Regardless, it was the Patriot Act that set us up for losing a lot of privacy. You'll notice PRISM is still in effect even after Snowden.

Chrome and Opera are NOT the only browsers that delete cookies upon closing. Here's a list of the major browsers that do along with HOW to do it: https://www.purevpn.com/blog/how-to-delete-cookies-at-browser-exit/

But that only get regular cookies. It does not get Super Cookies.

How To Protect Yourself From Supercookies
http://www.pcworld.com/article/238895/how_to_protect_yourself_from_supercookies.html

I use an addon called BetterPrivacy on my Firefox to keep them at bay.

You are exactly correct! But, they already do pass search histories over to law enforcement. You hear it all the time on the news when someone perpetrates a particularly heinous crime and the news stations even tell what those searches were!

Which brings up another question: how does the media get this information? They make a big deal about privacy invasion, but can find out - and publish - just about anything they want.

Fake News

Possibly at times. But, more likely than not, they get that info from the police department or that is some of the info that the ISP sells.

What evidence do you have that ISPs are selling a record of the sites you visit? And what information would that provide to the news media?

The news media is revealing content, not routing as is recorded by the ISP. They get their information from browsers, social media sites, email providers, and such. None of which were ever under any form of restrictive regulation.

How can the average end user have "evidence" when this is done surreptitiously?

@huzedat, you are really starting to look like a shill for the ISPs or, at minimum some sort of a troll. It's as if you WANT everyone to lose even more privacy than we already have and/or that you just don't care. You are so busy fighting the truth that you are failing to LEARN anything at all, Thou protesteth too much. This link was posted elsewhere in this discussion: http://sciencefriday.com/segments/keeping-your-habits-private-in-a-connected-world/ . I strongly suggest that you actually listen to the podcast located there this time and do actually LEARN some things. 'nuff said. I will say no more to you.

It sounds like you are suggesting that repealing a brand new regulation before it was enforced suddenly made everyone's private information public.

I'm not for the ISPs, but I am for stopping FUD.

Someone found out that the unenforced rule was repealed and made a big deal out of it. Now everyone is running around like Chicken Little yelling that the sky is falling.

Nothing has changed. Things are today the same as they were this time last year - and the year before that, and the year...

Privacy is very important. There are serious articles all over the tech networks telling us how to protect our privacy (written by well-read authors). We need to read and follow this advice.

However, it is not appropriate to start blaming the ISPs for allowing your personal information to be passed to whomever comes up with the cash. That was done by the other Internet players on a routine basis ever since ads became profitable.

Read something besides the click-happy rant tech articles and LEARN something yourself. (You may even learn something by reading the privacy policies of your ISP, browser(s), search engine(s), and all the programs on your computer.)

But no one can give an answer as to why they think it will change now, except they say that the law, which was no in effect, would allow them to.

While many are just talking about web searching, your ISP is a bit different as it has a lot more information: Home address, telephone number, date of birth, social security number, probably your credit rating. Now tie that information with the web browsing information. Included in THAT information is data about where you go that other guys (Google, Ad Choices, etc.) don't have. Such as websites in the area of medical/HIPAA that don't normally have ads that spy or not. One of the scary ones you mentioned, Amazon, can release data that is protected under federal law. Like if you use Amazon to buy medical drugs, equipment, diabetes test equipment, etc. and then sell that information.
So, I don't think the VPN would have more information if you can think back to all of the information you gave to your ISP when you signed up as opposed to what you give a VPN. The ISP has addresses and all sorts of credit stuff the VPN doesn't.

What ISP are you using that required all that information? When we signed up for TV & Internet, all we gave was our name, address and phone number. That information is readily available through sites like People Search or general public records. [That includes people who have never had Internet or mobile phone connections.]

Are you trying to say browsers don't know what sites people visit? Or search engines don't know what people look for? ISPs are controlled by the TCC, which has strict rules about accessing content of communications (packets of data fall under the provision against wire-tapping). Browsers, search engines, VPNs, and such, are controlled by the FTC, which does not have comparable rules. These companies can even inspect the data packets as well as the connections.

Read the privacy policies of your ISP, browser(s), search engine(s), and all the various programs on your computer/phone. If you use, or plan to use, a VPN, be sure to read its privacy policy. See who has implemented to strictest policies to protect your information.

Most places where you pay bills can and do check your credit rating since they are dealing with financial transactions. You are talking about data gleaned from Internet usage. Have you read the privacy policy of any website that you use? If so, which ones. Most will tell you they have a right to use your personal information. Have you found any that say otherwise? I'd like to go read those policies.
By the way, a lot of those public records should be very limited in what data is out there. I know names and addresses and, maybe telephone numbers (even if you pay to keep your number private). I just went to my ISP, Time Warner Cable (Spectrum) and they have my checking account number? Does the new law allow them to include any part of that in the information? They have my billing address. Is that included? We don't know. So far, the ISPs are saying that they won't give out usage data. But they can...

At least Time Warner/Spectrum still has in it's privacy policy that the information is safe. The question is, for how long? Your credit card information is safe but only until the president decides to do away with that protection too. But you do realize that information on how much you pay for Internet Access could tell a lot about financial information as well as how many expensive shopping sites you visit, etc. When someone kills a protection, the question should be "why?" and what will it mean for the future. ISPs as well as anyone else can change their terms and their privacy policy on a moment's notice. I used to follow those of Google for my work in criminal justice and you'd be surprised what popped up. Things like Google owning all of your data. That only lasted a short time since the (copyright) lawyers probably jumped on them for that. It still makes an interesting read, especially if you go through the history/archives.

So, while all these places have a right to your personal information, you are correct that, at least my ISP still says it won't give out anything to third-parties. At least, for now.

...."saying" and "doing" can very well be two different things......

If someone has a line in the company's privacy policy and something "bad" happens that can be traced to the company's failure to follow their policy, lawsuits can happen. I was kind of shocked when Google announced that it "OWNED" your data and very quickly they changed that to read that they DON'T own your data but you have to give them a right to use (and even modify) the data for their own purposes. As I've pointed out, it would be interesting to go through archives of the policies and see what changes have been made over time.

One of them mentioned that PGP ("pretty Good Privacy") is free. Last I looked, it was purchased by Symantec and is not exactly free. Honestly, I don't know its exact current status, but you might want to look that up. On the other hand, at work, we used the "free" version called GNUPG or GPG. It's not as easy to use, but was perfect for what we needed it for. As part of government, we were doing child support work and we needed the major cell phone companies to turn over all of their data to us for specific names and social security numbers. At first, one of them wanted us to supply the list on a secure FTP site but that got nixed by a central authority, so we went with plan B. We used ONE-WAY encryption for each of the 800,000+ SSNs and then we used GPF with 4096-bit encryption and a 154-character passphrase (including spaces and punctuation) to encrypt the file and then SIGN the file for authenticity and send it via a simple CD through the mail. VERY SECURE. We basically used this process for all of the main carriers.

In most cases, trackers may not have your name or SSN or even your computer name, but for the most part, even using dynamic IP addresses, these addresses don't change much. VPN will prevent anyone from tracking your private network because the packet IP will be rewritten by VPN. Nothing is perfect though. As a test, without VPN go to a speedtest site and it will usually tell you your external IP address which should match up with your router. However, if you use VPN, your IP address will drastically change almost every time.

...that what you are hiding from your ISP will be clearly visible to a VPN. So, it again comes down to who you trust the most (or maybe trust the least): your ISP, or a VPN that may be located in another country with different laws.

As with any open discussion group, people will jump in and say this or that is the BEST. Some would trust their ISP over a VPN, others would trust one VPN over another, and so forth. But really all they ae expressing is their own personal bias.