Amid conversations of cybercriminals and government surveillance, many fail to see the threat right in front of them. ISPs are the one organization who have unlimited access to all your online traffic. These data mines are ripe pickings for those who want your information, yet very few of us take steps to ensure our privacy.
Internet Service Providers (ISPs) are the companies responsible for getting you online, every time you try to connect. Their vast data centers provide a hosting platform for websites and are connected to high-speed internet mainlines, thousands of times faster than your home connection. Inside these warehouses are numerous modified computing machines, all working together to collect, sort and route traffic to the right places.
ISPs have provided a similar service for most of their existence, but with recent revelations about the possible abuse of our data, it’s time to pay attention. Knowing how your ISP works, what it knows about your web-use, and how you can take steps to protect yourself will be essential if our online freedom and security are further threatened.
Does My Internet Provider Know What Websites I Visit?
It’s no exaggeration to state that ISPs can view all of your internet activity if they were so inclined. The datacenters track the IP addresses you contact, which denote each website you visit. They can also see all commands, text, and other traffic sent over the internet. However, more complex data, such as E-mail content, isn’t automatically visible; it would require some work by the ISP to find the right source.
It may seem superfluous, and therefore suspicious, for your ISP to collect such a well of information about you. Though there are a few justifications for the practice, they’re not exactly reassuring.
- Selling browsing history to adverting agencies is a source of income for ISPs
- Anonymous logs are sold to marketing companies to help them isolate trends.
- Data retention laws by specific governments require online activity to be stored for a set period.
- Law enforcement subpoenas force ISPs to hand over information to police.
Many believe ISPs only monitor a vague overview of your traffic. While this is the immediate case, with a bit of work it’s possible for them to unearth everything you’ve been doing online.
Can ISPs See Your Search History?
Many online users know the dangers of searching. Many big-name search engines have been known for tracking results and violating customer privacy. In recent years, ‘secure’ search engines such as DuckDuckGo have entered the market, citing themselves as a new way to privately search. Safe searches rely on the HTTPS connection – responsible for securing the data between your computer and the website.
However, even these secure searches have a caveat: ISPs are not shut out by this sort of encryption. Their datacenters store your search information, and many target web providers to get their hands on it.
For ad companies looking to discover market trends, these search histories are invaluable. Not only do they reveal what consumers are looking for, but they also highlight which search results perform better and the sort of websites favored.
Search histories are also coveted by cybercriminals. The things we google can often be of an intimate nature. Many malicious hackers look for these potentially embarrassing revelations to blackmail their target.
7 Things Your ISP Knows You are Doing Online
We’ve already established that your ISP can see pretty much everything, but what does that really mean? Here are just a few examples of how you are at risk from snooping web providers:
- Streaming. Your ISPs know if you are connecting to streaming sites and can clock if you’ve accessed a pirate stream or bypassed copyright restrictions.
- Downloading. If you’re a regular torrenter, P2P sharing can be flagged and recorded. Many ISPs will even take action if their customers are caught file sharing.
- Watching Porn. It’s no use switching to incognito mode or private browsing to hide your identity when visiting porn sites. Your ISPs can still track where you go and what you watch, even with these extra privacy elements activated.
- Sending Emails. Not only can web providers see who you’re Emailing, but they can also view the content. This is particularly relevant if your ISP is also your Email provider.
- Bitcoin Transactions. You wouldn’t let anyone get away with monitoring your bank account and payments you make, but your ISPs can easily see your Bitcoin transactions. As the currency begins to increase in value, this will be a significant problem for web users.
- Passwords. Passwords are the zenith of privacy. We spend countless minutes devising and remembering complex combinations, trying to secure ourselves from prying eyes. However, if requested by a higher authority, your ISP can legally intercept this data and gain access to your accounts.
- All Websites. We’ve already mentioned this but it really is worth reiterating. ISPs track every website you visit, allowing them a complex overview of your life. From this cache of information its easy to discover where you live, shop, work and eat.
Although there’s no specific team employed to spy on your traffic as it happens, the possibility for ISPs to go back and uncover your sensitive data is very, very real.
How to Hide Your Online Activities from Snooping ISPs
In our changing online world, it’s more important than ever to know how to protect yourself. Many web users develop comprehensive security suites but fail to even consider the threat from ISPs.
Its worth noting that protecting your browsing history doesn’t just protect you from malicious web providers. It also safeguards against third-party breaches of the ISP data center.
Here are a few ways to increase your security:
The Onion Router is a global project, known to most advanced web users. When using the Tor browser, your traffic is split and sent through countless different nodes. This process both encrypts your activity and makes it harder to track your traffic. If you are sending sensitive data, then this feature is invaluable.
However, the main downside to Tor is that it only works with its name-brand browser. If you regularly use alternative apps that connect to the internet – such as Instagram, Snapchat, etc. – they will remain unencrypted.
- Virtual Private Network
An alternative option is to use a VPN. This comprehensive encryption software creates a personal, private channel between you and the web, entirely bypassing the prying eyes of your ISP. By re-routing your traffic via an alternate VPN server, you are free to browse anonymously.
However, using a VPN doesn’t make your data invisible to all. The VPN provider will have access to your online activity. However, this is not necessarily a bad thing. As many VPN companies work tirelessly to uphold customer privacy, you are at much less risk of the information being used for malicious purposes. It is essential to check the policies of your VPN provider to ensure they are not keeping logs or sharing your data with third parties.
Proxy servers are similar to VPNs in most respects, but there are a few minor differences. Proxies don’t include the secondary encryption protocol like VPN servers, which makes them much faster. However, because of this, thousands of users often connect to one server, slowing down the overall speed of the software.
Some proxy services can be installed on your computer, while others provide access through a host website.
- Other Private Browsers
Similar to Tor, there are several other examples of private browsers that will help you hide from your ISP. These types of web portals are dedicated to user safety. While each provides different specific features, they all work similarly.
By opting out of data collection systems and giving the user control to configure their own browser experience, it’s possible to reduce the overall security threat. However, whether the browser will protect you from ISP snooping requires a closer look at the small print. Epic Privacy Browser, in particular, is highly-rated for keeping data safe.
- HTTPS Browser Extension
If you don’t want to dedicate yourself to a specific browser, there are extensions available that provide some of the same features. The HTTPS extension is a fantastic choice, as it prevents your browser unveiling detailed online activity logs. However, this is not a comprehensive solution. Your ISP will still be able to see the websites you visit, but your input, commands and specifically-viewed content would be encrypted.
Unfortunately, none of these tactics offer guaranteed safety. However, employing as many as possible will make it incredibly difficult for ISPs to track you, should they have reason to do so.
Will My ISP See I am Using Tor? What About a VPN?
It is true that your ISP can see – or at least make a relatively good guess – that you’re using Tor or a VPN service. The problem is that VPN and Tor servers are often well-documented. If ISPs see data coming from those places, then they can assume it is Tor/VPN traffic. Using a Tor browser, it is possible to implicate Tor Bridges – i.e. nodes not publicly listed in the Tor directory – to bypass this.
The other main giveaway is the ports often used by these programs. OpenVPN, which is the most common VPN protocol, usually uses TCP port 1194, making it obvious to onlookers that passing data packets are VPN encrypted. However, it is possible to configure some VPN services to mimic HTTPS data or other common encryption types.
Even Via Encryption, Your ISP Can Gain Some Insight into Your Activities
Fortunately, regardless of whether your ISP provider clocks your VPN/Tor browser, all encrypted data looks like gibberish anyway. Because of this, your information remains protected. However, it’s good to know what your ISP can deduce from certain aspects of your encrypted traffic.
The metadata tag attached to each data packet is visible no matter what encryption strategy you use. While this header does not give explicit details, it records the size, frequency, timing and other patterns.
We have already discussed how this problem can giveaway Tor and VPN use, but it also provides indications for other traffic types. For example, you can easily detect small IoT devices, as due to their limited actions, the data is sparser than most web traffic. Other reports have concluded that YouTube videos and alternative streaming outlets can also be identified in a similar way.
Fortunately, there is a tactic to overcome this issue. Some VPN providers allow users to shoot random outbound and inbound traffic signals, to confuse ISPs and mask certain activities.