What does your ISP know about you?

Anton P. | June 4, 2021

Everything begins with your Internet Service Provider (ISP). They are the central figures in delivering internet connectivity to us all. Whatever you do online (shop, exchange emails, or stream Netflix), it all passes through your router and ISP. These companies handle your internet traffic and, as a result, have access to it.

In some cases, ISPs comply with legal requirements to inspect users’ activities for potentially unlawful acts. However, first and foremost, ISPs are businesses pursuing the highest revenue. The dreadful reality is that while you pay for your home network or cellular data, ISPs choose to monetize you further.

ISPs’ role in online tracking

We use dozens of free services like Facebook or Google. In exchange, these entities stockpile information about our behavior for presenting highly accurate ads. For the most part, this trade-off makes sense but still triggers a discussion on ethical and fair user treatment.

ISPs are not free services in any shape or form. The chances are you pay hefty sums each month for retaining the connectivity both at your home and beyond. Thus, ISPs do not necessarily have grounds for demanding equal rights.

Nevertheless, ever since revoking net neutrality, the FCC handed ISPs the privilege to sell users’ data without much regulation. As long as ISPs anonymize their clients’ data, they have the right to sell it to external entities. They can also work around the explicit consent rule as it is enough to mention such conditions under their terms of use documents.

Since ISPs handle all of your online communications, it is understandable why such activities raise red flags. However, these companies bear much less public scrutiny than big-tech companies like Google or Facebook. This lack of criticism might come from the fact that ISPs are invisible players in this online tracking game. Clients do not directly face them and tend to forget how ISPs can misuse their data.

What can ISPs know and collect about you?

As we have established, your entire internet traffic traverses through your ISP. So, in theory, they could see everything if they applied necessary monitoring mechanisms.

For the most part, ISPs might be reluctant to cross some boundaries. For example, in 2018, Verizon had to pull the plug on their business operation: selling real-time location of their clients to third-party brokers. Thus, questionable and upright controversial practices do get the attention they deserve.

ISPs could opt for invasive strategies that manage to slip through the cracks just right to avoid similar backlash. However, mishaps happen, like when AT&T claimed privacy to be a premium service.

In general, ISPs are likely to know the following details about you. However, it might differ in some situations, as ISPs can collect more depending on the terms clients agree.

The websites you visit.
How long you stay on these websites.
What type of internet traffic you initiate.
Your location.
Metadata on your internet traffic (timing, size, and destination of data packets).
The device you use.

This data is the minimum of what details ISPs can extract about you during browsing. If the conditions are right, ISPs could see everything that you do. For instance, the message you have sent or the credentials you typed in when signing up for a service. How can this happen? It has to do with HTTPS.

If websites protect you with HTTPS, ISPs cannot see exactly what you do on them. These entities will know you visited, let’s say, Amazon.com, but won’t know which products you viewed.

However, if you enter HTTP sites, the situation drastically changes. Your connection becomes unsafe, none of your information gets encrypted, and everything becomes visible to eavesdroppers. Your ISP is one of these snoopers that can see much more than usual.

Let’s find out just how crucial encryption is.

What you do on specific websites

Unencrypted connection means that ISPs can see everything that you do on an unsafe website, including:

What other pages you visited on the website.
What you bought.
The payment method chosen.
Username and password.

In other words, your visit becomes an open book. To avoid this, only visit websites that offer adequate protection: HTTPS. You can also install an additional browser extension called HTTPS Everywhere. It encrypts your connection manually, even if websites initially operate with HTTP.

Distinguishing between different internet traffic

Your ISP knows when you calmly browse through memes and other online content or when your internet usage spikes. Some providers can take measures to limit your bandwidth if they detect excessive usage.

Frequently, this ceiling effect comes into place when clients engage in activities such as streaming, torrenting, or gaming. Thus, they might automatically slow down broadband internet connections to regulate networks’ traffic.

How can you prevent your ISP from using this reactive measure? A VPN (Virtual Private Network) is potentially the best option available. It encrypts information about your internet traffic, meaning that ISPs won’t tell apart different types of traffic. Even if you download large files or stream your favorite shows, your ISP is unlikely to know when exactly to throttle your connection.

Your email correspondence

Typically, your email flows are secure thanks to TLS (Transport Layer Security). However, digital correspondence is not always immune to snooping. For example, your communications are vulnerable if email service providers do not offer HTTPS and TLS. Then, your ISPs could see the messages you send and receive.

Luckily, this situation is a rare sight as most providers reassure the security of their service. For instance, Gmail even informs users if the received emails did not apply TLS correctly. So, as a general rule, use those services that can warrant safe and private email exchanges.

Final thoughts

Regardless of the circumstances, your ISP still gets the privilege to know a lot about your digital routine. It might have an obligation to report on or interrupt traffic considered as red flags.

Law enforcement agencies can also request to see browsing data of people suspected of illegal behavior. For instance, recent news on two UK internet providers illustrates how ISPs can play a role in tracking users. In this case, unnamed ISPs collaborated with the Home Office and the National Crime Agency. These entities began a trial for surveillance technology that could log and retain the web browsing of every single person in the country.

While we tend to sacrifice our privacy for physical safety, having your entire browsing history logged might be overkill. Users should have the right not to have their digital lifestyles inspected. If you wish to avert the all-seeing eye of your ISP, we strongly recommend using a VPN. It will make your ISP oblivious when it comes to your browsing habits.

Since some providers can sell consumer data, a VPN will make it far more difficult to do so. After all, clients pay hefty bills to their ISPs. Thus, you should ensure that they won’t have the chance to misuse your data for more profits.