When the conversation turns to online privacy, few people think of their Internet Service Provider (ISP) as a possible security breach. In fact, ISPs are the single, largest collectors of private information. Neither data harvesting by social media nor data leaks through public networks can ever hope to gather the sheer amount of personal, sensitive information that your ISP has access to. While some ISPs are required by law to do so, others keep immense metadata logs on their users due to corporate privacy policies. This serves to show just how much trust we tend to place in companies we know little about so we can enjoy the perks of 21st-century life.
As it currently stands, less than 60% of the countries where Internet access is possible, have data protection and privacy laws. Some of them, such as China or Saudi Arabia, use these laws as a way to advance a political agenda, restrict people’s access to information, as well as monitor individuals’ online activity. For these reasons, VPN services have become increasingly popular with the likes of ExpressVPN, NordVPN, and Astrill VPN ranked as some of the best options available.
Who is the ISP?
The ISP is the organisation that gives you the possibility to access the Internet. Regardless of the type of connection employed, all of your Internet traffic will go through them. Over the past decade in the US, lawmakers and the Federal Communications Committee (FCC) have developed and eventually adopted certain regulations on net neutrality. Despite the fact that the latter has since been repealed by the new FCC chairman, the more technical nuances of what can and can’t be seen and controlled by an ISP have stirred public debate and outrage.
Net neutrality in the US was meant to force these private companies to offer full and equal access to web content, but the fine-print of these regulations show that much more was actually intended. The laws prohibited ISPs from charging more for certain content or giving some websites preferential treatment over others. More importantly, ISPs could not block or discriminate against any lawful content, were prohibited from limiting their users’ Internet speed depending on the type of content they view and had to provide an equal standard of service to all their customers, be them companies or private individuals.
Net neutrality has not been such a hot topic in the UK, as the data neutrality of broadband services is protected by the EU’s Open Internet Access regulations. However, we are already seeing UK 3G and 4G mobile operators bundling services as the regulation do not extend to wireless services. For example, a number of operators like Vodafone, Three, and EE offer unlimited streaming of certain music and video services, such as Netflix and Apple Music, when you take out your contract. As data remains the most expensive part of a mobile contract, such unlimited offers can appear very attractive, but in the long term could have a serious negative impact on the internet and the ability of smaller companies to compete.
What the ISP already knows about you
The American debate on net neutrality brought to the fore certain aspects about ISPs in general, regardless of the jurisdiction they conduct their operations in. To begin with, ISPs already have your legal information as a result of the contract you’ve signed in order to have access to their services. This information is most certainly protected by your local jurisdiction and guaranteed through the company’s privacy policy. However, there are a number of instances where the latter is formulated ambiguously, so it is necessary to pay increased attention to the documents you sign and the terms you agree to when subscribing to an ISP.
Aside from unknowingly giving full permission to your ISP to use the personal data from your contract, there is a hoard of private data to be harvested from your online activity. If you’re navigating on a website that does not use a secure protocol (for instance, portals that have http instead of https at the beginning of their address), then your ISP sees what website you’re on, how much time you spend on it, as well as any information you input there, regardless of what that might be. The statistics on how few health, shopping, and news sites use encryption is gloom, to say the least.
Does your ISP store your online data?
When you do browse through a secure connection, the ISP can still find out what portal you’ve connected to because they can monitor the request that you’ve made to the Domain Name System (DNS) in order to retrieve the website in question. DNS queries are actually metadata that can be stored in logs and then be traded or downright sold to other agents such as market analysts. Some jurisdictions have lawfully mandated ISPs to keep such logs.
Even encrypted traffic includes certain metadata that can reveal much about who you are and what you’re dealing with. Aside from revealing your browsing routine (when you log in, how much time you spend online), encrypted traffic with an improper DNS configuration can sometimes reveal the websites you’re accessing. For instance, if you’ve browsed on sexual health sites such as gettingiton.org.uk, plannedparenthood.org, or stdcheck.com, your ISP can easily infer and store certain information about your health.
By analyzing small samples of both encrypted and unencrypted Internet traffic, researchers on net neutrality have easily managed to find out peoples’ medical history, investment choices, annual income, and even access parts of their VoIP conversations. This is why it has become so necessary to take matters into our own hands and protect our personal data while browsing the web.
A VPN service that correctly routes your DNS requests will greatly limit your ISP’s ability to intercept and decipher your Internet traffic. Just remember that free services usually have a way to make you pay, usually by convincing you to sign off on them using your data as they see fit.
