What Does Your ISP Know About You?
Last October, the FCC passed regulations that were intended to require your Internet Service Provider (ISP) to take extra precaution in protecting your information. These rules would also prevent your ISP from selling information on your internet usage habits without your explicit permission. Both provisions have just been suspended, and unfortunately it doesn’t appear that they’ll be re-instated.
The rules didn’t place complete responsibility on the ISPs, it just required them to take “reasonable steps” to secure your information. That phrase has a pretty wide interpretation, but right now, it doesn’t really matter. The ultimate question this brings to mind, though, is “What does your ISP know about you?”.
For the majority of home and even business users, the answer is “quite a bit” and probably more than you think. Here’s why.
When you open a web browser and visit DisneyWorld.com, everything sent and received between your computer and Disney’s web server is encrypted. No one can see what’s being sent back and forth between the server and your PC. What your ISP can see, however, is that someone specifically in your household visited DisneyWorld.com. Even though the content of the internet traffic is encrypted, they can still see you visited the site. Think of it as observing two people speaking a foreign language. You may not be able to understand what they’re saying, but you can identify each of the parties talking and record exactly when it took place.
Now, your ISP can also see that you visited a couple of Hotel websites in the surrounding timeframe. Depending on the website you visited, they may be able to tell that they were hotels in the Orlando area. Oh and the car rental website you visited the same day, it’s another clue. Again, even if they can’t see specifically what you did on the sites, they can tell you visited them.
Imagine if, in realtime, your website visit information was relayed to an advertising agency. Within minutes, every website you visit features an ad for an Orlando attraction or an ancillary upsell.
This already happens, in much broader terms. but the information is gathered by websites you visit and advertisers on those websites. The difference is the specificity of targeting those ads and what is done with the data. When the data is gathered by advertisers, it may be specific, but it’s not as reliable. Advertisers collect information about website visitors through cookies. Cookies are small “tags” that your web browser can store to keep you logged in on a website, ID you between websites, and through one way or another, those cookies get cleaned out of your web browser, expire on their own or get denied by your browser altogether if you choose to.
When your ISP is collecting data, it’s much more specific. It’s possible for your ISP to link you to your network address and KNOW 100% for certain it’s your household visiting DisneyWorld.com. Blocking cookies on your web browser does no good. Your ISP can give up (sell) the information that uniquely IDs your household. Now the ISP can tie the data to your household specifically, but your name would be stripped out prior to selling it. Even without your specific name in the data, knowing HouseholdX is looking to travel to Florida is very valuable data to a marketing agency.
This is just one example of what can be done. Now, imagine all of that data collected by your ISP gets stolen. When that data gets stolen, it’s possible for the thieves to tie it directly to your household, as the data is collected and stored.
Now that you realize just what your ISP can (and probably does) know about you, you might ask how to prevent it. Fortunately there is an answer to this.
Remember how your ISP can see encrypted traffic from your household to DisneyWorld.com? If you insert a Virtual Private Network(VPN) into the mix, that all changes. Not only is the data encrypted as before, it’s also all directed out through a “private” connection. With a VPN, a “tunnel” is opened from your computer to a server out on the internet, and ALL of your website traffic is sent, encrypted, to that server, who then passes it on for you. Data returned to you from the web is returned the same way. Because of this, your ISP only sees encrypted data travelling between your computer and the far end server. Not only is the data encrypted, they can’t see where you are visiting on the web, as it appears you’re just communicating with the one location at the other end of your tunnel.
Fortunately, software VPNs are very easy to setup. All that’s needed is a subscription to a VPN service and a piece of software installed on your computer. Your web traffic is instantly hidden from your ISP.
Additional benefits of a VPN include:
- Masking your location to websites that you’re visiting. (get local prices rather than “tourist” prices)
- Hiding your data on public wifi connections
- Bypassing foreign govt blocks on websites
I’ve been using KeepSolid’s VPN Unlimited for about three years now. I bought a lifetime subscription for five devices so my phone, laptop and home PC are covered simultaneously. There are a multitude of other VPN service providers available, with varying benefits and costs. KeepSolid’s is one of PCMag’s Editor’s Choices for 2017 and I found it to be the best fit for my needs.