ISP Spying: It Knows More Than You Think

What is an ISP?

ISP stands for “internet service provider” which is exactly what it sounds like...a company that provides access to the internet. These companies make it possible for us to get online and do everything that we do in that virtual world— for a fee. From browsing to shopping, connecting with friends, and conducting business, ISPs make it possible.

Is your ISP spying on you?

Well, it depends on your understanding of spying. And also where you live. Let's deal with the latter first. Basically, if you live in Europe then good news!

Internet Service Providers in Europe are prohibited from collecting or selling data. If you live in the United States of America, then, you're not quite so lucky. There are currently no such protections against ISP spying in place in the US.

In fact, broadband privacy rules were repealed in 2017, giving way to ISPs to collect user data and sell it without gaining user consent. Just another fabulous demonstration of “profits above privacy”.

Now, let's get onto the question of what constitutes as “spying”.

If you think there is an ISP staff member singling you out to virtually peer over your shoulder as you browse the internet, then, no. ISPs don't have the time, money, or manpower for that, they're money-making ventures after all. And neither do they personally care what you do online. Unless it affects their ability to make money, of course.

But what ISPs do have is a business model and technology that has data collection built into the very core of it. Everything you do online is “recorded” and stored.

But why? If they don't care, then why do they collect this data in the first place?

Well, the reasons are twofold and have already been mentioned— money, through advertising and bandwidth throttling, and the government with data retention and censorship.

Advertising

Data equals dollars these days and ISPs are cashing in. Your ISP is in a very sweet position to know pretty much everything about you. From where you shop, bank, and eat to the more intimate details of health issues and sexual preferences. It's information that makes advertisers rub their greedy little hands together. ISPs collect it and sell it to marketers who can then target you with personalized ads as you browse the web.

Bandwidth throttling

Bandwidth throttling is when ISP slows down your internet speed on purpose. There are a number of reasons why they do this:

Network congestion: When a network gets crowded, ISPs will throttle speeds in order to evenly distribute bandwidth and regulate traffic. But they may also throttle your bandwidth because of your personal usage. For example, downloading torrents will strain their network, so they'll throttle your internet, even if you've paid for unlimited bandwidth.

Exceeding data caps: Some ISPs may limit how much data you can send/receive in one billing cycle. If your downloads exceed that limit or get close to it, they will reduce your bandwidth. They'll also be wanting you to up your limits and buy a better bandwidth deal.

Paid prioritization: Sometimes called an “internet fast lane”. This is when companies pay an ISP to prioritize its data on the network over other data. For example, Disney+ could pay your ISP to throttle data from Netflix or other competitors.

Data retention

In some countries, ISPs are required by law to collect and store browser history for a set period of time. These mandatory data retention laws mean that when the government or law agency decides it wants to look into your internet usage, it can.

If you happen to live in a country with an authoritarian government this can be a real cause for concern. But even if you don't, the constant surveillance for no reason is a massive attack on privacy.

Censorship

Not everyone in the world enjoys unrestricted access to the internet. There are many countries where governments censor certain web pages for various reasons. For example, porn and gambling sites are often blocked for religious reasons, but there are also countries that restrict access to social media sites or any website that disagrees with the ruling party.

Governments can and do use ISP spying to enforce censorship. You can check out what type of content is restricted or banned in which countries here.

What data does my ISP collect?

So, we know WHY your ISP is spying on you and collecting your data but what kind of data are we talking about? What exactly does your ISP know about you?

Well, your browser history for starters.

Your ISP can see all the websites you visit, including the exact date and time of your visit, and how long you spend on each website.

These details are more than enough for advertisers to target you with the right ads at the right time, usually when you are most vulnerable or likely to make a purchase. But they also give cyberattackers plenty of information to perfectly time a replay attack.

If you're visiting an encrypted HTTPS site, then your ISP will only see the domain name and not the specific pages within the site. (HTTPS stands for Hypertext Transfer Protocol Secure, a protocol that encrypts data sent between you and the intended website.)

For example, in the following address: https://hoody.com/privacyhub/

Your ISP will only see: https://hoody.com

Everything after the '/' is encrypted. ISPs will also be able to see that you downloaded something from a website, but not the content of that download.

However, if you're visiting a non-encrypted site, one that begins with HTTP, then your ISP will be able to see EVERYTHING you do on that site.

That means:

• Search terms
• Videos you watch
• Purchases
• Payment information
• Your delivery address
• Contact details
• Usernames and passwords

All of it can be exposed to your ISP and to anyone else that happens to be into cyber-snooping for that matter.

Of course, your browser history is just one piece of the giant data puzzle.

They will also be able to see what device you use to browse, your geographic location at the time of accessing each website, and details of any other device connected to the network.

What about Incognito browsing?

Sorry, incognito mode doesn't stop ISP spying. They still see everything that you're doing. The Incognito function on a web browser is not the cloak of secrecy people like to think it is. Using Incognito to hide from your ISP is like playing hide and seek by putting your hands over your eyes. The only thing Incognito does is turn off local retention of your browser history. It hides your browsing activity from those you share a device with. That's it.

So, how do I stop my ISP spying?

Good question. If you want to know how to stop ISP spying and stop them from collecting your personal data, here are a few privacy tools and things you can do to protect your data.

Browse HTTPS only

Browsing only HTTPS sites is just good internet sense. It not only reduces what your ISP can see but what everyone else can see, including threat actors. Most sites these days are HTTPS, but just making double-sure when you're browsing can save you from a whole world of grief, from malware attacks to identity fraud.

If using an HTTP site is necessary, then you can use a browser extension called HTTPS Everywhere. It applies HTTPS security to every HTTP website you visit.

But remember, HTTPS doesn't stop your ISP from gathering data, it just reduces the number of details they can see. It's still good practice though for safe internet browsing.

Use a VPN

VPNs act like a middleman between you and the Internet. They encrypt your web traffic so that your ISP can't track your browser history.

BUT the thing with VPNs is that they don't really solve the issue of data collection, no matter what they may say. They simply move it along.

Instead of your ISP having visibility and data-collecting capabilities, your VPN provider will have them.

All VPN providers collect and store a certain amount of data.

Even if they don't log your browser requests (or say they don't), they will have customer subscription records with your name, email, and payment details.

But don't even think about using a free VPN. Most of them are infected with malware or they are the ones that will actually be collecting and selling your data. If it's free, you're the product.

So while VPNs can hide data from your ISP, they technically take on the role of data collector. While they might not be storing the data, the fact that they CAN is cause for concern.

Especially if a government decides they want access to the data...which is exactly what has happened in India. A directive passed by the government's Computer Emergency Response Team has made it mandatory for VPN providers to collect and maintain customer data for at least 5 years.

Tweak your DNS

The Domain Name System (DNS) is how your computer turns human-readable website domain names, such as Hoody.com, into numerical and machine-friendly Internet Protocol addresses.

Think of the DNS as the telephone book for the Internet.

Your computer is usually set to use your ISP's DNS which is how they see all your browser requests in the first place.

If you're using a VPN they will likely configure your PC to use their DNS, but you can also configure your device to use a third-party DNS provider. To learn how to change your DNS settings, check out our Hoody blog post, What is My DNS?

However, this method isn't exactly foolproof, as even if you change to a different DNS, your request may still be sent to your ISP's DNS.

Use Tor browser

The "dark web” is one way to hide your activity from prying eyes. Tor, otherwise known as The Onion Router, encrypts your browser activity and hides your IP address from your ISP.

It does this by wrapping your data request in multiple layers of encryption, which are peeled away, one by one, as the data package passes through a series of independent nodes. It makes it harder for data to be traced back to you, not impossible, but much harder.

Also, while the ISP won't be able to see what you're doing on Tor, it will know that you are using it. This alone can be enough to draw attention to you, especially if you're living in a surveillance state.

There are also weaknesses at the entry and exit nodes of the Tor network. Anyone with access to the entry node will see your real IP address, and your decrypted traffic at the exit node is vulnerable to interception.

Download Hoody app

The best way to protect your privacy and your data from ISP spying is with Hoody. This new app fills in all the gaps left by other methods and so-called privacy tools.

How exactly? Well, for starters, Hoody is privacy by design.

Although the Hoody app works in a similar way to VPNs, there is one huge difference. It CAN'T collect any data. Unlike VPNs, Hoody is a purposefully designed privacy app that doesn't require any of your personal data to function.

Hoody's Phantom Browsing™ and Bulletproof Privacy Network (BPN) use algorithms that anonymize users' local traffic, digital fingerprints, and IP address. The user's own data never “touch” the internet, so it can never be collected, stored, or tracked.

Hoody also masks the use of Tor and allows access to .onion domains from any browser. This means that it won't trigger any government agencies sensitive to dark web use.

What about the DNS? In the case of Hoody, the user is not using the local DNS anymore at all. Hoody's remote servers (relays) are actually the ones doing the DNS query, so there is no fingerprinting or DNS correlation possible.

Combining Hoody with good web browsing practices, privacy-focused browsers, and tools will make sure your private data stays just that... private. No more ISP spying.

So, is your ISP spying on you? Kind of.

ISPs have access to a lot of information about their users, including their browsing history, personal information, and even online behavior. As gateways to the Internet, ISPs provide a valuable service to users, but at the end of the day, they provide an even greater service to advertisers and other organizations, such as governments.

It's up to individual users to decide whether they are comfortable with the level of access that their ISPs have to their online activities. If you're not, then you can take the steps outlined above to protect your privacy.

Hoody App Beta is finally here! Sign up today for a Hoody FREE TRIAL and get early access to absolute privacy and anonymity online.