Even though you may be generally safe when it comes to browsing the internet, you could still be vulnerable in one inescapable way: your ISP.
ISPs (Internet Service Providers) provide your internet access. Any time you are on the internet, you are using an ISP to make that connection. In fact, your entire online communication passes through your ISP. What does this mean? Your IPS can see everything you do online with the deep packet inspection.
Deep packet inspection allows your ISP to scan the packets of data you send across the web, and is generally used for your protection, when checking for viruses or prioritizing data. On other occasions, ISPs can monitor your web activity to track, log and store your internet activity data.
This is a very lucrative amount of information for any company to have, and the ISPs are allowed to collect and sell this data to advertising companies.
If you are using mobile internet, your ISP can also track your location throughout the day, live and in real time.This makes ISPs an extremely important factor in your online privacy.
The question becomes, how can you be certain your ISP is concerned about your privacy?
We’ll look at some ways the ISPs are (mis)handling your data in two important categories: tracking for advertisement and government retention laws.
Mandatory data retention laws are different across the globe, and they force ISPs to collect and store their customers’ data for a period of time.
Governments put forth these measures as means of allowing law enforcement agencies greater surveillance tools, arguing that it is done for the purpose of national security. However, it could essentially mean that journalists, whistle-blowers, investigators, politicians, and other “enemies of the state” who require anonymity online could be tracked and have their data collected.
Data retention laws vary by country and are often an expensive undertaking for the ISP. The data needs to be stored for prolonged periods of time. Some countries have warrantless access to the collected data, while others can share the information collected among the agencies.
According to the Electric Frontier Foundation, the US does not have a data retention laws per say. Having said that, there are certain bills in force that can request access to certain internet user information if ordered by court. This would confirm the capabilities of ISPs to record the data, with little oversight to know if they do so and for how long.
Canadian ISPs have to follow Bill C-51 and keep the internet user data for 6 months.
Australian ISPS have to follow a mandatory data retention laws which was at the end of 2015 and keep internet user data for 2 years.
Many European Union countries have implemented some form of data retention laws despite 2014 European Court of Justice ruling, stating that mass storage of internet users “without any distinction, restriction or exception” was contrary to fundamental human rights. France, Germany, and Poland have recently introduced Data Retention Laws, with UK looking to join their ranks.
The list goes on.. with laws become stricter and more invasive (for example a recent surveillance law in Russia)
Many ISPs are involved in collecting and selling their users’ data to third parties for advertising purposes, or using the data for their own promotional use.
In 2014, Verizon was caught using what’s known as perma-cookies for all their customers. Perma-cookies allowed Verizon to accurately track their customers’ online activities through unique identifying codes without their knowledge, and it couldn’t be turned off. And even if they deleted their browsing history or surfed in private mode, they were still being tracked.
Luckily, due to public outcry, Verizon now allows users to “opt-out” of this practice (rather than “opt-in”, which means less tech-savvy users are being tracked without their knowledge still).
Even more, another US provider was shown to be actively interfering with their customers’ ability to encrypt email traffic. The provider was actively blocking what’s known as STARTTLS encryption, essentially preventing users from protecting their email privacy.
Furthermore, many ISPs are actively interfering and throttling the bandwidth of anyone using P2P or BitTorrent traffic. It is speculated they do so when asked by large copyright holders.
Essentially, all American ISPs are involved in collecting and/or selling your information for marketing purposes, as is common throughout the world.
There are still some good guys left.
Take for example Swedish provider Bahnhof, whose CEO, Jon Karlung, recently told IDG that they were refusing to act like “internet piracy police.” Karlung believes that business lobbyists want to put the responsibility for fighting illegal downloads on the ISPs, whereas the provider’s task is simply “ensure an internet with free movement, not playing cops.”
Data retention and piracy policing are being fought by both consumer advocate/online privacy groups and more recently some ISPs are joining the fight.
If you want to know if your ISP is a good guy or a bad guy, you’ll have a tough time. This Motherboard article states that Canadian ISPs are reluctant to inform customers about what data they’re collecting, and in the US it’s near impossible to get a response.
The best thing to do is to assume that your information is not being kept particularly privately, and to use a VPN.
A VPN encrypts your data through a secure tunnel before accessing the internet – this protects any sensitive information about your location by hiding your IP address. Virtual Private Networks connects you to the internet through an alternative path than your ISP. The only information visible to them is that you are connected to a VPN server and nothing more. All other information is encrypted by the VPN’s protocol. This is handy when you don’t want your real IP traced back to you.
NordVPN is determined to hide and secure your data with features like double data encryption and a strict no logs policy. We are continuing to work hard in ensuring our apps are easy to use and navigate, so you could hide your IP address even from the likes of your ISP.
How safe is your ISP? Any other tips and tricks to provide an extra layer of protection? Let us know in the comments below.