It’s long been truth, if you want to participate in modern society you must give up some degree of your privacy, and at this point I’m not even sure that moving off the grid to a jungle somewhere and living off the land would actually insulate you entirely from the watchful eyes of the powers that be. And perhaps there’s no better illustration of this than the amount of trust that people are expected to place in their internet service provider or ISP.
I mean, just think about how much of your personal data concerning everything, from your financials, to your vacation planning, to your love life. Everything is flowing through that tube that goes from your house to some other mysterious land of long corridors, close office doors, and networking equipment that grants you access to the Internet. So just how much of this is your ISP really keeping.
Well, it’s probably not that surprising since the function of an ISP is to connect you to the websites and services that you want to access. They know, at least in a general sense, the IP addresses and the sites that you’re visiting. Because DNS requests are unencrypted, that means that they can see the domains that you’re going to, like faccebook.com or abyadaswad.com, but not necessarily which specific pages on those domains. These IP addresses are just one form of simple trackable metadata which is a catch-all phrase for information other than the content itself.
With other examples, being email addresses, timestamps, and port numbers, so your ISP will know you visited LinkedIn last Monday at 2 p.m., but won’t have access to the encrypted data like your login credentials, who you talked to, and what you said. When it comes to unencrypted sites, or sending and receiving unencrypted communications, ISP can actually see specifics about your activity, including the exact content on those web pages or messages. They can even make educated guesses as to some of what you’re up to. For example looking at individual packet size routing patterns and timing they can piece together details, like recipient of a message, or the length of a password, and get a pretty good picture of what your online life is. So by this point, you might be a little nervous, even if you’re not some notorious cyber criminal. I think it’s fair to say that the vast majority of us have done something online that we, sort of, rather not share with the rest of the world but it’s not all doom and gloom. The odds are, there isn’t someone at your eyes just munching on some popcorn and going through your private stream of Internet packets, but that doesn’t mean that this isn’t a concern. Or that they’re not just logging all of that information anyways for later use.
The upsetting thing for a lot of people, specifically is the potential for ISPs to sell this information to advertisers or other more nefarious partners. It’s kind of like how Google delivers advertising for products that they think you might like, based on your browsing history. Except that in the case of an online service, it’s often easier to opt out or just avoid using it. There isn’t much telling what some unscrupulous advertiser would do with it, even if they aren’t selling it directly to email spammers.
There’s no guarantee that your information will remain out of the hands of malcontents. Look at how many major data breaches are in the news these days, it happens all the time. However, there is a bit of good news for those that are concerned about privacy. More and more websites, especially large popular ones, are encrypting connections by default. Additionally ISPs don’t save this dirt they have on you forever. Most of them keep it for about two years at most, but not to say that they don’t just sell it every two years. But either way, there might not be a complete picture of your digital life forever available at any individual point in time. And you might also be using multiple ISPs, which is becoming common and even unintentionally.
In most cases, we use one provider at home, another at work, and a third for cellular data, and so on… And beyond that, if you do want to get super serious about privacy, and limit what your ISP knows about you, using a reputable VPN service or Onion browsing with good security that doesn’t log user activity can help a lot.