Getting your daily dose of internet is generally a care-free experience. You can scroll endlessly through Twitter, binge-watch your favourite shows on Netflix, buy one too many products on Amazon, and find out the latest news on your favourite websites. Wait, what’s this? A page filled with targeted ads about that LinkedIn job you just looked up and your boss just walked by while giving you the side-eye? Oh, the humiliation.
Okay, that’s a far-fetched scenario that a quick look over your shoulder and Ctrl + Shift + Tab would have solved. But it’s harder to keep your online activities private when you can’t see who is watching. Whether you like it or not, most of us are already being watched by the gatekeepers that grant us passage to the internet.
Your internet service provider (ISP) gives you complete access to the world wide web, but they also keep tabs on all the sites you visit, log your interests, and can sell them off to marketing companies. They can even see if you use Bitcoin. What’s worse, other organizations can gain access to your accumulated profile, and if a hacker cracks the system, your information can be compromised without anyone realizing it.
If you’re thinking “come on, laptop. I thought what I searched was meant to stay between me and you,” then you’re not alone. There’s plenty of information your ISP knows about you, but there’s also a simple way to keep your online activities encrypted.
Why do ISPs track you?
There isn’t one specific reason why ISPs track users, as different regions have different guidelines and rules to follow. For example, censorship plays a big role in certain countries, and some governments use ISPs to restrict access to websites or apps that are against their policies. The ISP will know if a user in these regions is attempting to access these sites, and block them due to regulations.
There’s also data retention laws in different countries that have ISPs track and collect certain information, such as browsing history or emails, for a set period of time. This can be used by a federal government service or law enforcement to gain insight into cybercrime and terrorist acts. As an example, web browsing history of people under investigation was given to the Australian police under data retention laws (even though this practice had been excluded from legislation) in 2020, as reported by The Guardian.
While using data to stop suspicious activities by malicious users online can be a good thing, your ISP can do a lot more with it. As we know, Edward Snowden leaked NSA documents showcasing its mass surveillance practises, and American telecommunications company Verizon was sharing its customer data with the NSA. Not the best look.
With the amount of user data an ISP gains, it’s easy to see why marketing companies and advertisers want to jump onboard, too. ISPs often strike deals to sell customer data to companies, which is why you may see a very convenient ad about a puppy pop-up (say that three times fast) on a random website after looking at all those cute dog videos. This has become a huge concern, with Apple making a massive push with its App Tracking Transparency privacy tool. Although, some iPhone users opting out of app tracking were reportedly still being tracked by Facebook and Snapchat. Yikes.
Many companies will state that allowing your data to be tracked for advertising offers ads more relevant to you. However, knowing that everything you do online is being watched for potential use as a marketing ploy can feel, well, creepy. Especially if you’re being profiled without your knowledge.
What your ISP knows about you
The real question is, what doesn’t your ISP know? These services could potentially find out everything about you, from the content of your emails to all your shopping habits. While many don’t snoop around as much, or at least say they don’t, they could all be one whistleblow away from showing us what they’re up to.
Now, there isn’t a person glued to the monitor peeping at everything you do at every moment (I hope), as user data is stored instead. This data can include all the sites you visit, even if you’re in Google Chrome’s incognito mode. What’s more, if websites you visit use HTTP instead of HTTPS (e.g., https://www.laptopmag.com), an ISP can see everything you do on it. This means what you did on the website, what you bought, your username and password used to login, and even payment information.
All the emails you send and receive are also at risk of being read. If they don’t use Transport Layer Security (TLS) encryption, then your ISP has full reign over the contents of your email. Many of the most popular email services, including Gmail or Yahoo, have this, meaning this isn’t a problem for most.
Has someone been watching every Marvel movie in chronological order? Well, your ISP may not know this, but they will know that you’re watching it on Disney Plus. According to ExpressVPN, your ISP can determine what servers your apps connect to. Knowing the apps you have and the amount you use them, it isn’t hard to build a profile around a user.
It isn’t just what an ISP knows, but also when. Services can log exact times and dates for when you used a service or visited a website, along with the amount of time you spent using them. That’s great information for marketers to feed you the right ads at the right time, and for potential threat actors finding the perfect time to use a replay attack just when you log in.
Perhaps you’ve been file-sharing or downloading movies via BitTorrent. That’s a large amount of bandwidth taken up, and your ISP may throttle your download speeds.
There isn’t one specific piece of data your ISP can be peeping at. But that’s the problem: all your online habits and internet activities are at risk of being watched, logged, and sold. Luckily, if you’re thinking of keeping your data as a “your eyes only” type of situation, then all you need is a little encryption.
How to keep your traffic encrypted
Simply put, use a virtual private network (VPN). Accessing the internet with a VPN means making a connection to a VPN server, which acts as a proxy when you’re accessing websites. So, instead of your real IP address — given to you by your internet service provider (ISP) to identify you on a website — the internet will only see the VPN server’s IP address and location. What’s more, the VPN server’s IP address changes regularly.
A VPN essentially encrypts your traffic so your ISP has no idea what’s going on. To them, it would be like watching a broadway show with a pillar frustratingly blocking your field of view — they know something is going on, but they can’t tell what. Handy, right?
Another way is to use a Tor connection, otherwise known as The Onion Router. As explained in our Tor guide, Tor relies on a decades-old principle developed by the U.S. Navy’s research lab to secure the country’s intelligence communications from eavesdroppers (take that, NSA!). Its backbone is a network of thousands of volunteer computers spread across the world called relays, which add multiple layers of encryption over your traffic — nestled like an onion, hence the name — so that no one can trace it back to you.
So, instead of simply linking up with the server where a website or app is located, a Tor-enabled connection bounces off your request via at least three randomly chosen relays before delivering to the destination, and it does the same again on the way back to you. Your daily online activities are encrypted, and your ISP will have a hard time tracing any of it back to you.
You may not be bothered by the amount of snooping your ISP does, especially if you’re the type that doesn’t mind a conveniently timed targeted ad and has no notion of doing malicious activities on the web. But on the off chance that this data can be used against you, whether it affects your credit score or ends up in the hands of a hacker (which the Dark Web Price Index 2022 shows there are plenty of stolen credentials up for grabs), your privacy is best kept secret. Check out the best VPNs to use to keep yourself on the down-low, along with the latest VPN deals as your security shouldn’t have to cost you an arm and a leg.
