Cybersecurity

How Scary is your Internet Service Provider?

Riley Nevins

3 min read
How Scary is your Internet Service Provider?
Photo by Christopher Burns / Unsplash

What does your internet service provider (ISP) or cellular provider(s) know about you? Aside from your name, address, and other billing-related information, this post will explore this question in depth. In a world where we rely on the internet more than ever, how are service providers benefitting without the public majority's knowledge? Today we'll discuss some scary things your internet service provider may be storing about you and your devices.

Key points

Internet service providers (ISPs) in the United States are not required to retain data, but they are also not prohibited from doing so.
ISPs may store data such as browsing history, search queries, and potentially the emails of customers who use their mailing services.
The use of deep packet inspection (DPI) software can allow ISPs to record information that may be of interest to them.
There are legal and technical measures that can be taken to prevent ISPs from understanding your communications, including using third-party services like AstroVPN or strongly encrypted tunnels.
It is important to be aware of the extent to which ISPs can access and store data about your online activity and to take steps to protect your privacy.

The data ISPs collect is generally tied to the customer's public IP address. Specifically, providers have been known to contain browsing history/search queries. Customers who use their service provider's mailing services may also find their emails logged. However, it has yet to be clarified if the content of emails is being logged. ISPs may also be able to identify which third-party mailing service you're using based on the requested IP address. Service providers can efficiently conduct this type of activity. Many DPI (deep packet inspection) software exists, and it's easy to record information that may interest providers. Ultimately, service providers do not uniformly collect the same datasets as some form of government obligation; instead, this is a grey area allowing both parties (service providers and the United States government) to act on their own interests.

When it comes to why ISPs are storing the information, one must consider the legal jurisdiction that the provider falls under. This post will mostly reference service providers in the United States. In the United States, the first data retention policies were introduced by James Sensenbrenner, a House Representative from the State of Wisconsin. Rep. Sensenbrenner argued that the United States should adopt similar data retention policies as those in Europe, which has different retention policies. Although these ideas have been introduced, they have yet to go into law. The United States currently does not require service providers to retain data. On the contrary, the law does not prevent service providers (independent, third-party, private corporations) from storing this data on their behalf. The Stored Communications Act (18 U.S Code CHAPTER 121) allows the United States government to access the stored data, should there be any.

Don't fear! There is a multitude of things that can be done to prevent this level of logging. Firstly, (since this boils down to a series of legal issues), you can further learn about the legality behind these concerns and push for change at the government level (local, state, federal, etc.). Secondly, you can use a third-party service that uses various techniques to obfuscate or encrypt your data. For example, AstroVPN standardizes DoH (DNS over HTTPS), which prevents prying eyes from reading your DNS/search queries. Taking advantage of strongly encrypted tunnels, such as VPNs using modern encryption methods, can also prevent your digital communications from being read by a service provider. There are actions we can each take to secure ourselves in the ever-growing digital world better. It comes down to what is most convenient for you and the scale at which you want to tackle the problem. This is the only solution that will protect the public as a whole without lifestyle changes.

Overall, there are a plethora of steps you can take and tools you can utilize to prevent internet service providers from understanding your communications. Ultimately, the issue remains that internet service providers in the United States are not obligated to log in but are not discouraged from it. Furthermore, we must take steps in our everyday lives to lessen the impact of this logging.