ISP Snooping: Why You Should Care
We’re living in a world where governments and advertisers want to peer into the most intimate details of your life, from your health worries to your finances and everything in between. Worse, they intend to get help from your Internet Service Provider (ISP) to do so.
In recent months, the U.S. Congress voted to roll back rules that required ISPs to obtain the consent of users before collecting their data or sharing it with third parties. The UK government is also pushing for a massive surveillance through the Investigatory Powers Act -nicknamed the Snoopers’ Charter. The legislation requires ISPs to, among others, keep one year’s worth of browsing history for each user and hand it over to government agencies in case of need.
How bad is this? Very.
As your gateway to the connected world, your ISP gets to see all your internet traffic, including the websites you visit and services you use. If those services are not encrypted, then your ISP will also be able to see the content of your traffic. Even if they are encrypted, logging your traffic generates a lot of metadata, bits of information that can be linked to create a digital footprint of your contacts, habits, health conditions, political beliefs, sexual orientation, etc.
Exacerbating the situation is the fact that many “not-so-smart” devices are finding their ways into homes. These connected gadgets are often riddled with security bugs and bad coding, exposing sensitive information to ISPs—or anyone else who might be listening on your connection.
Your ISP already has a vested interest in collecting your data, and to be fair, there’s a likely chance there’s a likely chance that it’s been doing so all along. ISPs use consumer data to serve targeted ads or to sell it to third party advertisers. The new measures will only let them do so without fear of crossing legal barriers in the future and being held to account.
As ISPs gather more of your personal data, not only do they stand to make a lot of money but they also become increasingly at risk of cyberattack.
However, as ISPs become the centers of so much sensitive information, they will draw the attention of other parties, namely financially motivated hackers and nation state actors. Cyberattacks against ISPs can put your data into the hand of some of the most hostile actors on the internet.
The latest example is the leak of 14 million Verizon customers’ data, including name, cellphone number and account PIN. Previously, the British ISP TalkTalk was the target of a massive data breach, which exposed the personal information of more than 157,000 users. The company was later fined £400,000 for having failed to protect customer information.
All is not lost though. Fortunately, people are not giving in to massive data collection so easily. Recently, the British human rights group Liberty obtained permission from the High Court to legally challenge the Investigatory Powers Act. In the U.S. digital rights groups such as the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) led widespread campaigns to prevent the repeal of privacy rules.
But the legislation was eventually ratified in both chambers of Congress and signed by the president. And there’s a chance that the Snoopers’ Charter will see its full implementation, and other states might follow the lead.
Despite some fightback from digital rights groups, consumers should take their own steps to protect their privacy.
But that doesn’t mean that you’ll be resigned to give in to massive surveillance. There are a few measures you can take to protect your privacy against ISP snooping andyes to prevent your personal information from falling into the wrong hands.
- HTTPS: Try to limit your traffic to websites whose address starts with HTTPS. These websites encrypt their traffic. Your ISP will still be able to see which websites you visit, which is still enough to deduce a lot of information about you. But it won’t know which pages in those websites you browse to, and it won’t see the content you post to those websites, such as the personal information you fill in forms. For instance, Wikipedia’s move to HTTPS enabled users to freely browse the website without fear of government surveillance.
- VPN: Virtual Private Networks are one of the best tools to circumvent ISP snooping. When you use a VPN, all of your internet traffic is encrypted and tunneled through the VPN’s servers. All your ISP can see is a bunch of encrypted data. It won’t know which websites you’re visiting. However, a consideration to know about VPNs is that they will be in the position to collect the same information you’re concealing from your ISP, so you should look into the background and credibility of a service before signing up. A service like Top10VPN (full disclosure: yes, that’s us)
- Tor: The Onion Router (Tor) is a network of volunteer computers, called nodes, that are linked to create an anonymous network. When you’re using the Tor browser, your entire traffic is encrypted and deflected through several Tor nodes before it reaches its destination. Tor is the most secure of the three options, but it slows down your internet connection considerably, and there are many sites that block access from Tor nodes since it’s often associated with illicit activities.
As we move toward an era where anything and everything is producing data, privacy has become a commodity that you should cherish and protect. Make it a priority to educate yourself about threats to your privacy and protect your information from anyone who is trying to obtain it without your notice or consent.