Internet service providers (ISPs) control the physical infrastructure of the internet, and thanks to recent US legislative changes, they’re increasingly powerful. It’s worth getting to know who they are and what they can do with your personal information.
What’s an ISP?
Your ISP is your internet service provider. They get you online and provide you with IP addresses, which help deliver content and information from the internet to and from your device. You can find who your ISP is by visiting whoismyisp.org.
All of your internet traffic passes through your ISP. To use a metaphor, think of the internet as a highway network. Your router is your house and your data is a car. Your ISP owns the toll road you must take to get from the highways (the internet) to your house (your router). This distance is referred to as ‘the last mile,’ the final leg of the network chain that physically reaches your home. Because your ISP owns the road, they know who takes it, what car you’re driving, and where you’re going. They may even peer into your car to see what’s inside.
In other words, unless you take the right precautions, you’re no stranger to your ISP. They know a lot about you, where you go, and what you do.
Can your ISP see your browsing history?
Your internet activity isn’t private. Your ISP monitors all of the data you share and receive online. What your ISP can see depends on what type of websites you visit, and if they are encrypted or not. Secure, encrypted sites use the domain prefix HTTPS. Unsecure, unencrypted websites use the prefix HTTP.
If you visit encrypted sites, your ISP can still see:
- the domain of the websites you visit;
- your device;
- your web browser; and
- your approximate geographic location
If you visit unencrypted sites, your ISP can potentially see:
- the exact web pages you visit, including connection times and dates;
- your search engine queries;
- your emails, including who you email, and when;
- what you type into forms on websites, including passwords;
- your social media data, i.e. the content you consume;
- what you ask your virtual assistant, like Siri or Alexa;
- what you’re file-sharing or streaming, including data from P2P platforms; and
- your cryptocurrency transactions.
Depending on your country and its laws, your browsing history can be used in all kinds of ways. In 2018, the US repealed its net neutrality rules, doing away with the idea that all information on the internet should be treated the same. Since then, ISPs in the US have the power to build consumer profiles which they can package and sell to advertisers, governments, and other third parties, similar to how Google collects your personal information into a personalized profile to serve you targeted ads. ISPs can also throttle services and censor content.
While many ISPs say they don’t do this, there are good reasons to be wary about where your data ends up. Edward Snowden’s global surveillance disclosures showed that ISP data tracking can be used for mass surveillance and to monitor ordinary people. News of Verizon's 'perma-cookies’ revealed that the company subtly inserted a unique string of letters and numbers—used to identify specific devices—into its customers’ outgoing web data to keep track of their activity.
What about incognito browsing?
You might be thinking: I already know how to hide my history. I browse in incognito. My data is private. But this isn’t exactly the case.
“Incognito mode does not prevent ISPs from seeing which sites you went to,” explains Sridhar Ramaswamy, cofounder of Neeva. “It just means that your browser won’t have a record of what you did after you close the incognito window.” In essence: After you close your incognito browser window, you become incognito to the browser, but were never incognito to anyone else. Your ISP can still see that traffic to a website is coming from your IP. Any website you visit can see that the traffic is coming from your IP. The only guarantee you get is that your browser will not record a history of your incognito activity.
Using a private browser or browsing mode means your browser won’t store data about the websites you visit, nor will it automatically save cookies, temporary files, or passwords. But this doesn't prevent your ISP from seeing your internet traffic. Regardless of your browser settings, your ISP is fulfilling your data requests and therefore has access to what you’re sharing and receiving online. What’s more, even in incognito mode your IP address and browsing history are still visible to the sites you visit, including mainstream search engines. And as long as you consent to cookies, they’re used to track your activity within the session.
If this is news to you, you’re not alone. A 2018 survey by the University of Chicago found that there are a lot of misconceptions about so-called private browsing modes and whether they can safeguard your digital footprint.
Reasons why your ISP is tracking your history
Once in the hands of your ISP, your personal information can be used for lucrative, non-service-related purposes. Here are a few common reasons why ISPs collect your data:
You create a lot of behavioral data while browsing the internet. Your ISP knows where you like to eat, shop, bank, and travel, and might know more intimate details, like if you’re having health issues or what your sexual preferences are. This data is very valuable to companies who want to sell you products and services. As a result, many ISPs sell their customers’ data to advertisers and other third parties.
Recent US legislative changes mean ISPs can compile user browsing history into logs, which are then sold to marketing companies to direct targeted online ads. Those profiting from this arrangement often argue that serving you personalized ads improves your experience.
Your ISP controls your internet speed. Bandwidth throttling is when your provider deliberately slows down your connection. This may happen when you’ve reached your monthly data limit or if you haven’t paid your internet bill. But even if you’re monitoring your usage and staying on top of your payments, your ISP can still put the brakes on your online activity, especially when it’s heavy.
While bandwidth throttling is sometimes necessary, some ISPs use their power to make more revenue at the expense of service quality, even if you pay for an unlimited data plan. Depending on your provider, they may throttle your connection if you’re streaming lots of video, gaming, or using P2P platforms.
In the US, it’s now legal for ISPs to block and prioritize certain kinds of data after the FCC voted to end net neutrality. That means ISPs in the US can throttle content however they want. Some are moving to make a private, uninterrupted connection a premium add-on. To return to the traffic metaphor, the end of net neutrality opened the possibility for ISPs to slide some data into fast lanes for those able to pay for priority treatment, creating profound inequality of internet access.
In many places, ISPs are required to retain customer data for a given period. Governments often claim this is for law enforcement, namely to fight terrorism and cybercrime, and to monitor copyright infringements. Despite no US laws requiring ISPs to retain customer data, US ISPs are still legally required to provide information to police departments and government agencies if issued a subpoena (and because your data can be sold to advertisers, we can assume they keep some.) While fighting crime and terrorism are good reasons to collect and retain data, consider how this may also threaten the anonymity of journalists and whistleblowers working in the public interest.
Some countries go further and restrict access to parts of the internet. Since ISPs grant access to the website you visit, they also have the power to block access as mandated by the government. For example, countries or regions may block websites that incite hatred, criticize the government, or encourage activities that run against a particular ideology or religion.
China’s “great firewall” is perhaps the best example. Sites like Google, Facebook, Twitter, and Wikipedia, are banned in the country. In some countries, ISPs must monitor their users’ online activity, facilitating government surveillance.
How to stop your ISP from tracking your browsing history
We now spend about a quarter of our lives online. Shouldn’t ‘the privacy of your own home’ also apply to the internet? In the same way that you expect that certain parts of your offline life be kept to yourself, you may want aspects of your digital life to stay private too. You don’t have to be up to something nefarious to want a bit more privacy.
Because your ISP stands between you and the internet, you can’t completely evade their gaze. But there are some things you can do to obscure their view, for the sake of your privacy. Here are three ways to start:
The websites you visit are either encrypted or unencrypted. Encrypted sites use the prefix ‘HTTPS.’ Unencrypted sites use ‘HTTP.’ If a website is using HTTPS, your ISP can only see the domains you visited, but not the specific pages you visit within that domain. In this case, they can only see you visited:
Using an encrypted connection also means your ISP can’t see your search queries or what you type into forms on that website, including any passwords or payment information. More than 80 percent of websites offer encrypted versions. Use as many secure connections as possible, or use a browser extension like Neeva’s or HTTPS Everywhere that automatically rewrites your browser requests to HTTPS.
Use a VPN
One of the most effective ways to shield your data from your ISP is to use a virtual private network or VPN. A VPN provides you with a temporary IP address and encrypts your web browsing activity.
Going back to the traffic metaphor, using a VPN is like taking an underground tunnel instead of the road your ISP owns. This way, they can’t see you or collect your browsing history and personal information. And because they can’t see what you’re doing, you won’t be subjected to bandwidth throttling.
A VPN also allows you to bypass government restrictions in certain countries, making it especially useful when you travel. Make sure your VPN service doesn’t keep logs of your online activity. Most good VPN services, like ExpressVPN or NordVPN, charge a small monthly fee.
Use a private search engine
Search engines are one of the most personal ways we use the internet, which is why your search history is so valuable to advertisers and your ISP. To protect your searches, switch to a private search engine like Duckduckgo or Neeva. A private search engine gives you a more active role in how your data is collected and used.
Duckduckgo is a private, ad-supported search engine. It saves your search queries but doesn’t connect them to your personal information. For a small fee, subscription-based private search engine Neeva balances privacy with personalization by collecting some data to improve your experience but gives you ultimate control over your information. Neeva doesn’t show you ads and automatically upgrades your connection requests to HTTPS when possible.
Neeva is the world’s first private, ad-free search engine, committed to showing you the best result for every search. We will never sell or share your data with anyone, especially advertisers. Sign up today and try Neeva for yourself: neeva.com/signup.