What Does Your ISP Know About You?

What Does Your ISP Know About You?

Updated: 08-18-2021

Your Internet Service Provider (ISP) knows more about you than you think. Given that they handle all your internet traffic, they have access to practically all your browsing information, starting from your shopping habits, how much time you spend on the websites you visit, the recipients of your emails, among other things.

Chances are, you never knew that your vital information could be sold to third-party marketers or the highest bidder. Since such a security breach was becoming a point of concern, the Federal Communications Commission (FCC) intervened and came up with policies that require ISPs to consult users before sharing or storing any of their information.

Shockingly, top ISP providers such as AT&T did not support the move to provide more privacy to consumers.

In this article, we will cover everything you need to know about ISPs, in relation to your privacy, and the precautions you can take to protect your data. Here is a preview of what is to come:

  • Why your ISP tracks your internet traffic
  • What your ISP can see if your data isn't encrypted
  • What your ISP sees when your data is encrypted
  • What happens if you don't keep your personal information online?
  • How to find a VPN that will protect you from ISP monitoring
  • Best VPNs to bypass ISP monitoring
  • How to use Tor to protect your internet traffic from ISP monitoring
  • Frequently Asked Questions about ISPs

Why Your ISP Tracks Your Internet Traffic

ISPs track their users' online activity for several reasons. Some may argue that ISPs do this to improve service delivery, but this isn't the case most of the time. Here are a few reasons why your ISP may track your online activity:

  • Due to data retention laws that compel ISPs to track and record their users' data.
  • To sell your data to third-party advertisers.
  • To enforce internet censorship by the government

What Your ISP Sees When Your Data Isn't Encrypted

Some countries such as Australia require ISPs to store the browser history information of their consumers in a bid to combat cyber-crimes. The Australian government oversees the implementation of the law and prevents leakage of personal information.

However, most countries do not have such a requirement; such countries rarely have laws to protect consumers' data from exploitation by ISPs. Although you may install a firewall hoping to protect you against invasive cookies, sometimes, that is not enough.

To give you a clearer perspective of what information ISP companies have access to, here is a complete breakdown:

The Websites You Visit and Passwords Entered

Every time you visit any unencrypted Hypertext Transfer Protocol (HTTP) website, your ISP can know the exact site you went to, the web pages you opened, and how much time you spent on the website.

For example, if you went to a drug store website named http://www.mymedicine.com and bought some drugs, your ISP can tell the exact time you logged into the site, the drugs that you bought, and the details of the card you used to submit payment for the drugs.

If your ISP decides to sell such information, they'll put you at risk of theft and unwanted marketing spam emails.

On the other hand, when you visit a Hypertext Transfer Protocol Secure (HTTPS) site, your ISP can't see the Uniform Resource Locator (URL) of the site and the information you send or receive on the site. The URL is the web address that appears at the top of the browser window.


How To Prevent ISPs From Tracking the Websites You Visit

Every time you visit a website, make sure it is HTTPS-enabled and has a valid SSL certificate. An SSL certificate is a data file that graduates a website from HTTP to HTTPS.

One way to check for the validity of the SSL certificate is by clicking on the small padlock in the address bar on your browser to view the certificate.

You can then check if the certificate is credible.

Alternatively, you can invest in a good VPN that will automatically protect your information regardless of whether the website is HTTP or HTTPS-enabled.

Your Email Correspondence

Most ISPs can easily read the contents of your email, especially if your email service provider uses HTTP or doesn't use Transport Layer Security (TLS or SmartTLS). A transport layer system enables coherent communication between different applications running on different hosts.

ISPs can still access your emails even if your email service provider uses SmartTLS. This is because, for it to work, the service requires you, your email correspondence, and the email service provider to observe some specific criteria.

If any of the three doesn't meet the said criteria, then the Smart TLS is disabled, exposing your emails in the process.

How To Prevent Email Exposure

To prevent exposing your email, opt for email service providers with TLS encryption, an HTTPS-powered domain, and a valid SSL certificate.

Examples of email providers with the three features include; Yahoo, Google, Outlook, Apple Mail, Hotmail, and Thunderbird.

Some of the email providers mentioned above will notify you if the email sender or the recipient does not have TLS encryption. For this reason, you can choose whether to proceed with communication or contact the other party on a secure communication channel.

Also, ensure that you activate the TLS encryption feature when setting up your emails. This is because not all email providers make it a default setting

Torrenting Activity

Surprisingly, even the most popular torrent sites only use the HTTP protocol and don't support HTTPS. This means that your ISP can know exactly what you downloaded from a torrent site even if the content is illegal or geo-restricted, what time you downloaded it, and so forth.

Most of the time, your ISP would not bother knowing the exact content you downloaded. However, they may respond by reducing your download speeds and bandwidth depending on the size of your downloads and how often you download such materials.

How To Prevent Bandwidth Throttling

You can easily hide your torrenting activity by investing in a good VPN. If you cannot afford a premium VPN, use torrent sites with inbuilt torrent encryption.

The site will automatically encrypt its domain, preventing your ISP from knowing what exactly you are doing online.

You can also use a proxy server to hide your entire online traffic from your ISP. A proxy server acts as an intermediary server between users and the internet by filtering and encrypting all your outbound traffic. It also hides your original IP address.

Your Crypto Transactions

Bitcoin and other cryptocurrencies enable users to make financial transactions without having to input their personal information. However, this is not always the case if your ISP is invasive.

Given that most crypto users send unencrypted messages to Transmission Control Protocol (TCP) ports when contacting each other about transactions, it is easy for your ISP to know when you are making crypto transactions.

ISPs can go as far as knowing the amount transacted and the receiving party by dissecting your internet traffic and reading its content.

How To Prevent ISPs From Viewing Your Crypto Transactions

You could either use a credible VPN, a proxy service, or a Tor network to encrypt your online activities. This will ensure that your ISP cannot decipher what you are doing on the internet. Alternatively, there are other ways to keep your bitcoin activity anonymous, such as mixing coins or trading with local bitcoins.

What if Your Data Is Encrypted?

If you're browsing on an encrypted connection that uses the HTTPS protocol, your ISP cannot see the pages you visit within a given website. For instance, if you visit https://example.com/, your ISP will only see the domain name but won't see what comes after the '/'. For this reason, ISPs cannot see what you type into the website search bars or forms.

Even when using an encrypted connection, ISPs can still see your web requests and figure out the destination, whether it's a social media platform, a banking website, or an e-commerce site.

They can also see the size of your downloads when you download files from a specific website, which is why they can slow down your connection when you use too much bandwidth, even without looking at the contents of your download.

Even if you encrypt all your data and only visit websites with valid SSL certificates, your ISP can still view part of your metadata. Take Google, for example; as much as they cannot view the contents of your emails, they can still identify the sender and recipient of the email, the time sent and received, how often you exchange emails with the recipient, etc.

Your ISP can do the same when it comes to encrypted data; although they won't know what it is exactly that you are doing, they have enough information to make an accurate prediction of your online activities.

A recent study revealed that most smart home appliances/Internet of Things (IoT) devices upload users' private activities onto the internet to help them serve you better. Even though most of the said appliances have some form of encryption, it is easy for an ISP to have a rough idea of what goes on in your home, including your everyday routine.

One way to avoid this is to ensure every smart home device you purchase features modern end-to-end encryption. You can also use a VPN network to encrypt all your IoT devices. This makes it difficult for your ISP to decipher the traffic sent or received by IoT devices.

Ensure that smart appliances stay on even when you are not in the house. This will prevent the ISP from knowing when you get home and what your daily routine involves. Speaking of routine, it is always a great idea to avoid a surge in internet traffic.

For example, if the first thing you do when you get home is play music, try switching on the TV before playing music and switch up your routine often. This is because the ISP can easily tell what device the traffic is coming from if you have a consistent routine.


What if You Don't Want To Include Personal Information Online?

Even though the FCC fought hard to ensure ISPs respect their consumer's privacy, the US Congress successfully voted to reject the newly set privacy rules. This happened after top ISP providers argued that they did not have access to a lot of consumer's information and that the little they had access to should not be kept private for the greater good. 

Some people believe that if they use incognito mode on their browser, their online activity stays private. However, private mode doesn't prevent ISPs from accessing your internet traffic; it only hides it from other users who may access the device you're using.

Also, current trends make it difficult for you to lead a convenient life without leaving a trail of who you are while browsing. The only way to effectively hide your internet traffic from ISPs is by using a premium VPN service.


How To Find a VPN That Will Protect You From ISP Monitoring

The technology industry has evolved tremendously over time, and thanks to this evolution, there are countless premium VPNs to choose from.

However, it's not easy to differentiate a strong VPN from a weak one, but there are several features to look out for when selecting a VPN that will protect you from ISP monitoring: 

Automatic Kill Switch

A kill switch cuts off the internet connection from your device when the VPN connection drops. For instance, if your VPN goes off for whatever reason in the middle of browsing the internet, the kill switch closes specified apps and browser tabs to prevent crucial information such as IP address from leaking.

Military-Grade Encryption

A great VPN service uses Advanced Encryption Standard (AES) with 256-bit keys. This algorithm is almost impossible to crack and is safe against all forms of brute force attacks. For this reason, your traffic and communication will remain secure while traveling through the VPN network.

No Logs Policy

This policy ensures that the VPN provider does not store your personal information or any other information transmitted from your device to the VPN service.

Even if authorities compel the VPN service provider to produce logs, they won't find any meaningful information in such records to track the online activity back to you.

Multiple Servers WorldWide

A VPN service provider with many servers at different locations enables its users to get more bandwidth and faster speeds compared to a VPN provider with limited server locations.

Suppose a VPN service has multiple server locations. In that case, you can use a VPN server in another country to bypass geo-blocking restrictions because you'll appear to be in the same location as the VPN server.

Strong Encryption Protocols

A VPN protocol is a technology that offers different encryption standards for the data transmitted via a VPN network. A good VPN service uses the highly configurable OpenVPN protocol or the IKEv2 protocol to encrypt data packets sent over its network.


Best VPNs To Protect You From ISP Monitoring

ExpressVPN: Has strong encryption and lots of servers scattered in more than 90 countries. It uses military-grade encryption and has a strict no-log policy.

CyberGhostVPN: CyberGhost purposefully built its headquarters in Romania as the country has stringent rules regarding internet privacy. It's also fairly priced, has great features and multiple servers distributed across the globe.

HMA VPN: This VPN has various preset modes that users can choose and safely browse the internet. HMA is easy to use and comes with a 7-day free trial.

Private VPN: Allows up to six simultaneous connections and has impressive speeds. Additionally, it has servers in over 63 countries and a 30-day refund policy.

Nord VPN: Boasts high speed and seamless connectivity. The VPN is affordable, has a beginner-friendly interface, and is easy to set up.


How To Use Tor To Protect Your Privacy From ISPs

The US Naval Research Laboratories created Tor to protect their sensitive information from being hacked or leaked. Over time, it transformed into a non-profit organization to promote open space anonymity and general internet privacy.

Tor works almost like a VPN. Every time you use a Tor browser, your traffic is sent to one of their multiple randomly chosen relay servers and encrypted before being sent out to the intended destination. This way, your personal information and real IP address are hidden from your ISP.

With Tor, you do not need to download any application; all you need to do is download an extension to your normal browser, and you are good to go.


Frequently Asked Questions About ISPs

Does My ISP Store Everything I Download?

No, it would be virtually impossible for any ISP to store everything you download as this will need a lot of cloud or hard disc storage space.


Can ISPs Find Out the Exact IP Address of a Site I’m Browsing if I’m Using a VPN?

This depends on the type of VPN you're using. If you use a free VPN with weak encryption standards, ISPs can easily decipher the exact IP address of the site, though not all websites have IP addresses assigned to them. On the other hand, a premium VPN service comes with strong encryption, making it difficult for an ISP to find out the exact IP address of the site you're visiting.


Aren't ISPs Supposed To Protect My Online Privacy?

Technically they are supposed to, but most ISPs sell your information to third-party advertisers without your consent.

Can ISPs Read My Emails?

No, they cannot. But, they can easily tell the metadata, such as the email recipients and when you sent it.

Is It Legal To Use the Tor Browser?

Yes, in most counties, it is legal to use the Tor browser to protect your privacy. However, some countries such as Russia and China prohibit the use of Tor.


What Are The Benefits of ISPs Having My Data?

It can be beneficial, on rare occasions, if the ISP has access to your data. Let's say prosecutors accuse you of committing a crime, yet you were in a different location from the crime scene. If you happen to have been browsing the internet, then you can use it as a starting ground to defend yourself, given that your ISP can show your exact geo-location.

Also, most of the information they sell to third-party advertisers may help improve your browsing experience as the marketers will know exactly what you are looking for.


Though many people do not give it a second thought, ISPs have access to information that you would rather keep private, such as your browsing history, what you watch, shopping habits, and much more!

Contrary to popular belief, browsing on secure HTTPS sites does not guarantee that your online activity will be safe. These days, it is fairly easy for an ISP to deduce what exactly you were doing in a given site based on your internet patterns.

The FCC tried to intervene and enforce some ground rules for ISP providers, but they faced resistance from Congress and other private parties. For this reason, you need to take necessary precautions to ensure your data remains confidential.


Now that you know your data is accessible to the prying eyes of ISPs, you need to invest in a reputable VPN to keep your data safe. A reliable VPN masks your IP address, making it almost impossible for your ISP to track your online activities.

Leave a Reply

Your email address will not be published. Required fields are marked *

11 comments on “What Does Your ISP Know About You?”