Your Internet Service Provider (ISP) is the company which supplies your internet connection and includes the company which supplies your mobile internet connection. Perhaps because we often access the internet from the privacy of our own homes, it is easy to forget (or not even realize) that an activity which seems so private is, in reality, an open book.
In short, your ISP can see much of what you get up to on the internet. This includes every website you visit and every internet resource you connect to. If a website is not protected by HTTPS (look for the closed padlock icon in your browser’s URL bar) then it can see everything you do on a website (such as the specific pages you visit).
Sensitive areas of websites such as payment pages are invariably protected by HTTPS, and thanks to the tireless efforts of privacy activist organizations such as the EFF, it is increasingly common for entire websites to be protected by HTTPS.
Your ISP still knows which websites you visit, however, so if you regularly visit gop.com it doesn’t take a genius to figure out your political affiliation, or if you regularly connect to Grindr servers via its app, your sexual orientation.
It also knows stuff such as when you visit each website, how long you for, and how often you stay there. This kind of “metadata” can reveal a great deal about your day-to-day life and can be used to track your activity over the internet. As US General Michael Hayden once said, “We kill people based on metadata.”
In Europe and many other places around the world, ISPs are legally required to retain such logs, typically for a period of one to two years. Indeed, moves are afoot in places such as the UK to monitor people’s internet activity in real-time with the cooperation of ISPs.
This is not the case in the United States, but as we know from Edward Snowden, American ISPs are instead subject to a warren of secretive court orders, National security Letters (NSLs), gag orders, and more.
In some ways even more worrying is that US ISPs can sell their customers’ detailed web browsing histories and geolocation data to advertisers and partner companies. All the better to sell you stuff.
The good news is that a variety of privacy tools exist which are designed to hide what you get up to online. The most notable of these are Virtual Private Networks (VPNs) which route all your internet activity through an encrypted tunnel to a third party server so that your ISP cannot monitor your activity.
It is probably worth noting here, because it is a common misconception, that your browser’s private/incognito mode hides what you get up to online from friends and family, but does nothing whatsoever to hide your internet activity from your ISP.
At the very least, internet users should be aware that unless they take active measures to remedy the situation then their ISP can see what they do online. And behave accordingly.