What Your Internet Provider Sees and How to Defend Against Tracking

Your Internet Service Provider (ISP) is the gatekeeper to your online world. Everything you do online flows through their network, giving them a surprising amount of insight into your activities. While HTTPS encryption protects the content of your communications (the actual pages you're reading, the data you're sending in forms), it doesn't hide everything.

Even with HTTPS, your ISP can still see:

• Domain Names: The websites you visit. For example, they know you're going to "example.com," even if they can't see exactly *which* page on example.com you're accessing. This is because the Domain Name System (DNS) requests, which translate human-readable names like "example.com" into IP addresses, are often visible to the ISP.
• IP Addresses: The specific server addresses you're connecting to. They know you connected to the server at, for example, 93.184.216.34 (example.com's IP).
• Timestamps: When you access these domains and IP addresses. This data reveals patterns in your online behavior.
• Bandwidth Usage: How much data you're uploading and downloading. Heavy streaming or large file transfers are easily identifiable.
• Protocol Information: Even with encryption, they can often identify the protocols being used (e.g., HTTPS, QUIC).

This metadata, while not the content itself, is incredibly valuable. Your ISP can use it to build a detailed profile of your online habits, including your interests, shopping preferences, political leanings, and much more. This profile can then be used for targeted advertising, or even sold to third-party data brokers. They can also use this information to throttle bandwidth for certain types of traffic, a practice known as network neutrality violation.

ISPs have several ways to monetize the data they collect. These include:

• Targeted Advertising: They can serve you personalized ads based on your browsing history, even if those ads aren't directly embedded within the websites you visit.
• Data Brokerage: They can sell anonymized or pseudo-anonymized data to third-party data brokers, who then combine it with other data sources to create even more detailed profiles.
• Affiliate Marketing: By tracking your online shopping habits, they can earn commissions when you purchase products or services from their partner websites.
• Bandwidth Throttling: While often unstated, they can prioritize traffic from companies they have deals with, effectively slowing down traffic from competitors.

These practices raise serious privacy concerns. While some ISPs claim to anonymize the data, research has shown that it's often possible to re-identify individuals based on patterns in their browsing history. This is where defensive strategies are necessary to protect your privacy.

Several techniques can help you limit what your ISP can see and mitigate the risks of tracking.

Virtual Private Networks (VPNs)

A VPN creates an encrypted tunnel between your device and a VPN server. All your internet traffic is routed through this tunnel, masking your IP address and encrypting your DNS requests. This means your ISP only sees that you're connecting to the VPN server's IP address, not the websites you're visiting.

Advantages:

• Hides your browsing activity from your ISP.
• Masks your IP address, providing anonymity.
• Can bypass geo-restrictions and access content unavailable in your region.

Limitations:

• Your VPN provider can still see your traffic. Choose a reputable VPN provider with a strong privacy policy. Look for VPNs that have been independently audited.
• VPNs can slow down your internet speed, depending on server location and network congestion.
• Not all VPNs are created equal. Some may log your data or inject ads.

Actionable Steps:

1. Research and select a trustworthy VPN provider. Consider factors like privacy policy, logging practices, server locations, and price.
2. Install the VPN client on your devices (computer, smartphone, tablet).
3. Connect to a VPN server before browsing the internet. Consider server location relative to the services you use.
4. Regularly review your VPN provider's privacy policy for any changes.

Encrypted Domain Name Resolution (DNS)

DNS translates domain names (like "example.com") into IP addresses. Traditional DNS queries are sent in plaintext, allowing your ISP to see the websites you're trying to visit. Encrypted DNS, such as DNS over HTTPS (DoH) or DNS over TLS (DoT), encrypts these queries, preventing your ISP from seeing the domain names you're resolving.

Advantages:

• Prevents your ISP from seeing the websites you're visiting via DNS queries.
• Relatively easy to set up in most modern browsers and operating systems.

Limitations:

• Doesn't hide your IP address or encrypt your other internet traffic.
• Your chosen DNS server (e.g., Cloudflare, Google) can still see your DNS queries. Choose a privacy-focused DNS provider.
• May not be supported by all devices and networks.

Actionable Steps:

1. Browser Settings: Enable DoH in your browser settings (e.g., in Firefox, go to Preferences > General > Network Settings > Enable DNS over HTTPS). Choose a trusted DNS provider like Cloudflare or NextDNS. Browser Privacy: Hardened Browsers, Search Engines and Tracker Blockers
2. Operating System Settings: Some operating systems, like Windows 11 and Android, also allow you to configure DoH system-wide.
3. Router Settings: Some routers support configuring DoT or DoH for all devices on your network. Consult your router's manual.

Network Segmentation

Network segmentation involves dividing your network into separate, isolated subnets. This can help limit the potential damage from a compromised device and control which devices have access to certain resources. It also helps to limit what information is accessible to all devices on your network.

Home Network Segmentation:

• Guest Network: Isolate guest devices on a separate network with limited access to your main network. This prevents guests from accessing your personal files or devices.
• IoT Network: Place your smart home devices (e.g., smart TVs, security cameras) on a separate network. IoT devices are often vulnerable to security breaches, so isolating them limits the impact of a compromise.

Work and Public Connections:

• Always use a VPN when connecting to public Wi-Fi networks. Public Wi-Fi networks are often insecure and can be easily intercepted by malicious actors.
• Use a dedicated device for sensitive work tasks. Avoid using personal devices for accessing work emails or documents.

Actionable Steps:

1. Router Configuration: Access your router's settings (usually through a web browser by entering your router's IP address).
2. Create Guest Network: Enable the guest network feature and set a strong password.
3. Advanced Configuration (Optional): If your router supports it, create a separate network for IoT devices with appropriate firewall rules to restrict their access to the internet and your local network.

While VPNs, encrypted DNS, and network segmentation are valuable tools, they are not silver bullets. A holistic approach to privacy requires a broader understanding of Digital Hygiene: How to Minimize the Collection of Your Data. This includes:

• Privacy-Focused Browsers: Use browsers designed with privacy in mind, such as Brave or Firefox with privacy-enhancing extensions. Browser Privacy: Hardened Browsers, Search Engines and Tracker Blockers
• Limited App Permissions: Carefully review and limit the permissions you grant to apps, especially on your smartphone. Android Privacy: Permissions, Privacy Dashboard and Location Control
• Regular Password Updates: Use strong, unique passwords for all your online accounts.
• Consider conducting a One-Day Digital Hygiene Reset: 12 Steps to a Smaller Digital Footprint.

Protecting your online privacy is an ongoing process. By understanding what your ISP can see and implementing these defensive strategies, you can take control of your data and minimize your digital footprint.