Yes, it’s true.
But before you focus on it too much, there are two things to keep in mind:
- First, it’s not really easy for the average consumer.
- Second, there are easier alternatives to monitoring than your router.
Let me explain what I mean and what you can do to protect yourself — if, indeed, you can protect yourself at all.
Become a Patron of Ask Leo! and go ad-free!
- Your ISP has the technology to see all traffic on your connection.
- Monitoring traffic at home is conceptually easy but technically difficult.
- Encryption is your best defense against monitoring.
- Physical access allows for easier monitoring.
- The police have access, but generally only with appropriate cause and documentation.
Your ISP can see everything you do
Your ISP’s equipment is at one end of your connection, and your home router is at the other. We’re talking about the data flowing between the two.
Whoever controls or has access to the equipment at either end of that connection can monitor it.
I’ve written about this before specifically talking about your ISP. They have the equipment to monitor the data flowing over the connection.
But just like your ISP at the far end of your connection, anyone with access to your router at home can also monitor your internet traffic.
It’s just not particularly easy.
Monitoring traffic at home
ISPs have equipment that make monitoring internet traffic fairly easy. They usually don’t do it, because you and I just aren’t that interesting. Only when law enforcement arrives with a warrant might they start to pay closer attention.
Most home or small business routers don’t have full monitoring functionality. That’s not what they’re built for. Some might be able to expose what websites and internet services have been visited, but not the data exchanged as part of those visits.
However, with some cheap equipment, free software, and access to the connections going into your router, direct monitoring is possible.
It’s pretty simple physically. Someone inserts a hub into the connection between, say, the router and your computer. They connect another computer to that same hub and run free, open-source packet-sniffing software to monitor all the traffic between your computer and the router.
It’s not difficult to connect; the hard part is analyzing the data. Packet-sniffing software is designed for folks very familiar with networking.
If your dad is a computer geek or network engineer, this may be no problem for him. On the other hand, if his expertise is elsewhere, this may be pragmatically impossible.
But Dad has easier alternatives that I’ll speak to in a moment.
Protecting yourself from sniffing
Everything I’ve described so far should be very, very familiar. It’s exactly the same type of sniffing that can be done at an open WiFi hotspot.
As a result, all the steps you take to protect yourself in an open WiFi hotspot apply here.
- Turn on your computer’s firewall.
- If you use a desktop email program, make sure its connections are encrypted via SSL or TLS.
- If you use web-based email, make sure that it’s via https, and only https.
- Make sure any sensitive website you visit uses https, and only https.
- Consider using a VPN.
A VPN will protect you more or less completely. Anyone monitoring will know you’re using a VPN, but that’s all; they won’t be able to see what sites you visit, connections you make, or data you exchange.
Without a VPN, it’ll still be possible to see what sites you visit and servers you connect to.
Without https or SSL, all data going back and forth is visible to anyone watching.
Physical access trumps everything
If someone has physical access to your PC, they can do whatever they like when you’re not looking. That’s often much easier than playing around with your home network to set up some kind of monitoring.
All they need do is install spyware. It might even go by the name “parental monitoring software”.
To be clear, while it’s aimed at parents monitoring their children’s internet usage, you don’t need to be a parent to use it, and you don’t need to be a child to be monitored. There are assorted packages readily available for this type of monitoring, and they’re easy to use.
About the police…
In your dinner conversation, you said, “Police can monitor everything that you do on the web and can track you.”
Taken at face value, that sounds a little paranoid, and I want to address that.
Literally, it’s true. They can.
Perhaps in some countries and jurisdictions, they do.
But in most of the world, they don’t. In most countries, the police can’t just “monitor everything you do” on a whim. They must get a court order or warrant first. Only then can they compel the ISP or other services to provide the monitoring data.
The police have better, more important things to do with their very limited resources than monitor us. As I’ve said many times, we’re just not that interesting.
Well, we’re not that interesting to the authorities.
How interesting you are to your dad might be another matter.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,