Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Do I Protect Myself from My ISP?

//
I know you’ll think I’m nuts, but I’m absolutely convinced my ISP is snooping on what I do and reporting it to the government. I know you said my ISP can see everything, but … how do I stop them?

This is a composite question crafted from the many variations on the theme that, over the years, keep coming from time to time.

While I don’t actually think people are nuts, I do think that 99% of the time, they are mistaken, misled, or misinformed.

The 1%, however, can be all too real for some people.

Become a Patron of Ask Leo! and go ad-free!

Your ISP really doesn’t care

For at least 99% of internet users: your ISP doesn’t care what you do, where you go, or what you use their connection for. You and I just aren’t that interesting. No one is watching you. No one is monitoring your online behavior. No one is updating your “permanent record” with your digital exploits.

If you look carefully at the terms of service you probably agreed to when you established your internet connectivity, you’ll probably see there are a couple of things your ISP does care about – the most blatant being excessive use for whatever account type you have. So, in that sense, they might be keeping loose track of how many bytes you upload or download over some period of time. If you exceed some threshold, they might tap you on the shoulder and ask you to slow down, or pay more, or in the worse case, find a different ISP. Or they might just slow your connection.

But chances are they’re not looking at what you’re doing – just keeping an eye on how much.

Your ISP may also respond to complaints about your usage, some of which we’ll see next, but it’s not something they proactively look for. They have better things to do with their time and resources.

When your ISP does care

Is Your ISP Watching?There are some things an ISP might choose to care about – either on their own, in response to complaints, or at the request of others.

  • Large media companies might ask your ISP to track large downloads to identify people downloading copyrighted material.
  • If they suspect you are involved in some kind of criminal activity, law enforcement agencies might ask – or even require – your ISP to track your activity.
  • Overly oppressive governments might require ISPs to monitor the actions of their citizens more actively.

Of course, your employer can certainly monitor your usage of the connections they provide for a variety of reasons, as can public or private institutions like libraries, internet cafés, or others.

Perhaps more realistically, since anyone who provides your connection to the internet is your ISP, your landlord, the hotel’s IT “department”, or the stranger in the corner at a coffee shop with Wi-Fi could all just be nosy, for whatever reason.

Then what?

Option 1: Choose a different ISP

The first, knee-jerk reaction is that if you don’t trust your ISP, find another ISP.

In some cases, that’s simply not practical. In areas that have a monopoly provider, you might only have one choice.

Switching may also not be practical. Often, when there are alternate providers, the cost, performance, or service differential is high. You might find yourself an ISP you can trust, only to find their offerings come with significantly slower speeds or reliability.

Switching may also not be cost effective. Only you can determine the relative priority of the threat versus the potential of increased costs incurred by choosing a different provider.

In a home or business environment, the options typically boil down to cable, telephone/DSL, or wireless. You’ll need to take into account the different cost/performance/service tradeoffs of each.

Of course, all this assumes you can find service from an ISP that you would trust any more than the one you currently have. If you can, and they meet your needs, this option can be the simplest in the long run.

What about TOR?

TOR, or The Onion Router, is a privacy and anonymity technology. By encrypting and then routing your internet connection through a series of intermediate servers, your content is protected and your location on the internet is hidden from the server or service to which you’re connecting.

TOR matters most when you really need anonymity. In many ways, it’s both overkill and insufficient when all you’re trying to protect yourself from is a nosy ISP.

TOR is overkill in that routing through several servers adds little to no security to the connection as seen by your ISP, and can have a dramatic impact on performance.

TOR’s simplest and most convenient distribution is in the form of a dedicated TOR browser. It is insufficient in that it does nothing to secure other types of connections, such as local email clients, peer-to-peer file sharing networks, many types of downloads, and more. Protecting those with TOR increases its setup complexity.

TOR is good for anonymity, but as protection from your ISP, it probably isn’t worth the performance impact or the complexity of setup.

Option 2: Use a VPN

The classic solution for protecting yourself over an untrusted connection of any sort is to use a VPN, or Virtual Private Network.

When using a VPN, your device creates an encrypted connection to that VPN’s servers, and all of your internet traffic is routed through that connection. All your ISP sees is that you’ve connected to a remote server using an encrypted protocol; it cannot see what actually transpires over that connection.

This makes a VPN a perfect solution for travelers who regularly use otherwise untrusted connections, such as those in airports, hotels, and coffee shops.

It also means a VPN is a potential solution for any untrusted connection, even if that untrusted connection is your home internet, as provided by your ISP.

VPNs are not without issues, however.

The cost of a VPN

Using a VPN typically involves two types of costs: monetary and performance – and these two costs are often at odds.

There are free VPN services out there, but they often have poor performance. Spending money to purchase a VPN subscription typically means you’ll get better service and speeds.

This ends up becoming important because when using a VPN, you’re adding an additional layer of complexity to everything being communicated over your internet connection. The data itself is “wrapped” in a layer of encryption, and it’s all routed through extra servers run by the VPN. While slower speeds are perhaps tolerable periodically while traveling, if you’re constantly using a VPN at home, you probably want it to impact your experience as little as possible.

The privacy of a VPN

One thing many people overlook is that when using a VPN, in a very real sense that VPN becomes your ISP. While the ISP can no longer see everything you do, the VPN service can. All of your internet activity is routed through their servers.

Therefore, it’s important to select a VPN provider you trust – presumably more than you trust your ISP.

What your ISP can still see

There’s one important thing your ISP can most definitely see that there’s simply no practical way around: your ISP can see that you’re using a VPN. In fact, they can probably see which VPN service you’re using.

Indeed, some governments have gone so far as to outlaw VPN connections, or to block as many VPN providers as they can keep track of, to prevent you from bypassing their mandated monitoring.

Option 3: Don’t use your ISP

This is the most cumbersome and perhaps even impractical option. In a way, it’s really the same as option #1, but with more legwork.

If you can’t get an alternate ISP for your location, and using a VPN isn’t an appropriate approach for you, then the only real solution is to go elsewhere. By that, I mean when you want to use the internet, take a laptop to a location with an ISP you can trust.

What that might be, I can’t tell you. It could be the coffee shop or library down the street – but then you’d probably want that VPN. It could be a friend’s house, or your place of work – again, as long as their ISPs are more trustworthy to you.

But if you can’t “fix” or bypass the internet connection at home, and you can’t trust it, then you shouldn’t use it… at least not for anything you consider sensitive.

Postscript: I’m soaking in it

I trust my ISP. I trust that my ISP cares little about me, as long as I pay my bills and cause them no problems. As a result, while I have a subscription to a VPN service (TunnelBear), I don’t regularly use it at home.

I decided to try it out while researching and writing this article, so I enabled the VPN here on my desktop at home. I confirmed (via my own “what’s my IP address” page) that my IP address had changed, and that I was indeed connecting to the internet from a different location – New York, it would appear, as opposed to my ISP’s normal point of presence here in Washington State.

This article, like any article on Ask Leo!, may contain "affiliate links". Without affecting the price you pay, or my decision to include them, using affiliate links may result in my being paid a commission should you purchase the product mentioned. More detailed information.

Everything kept working, albeit ever so slightly more slowly. My web browsing continued; my remote server connections disconnected when the change was made, but quickly reconnected and continued to work; Dropbox, OneDrive, and Google Drive1 all reconnected and kept on synchronizing.

Running everything through a VPN is possible, but as I said, it’s unlikely you actually need to; and which one to trust is also going to be a function of your specific situation as well.

Podcast audio

Play

Footnotes & references

1: Yes, I use all three. And more. Sometimes being a geek can be … complicated. 🙂

51 comments on “How Do I Protect Myself from My ISP?”

    • Yes a rule implemented in October 2016 that was never implemented now won’t be implemented. In today’s crazy world of fake news, that is called “repealing a privacy protection”. Uh… it was never actually enacted in the first place…

  1. The Senate just approved the repeal of the FCCs Privacy Protections. You ISP can now sell your private data to the highest bidder. Time for a VPN.

  2. I recently had trouble accessing my bank’s account management website. I phoned them up and the woman asked me if I was using a VPN. I checked an it was on so I turned it off and was able to get in. I assume they’ve blocked certain VPNs because of abuse.

    I use a VPN mainly to get access to content to video on websites which I otherwise couldn’t access. I keep it off most of the time due to speed constraints. I find it counterproductive that a bank would block a VPN, when I would expect people to use a VPN to access their bank from a public location, although the banks’ SSL connections are probably much more secure than a VPN, and you wouldn’t want to trust a VPN without SSL, as without SSL, the VPN would be able to get your passwords.

  3. I often use a VPN to visit geographically restricted sites. I have tried a few over the years and they all share one side-affect: My email client (Outlook 2016) cannot send email while the VPN is in use. I seem to recall that with some VPNs and email client combinations it is also not possible to retrieve email.

    This isn’t much of a problem for me, but it might be for some potential users.

    I suppose I ought to investigate the cause and try to find a solution. Unfortunately I don’t have much spare time as I’m retired and, as I hope you will all discover in due course, that’s a full-time job. I’ve put investigation and resolution on my ever growing TO DO List.

    • I had the same problem. I contacted my ISP and they gave me a different outgoing port to use with my VPN to use Windows Live Mail. (Interestingly, Gmail had no problem with my VPN connection). In my case, the outgoing port without the VPN was port 25. If I want to use the VPN with my Windows Live Mail I have to use port 587.

  4. i`m just a computer novice so this may sound kinda naive,
    but the only reason we need an ISP is for the servers.
    what about an in home private server?
    or are they that cost prohibitive?

    • This is very similar to a questions I’ve had for years, but cannot find an answer.

      We connect to the Internet through an ISP, however, how does the ISP connect? Why can’t we connect the same way they do?

      • They connect to other ISPs – essentially there are “upstream” ISPs that provide connectivity to other ISPS. Remember, there’s no such thing as “the internet” – it’s simply all those ISPs and server farms just connecting to one-another. (Yes, you could connect to your ISPs ISP, I suppose, but it would be horrendously expensive, since they’re designed for ISPs not individual connections.)

        • I remember a time when what is now the Internet was a group of universities, some government agencies and a few others. They had a bank of data lines where an individual could call to access items from any of the net members. The universities even had separate areas where individuals could communicate with each other – chat rooms. Essentially, each member of the net acted as an ISP. Of course, it was not open to the general public: you had to know the contact phone numbers, and they were not made public.
          Then companies like AOL, CompuServe and Prodigy started providing that service, including their own chat rooms. Basically, they were still connecting to the old network. I remember getting messages to be nice and choose a connection that was close to the server with what I wanted.
          As you say, my ISP gets a block of IPs from a bigger ISP, who gets a block from an even bigger ISP, who …. It seems there should be some easy to bypass all these in-between ISPs and connect to a primary one – like we used to do. What was very simple has become exceedingly complex.
          The Internet, like the Cloud, is so nebulous that I doubt very many people understand it. All it is a bunch of computers connected to each other. I have three computers connected to each other to share data and other resources. Then I have a bank of external HDs that all three computers can access. So, essentially, I have my own private Internet and Cloud. I could set one of the computers to accept connections from computers, which would make it act as an ISP to my private Internet. With the proper permissions they could also use my private Cloud. What we call the Internet and Cloud are the same, but on a global scale.

    • Your ISP is not about the servers, it’s about your ability to connect to those servers. If everything you need is in your house, and you have no need for the internet, then you have no need for an internet service provider.

  5. I used to use Tunnel bear for quite a while because it allowed me to access the US Netflix which has far better content than the Canadian one. Unfortunately Netflix ​ caught on and cancelled my subscription. I also used it for BBC radio for programmes and sports. I recently moved but will be signing up again soon for a VPN because the cost is reasonable for the pleasure i get from one.

    • I used to use a VPN to get US Netflix, and every so often they blocked the VPN and the VPN would get a new IP address.It was wackamole, but I didn’t get my account cut off. Maybe they’re getting tougher now.

  6. The latest Opera browser includes a free VPN function. Does this follow the rule that when some product is offered to you free, you are the product? Does this particular VPN application have drawbacks beyond the ordinary VPN drawbacks?

    • I would suspect many, if not most, VPNs make as much as they can off your data. In some cases, you can probably trust your ISP more.

      • I am planning to use the VPN while I am away on vacation. Email yes, no banking. I don’t care if anyone knows which restaurants I research, and which museum hours. I don’t want to trust the hotel’s wifi, hence VPN.

        • In that case a VPN is a VPN. I don’t see any reason Opera’s would different. Although, as for speed and reliability, all VPNs vary greatly. One issue I’ve seen with VPN’s is that the very popular ones get blocked by sites like Netflix sooner and more often than the more obscure VPNs which don’t bombard them with traffic.

  7. With upcoming changes in law and regulations, not only will your ISP record every web site you visit, but they will associate the data with your name and sell the information. The issue isn’t whether you are “interesting” or not. The issue is that they will spy on you and there isn’t anything effective you can do about it – with or without VPN. Your ISP does, indeed, care about what you do on the internet because your ISP can make more money from your surfing patterns. In fact, your ISP can make more money from selling your internet usage information than they can from the $40 or so they get from you every month. And once a certain level of spying becomes institutionalized and profitable, it will never be reversed. Five years from now you’ll be talking about whether your ISP can sell you access to a prescribed set of web sites, just like your TV cable company does today. Perhaps Leo’s nonchalant attitude about spying is warranted because you can’t win anyway.

    Comment on Old Man’s question above: Theoretically you can bypass your ISP, but it’ll cost you at least about $2000 per month, and lots more money to set up physical connectivity from your house to an internet exchange backbone at a local access point. This is the same way that your ISP connects to the internet, but with a fatter cable (more bandwidth). Your ISP then breaks up its fat connection into smaller pieces and rents a small piece to you. The provider for connecting to an internet backbone (access point) is another big telecom company, which in some cases may be your ISP’s parent company. There is no evidence that at the wholesale level of internet connectivity the controlling company spies on its big customers, but if they wanted to, they could.

    • If you use a VPN, your ISP only sees your connection to the VPN and all the data is encrypted and not visible to them. However, in that case the VPN has all of your data, and they’ve probably been selling your data all along. I would expect many VPNs to be very unscrupulous when it comes to data protection. That’s why SSL is so important, that’s encrypted end to end, although the ISP or VPN knows who you connect to.

  8. Gee, how come nobody has mentioned just using a different DNS than the one provided by your ISP?!?!? Once one does this and your ISP isn’t going to know where the hell you’re going or doing out on the Net. All they will see is your network traffic going to a particular IP address, and that’s it.

    Easy to configure as all routers give one the opportunity to use a different DNS provider rather than your ISP’s or if you just have one computer attached to your Cable/DSL box then simply open up Control Panel>Network and Sharing Center>Change Adapter Settings>Right-Click Local Area Connection>Click Properties>Click Internet Protocol Version 4 (TCP/IPv4)>Click Properties>Under General Tab Click on: Use the following DNS server addresses:>Enter the IP address of your DNS service of choice>Check the Box Validate settings upon exit then Click OK.

    That’s it. Now one’s ISP will only see traffic being directed to this IP address and nothing else. I just ran a check the other day with a website that can see where one connects to the Internet and they said I was connecting via the state of New York. Since I live in Northern Calif, this proves that my DNS service is masking who and where I am on the Net.

      • Yes, they can see that one’s traffic is now going to another DNS provider but that’s it. That can’t actually see the websites you visit. Use the Tor Browser and the odds they can see anything go up exponentially!!!

        • It’s not true that all your ISP sees are just some IP addresses that they cannot decipher. It’s a trivial task to do a reverse DNS lookup and your ISP does that. Besides, your HTTP request carries more than the host domain IP – it carries the rest of the URL which narrows down which page on a target server you’re requesting. Then there is the response from the server, sent through the ISP, to your computer, which can be parsed and cataloged. Also consider: You’re assuming that the other DNS services you use (such as Google) won’t track your surfing. They do, or at least they collect statistics.

          Although your computer’s DNS setting takes precedence, remember that there are also DNS settings in your router, which are typically inherited from your ISP. What’s interesting is that most people get their router and modem from their ISP, so who knows what the firmware in those devices is doing. It’s been known that some ISPs redirect your requests to their DNS or through their algorithms regardless of what DNS you set up in your computer. Sometimes a test such as typing in a nonexistent URL in the browser might reveal such a redirection if you get a response other than “Server not found”.

          By the way, if you’re really far from your DNS (like from CA to NY), that can add a delay to your web access.

          • And how much trouble do you think an ISP is going to want to go to when it comes to using a DNS reverse lookup?!?! That takes time and manpower, something most ISP’s don’t have. Router DNS settings can be changed just like those on a PC.

            It boils down to this: give the ISP enough of a headache to track where you go on the web and they won’t bother unless they have to i.e. court order from law enforcement etc…

          • The ISP doesn’t need to go through a reverse DNS lookup to see which sites you are visiting. If you don’t use a VPN, the url you typed or clicked on passes unencrypted through their servers on the way to the third party DNS.

          • The low-hanging-fruit principle. I generally agree with that – try not to be the customer that’s easiest to track, and they’ll probably just ignore you and focus on the rest.

        • If you’re not using a VPN they can still see the IP addresses you’re connecting to and typically also the name of the site/page you’re requesting.

          • And how is this possible when you’re connected into your ISP’s router port that has a certain IP address and your traffic [all of it] simply gets sent to another IP which they can’t look upon from the other side since it belongs to the DNS provider? That’s impossible. The only reverse DNS that can be pulled up would be the IP address of the DNS provider and that’s it. Any traffic beyond the DNS provider is not going to visible to one’s ISP.

            Granted, the ISP can put a tap on their side of the circuit and inspect all packet traffic and eventually gleam what traffic is passing through their system. My question though, why would they want to go to all this trouble?

          • Your traffic by definition is passing through the routers and other equipment owned and controlled by your ISP. They can monitor anything that traverses that path that they want.

          • Sorry to belabor this issue to death, but I think J Cherrytree’s last question needs a reply: Firstly, let’s not forget the fundamental reason for all this spying or tracking. Anyone collecting this information can sell it and make money. Is there any more effective motivator than money? Remember, the ISP is in business to make money. Compared with tracking web usage, they go to significantly more “trouble” and expense to put in the physical infrastructure to provide you with the internet and cable service. For example, AT&T has been digging up streets and people yards all across the country to put in fiber optics cables. They don’t think that’s any “trouble” at all. They expect to make a return (i.e. money) on their investment. Now, let’s compare this expensive physical infrastructure investment with software that tracks your web surfing. You may not be aware of what is required to capture internet traffic and analyze it. It takes very little programming effort. All the code is already available and has been for decades – that is, your ISP doesn’t have to invent anything new. Hiring programmers and software developers is cheap, especially if you’re doing it overseas. The return on this software investment is significantly higher and quicker than any investment in physical infrastructure. That is why your ISP goes to “all this trouble”.

      • Not if one uses say DNSCrypt. Check out their website and download the installer and run it. Use HTTPS-Everywhere and the Tor browser and that’s going to make it very difficult for ANY ISP to be able to track where one goes out on the Internet. Remember, an HTTPS website one connects to from their computer Encrypts all traffic between each end. Sure an ISP may still be able to “see” where one went, but not what they’re doing once at the website.

        I used to work for the gov’t BTW. As such, I have other methods I can use if need be.

  9. From: Ars Technica

    For sale: Your private browsing history
    Congress passes bill allowing ISPs to sell customer Web surfing data.
    The US House of Representatives voted Tuesday to eliminate ISP privacy rules, following the Senate vote to take the same action last week. The legislation to kill the rules now heads to President Donald Trump for his signature or veto.
    The White House issued a statement today supporting the House’s action, and saying that Trump’s advisors will recommend that he sign the legislation. That would make the death of the Federal Communications Commission’s privacy rules official.
    The rules issued by the FCC last year would have required home Internet and mobile broadband providers to get consumers’ opt-in consent before selling or sharing Web browsing history, app usage history, and other private information with advertisers and other companies. But lawmakers used their authority under the Congressional Review Act (CRA) to pass a joint resolution ensuring that the rules “shall have no force or effect” and that the FCC cannot issue similar regulations in the future.
    f Trump signs the resolution to eliminate privacy rules, ISPs won’t have to seek customer approval before sharing their browsing histories and other private information with advertisers.
    The House vote was 215 to 205, with most Republicans voting to eliminate privacy rules and all Democrats voting to preserve them. Full vote results are available here. The Senate vote last week was 50-48, with lawmakers voting entirely along party lines.
    ————————————————————————————————————————————-
    Question: I guess that means that VPN’s could also sell your browsing history?

    • Probably, although, I’m a bit suspicious of VPNs. I don’t know if they come under the same government scrutiny as ISPs. Some may have been selling their browsing data all along. After all, many use VPNs to circumvent laws or company policies. Some VPNs are based in countries where data privacy laws don’t exist. That’s why it’s more important than ever for sites to start switching to SSL (HTTPS) connections
      Why cant we use https for everything?

    • Actually, since to many are based overseas (and not subject to our laws), they probably always could. The real cost would their reputation if it were discovered…

    • Yes, just like Google, AOL, and a host of others do.
      All that really happened was a restriction that was never enforced has been deleted. Things are still the way they always been.
      The news media makes it sound like it’s something new that posses a great threat to privacy. That’s not true. It just rescinded an unenforced regulation. It’s much like the 55 MPH speed limit. That was rescinded because very few people obeyed it, and the police weren’t enforce it.
      I agree that it needed to be rescinded. It put restrictions on ISPs that did not apply to browsers, social media, and others that routinely track members activities and sell it. Since the ISPs are covered by a different agency (FTC) than the others (FCC) what is needed is legislation that imposes restrictions on both groups. That would put everyone on equal footing.

  10. ISP’s could care less. Their employees could be a different matter.
    We moved to a different ISP because of an employee manipulating our web sits.
    The ISP itself was very helpful in backing up the site even though it had be closed down by ICANN in response to what the employee had done.
    Individuals can see a great opportunity in working for an ISP in order to gain access to the stored data.

  11. Has anyone asked WHY is our government keen to let ISP’s keep such an opening to abuse our privacy? I can’t imagine all our congress people have been bought by the ISP’s . I don’t get it, they are favoring a few big companies over the privacy rights of all USA citizens. It doesn’t make sense to me. Its bad PR for congress, WHY would they do it?

    • The current Congress seems to be taking actions which favor big business profits (understatement). But, to be fair, this is in a way giving ISP the same rights as companies like Google, Microsoft and Facebook to share your data. The problem is that in order to level the playing field, they should be placing more restrictions on those companies instead of removing the restrictions from ISPs. And ISPs should be more restricted. You can opt out of dealing with those other companies with the exception of Microsoft for many people.. You usually can’t opt out of your ISP, and when you can, the competition will have the same data sharing policies.

      • Yes, we should at least have been given an opt out! This still seems like an illogical thing for congress to pass, I could make a joke or two but this really isn’t funny!

      • From what I read elsewhere, that was part of why the regulation was removed. (It’s removal was also supported by some Democrats an opposed by some Republicans. So, it’s really not party related.)

        The problem is that ISPs are controlled under the FCC and the others, such as Google and Facebook, are under the FTC. The two do not have the same rules. What some members of Congress want to do is write legislation that would apply to both, the FCC and the FTC.

        As long as Congress is strongly party biased, instead of thinking of the people they are supposed to serve, very little good will be accomplished. They need to focus on the merits of a bill instead of which side authored it. Over the past 20 years the split has gotten worse than it ever was.

  12. Okay I am sure you all know about Trump enabling ISP provaders to sell you browsing history to advertising companies. What does it mean, will now entire world know what sites you visit?

  13. When i browse my isp on the internet it says i need username and password for me to enter. It also says my connection to this site is not private. What does that mean? Can anyone just log in and see my browsings or maybe if i log in my browsing history will be available for everyone? I am also from Europe like my cousine above.

    • Not private in a web context means that it’s not an SSL (HTTPS:) encrypted page. That means that if someone is sniffing (listening in to) your WiFi connection can see what is being transmitted between you and that page. It doesn’t open your browsing history to people logging on to that website.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.