Without using VPN or another software solution for protecting user privacy and security, you are putting your faith in your Internet Service Provider, whether you like it or not. Some things like Internet privacy couldn’t be violated by the ISP because it would be against the law – or some people might think. Sadly, the reality is quite different, which we are going to explore in this article.
As soon as you have an active Internet connection, your ISP can see everything you do on the web by tracing your IP address and all browsing activity associated with it. The Internet Service Provider is free to collect any data about your online habits and sell it to marketing companies that will further use this information to design targeted ads. It can also throttle your network bandwidth to force you into paying more money for a better Internet subscription plan. Fortunately, there are ways to hide your browsing history from your ISP and stop it from tracking your IP address, and the safest method is by employing the services of a reliable VPN tool.
In this article, we are taking a look at the current Internet privacy policies in the USA and Europe, examining the reasons behind ISP spying, then finding out various ways for improving online security besides using a virtual private network tool. If you’re not certain on whether or not you should use such an application, get familiarized with the long list of benefits of VPN services.
ISPs can see everything you do online
An Internet Service Provider is the only type of authorized organization allowed to provide Internet services for personal and commercial purposes. Once you negotiate an Internet plan, you begin paying for a subscription plan in exchange for access to the world wide web. The benefits of being an ISP is that you are not only getting paid for your services, but you can also monitor the activity of all your clients and see everything they are doing online. Unfortunately, most of us are on the losing side. Besides the fact that our personal privacy is compromised, whether we are checking our inbox for messages, chatting with friends, shopping for products, or watching movies on media streaming websites, the ISP can further sell these details to anyone interested.
You might be wondering who can possibly take an interest in a regular Joe that has never broken the law. But you might change your perspective after spotting one too many personalized ads or political messages – all intelligently and carefully put together, based on your online profile. It’s a report made out of visited websites, number of clicks on Facebook or Google ads, and so on. If you’re willing to accept all of this, then you don’t need a VPN tool or something similar for ensuring online privacy. Otherwise, keep reading to learn how to defend yourself.
Internet privacy in the USA and Europe
When Barack Obama was still president of the USA, the Presidential Administration issued a “Privacy Bill of Rights” (initially introduced in 2012) for protecting the online privacy and security of US consumers. Internet users had the right to handle the personal data to be shared with the world, as well as to limit the amount of information collected by ISPs. The end goal was to turn user privacy into a basic American right. This didn’t sit well with US Internet providers AT&T and Verizon that were in favor of the ad-supported business model.
However, it was all undone when President Trump rejected the “Privacy Bill of Rights” by signing a countermeasure into law. At the present, there’s nothing stopping American ISPs from sharing user activity details with political campaign managers, marketing companies and other third parties in exchange for profit. Fortunately, the people who are living in the European Union are protected by the General Data Protection Regulation (GDPR) act, which requires user consent for processing data and makes it anonymous, in order to protect the privacy of individuals.
How ISPs make profit from tracking user activity
Regardless where you live, you should know that your ISP has access to all activity you do online. This includes your Google searches, visited webpages, downloaded files (the information, not the file itself), passwords typed on unencrypted websites, messages and recorded voice calls transmitted over unencrypted connections, and even history of cryptocurrency transaction.
As soon as you go online, your network traffic is routed through your ISP, which acts as a checkpoint between your devices and the public Internet. It logs your activity to build a well-rounded report, takes control over your online user profile, and may not need your permission to make a gain with the help of these details. Nevertheless, you can contact your ISP to ask about this and try to opt out of automatic data collection without your permission. In the meantime, you can check out the methods used by ISPs to make profit from owning your user report.
By collecting helpful data for creating an online profile about you
All of the previously mentioned info about online activity can be collected and stored by the ISP. In most countries, the government has the right to request a copy of your online profile from your ISP in certain conditions. The basis of these conditions is solid and usually the same: national security. It refers to suspected acts of terrorism, cyber-crime prevention or solving, and any other illegal activity that can hide behind Internet anonymity – nothing out of the ordinary at this point. In this case, your Internet Service Provider has no other choice than to hand it over. In fact, some ISPs are allowed to operate only if they answer directly to a special branch of the government (depending on the country’s Internet censorship policy).
On the other hand, there are also countries where user privacy sounds more like a fairy tale than reality, with North Korea being the perfect example: the government abuses its people by enforcing strict Internet policies and applying severe punishment to anyone using media channels to broadcast political messages against the government’s will. Even if you’re a regular Joe but otherwise opinionated and critical (traits of journalists or whistleblowers), you’re in danger of facing the authorities due to your ISP that tipped them off.
However, if you secure all your connections with a VPN to become just another face in the crowd, then your Internet Service Provider gets no information – it’s all thanks to new IP addresses and encrypted connections provided by a trustworthy VPN application.
By selling data to third parties for profit
Internet Service Providers don’t live off on Internet subscription plans alone. Taking full advantage of their position, ISPs can make significant profit from gathering the information on all its subscribers and selling it to anyone interested in further making a bigger profit. For example, political campaign managers can use details about your social media activities to put together attractive and clickable ads for upcoming elections, with a popular example being Cambridge Analytica. Any online marketing company can buy off your online profile from your ISP, then further employ data mining and analysis techniques based on elaborate algorithms to design ads and banners you might find attractive and willing to pay money for.
Everything sounds illegal to a normal person, but this practice is accepted in certain countries like the USA. On the other hand, if you resort to the services of a VPN tool, you can connect to a new IP address every time you reach the Internet, leaving only encrypted data for the ISP, which cannot be deciphered and added to the user profile it has on you.
By throttling your Internet bandwidth
Bandwidth throttling is a continuous problem for a lot of users from all over the world. Some Internet Service Providers track your activity and intentionally slow you down due to various reasons. For instance, if there are many hosts with an active Internet connections (e.g. in college dorms), then the ISP limits the connection speed to be able to share a limited bandwidth to more hosts. The bandwidth throttling solution seems to be the cost-effective solution for the ISP in this case.
Unfortunately, most people are facing this issue because the ISP is trying to trick you into paying money for a more expensive subscription plan with additional bandwidth. In many cases, the Internet speed decreases and doesn’t even reach the basic threshold estimated in the contract negotiated with your ISP. To make matters worse, providers often hide under the policy of “best Internet connection not 100% guaranteed”, although the connection tests performed by the ISP got excellent scores when you initially requested their services.
On the bright side, you can avoid the painful process of adding extra amounts of money to the existing subscription plan by using a VPN tool, which is a cheaper solution. Bandwidth throttling is only possible by focusing on your real IP address. But if you gain another identity, then you can reach your real Internet speed without getting encumbered by the ISP.
By monitoring peer-to-peer file sharing activities
P2P file sharing means downloading and uploading torrents, watching movies on media streaming applications that rely on torrent downloading (like Popcorn Time), and others. File sharing activities that imply content protected by copyright are illegal. If you are caught by the ISP, there’s a slim chance they might leave you alone (for the time being, at least).
In a less happier scenario, they can give you a piracy warning or skip this step and go straight to the next one: send proof to copyright companies which will, in turn, send you DMCA complaints. In the worst possible scenario, you can end up paying large amounts of money for fines or even have to go to court. All this trouble is definitely not taking the risk, so it’s better to turn to a virtual private network service to mask your IP address and bypass ISP tracking.
To make matters clear, we here at FindYourVPN.com do not encourage illegal torrenting and copyright infringement. On the other hand, we are aware that it’s one of the few forms of receiving information in less fortunate countries with harsh Internet policies.
How to hide your browsing activity from your ISP
After finding out more information about ISP tracking, methods and reasons, it’s time to look into solutions for masking your digital identity, in order to make sure that your Internet Service Provider doesn’t have anything on you. Evidently, using a virtual private network tool is the very first entry on this list. When you encrypt your entire Internet session by connecting to a virtual private network, your ISP will be able to tell that you’re hiding behind a VPN but not see who you have become now (your new IP address) and what you are doing while staying connected to the new IP address.
The steps for masking your browser activity from your ISP with the help of a VPN application are quite simple:
- Pick a VPN service
- Choose a subscription plan
- Download and install the VPN application
- Select a server (new IP address)
- Connect to the new IP address
If you deeply care about online privacy, don’t even take free and freemium VPN tools into account – their makers typically have the same strategy as ISPs: collect and sell data. Instead, opt for a premium solution that puts emphasis on security, having strong protocols, military-grade encryption methods, and a kill switch.
We are also listing other measures for fixing security leaks, which don’t necessarily have to do with hiding your activity from your ISP.
Use HTTPS and enable DNS security
Being an extension of HTTP, HTTPS brings secure communications encrypted with TLS (SSL) – also known as HTTP over TLS or HTTP over SSL. HTTPS has already been implemented by most major websites. Nevertheless, you can still come across domains using the deprecated HTTP. But you can give your Internet connection a helping hand by using a browser extension like HTTPS Everywhere to make websites switch to HTTPS whenever this is possible, as well as to block any websites without HTTPS support.
One of the methods used by hackers to intercept your Internet traffic is called DNS spoofing (also known as DNS cache poisoning). It adds corrupt DNS data to the DNS resolver’s cache, thus forcing the name server to return an invalid result like an IP address, making it possible to divert your network traffic to any other device. The good news is that all of this can be prevented by using a protocol for DNS protection like DNSCrypt. Using HTTPS websites alone doesn’t hide your browsing habits from your ISP but it’s possible by encrypting DNS requests with apps like DNSCrypt.
Use a secure search engine
Google and Microsoft are major players as far as data collection and analysis is concerned, so using their search engines merely helps the ISP to create a complete profile about you. If you’re a fan of Google or Bing, consider opting for safer alternatives that make a top priority out of your online privacy and security.
Great examples include DuckDuckGo with integrated settings for blocking ad trackers and protecting your browsing history, Startpage that uses only one cookie to keep a tab on your preferences (but only if you want to), and Wolfram Alpha that extracts data from external sources, filters it, and gives you answers to any questions you have. ISPs can see you’re using secure search engine but not what you’re doing there.
Use a secure web browser
Chrome and Edge users are among the most unfortunate on this list when it comes to privacy risks. In both cases, the companies (Google and Microsoft) do the same thing: collect and store your user data with little effort, thanks to some privacy policies that cannot be avoided. Therefore, you’re better off trying a web browser that revolves around privacy and security. Firefox is a great alternative since it has a user-friendly interface, Brave is a Chromium-based browser that can block ads and enforce HTTPS, while Tor Browser has numerous security and privacy modules but it takes a while to get used to.
Use an encrypted instant messenger
WhatsApp protects user conversations through end-to-end encryption, so it’s a safe choice. Although Facebook supports secret conversations, too, this option is disabled by default, and you have do some tinkering to get it enabled. However, WhatsApp belongs to the Facebook company and its CEO, Mark Zuckerberg, currently intends to create a unified instant messenger by merging the two services. Even if it promises to support the new service with end-to-end encryption, it’s completely normal to have doubts about this, especially when considering the whole Cambridge Analytica business (which hasn’t been resolved yet, by the way).
If you have doubts about WhatsApp and Facebook in their current form, you can look into alternate encrypted instant messengers. For example, Signal encrypts communications with the help of keys that are generated and saved by users, not by servers. Other secure options are Viber and Telegram, which applies heavy encryption and its messages can be set to self-destruct.
Use a virtual keyboard to block keyloggers
If you use a public computer to go online and log into your personal accounts, there’s the risk of unintentionally giving away your passwords when typing them on the keyboard. To prevent this from happening and if you don’t have immediate access to a VPN service, make sure to use a virtual keyboard. It gives you the possibility to click on the keys with your mouse instead of pressing them on the physical keyboard. Key presses can be recorded by installed keyloggers and shared with the hackers without you even realizing it. You can either use the virtual keyboard that’s built into the operating system, or an online website. For example, Gate2Home supports multiple keyboard languages.
Use a random password generator and password manager
With the right decryption tools, some skill and a bit of time, passwords can be cracked if they contain words from the dictionary or have low complexity (e.g. only small letters and numbers). As a general rule, it’s recommended to create elaborate passwords made from many, diverse characters that don’t mean anything when put together. There are many random passwords generator available on the web, such as Secure Password Generator that lets you fully customize the complexity.
You should throw into the mix all types of characters – small letters, big letters, numbers, and symbols. This makes it really difficult (if not impossible) for others to crack your accounts. Further, you shouldn’t use the same password for two or more accounts. It can be tough to keep track of everything, so it’s a good idea to turn to a reliable password generator like LastPass that can remember everything for you.
If you feel uncomfortable in the slightest bit knowing that your Internet Service Provider has a complete picture about you based on your Internet activity, don’t hesitate to use a VPN application. By hiding under a fake IP address and by encrypting all your connections, you can regain your privacy and rest assured that details about your browsing habits are not sold to third parties looking to lure you with more attractive, targeted offers.
As always, feel free to drop us a comment in the section below. We’d love to hear your thoughts on ISP tracking and various methods to prevent Internet providers from collecting information about your web activities.