Arcticsid asked the Answer Line forum if his ISP can “sit back…watch a screen, and see everything you are doing at any given time?”
Not quite, but it’s frightening close. Your Internet service provider tracks what IP addresses you contact, which effectively means they know the web sites you’re visiting. They can also read anything you send over the Internet that isn’t encrypted. Whether they actually do that is an open question.
According to Dan Auerbach, a Staff Technologist for the Electronic Frontier Foundation, what they mostly collect is metadata–things like IP addresses and port numbers. With a little bit of work, this information can tell them who you’re communicating with and help them make an educated guess about whether you visited a Web page or sent e-mail. As Auerbach told me in a phone conversation, they’re tracking “who you’re sending mail to but not the content.”
So what about content? Can they see what pages on that Web site you visited, and what you wrote in that e-mail? Yes, they can, if they choose to do so. But that’s a lot of work with very little return for them. And there are legal limits. For instance, in the United States, ISPs can only share content with the government (I’ll let you decide if you find that comforting). On the other hand, there are no such restrictions on with whom they can share your metadata.
There’s “a lot of opacity surrounding what they actually do,” says Auerbach. “It’s difficult to know what a given ISP is doing with the data.” Privacy policies, of course, are seldom written to be clear and understandable.
How long do they retain the information? “Roughly between six months and two years,” estimates Auerbach.
And how can you protect yourself?
First, embrace any technology that encrypts the data for its Internet travel. If you need privacy, use Secure Socket Layer (SSL–secure web pages with URLs starting with https) or a virtual private network (VPN).