computer security (safety)

[faisal_faiyaz]

I am using a cable net Internet connection and my net provider watches all our activities and knows our passwords, about people whom we chat with and what we chat. Is there a way to keep Internet use private and not known by cable net provider? My cable net provider uses ISA server, satellite and some times also uses Linux Red Hat.

[MrLinus]

**Thread moved from Antionline: How do I? to Newbie Security**

[SirDice]

Every ISP can, if they wanted to, see everything you are doing. That's the simple answer. The hard part is preventing this.

For just regular browsing you can try some of those 'anonymiser' like proxies. Those proxies will let you connect through SSL. This will prevent anyone in between from easily seeing your traffic. Some proxies even let you use other protocols (like irc).

But it's probably easier to switch ISP's if you don't trust yours.

[thehorse13]

But it's probably easier to switch ISP's if you don't trust yours.

*Every* ISP has a logging policy so that they can monitor what is happening on their network. You will be hard pressed to get a copy of an ISP's logging policy unless you A) Work for them. B) Know someone on the inside who has access to it. or C) Find it posted somewhere on the internet (though unlikey).

Today, more so than ever, ISPs are investing quite a bit of capital in monitoring. Increased terrorist cyber threats have paranioa levels elevated and executives don't want to be the one's who end up on the front page of the paper after some kind of incident.

Anyway, I'm ranting way off the subject here . The bottom line is no matter what ISP you use, you *will* be tracked to a degree.

--TH13

[tonybradley]

I would agree with thehorse13. Similar to an employer having a right to view any emails on their server the ISP owns the wires and hardware you are using. They have the right to monitor if they so choose.

The issue of a company having access to your information is an issue, or at least a potential issue at a number of service providers. Your electric company, gas company, phone company, cell phone company, your employer's HR department, your ISP, etc- they all have key personal information about you. You provide information to them so that they can verify your identity and authenticate you when you contact them, but you are also trusting that the people who work there have scruples enough not to steal this information.

The people who have access to this sort of information generally know your name, birth date, home address, home phone number, and social security number- or at least the last 4. Armed with this information it would be a breeze to steal your identity.

I think the more important issue is trust. Do you trust that your ISP will monitor and log only necessary information and securely archive any such logs? Or, are you afraid that you can't trust the people who work at the ISP to not abuse their power or authority and somehow hack you or steal your identity, etc?

There is an emerging standard from the World Wide Web Consortium called P3P (Platform for Privacy Preferences Project) which would allow users to install agents to customize what and how they want their private information handled by P3P compliant sites. Sites that implement P3P agree to abide by your wishes. However, it is still a matter of trust- you trust that the P3P site will honor its word.

I can see where your ISP would know your password possibly for THEIR site or access to their services, and I can see why they might be monitoring general sorts of information about what IP addresses you visited, etc. I don't think they should be examining packets down to the level of capturing your passwords for 3rd party sites and even if they wanted to hopefully those passwords are encrypted somehow. If the passwords are being sent in plain text you have probably more to worry about from all of the other sniffers on the network than you do from your ISP.