Help! Can my ISP compromise my privacy?
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Help! Can my ISP compromise my privacy?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    2

    Help! Can my ISP compromise my privacy?

    Hi guys, I need help...

    I suspect that the internet service provider I'm using is compromising my privacy. If someone who works in the ISP company decides to check up on their customers...

    1) Is it possible for them to track which websites the customer has been to?
    2) If they wanted to, can they get access to the stuff that the customer types, like email passwords, or even email content?

    --------------
    Last edited by secured20; June 9th, 2008 at 06:13 AM.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by secured20
    If someone who works in the ISP company decides to check up on their customers...

    1) Is it possible for them to track which websites the customer has been to?
    Yes.
    2) If they wanted to, can they get access to the stuff that the customer types, like email passwords, or even email content?
    Yes
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    1) Is it possible for them to track which websites the customer has been to?
    Yes, in fact there has been some controversy over ISPs selling this information to advertisers/marketeers:

    http://antionline.com/showthread.php...ighlight=phorm

    http://antionline.com/showthread.php...ighlight=phorm

    2) If they wanted to, can they get access to the stuff that the customer types, like email passwords, or even email content?
    Sort of. What they actually see are the packets or blocks of information that you send via their service.

    So, if you send unencrypted information over an unsecured link, then it can be intercepted and read. Typically, your password would be sent over a secured link but anything you send after that isn't.

    A proxy connection won't help, as the ISP is between you and the proxy.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    2
    Quote Originally Posted by nihil
    Sort of. What they actually see are the packets or blocks of information that you send via their service.

    So, if you send unencrypted information over an unsecured link, then it can be intercepted and read. Typically, your password would be sent over a secured link but anything you send after that isn't.
    I use GMail and I notice it uses HTTPS, and I thought that means my email name, password, and content are encrypted before sending to the ISP and to the recipient. Are you saying that only the password is encrypted, and my email name and email content is in plain text? That's horrible. Doesn't that mean that people working at ISPs can read any of their customers' emails? That's really outrageous. Please tell me I misunderstood what you wrote...


    A proxy connection won't help, as the ISP is between you and the proxy.
    Damn ISPs. Can't live with them, can't live without them.

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    I don't know the intricate details, but I use Yahoo! The initial logon is over a secured connection which covers the account name and the password.

    After that, the actual e-mail is unsecured. Your question would be whether G-Mail continue with the HTTPS connection or not. I suspect that they do not?

    There should be a warning when you leave a secured connection, and there might be a little padlock icon at the bottom of the screen if you are still secured.

    Doesn't that mean that people working at ISPs can read any of their customers' emails?
    I am afraid that is what you have to assume unless you know otherwise.

    Please take a look at this:

    http://www.hushmail.com/

    Now, what you need to know is where secure e-mail is encrypted. If you have to load an application on your PC to use it then the encryption is probably before you send it. If it is encrypted by the e-mail provider then it will be in plaintext when it reaches your ISP.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by secured20
    I use GMail and I notice it uses HTTPS, and I thought that means my email name, password, and content are encrypted before sending to the ISP and to the recipient. Are you saying that only the password is encrypted, and my email name and email content is in plain text? That's horrible.
    Your ISP cannot read it as the information is end-to-end encrypted. Meaning it's encrypted from your machine to Google.. Having said that.. Google is able to read your mail. They won't do that however without a court order.


    Doesn't that mean that people working at ISPs can read any of their customers' emails?
    Yes. The email is stored on their servers. Unencrypted.
    That's really outrageous.
    Fact of life and the reason why things like PGP/GPG exist.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hmmm,

    They won't do that however without a court order.
    The big boys have been caught before in less than democratic environments? they will sell out individuals to protect their corporate interests?

    What constitutes a court order in Holland and England probably means no more than a secret policeman with a gun and an electric cattle prod where he lives?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    Posts
    166
    I got spanked by my company for once posting on an internet forum from my company computer and it was done anonymously. I think in my case the fact that my traffic went through their VPN then through their proxy server made it pretty obvious :-P
    Only trust Pipe-smoking Penguins.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    I live in a country where personal privacy isn't all that respected. Recently, I've encountered a problem. It seems that some people are aware of some info that I posted in some sites on the internet.
    If only one of those sites was in your country, that would explain it. The website will have the IP address of posters and the ISP knows whose account was using it. OK, that doesn't prove who was actually using the computer, but:

    and no one else uses my computer.


    If you happen to have cable or satellite then you probably have a static IP address which makes the trace even simpler.

    I got spanked by my company for once posting on an internet forum from my company computer and it was done anonymously.
    Most companies monitor (log) internet connections from their servers. They would see the traffic going out as well. Most websites show the date and time of posts. You don't need to be a FED to figure it out from there.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Member
    Join Date
    May 2008
    Posts
    34
    Just to add to what was said earlier, e-mail is typically not secure. You can change this, however. If you get an e-mail certificate and your friend gets an e-mail certificate, you can both send e-mail to each other and then import each others certificates. Once that happens, you can send encrypted e-mail to each other that can't be read by someone that might have access to it, whether it is your ISP, a hacker between you and your friend, or anyone else that might somehow gain access to the file.

    http://www.comodo.com/products/certi...rtificate.html

Similar Threads

  1. Google revises privacy policy!
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 2
    Last Post: October 19th, 2005, 01:22 PM
  2. Spyware/Maleware User Agreements
    By moxnix in forum Spyware / Adware
    Replies: 7
    Last Post: July 8th, 2004, 01:42 PM
  3. The Coming Privacy Storm Over RFID Chip
    By moxnix in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: April 4th, 2004, 01:51 AM
  4. the anonymity tutorial
    By hot_guy in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: August 2nd, 2003, 02:18 PM
  5. Mainstream News; Privacy; Post 9.11
    By gstudios in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: September 7th, 2002, 02:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides