Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Help! Can my ISP compromise my privacy?

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    2

    Help! Can my ISP compromise my privacy?

    Hi guys, I need help...

    I suspect that the internet service provider I'm using is compromising my privacy. If someone who works in the ISP company decides to check up on their customers...

    1) Is it possible for them to track which websites the customer has been to?
    2) If they wanted to, can they get access to the stuff that the customer types, like email passwords, or even email content?

    --------------
    Last edited by secured20; June 9th, 2008 at 06:13 AM.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by secured20
    If someone who works in the ISP company decides to check up on their customers...

    1) Is it possible for them to track which websites the customer has been to?
    Yes.
    2) If they wanted to, can they get access to the stuff that the customer types, like email passwords, or even email content?
    Yes
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    1) Is it possible for them to track which websites the customer has been to?
    Yes, in fact there has been some controversy over ISPs selling this information to advertisers/marketeers:

    http://antionline.com/showthread.php...ighlight=phorm

    http://antionline.com/showthread.php...ighlight=phorm

    2) If they wanted to, can they get access to the stuff that the customer types, like email passwords, or even email content?
    Sort of. What they actually see are the packets or blocks of information that you send via their service.

    So, if you send unencrypted information over an unsecured link, then it can be intercepted and read. Typically, your password would be sent over a secured link but anything you send after that isn't.

    A proxy connection won't help, as the ISP is between you and the proxy.

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    2
    Quote Originally Posted by nihil
    Sort of. What they actually see are the packets or blocks of information that you send via their service.

    So, if you send unencrypted information over an unsecured link, then it can be intercepted and read. Typically, your password would be sent over a secured link but anything you send after that isn't.
    I use GMail and I notice it uses HTTPS, and I thought that means my email name, password, and content are encrypted before sending to the ISP and to the recipient. Are you saying that only the password is encrypted, and my email name and email content is in plain text? That's horrible. Doesn't that mean that people working at ISPs can read any of their customers' emails? That's really outrageous. Please tell me I misunderstood what you wrote...


    A proxy connection won't help, as the ISP is between you and the proxy.
    Damn ISPs. Can't live with them, can't live without them.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I don't know the intricate details, but I use Yahoo! The initial logon is over a secured connection which covers the account name and the password.

    After that, the actual e-mail is unsecured. Your question would be whether G-Mail continue with the HTTPS connection or not. I suspect that they do not?

    There should be a warning when you leave a secured connection, and there might be a little padlock icon at the bottom of the screen if you are still secured.

    Doesn't that mean that people working at ISPs can read any of their customers' emails?
    I am afraid that is what you have to assume unless you know otherwise.

    Please take a look at this:

    http://www.hushmail.com/

    Now, what you need to know is where secure e-mail is encrypted. If you have to load an application on your PC to use it then the encryption is probably before you send it. If it is encrypted by the e-mail provider then it will be in plaintext when it reaches your ISP.

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by secured20
    I use GMail and I notice it uses HTTPS, and I thought that means my email name, password, and content are encrypted before sending to the ISP and to the recipient. Are you saying that only the password is encrypted, and my email name and email content is in plain text? That's horrible.
    Your ISP cannot read it as the information is end-to-end encrypted. Meaning it's encrypted from your machine to Google.. Having said that.. Google is able to read your mail. They won't do that however without a court order.


    Doesn't that mean that people working at ISPs can read any of their customers' emails?
    Yes. The email is stored on their servers. Unencrypted.
    That's really outrageous.
    Fact of life and the reason why things like PGP/GPG exist.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmm,

    They won't do that however without a court order.
    The big boys have been caught before in less than democratic environments? they will sell out individuals to protect their corporate interests?

    What constitutes a court order in Holland and England probably means no more than a secret policeman with a gun and an electric cattle prod where he lives?


  8. #8
    Junior Member
    Join Date
    Nov 2006
    Posts
    2

    How They tracked you

    ISP's being the "middle-men" could theoretically view all of your data coming through (unless its encrypted), and I would imagine a good many of them do keep track of websites visited (including USA even). Email passwords or email content is generally encrypted, so unless they can break encryption algorithms (possible for govt men), then your passwords are cool.

    How did these people track you when you posted anonymously on a forum? By your IP address (although, unless you can get the ISP to give you the customers info about a certain IP address by getting a warrant or something, then you can really only tell what city an IP address is from, and not who it belongs to). So if your company is spying on employees, they can at least narrrow it down to what location the perpetrator is writing from.

    Jared Braverman
    Secnap Network Security

  9. #9
    Junior Member
    Join Date
    Nov 2006
    Posts
    2
    Quote Originally Posted by Reaction
    ISP's being the "middle-men" could theoretically view all of your data coming through (unless its encrypted), and I would imagine a good many of them do keep track of websites visited (including USA even). Email passwords or email content is generally encrypted, so unless they can break encryption algorithms (possible for govt men), then your passwords are cool.

    How did these people track you when you posted anonymously on a forum? By your IP address (although, unless you can get the ISP to give you the customers info about a certain IP address by getting a warrant or something, then you can really only tell what city an IP address is from, and not who it belongs to). So if your company is spying on employees, they can at least narrrow it down to what location the perpetrator is writing from.

    Jared Braverman
    Secnap Network Security
    "When choosing the lesser of two evils, your still choosing to be evil" ME

  10. #10
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    Posts
    166
    I got spanked by my company for once posting on an internet forum from my company computer and it was done anonymously. I think in my case the fact that my traffic went through their VPN then through their proxy server made it pretty obvious :-P
    Only trust Pipe-smoking Penguins.

Similar Threads

  1. Google revises privacy policy!
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 2
    Last Post: October 19th, 2005, 01:22 PM
  2. Spyware/Maleware User Agreements
    By moxnix in forum Spyware / Adware
    Replies: 7
    Last Post: July 8th, 2004, 01:42 PM
  3. The Coming Privacy Storm Over RFID Chip
    By moxnix in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: April 4th, 2004, 02:51 AM
  4. the anonymity tutorial
    By hot_guy in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: August 2nd, 2003, 02:18 PM
  5. Mainstream News; Privacy; Post 9.11
    By gstudios in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: September 7th, 2002, 02:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •