By Tabby Farrar

Tabby Farrar is a researcher and copywriter whose professional work covers topics like corporate cyber security and consumer technology. You can find her on LinkedIn.

Your internet service provider spies on you. This is not because internet service providers (ISPs) inherently have bad intentions, but because it is so easy for them to do. All of your internet traffic passes through your ISP’s servers, and when there’s so much for them to gain by looking at that traffic, it seems like it’s sometimes hard for them to keep their noses out.

The key conflict around ISPs is the distinction between public utilities and services. Internet privacy advocates believe that an internet connection is no different than your water or electricity supply, and that ISPs should be tightly regulated and provide an untampered connection. ISPs, however, argue that internet access is not a basic need, and that they should be allowed to conduct their business as they wish, whether that involves managing their customers’ traffic or collecting and selling data about them.

Unfortunately for those concerned about online privacy and consumer rights, ISPs seem to be coming out on top. With recent regulatory changes in the UK and the US, service providers are constantly being afforded more freedom to do what they wish with their customers’ connections and data. To protect your privacy, it’s important to know what exactly your internet provider can do – and how you can stop them.

  1. Data logging

Since all your internet traffic passes through your ISP’s servers, it’s possible for them to see and record everything you do online. While some countries have laws restricting data logging, the UK has the opposite: the Investigatory Powers Act, signed into law in 2016, in fact requires ISPs to log their customers’ web traffic for 12 months. In the USA, service providers are legally allowed to collect as much data as they like about their users, including browsing habits and location.

While a 2018 high court decision ruled that the Investigatory Powers Act did not comply with EU law on consumer privacy and must be changed, no amendments have yet been made and there is no sign of the law changing any time soon. Meanwhile across the pond, controversies continue to make the press around increasingly unsavoury trade-offs involving the customer data of seemingly reputable businesses.

As data logged by internet service providers in the UK can, for now, only be accessed by law enforcement agencies with a warrant, some would argue that it is nothing to worry about for those not doing anything illegal online. However, the more mass surveillance and data logging becomes normalised, the higher the chance that the data starts being used for other purposes.

For anyone browsing in the United States, the fact that anything you do online can be viewed by a third party should be cause for grave concern indeed.

2. Bandwidth throttling

ISPs don’t treat all internet traffic equally. Almost every ISP engages in some form of traffic management – also called throttling – by slowing down certain types of connections to free up bandwidth for others. For example, ISPs can slow down peer-to-peer and gaming traffic to reserve more bandwidth for their TV packages.

In the UK throttling has fortunately become quite rare, with throttling now mostly limited to reserving TV bandwidth for those with TV packages themselves. In the US, where there is generally far less competition between ISPs, throttling was a major issue until Net Neutrality regulation was introduced, making it illegal for ISPs to discriminate between different types of traffic.

In June 2018, however, Net Neutrality regulation was repealed by the US Congress. As a result, throttling is already making a comeback in full force – and even consumers outside the US are affected whenever they use websites or online services based in America.

3. Selling browsing data

Even if you don’t mind ISPs collecting data, you should definitely start getting concerned at the point where they want to begin selling the data they have on file for you.

In 2017, the US President Donald Trump signed into law a repeal of privacy rules that stopped internet providers from collecting detailed data like customers’ search queries and health information and selling the information they collected to third-parties. Everything from your age and location to fitness data from internet-connected smart devices could be sold off in a package to advertisers or other entities.

While services in the UK are legally not allowed to sell data they collect on their customers, the recent increases in mass surveillance combined with lobbying by ISPs means that this may change in the future,- especially if the UK loses consumer rights regulations set in place by the EU.

Is there any way to stop it?

If you are concerned by some of the things your ISP might be doing with your data, the good news is that you don’t have to put up with it. To stop anyone from snooping on you and throttling your data, you can hide your traffic in a couple of different ways.

VPNs (Virtual Private Networks) route all your internet traffic through their servers, encrypting it so that no outsiders can see what you’re doing or who’s doing it. Your ISP won’t be able to collect any meaningful data about your browsing activities, uploads and downloads, as the encryption will turn it all into illegible code while it’s passing through the network.

This also has the added benefit of preventing other third parties from viewing your data – so if a hacker tried to view you entering payment details, for example, they too would be faced with seemingly nonsensical encryption keys rather than your personal information.

Another option is TOR (The Onion Router) which is a free web browser that routes your web traffic through a complex network of servers, sending data via so many different communication points that it becomes impossible to track or collect. TOR is free, but does have some major limitations. The main one is that it can be excruciatingly slow, so don’t expect to watch any streaming sites or videos with it any time soon.

In the early days of the web it was a place where you could read, watch or do anything you wanted without anyone knowing – for better or worse. This is no longer the case. Even regular internet users who don’t have anything to hide will suffer when their connection gets throttled or their data gets sold to third-party corporations without their consent. It might be time for all of us to think seriously about what we are doing to stop our privacy being invaded on a daily basis.