0

I can't seem to find the answer for this question. Can my ISP know what I download legitimately - in other words, NOT p2p, NOT torrent based, nor anything else that could be shady.

  1. If I go on https://www.example.com and I decided to download a PDF they offer, or a tutorial video, or even an audio sample of theirs, can my ISP know what it is I download?
  2. And just as importantly, if I decide to save the files and proceed to email them to myself: Can my ISP know what I download, once I download them from my email?

I am not asking if they know if I download something (I assume they would know), but rather what it is I download. Again, I am referring to legitimate files. I don't like the idea of my ISP knowing more about me beyond what they already know. After all, anything related to schooling, medical things etc., my business. Not theirs.

user54600
  • 35
  • 1
  • 1
  • 6
  • @Steffen Ullrich. That's totally NOT the same question at all. My question is geared towards downloads and downloads from emails. The link you provided does not deal with that topic whatsoever. Please explain how that topic in the link you provided would. – user54600 Jul 16 '17 at 05:52
  • The question I've linked to answers your first question, i.e. what the ISP can see when surfing the web. Problem is - you've put two independent question into a single one where the first (what can ISP see when surfing the web) had many answers while the second one (what can ISP see from inside the mail) had not yet. – Steffen Ullrich Jul 16 '17 at 06:01
  • I actually searched the forum before, and saw those same results (more or less), but none of them addressed these issues. Unless I missed something out there, it didn't look like they did. Then again, maybe there is an answer that I missed. – user54600 Jul 16 '17 at 06:03
  • 1
    There is no technical distinction between websites you visits and downloading anything from them, it's both going to a URL. Email attachments, torrents etc are different animals. You need to separate these out in your questions. –  Jul 16 '17 at 07:55
  • But, they are. Hence number one and number two. – user54600 Jul 16 '17 at 15:50

1 Answers1

1

The reason it's hard to find a quick and easy answer to your question is that there really isn't one. The closest thing to a quick and easy answer that is right is:

Your ISP can see every byte of data you transmit on the internet, and every byte any server sends to you across the internet.

They have the physical wires you're sending bits over. They not only can read this data, they are obliged to read it, in a sense, because they need to route it to the right places.

However, what that doesn't account for is the readability of those bits. Some protocols, like http, send everything "in the clear," meaning anyone who can read the data on the wire can get access to everything you transmitted. Other protocols, like https, encrypt the data so that the ISP can see bits were transferred, but they can't glean any meaning out of the data.

This is all very protocol specific, so there is no one answer. For example, with HTTPS, the ISP can know the IP address of the server you are talking to (because it has to be sent "in the clear" for the internet to work), but they don't get to know the hostname. In most cases, they can do a reverse IP lookup and figure out the host name, but a single server may serve many host names. For all we know, the servers that service www.google.com also respond to https queries where the host name is yahoo.com, and provide a different (secret) API to people to access it that way. All the ISP knows is that you accessed 216.58.219.14.

Digging deeper requires a very careful threat model. If your adversaries are Three Letter Agencies or major nations, you may find that you leak information in timing or file sizes, and they may be able to do something with that. Regardless, the amount of information that can be gathered is 100% dependent on the protocol you are using.

As for your email, the answer is "it depends on how you access your email." Email goes over different protocols. GMail, for instance, goes over https. Many ISP provided emails use POP. Their behaviors are very different.

Cort Ammon
  • 9,216
  • 3
  • 26
  • 26
  • Just to get a bit more specific in the details. I use services like gmail, yahoo and other email providers, never the ISP ones. In my case, would those types of email providers (gmail, yahoo etc. using https) provide a decent amount of protection upon download? If I understand correctly what you were saying about, for example, the Three Letter Agencies or major nations, they could figure out the size of a file, or the time you downloaded said file. But not the content? – user54600 Jul 16 '17 at 01:11
  • 1
    Good answer. I would add, however, that due to SNI, ISPs can see the hostname too. – Luke Park Jul 16 '17 at 03:21
  • @user54600 That is correct. What they would notice is that some number of bits traveled between google and you, but the content would be encrypted. That being said, a TLA would take the much easier approach of getting the data right off of google's servers (no small feat, but TLA's are no small agencies). If you were, say, Snowden, you would not want to rely on the protections google provides. Instead, Snowden had to do his research and learn how to properly evaluate the security of protocols on his own. For the average person (i.e. 99.99% of the world), your data is safe. – Cort Ammon Jul 16 '17 at 03:55
  • Perfect addition to your answer. It altogether answers the question perfectly well. I highly doubt that CSIS or the CIA (or any hacker for that matter lol), would want to hack an email provider just to see mundane emails, that's good to know. – user54600 Jul 16 '17 at 05:56
  • *"GMail, for instance, goes over https"* - only when using the web interface. You can access your emails from GMail with IMAP or POP3 too and that's what is actually done when using standalone mail clients like Thunderbird, Outlook or similar. At least in case of google these connections are protected by TLS too, i.e. similar to HTTPS (but it's not HTTPS). – Steffen Ullrich Jul 16 '17 at 06:06
  • It is also worth noting that you can encrypt emails with S/Mime or PGP/GPG with your email client, which prevents ISPs and email providers that get your email while it is in transit from reading its content and attachments. – 125_m_125 Jul 16 '17 at 09:38
  • Personally, I don't like using email clients, unless I absolutely have to. But it's good to know in case I or anyone else does. Thanks guys. – user54600 Jul 16 '17 at 15:49