1

Sorry for being so general, but I know my ISP logs connections to others and all. I'm just questioning whether they keep any physical data that was over a HTTPS connection. Learned about how ISPs also "packet sniff", do they keep the data gained from sniffing packets when they want to overview the "log"?

They keep a log of data, so what can they see that was done previously data wise?

Gemz
  • 11
  • 1
  • 4
  • Although they can certainly store as much as they want, you may want to look into "NetFlow records" (Cisco-specific, but Juniper and other routers have similar things). – forest Dec 08 '19 at 04:11
  • If you use your ISPs DNS server, then it would be easy for them to log all the domain names your devices contact. It would be hard for them to decrypt the contents of an https stream, but easy for them to see the IP address, domain name, and amount of data transferred. – Darrell Root Dec 08 '19 at 04:39
  • 5
    I don't think that this question can be answered here. There is a huge difference between what an ISP could store in theory vs. is allowed to store based on your local law vs. is required to store based on your local law. It is unknown what your specific ISP is actually storing. Also, not only your ISP has access to the data but they are usually required to have an interface so that government agencies can extract more detailed information about specific users - in which case the ISP is not storing these data but the government. – Steffen Ullrich Dec 08 '19 at 04:46

1 Answers1

1

UPDATED

I cannot answer for every ISP or even most of them. I'll look at what they could store and talk about reasons you'll never really know what they actually store.

Bottom line: If this is a worry for you, then assume that yes. Your plaintext traffic is stored. And take measures to protect it.

TL;DR

What's an ISP

  1. Broadband provider
  2. Cell service provider
  3. Coffee shop hotspot
  4. Your ISPs upstream ISP
  5. Your work ISP

What they can know.

  1. IP Address - this is the connection information and required to make the internet work.
  2. DNS requests - these are sent in plain text and many ISPs log this information.
  3. HTTPS SNI - this is the subject name identifier information that's sent in plaintext when establishing an HTTPS connection.
  4. They know who you are and where you are.
  5. Any other plaintext traffic (eg http).
  6. Amount of transferred data.

What they can store, but can't utilize:

  1. HTTPS traffic - other than the SNI. It's encrypted and I don't know why they would store this.

Do they log it?

Probably. It's useful for making their service better, and it's easy money for them to do so. This depends on your TOS; however, I wouldn't trust your TOS.

An ISP may claim not to sell your data or to de-identify the data. But their upstream providers might. De-identification is not guaranteed to be effective. They may not understand they are selling it. They may be giving it away, storing it, or analyzing it to "improve your service," or "enhance your security."

GDPR is a great lever to feel safer, but the truth is logs are hard and mistakes happen.

Top google result:

enter image description here Ars Technica Writeup

Summary

You use the internet in so many places that you should assume that someone's ISP is logging the information. Sure, they may claim to de-identify the data, but it's not guaranteed to be effective because it's hard to do right. They may claim to keep the data to better the service, improve performance, and the like. Often they sell the data to third parties that help them improve security.

Jonathan
  • 2,318
  • 13
  • 16
  • 4
    *"ISPs monetize your connection history... dns query which your ISP logs"* - this is a very generic claim, like "cars are red". And while this is likely true for some ISP (and some cars) I doubt that this is true for all ISP (and I'm pretty sure it is not true for all cars). Thus, if you make such a generic claim which includes all ISP then please prove it. And, while you address in some parts what ISP log in your opinion (and generalized to all ISP w/o proof) you mostly address what they could know in theory and don't address if they log it or not. – Steffen Ullrich Dec 08 '19 at 08:52
  • 3
    @SteffenUllrich and it would be worth noting that in Europe, ISP's would ***have*** to inform about this in Terms & Services. GDPR means they will need an informed consent to collect PII. – vidarlo Dec 08 '19 at 09:48
  • @SteffenUllrich - I took out the generic claim and put in specific ones. The point is the ISP, their upstream providers, have access to the data and probably do store it. If you're worried about it, then the safest thing is to assume that YES THEY DO. – Jonathan Dec 08 '19 at 16:31
  • 1
    @Jonathan: I cannot really follow the conclusion you make from explicitly searching for "isp sell dns data" to *"__A lot__ of them do."*. Nothing in the result (of the already heavily biased search phrase) you show supports this claim of *"__A lot__"*. – Steffen Ullrich Dec 08 '19 at 17:03
  • @SteffenUllrich "A lot" isn't a claim. It could mean 5 / 1000 depending on what you're worried about. Still, I changed the phrase. The point here is yes, assume that they do and act accordingly. – Jonathan Dec 08 '19 at 17:09
  • 1
    This isn't a peer review thesis. I thought it was an excellent answer at the appropriate level for the question. – user10216038 Dec 08 '19 at 18:30