The FTC released a staff report in 2021 analyzing the privacy practices of six major U.S. Internet Service Providers. The report found that these ISPs collect as much, if not more, data on their customers' browsing habits than popular advertisers like Google and Facebook. Additionally, some of these ISPs either operate their own advertising businesses or sell the data to third parties, such as the NSA.
And this is why you never ever use ISP DNS, run DNS over HTTPS in the browser, and always use encrypted networking.
And use VPNs appropriate to the activity, when appropriate.
Oh, and never turn on ISP-supplied WiFi, as that gives them full access to the traffic from every device on your LAN, what physical hardware you own, and even where it is located in your home (and when it leaves and comes back to your home).
This information, although not new, sheds light on the misconception prevalent even amongst industry professionals today that ISPs only retain customer usage data related to IP address assignment.
Which is why good vpns are hosted in countries with extremely high privacy laws. And some can even be bought and used without giving any personal info. And why most vpns are RAM only and literally can't log any records.
All good!
It's about the use of free VPNs and how they may impact user privacy and security. But I do mention that VPNs is a one of the reasons as to why some people choose to use them in the first place. And this is a good source to have as it shows exactly the reasons as to why people flee to VPNs (be it paid or free).
Spoiler, in the majority of the cases free vpn's are not good to use, but there isn't too many documented articles on the topic, only some. So wanted to contribute on that field :)
In 2017, Trump revoked regulations put in place by the Obama administration that would have compelled ISPs to obtain user consent before selling their browsing data.
Maybe I'm just not getting it, but if we've mostly transitioned to HTTPS and encrypted DNS... what exactly can the ISP learn other than the address they serve and MAC of your gateway? Is this report for those who use their ISP's DNS?
With very little effort it would be possible to mitm all the customers and it would all be pointless. Look at what Facebook is recently done to steal user data. They have apparently been doing their attack for years.
I'm going to need a source on both those claims to better understand how they can happen.
For an ISP to mitm, they'd need to sign and send the website certs themselves, and that'd show up in most browsers as a big red flag.
As far as Facebook goes, I was sure that's just javascript and tracking cookies that they're paying websites to use. No mitm there.