Countries have different laws that regulate the work of Internet Service Providers (ISP), the information they collect about you, how they store and how long they keep it, and who may request this information to be disclosed.
In the UK, the controversial 2016 Investigatory Powers Bill gave the law enforcement extraordinary powers to obtain access to private user metadata by requesting it from ISPs. The ISPs, in their turn, are obliged to store user metadata (such as connection times, browsing history, app installation logs) for up to one year, with very few safeguards protecting citizen privacy from arbitrary access by the law enforcement. In fact, the Investigatory Powers Bills (aptly named ‘The Snooper Charter’ by privacy advocates) practically allows the law enforcement to obtain your connection metadata even if you are not suspected of any crime, and within a very large time frame (12 months). The Bill has since been disputed at the High Cost of Justice and ruled unlawful, which may bring a number of changes to the charter in the coming months.
Nevertheless, the practice of obliging ISPs to retain user data and to provide it to the law enforcement is a worrying trend in a number of countries. In the USA, the FCC-proposed Broadband Consumer Privacy Rules have been repealed by the current administration in 2017, empowering ISPs to collect your browsing data and sell it to advertisers. Selling your personal connection metadata to advertisers is a strong business model for all major ISPs across the world.
There is much to be concerned about. Your browsing history is part of the personal data that forms your digital profile. Your digital profile has an important economic and social value. Websites you access, apps you install, times when you connect to the internet are all relevant for advertisers to produce targeted ads. But these data about your digital life can also be relevant to the security services in your country. Your ISP functions as a gateway to your private data both for business stakeholders and for the authorities, as all your internet traffic is routed through the ISP.
In addition, in countries with strict copyright laws, ISPs are obliged to provide your P2P sharing data upon request from relevant authorities. The data from your ISP allows the authorities to determine what sort of content you download and seed, and whether you deserve to be slammed with a fine for copyright infringement.
ISPs also know how to use your connection metadata to their own business advantage. ’Throttling’ is a practice of setting temporary caps on your bandwidth: for example, if you are gaming and using much bandwidth, the ISP may intentionally slow down your connection after the cap is reached, trying to push you to buy a more expensive subscription plan.
There are several ways to keep your browsing history hidden from the prying eyes and greedy little hands of your internet service provider.
Hide your passwords and the content you watch online by installing HTTPS browser extension. HTTPS browser extension will make sure all data is encrypted when you visit each and every website. That is, your ISP will still know you visited the website, but not what content you streamed, or what login credentials you entered. Obviously, as this is a browser-based extension, HTTPS will not hide your app or P2P data from the ISP.
Use a VPN. Virtual Private Network is a certain way to keep your data protected – on your PC, on your mobile, on your tablet; in the browser, in apps, and on P2P channels. VPN assigns you an anonymous IP and masks your actual location from the ISP. Therefore, while the ISP will register your traffic, it will not be able to actually match it to you and your home address. VPN also encrypts all your internet traffic, leaving your ISP nothing to harvest from your browsing sessions. Most VPNs have both PC and mobile versions.
Use Tor browser. To maximise your privacy, use Tor alongside the VPN – most major VPN providers are compatible with Tor browser, and the use of both will not slow down your connection significantly. Tor is perfect to execute anonymous searches, by encrypting all your search queries and any other activity in the browser. Where Tor falls short (it does not, for example, prevent ISPs from seeing your app or P2P activity), VPN will come through to safeguard your privacy. On Android, Tor is available through Orfox+Orbot package.
A popular misconception is that whenever you want to keep your browsing history secret, you just need to open the ‘incognito’ mode in your browser – and there you have your invisibility cloak. While the incognito mode may prevent your mother from (accidentally) seeing your browsing history… let’s be honest, if the police need to snoop on your darkest digital secrets, they will send a request directly to your ISP, not to your mother. The incognito mode is designed to ‘forget’ your browsing and search history, but it does not hide it from the ISP.