How much of what you do online can your ISP track?

[Hooobi]

Well, I was reading that Time Warner thread on here where the guy said he got a call from his ISP telling him to stop sharing copyrighted files on Kazaa and that got me wondering...

Just how much of what you do online does your ISP track?

What are the legal/technological barriers to what they can find out about what you do online?

Does it vary depending on the methodology? For instance, is it easier/harder for them to track activity using Kazaa vs. FTP vs. IRC vs. Usenet vs. web browser?

Just wondering how much privacy we have...

And yes, I am aware that people can hack into your computer and find out everything or install spyware. I'm talking about the type of thing that is legitimate and might go on on a daily basis.

Anyone know?

 

[Pepsi90919]

in that case, someone from the companies involved just searched for their products on kazaa and called up the ISP's of anybody they found that were sharing their files. Pretty simple, nothing was really 'tracked' there.

 

[Hooobi]

Originally posted by: Pepsi90919
in that case, someone from the companies involved just searched for their products on kazaa and called up the ISP's of anybody they found that were sharing their files. Pretty simple, nothing was really 'tracked' there.

So apparently, there are no technological barriers to finding out who an individual on Kazaa is?

Does that mean that there's really no way to maintain anonymity online anymore? I've heard of those sites you can surf "through" to make yourself untraceable, but that's just too unwieldy.

Is every form of online privacy just a fiction?

 

[Rallispec]

when using kazaa.. they could just check the IP of the person their connected too, and then trace that IP back to a service provider..

those online anomalyzers work to an extent, just while browsing webpages though... nothing is full proof though.

 

[geekender]

They own the equipment your traffic is passing through. It would be nothing to run a packet sniffer. They could even have a clause in the TOS that gave them legal right to do so. It would be an amazingly difficult task to decipher the info though.

 

[bmacd]

i think ffmcobalt is a good source for the info.

-=bmacd=-

 

[Hooobi]

Originally posted by: geekender
They own the equipment your traffic is passing through. It would be nothing to run a packet sniffer. They could even have a clause in the TOS that gave them legal right to do so. It would be an amazingly difficult task to decipher the info though.

So then, what exactly does a packet sniffer tell them? What's the point of running one if they can't decipher it?

 

[geekender]

It's not that you can't decipher it, its that it is difficult and you have to know what you are doing. A lot of ISP's don't care. They only care about how much bandwidth you are using.

 

[Hooobi]

So, what if I'm using a router and when I go to that ShieldsUp! site it tells me that all of my computer's ports are invisible except for the "ident" which is "closed"... does that mean that I'm really invisible or does it only mean that my computer's simply more difficult to hack into?

 

[amnesiac]

Your ISP can track and probably does log your ip and all IPs that you contact.
So tracking FTP and web browsing is easy enough.

Usenet is very hard to track if you download only, because all the information you download is encoded as jumbled text. Like geekender said they'd need a packet sniffer to see what you're doing and even then they couldn't really do much with it.

If you post on Usenet unless you anonymize your posting can be easily tracked back to you.

 

[Hooobi]

Originally posted by: amnesiac 2.0
Your ISP can track and probably does log your ip and all IPs that you contact.
So tracking FTP and web browsing is easy enough.

So, if I'm using Kazaa Lite and downloading an mp3 file from 10 different users at a time, my ISP will log that I contacted 10 different IPs? And then multiply that by the number of other files I might download and then add that to all the websites I visit and they've got a list of 1000s of IPs that I've contacted. What use can that possibly be to anyone?

 

[NikPreviousAcct]

Originally posted by: bmacd
i think ffmcobalt is a good source for the info.

-=bmacd=-

*hands bmacd a $20 spot*

 

[MichaelD]

Have no fear: the bestiality videos with the underage girls, the priests wearing clown makeup and the donkeys are of no interest to your ISP. Usually, they care only about bandwith consumption.

 

[amnesiac]

Originally posted by: Hooobi

Originally posted by: amnesiac 2.0
Your ISP can track and probably does log your ip and all IPs that you contact.
So tracking FTP and web browsing is easy enough.

So, if I'm using Kazaa Lite and downloading an mp3 file from 10 different users at a time, my ISP will log that I contacted 10 different IPs? And then multiply that by the number of other files I might download and then add that to all the websites I visit and they've got a list of 1000s of IPs that I've contacted. What use can that possibly be to anyone?

I don't know how Kazaa handles connections, so I couldn't tell you.
I'm not positive if ISPs even give half a crap about what you do with their bandwidth unless you are hosting a server of some sort.

When it comes to websites, etc.. if someone wants to find out if you visited they'd usually have to get the logs from the webmaster.

 

[spidey07]

You isp can track every single thing you do and every site you connect to. Not trying to be big brother or anything, they simply don't care. But if a court or government agency requests records or monitoring the ISP certainly has to tools to comply, just like tapping a phone or getting phone records.

It really is VERY easy to tell exactly what you are doing. I do it daily in my current profession as a network security professional.

 

[Hooobi]

Originally posted by: MichaelD
Have no fear: the bestiality videos with the underage girls, the priests wearing clown makeup and the donkeys are of no interest to your ISP. Usually, they care only about bandwith consumption.

oh... well then, nevermind.

 

[MichaelD]

Originally posted by: spidey07
You isp can track every single thing you do and every site you connect to. Not trying to be big brother or anything, they simply don't care. But if a court or government agency requests records or monitoring the ISP certainly has to tools to comply, just like tapping a phone or getting phone records.

It really is VERY easy to tell exactly what you are doing. I do it daily in my current profession as a network security professional.

*Gulp* (Runs to yank the Cat5 out of the FTP server.....)

From what I understand, (accounting for "yes, I've read my TOS agreement) as long as you're not abusing the crud out of your connection, i.e running a heavy-duty internet business from your home, you're good to go.

 

[Hooobi]

Originally posted by: spidey07

It really is VERY easy to tell exactly what you are doing. I do it daily in my current profession as a network security professional.

Doesn't that typically involve installing software on the individual computers?

 

[spidey07]

You don't need any software on your PC. You have a MAC address, an IP address, and a port mapping on your cable or DSL head-end.

I can simply tell that first piece of active network gear you are on to mirror your traffic to a distributed sniffer monitoring station where every single packet you send or receive is stored and decoded. I can then use a number of decode programs to sort, search for key words against a database and so on.

every single frame you sent or received on the network can be stored on a harddrive.

but then again, ISPs don't really care unlesse there is subpeona for records or warrant.

 

[WarCon]

I don't know how it is now, but several years ago an ISP I use to do alot of work for kind of surprised me with the records they do keep. I kind of thought of it as an invasion of privacy, but they explained it was for their protection that they kept the records.

 

[Hooobi]

Originally posted by: spidey07
You don't need any software on your PC. You have a MAC address, an IP address, and a port mapping on your cable or DSL head-end.

I can simply tell that first piece of active network gear you are on to mirror your traffic to a distributed sniffer monitoring station where every single packet you send or receive is stored and decoded. I can then use a number of decode programs to sort, search for key words against a database and so on.

every single frame you sent or received on the network can be stored on a harddrive.

but then again, ISPs don't really care unlesse there is subpeona for records or warrant.

Ok, so you're saying it can be done. Now my next question... is it legal? Can they do what you said without a warrant?

 

[piku]

You would think the ISP's would actually want to know as little as possible, as not to be held liable for every little thing someone does on their networks.

 

[BooneRebel]

Originally posted by: Hooobi

Originally posted by: spidey07

It really is VERY easy to tell exactly what you are doing. I do it daily in my current profession as a network security professional.

Doesn't that typically involve installing software on the individual computers?

No. With a sniffer (anyone running an ISP will have one) I can tell you everything you do on the network without being on your system. This includes tracking every site you visit, every file you download, in many cases even logging the 'private' passwords, credit card numbers, etc. that you type. HTTP, FTP, Telnet, it doesn't matter. And while a TOS will primarily deal with bandwidth consumption, look for the fine print that prohibits you from conducting illegal activities. These usually aren't spelled out, but if someone like the FBI calls up your ISP because you're under suspicion of hacking, pirating software, creating viruses, etc.: You no longer have any privacy. Just about any law enforcement agency can ask your ISP for your information about you if you've broken the law.

 

[gigapet]

Originally posted by: BooneRebel

Originally posted by: Hooobi

Originally posted by: spidey07

It really is VERY easy to tell exactly what you are doing. I do it daily in my current profession as a network security professional.

Doesn't that typically involve installing software on the individual computers?

No. With a sniffer (anyone running an ISP will have one) I can tell you everything you do on the network without being on your system. This includes tracking every site you visit, every file you download, in many cases even logging the 'private' passwords, credit card numbers, etc. that you type. HTTP, FTP, Telnet, it doesn't matter. And while a TOS will primarily deal with bandwidth consumption, look for the fine print that prohibits you from conducting illegal activities. These usually aren't spelled out, but if someone like the FBI calls up your ISP because you're under suspicion of hacking, pirating software, creating viruses, etc.: You no longer have any privacy. Just about any law enforcement agency can ask your ISP for your information about you if you've broken the law.

so even ish you send over an ssl connection can be seen by the isp, so really anybody with admin powers at an isp can when here bored broswe your bank statements you viewed on line along with the credit car information used to by your subscription to club 19 pr0n site or whatever......thats shady, no more online purchasing/banking for me

 

[Heisenberg]

Something like SSH or SSL is a little different. The ISP can store the data easily enough, but they would still need to decrypt it to see a password, for example. The strength of modern day encryption makes that nearly impossible unless you have an extremely fast machine - as in supercomputer fast.