What does the provider know about its customers and does it see the browser history?

Who is a provider and what does he know exactly

To begin with, let’s figure out what a “provider” is and what information is available to him at any time.

So, this is the so-called communication service provider. That is, MTS, Megafon, Rostelecom – they are all providers. The user enters into an agreement with them, according to which the company provides a person with access to the Web, telephone or digital television – and often to everything at once in the form of a package of services.

That is why the provider always has access to your personal data that you provided during the purchase of the selected services. This is your phone number, full name, home address and passport details.

But can the carrier see what people are doing on the Internet? To answer this question, you need to have a little understanding of how communication generally works. If we explain this process in simple terms, then while working on the Internet, all requests first go to the provider’s server. In turn, it processes them and transfers them to the global network – that is, to the site server that the user accesses. This scheme also works in reverse – all responses go through the provider.

Does the provider see which sites I visit?

The short answer is yes, he sees, but he does not follow it day and night. And the provider does not store data about visited sites in the form of a list of URLs, but in the so-called logs – they contain the IP addresses of the servers that the user has visited. Also, access to traffic is regulated by a whole set of laws. Thus, according to RF Decree No. 445, the provider is obliged to store the search data of its customers for the last 30 days (although the specific amount of traffic is not specified in this document and depends on the load of the provider in a certain period).

And in accordance with paragraph 1.1 of the Federal Law of July 7, 2003 N 126-FZ (as amended on December 5, 2017) “On Communications”, the operator is obliged to provide access to traffic data to state bodies of the Russian Federation upon a relevant request.

According to their personal desire, the provider’s employees will not sit and watch whether you are looking at cats on Instagram or downloading a pirated movie. But if they are contacted, for example, by FSB officers, they will be obliged to give them access to your logs. It is easy to guess that no one needs the browser history of an ordinary civilian user – only if he is engaged in illegal activities or has somehow attracted the attention of special services.

Now let’s look at more specific questions.

Can an ISP monitor traffic over HTTPS?

If you use an encrypted HTTPS connection, the provider will only store the IP address of the server you are logged into, the connection time, and the amount of data sent and received (traffic). It will not be possible to see the name of a particular page of the site or its content in the logs with such encryption.

In the case of an insecure HTTP connection, the operator stores the same data. However, since this is an open protocol, the provider (and not only him, but any sufficiently advanced user or attacker) can get access to the URL and page names that you opened, search history, and even the information that you used on a particular website (correspondence, downloaded files, and so on). But again, the provider himself does not need this data, he acts within the framework of the law and saves logs only for the sake of a possible request from law enforcement agencies.

What does the provider see when using a VPN?

This question interests all lovers of blocked sites and torrents. We also recommend reading what a VPN is and how it works.

When using a VPN, the provider sees that you are sending encrypted traffic to a specific address. If necessary, he will be able to check this IP and find out that the server is located somewhere in Switzerland and is used for VPN. But the provider will not be able to track which pages you visited within the virtual network – at least if you have configured everything correctly. Yes, and the use of VPN in Russia is not officially prohibited.

The same thing happens when using the Tor browser. However, if the VPN service creates a connection through a single server (and a lot of traffic per IP address can be suspicious), then the Tor program constantly changes servers in the process. The provider can also analyze IP addresses and understand that you are looking for something in Tor, but will not be able to access specific URLs and search queries.

Federal executive authorities that oversee communications technology and communications may send violators a request to restrict access to prohibited resources. And according to federal law No. 155-FZ “On Amendments to the Code of the Russian Federation on Administrative Offenses”, if the operator continues to provide access to these most blocked sites and applications, then even individuals can be fined for their use:

Thus, in fact, VPN is allowed in Russia. But you cannot use it to work with blocked resources. In reality, it is almost impossible to track the use of anonymizers – and if you are not the owner of a large torrent service, you have nothing to worry about.

Will the incognito mode save the provider from surveillance?

The “Incognito” mode is available in all surfing programs – Google Chrome, Mozilla Firefox, Yandex … But it is needed only so that the browser does not save the search history. Since you are still using the connection provided by the ISP, incognito mode logs will be written normally.

Does the ISP know my MAC address?

Yes, this information is not encrypted in any way and is available to operators in full. Often because the MAC address of the device is used directly to connect to the Network – and the provider needs to know it. Another thing is that you can change the MAC address of the router or computer manually – but this can lead to connection problems.

Read also:

• Wireless charging: is it harmful to the smartphone battery?
• Smartphones with a 120Hz screen: a step forward or just marketing?