Trilight Zone

[digital8]

Consumer Internet access is accomplished through an Internet Service Provider (ISP). All Internet data to and from the consumer must pass through the consumer's ISP. Since this is the case, any ISP is capable of observing anything and everything about the consumer's (unencrypted) Internet activities; however, ISPs presumably do not do this, at least fully, due to legal, ethical, business, and technical cosiderations.

ISPs do, however, collect at least some information about the consumers using their services. From a privacy standpoint, the ideal ISP would collect only as much information as is needed for the ISP to provide Internet connectivity (ie, IP address, billing information if applicable, etc). It is commonly believed that most ISPs collect additional information, such as aggregate browsing habits or even personally-identifiable URL histories.

What information an ISP collects, what it does with that information, and whether it informs its consumers, are significant privacy issues. Beyond usages of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. Often, such a request need not involve a warrant.

An ISP cannot know the contents of properly encrypted data passing between its consumers and the Internet. For encrypting web traffic, https is the most popular and best-supported standard. However, it is important to note that even if the data is encrypted the ISP still knows the IP addresses of the sender and recipient. (However, see the #IP addresses section for workarounds.)