H
H
Hose Holebas2016-01-13 15:09:29
Computer networks
Hose Holebas, 2016-01-13 15:09:29

What does my provider know about me?

Hello.
I would like to know from people working in this area or just savvy people, what information about you is available to the provider? Due to the fact that "letters of happiness" are increasingly coming for downloading movies / programs / music, it would be nice to know how the provider knows this.
- When I go to a certain site, does the ISP see the URL? What if I go to https?
- How does the provider know that I am downloading a certain movie/program via torrent? All the packages that I receive and distribute mean that the provider downloads itself to find out what kind of movie / program it is? Or does it keep track of the fact that a .torrent file is being downloaded, and then deduce from the packets that it is being downloaded?
-When I use a VPN, what does the ISP see? That I went to a certain IP and encrypted streams are coming from it?
- Will OpenVPN work over VPN IP both in the browser and when updating Windows, drivers, ...?
- I read that in Windows there is such a feature that if the provider somehow cuts the packet, then the VPN turns off and the site shows my real IP? At the same time, the provider sees on which site I am downloading? Are there many such chips? How to protect yourself from them?
- If I use some kind of extension like ZenMate, dotvpn, does the provider see that something is sent and comes to a specific VPN IP, just like with VPN?
-When using Tor, is someone using my IP while I'm using someone else's? What does the provider see at the same time, that I receive data streams from certain IPs and each time a different IP? Does the provider see the URL?
How can you fully manage the network on a PC, see what, where and when it goes or comes to a PC (Windows, Linux)?
PS: Perhaps I incorrectly asked questions, but I think the essence is clear. Thank you.

Answer the question

In order to leave comments, you need to log in

16 answer(s)
N
nirvimel, 2016-01-13
@hoseholebas

When I visit a certain site, does the ISP see the URL?

Yes.
Known server IP and domain name. Nothing else.
The torrent client communicates with the tracker via HTTP. You can see through everything: specific torrents + all statistics (when the download started, when it was finished, when the distribution started, how much was distributed). It is also possible to connect to the tracker via HTTPS, but rutracker.org does not provide such an opportunity (I also wonder why).
The provider does not store all traffic. This is technically impossible. But the traffic is processed, classified and logs are kept about what type of traffic when it entered / left the subscriber.
Basically, communications between the torrent client and the tracker are monitored (there is all the most interesting there). Communications between peers require significant power to decrypt, so only the fact of communication with a particular peer is logged, but not the content.
Sees encrypted traffic to a specific IP. By IP, you can find out that this range is sold for VPSs. The very fact of encrypted traffic puts the subscriber on the list of those "who have something to hide", which means they are suspects in any search.
It is impossible to track the further direction of traffic from the VPN server (at least on the provider's equipment in automatic mode). But with targeted surveillance of the subscriber, in principle, it is possible to compare the subscriber's traffic with the traffic of any server by time stamps.
Depending on the setting. But in general, yes, yes.
This is not provider related. This is a feature of Windows. When the VPN falls off, all traffic flies out in the clear. Again, it depends on the settings. But that's another "convenience" price to pay when using Windows.
VPN fell off - the hacker was burned.
See what it's about. There are many different nuances in the field of network security and anonymity.
Learn materiel. Understand network protocols and OS device.
Extensions are very different. They can be based on completely different technologies. No specialist will tell you for all extensions. It is possible that many of them, in fact - a honeypot, that is, created to track lovers of anonymity, attract with their convenience and give a false sense of security.
No. If you do not have an Exit Node configured.
They have a system for accurately detecting Tor usage. This fact remains in the logs with the same consequences as for the VPN.
Through Tor and VPN - no.
See everything: https://www.google.com/search?q=Wireshark
Block everything you don't need: https://www.google.com/search?q=Comodo+Firewall

M
Mystray, 2016-01-13
@Mystray

Regarding torrents: most often this is done by specialized copyist offices like Irdeto and IP-Echelon, who themselves, pretending to be feasts of famous distributions, are looking for seeds. And since they know the IP address, they already send abuse to the provider with the info they know like:
Notice ID: 310-123456789
Asset: Fallout 4
Protocol: BitTorrent
IP Address: wxyz
File Name: fallout 4 2015 pc steamrip by noodle
File Size: 27062100367
Timestamp: 02 Jan 2016 18:48:33 GMT
Last Seen Date: 02 Jan 2016 18:48:33 GMT
Username (if available):
Port ID: 14835

M
Mikhail Kulikov, 2016-01-13
@shukan

It is especially dangerous to translate the Internet tariff into "I'm on vacation" - attackers can get this information from the provider and enclose the apartment while you are in the south.
And "letters of happiness", as far as I know, do not come for downloading, only for uploading.
I would also like to note that it is not necessary to particularly expect that HTTPS will save you from listening to traffic. Many providers replace certificates "on the fly" and if your operating system is also configured by a person from the provider, for example, the master came and "clicked something on the computer" he could install a special root certificate in the OS, the key of which is signed by the spoofed certificates, then you do nothing you won't suspect.
Unless, of course, the site you are communicating with does not use HSTS technology to prevent certificate spoofing. But that is another story.

V
Vasily, 2016-01-13
@Applez

Your ISP knows everything that is not end-to-end encrypted. In other cases, he sees that encrypted traffic is going between you and another host.
In general, it's easier to say "Your ISP knows everything about you." )

S
Sergiu Suhov, 2016-01-21
@Zalechi

Oh God, where did you get this? The fact is that the envy of the provider itself is partly + you forget that there are
other options
! about surveillance by the provider. I am connected to a provider that does not keep any logs, filtering and traffic accounting. You may not believe me, but I myself work in this company, I know what I'm talking about! I will not advertise it here - this is not Mother Russia. Accordingly, clients connected to us may not worry about it and look for the causes of spam or something else there only at home.
All that you listed is possible, but there are firms that do not suffer from this, but rather position themselves in this regard as clean. Therefore, a lot of business clients reached out to them in their time.

When I visit a certain site, does the ISP see the URL?
- Yes.
Explain how the provider sees the url? The only method known to me (if not connected by remote admins) is a MITM attack (in other words, listening to traffic / packets). As the same commentator wrote, this is very expensive and requires resources, therefore, for 10,000-100,000 clients, only Google and its hedgehogs can implement this. Let me explain: imagine installing a traffic analyzer, where in the middle between you and the site, and blast each packet (and - supposedly imperceptibly). Represented? So, for this you need a copy, a program (wow-shark for example) and then wander in the abyss of all the data received. This is done when they start a business, and so ... Alas, I doubt
it. I'm guessing that depends on the provider.
Once at the dawn of its activity, our company limited traffic. Then we had so-called shapers installed, which, depending on the subscriber package, cut the speed. the outgoing IP address of the package was checked, compared with the subscription fee for the client's billing, and technically sent further with a limited speed. There are well-known Lingx programs that do this, and everyone knows that even in this case there is no question of any surveillance. We even lacked those resources, those servers, what other kind of tracking could we talk about? On the contrary, our mission has always been - unfiltered Internet to the masses!
voila

S
sivabur, 2016-01-14
@sivabur

Buy an individual ip OpenVpn 100Mbps and forget about problems with torrents. Or run your own vpn server on a dedicated server.
If you are interested, I can raise you on my dedicated server.
If we talk about anonymity, this is a completely different story. But for torrents, OpenVpn is enough .

A
alexdora, 2016-01-22
@alexdora

In general, for the first time I hear that in RUSSIA there are letters of happiness for THIS. It even seemed to me that I missed something on this topic.
Can you explain how it is?
In addition, I’ll tell you that in developed Germany, fines come, but according to acquaintances, the case falls apart with a bang at the very first court session if there is a lawyer with a head.
Regarding the question, what does the provider know. Hmm, as a former tech. the director of the provider will say that literally everything. But only large providers allow themselves to invest / build a CRM system or a semblance of convenient accounting. I was visiting one provider not long ago with a total number of users in the region of 70-100k people (I won’t say the name). In general, all information about the user in a human-readable form is reduced to the IP address, balance, passport, tariff and amount of traffic. If you want to get information about where he goes and so on, you need to ask the deputies of the system administrator separately and they will make a report on the user in manual mode in the format of some poor XLS plate.
How to fight, if it is very, very necessary. The technical methods have already been mentioned above. BUT! Personally, I struggled with the old-fashioned method, with possible problems when I connected: The installer came with a contract and wrote down by ear what I dictated to him. Ie something of the format: Vasya Vseya Pupkin and so on. He even indicated a completely different, non-existent house number in the cottage settlement. Taking into account the fact that I have 3 providers at the same time, I undertake to assert that this is still possible with almost all providers that allow you to connect without coming to the office and fill out an agreement upon connection or by phone with words. Of course, it is worth noting additionally for the conspirators 007: Use another phone in the contract + pay for the Internet anonymously.
For those who know the secret: Who killed Kennedy? There are paid CLOSED anomization services. VPN tunnel to a server in another country, for example.
The company I work for rents a server in another country to proxy traffic. Protection against corporate espionage. Personally, I saw with my own eyes how the Viber correspondence was in the left hands.
And about TOR, well, how can something that is not controlled be safe by default. Here is the dumbest scenario: put a fake site through the provider of the official project and give a screwed up TOR client there. I would at least solve the problem in this way and additionally place the corrected client in various exchangers

O
Oleg Tsilyurik, 2016-01-13
@Olej

What does my provider know about me?

Everything! ;-)
- A girl, a girl? What are you doing tonight?
- Everything!

G
globuser, 2016-01-13
@globuzer

He knows not everything, but a lot, although almost everything .... but he doesn’t really need it.
There are millions like you...

I
Inject13, 2016-01-15
@Inject13

Use the tunnel in conjunction with the proxyfier, with the rights 127.0.0.1 for localhost/default (don't forget the checkboxes)
and all the downed traffic will be cut off in the middle, before there is a "drain"
And what they know has already been answered above)

B
brar, 2016-01-15
@brar

I'll make it worse youbroketheinternet.org secushare.org

A
Adamos, 2016-01-13
@Adamos

This has already been said, but I think it needs to be repeated large and intelligibly: if you are
You can download them even to shit, no one cares.

6
65536, 2016-01-13
@65536

I hope providers look towards their customers

R
rader90, 2017-04-21
@rader90

If necessary, forensic experts will analyze traffic through the provider. Comrade Major is not asleep. Everything that is encrypted through a VPN is difficult to find, and the rest with requests to Google, VK, classmates, mail .... Yes, and the social part of the passwords is of the same type, names and logins and other information by which you can determine. There's even the window size in the browser....

S
Santa_C, 2017-07-24
@Santa_C

as I understand it (not special), the exchange in the same utorrent goes via http, where everything is perfectly visible. letters are created by bots according to a certain copy-you-know-whom template and only then are they sent by the provider to the client.
will disabling dht in a torrent somehow affect the situation?
"a friend of mine" got something similar, where you can see what he downloaded, from where and when. such awareness of the big brother is somewhat alarming and makes you think not about torrents, but about privacy.

V
VitalP, 2019-06-14
@VitalP

In the VPN privacy policy, look at the registration policy) Before choosing a provider, you need to know exactly what information will be recorded and what it will or can be used for. I will not rewrite, I found a topic here . I hope it will be useful.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question