Last year, ISPs were classified as common carriers under Title II of the Communications Act by the FCC to enforce net neutrality. The FCC is now looking to implement regulation that ISPs will have to follow in order to protect their customers’ information. In light of this, Team Upturn published a report to “provide technical grounding for policymakers and other interested parties, regarding the extent of ISP visibility into the activities of their subscribers.”
The report opens with 4 observations:
- Many sites still don’t provide encryption, allowing ISPs to easily monitor their users.
- Even with HTTPS, ISPs can still see domains visited which can be very revealing over a long period of time. In fact, ISPs already look at this data.
- Sometimes HTTPS isn’t enough.
- VPNs are hardly used and provide “incomplete protection”.
Unencrypted HTTP allows ISPs to see the full URL and page contents of sites visited. If that wasn’t enough to convince you that unencrypted HTTP is bad, then consider the fact that unencrypted HTTP in general isn’t fun at all. A brief survey done by Team Upturn revealed that 85% of the top 50 health, news, and shopping sites – as ranked by Alexa – didn’t fully support