ISPs are also in the business of analytics [1, 2], and a significant percentage of customers hiding their traffic reduces the value of their analytic products.
ISPs use a variety of techniques, such as deep packet inspection.
Many ISP support centers use commercial software [1] to display a detailed analysis of website usage whenever a customer calls in for support.
This includes the top websites visited, how much data was transferred for each site (yes, including those of a more salacious nature), the number and type of devices inside a home, nearby Wi-Fi networks, etc. [1]
This information can then be queried and used used for marketing purposes at the subscriber level (or to individuals within a dwelling).
This view is extremely western, not all ISPs are obligated to show "financial reports", and "shady analytics" does not imply a user's complete network traffic record into perpetuity. And even if your arguments were valid, this is not limited to the ISPs financial gain, but surveillance which occurs in every country.
This, and that it is far more profitable for ISPs to aggregate our traffic patterns and sell them to ad companies and governments than to drive people to VPNs by raising awareness of the reasons we can't trust them.
Well, since ISPs are now free to sell / monetize consumer traffic data [0], this makes some sense. They are pretty desperate for ways to be something more than a dumb pipe for other's content.
Why would they even do so ?
Large ISPs are public, so this activity would appear as extra revenue (if they sell traffic data) in their financial reports and annual reports.
The most likely is that ISPs are just respecting the local laws, and doing the minimum retention as required by the law (because more data storage = more costs),
and that their actual fear is that someone leaks this data and causes reputation damage, so they'd avoid storing anything if they can.
Do you have traffic that you are okay with people watching? Because I personally have exactly zero traffic that I want my ISP to know about (and then resell that info to ad companies, ex. https://www.infoworld.com/article/2608352/internet-privacy-a...).
It's also a way to front run ISPs in the data market. Then these vendors can sell the data on the data broker market and pocket the cash the ISPs are getting by selling whatever browsing history data they can infer (from DNS and traffic).
I suspect this is the corporate motivation. The increased state surveillance and control is a side effect.
It's easy for anyone who can do traffic analysis on your traffic, eg your ISP and mass surveillance perpetrators.
And whoever your ISP decides to sell or give this data to.
This is nothing new in terms of technology, ISPs have a legitimate reason to want to analyze traffic in that context. There is a fairly competitive market for software that ties it all together with DNS monitoring and metadata done through internet scans (Kentic, Deepfield).
The fact that ISPs are monetizing it and letting this data out of their control is utterly terrifying, and in the United States, specifically permitted by law.
There's a large difference though between what governments could presumably buy from ad trackers or data warehouses and what they can get by intercepting unencrypted web traffic at the ISP level.
There was an interesting comment recently on this topic, someone explained that some of the larger tracking companies purchase traffic logs from American ISPs and although their traffic reports aren't necessarily accurate (because they don't have all the data -- as shown by the github employee below) it's not complete guess work and they can be considered representative for sites used by the average internet user.
Because that accounts for 99% of Internet traffic? If you're doing something outside of the norm, and you don't want others to know about it, you should probably exercise good browsing hygiene, regardless of whether your ISP is commercial or municipal.
ISPs propagate flow-based snapshots of attacks to populate filters and redirect traffic to scrubbing centers, but they do so discreetly in part because of concerns about how well their data --- which is used exclusively to generate filters --- has been anonymized.
1. Anyone who can see your traffic can see where the service is.
Dude, right there you lost me. 99.99999999% of the internet can't see your traffic. The NSA can. Your ISP can. Random threats on the 'net at large cannot see your traffic.
The thing I never hear mentioned is when your home ISP (or say your favorite cafe's) is known to use your traffic data for marketing purposes or sell it outright. I trust Mullvad farther than I trust my ISP. I could switch ISPs, but my only option is Comcast and they're even sleazier.
1: https://www.bleepingcomputer.com/news/security/ftc-isps-coll... 2: https://surfshark.com/blog/isp-selling-data
reply