If you pay for internet data on your mobile phone, your phone company also acts as the Internet Service Provider for that device. Whether you use 3G, 4G, or 5G, your internet traffic must pass through your phone company's gateway servers. As a result, they can track vast amounts of information about you, including which websites you choose to visit.
In this article, we will discuss what data a phone company can track, what data it is retaining and why, and what you can do to prevent this tracking to gain privacy online.
Does HTTPS encryption make web searches safe?
Although your phone company can track the websites you visit (the top-level domain) it cannot actually see any of the data that passes between you and the website. This is because most websites nowadays implement HTTPS encryption to prevent your data from eavesdropping.
Because of this HTTPS encryption, you don't need to worry about your ISP being able to snoop on your credentials, passwords, or any other private information passing between you and a website. This information is protected, meaning that the ISP only knows which website you are visiting, not what you are doing on those websites.
However, it is important to remember that if you visit a HTTP website, your data is passing between you and that web service in plain text. HTTP websites do not implement transport layer security by default. As a result, if you connect to a HTTP website, it is possible that your ISP could track your personal data.
Can my phone company see my Google searches?
Google uses HTTPS encryption, which means your ISP cannot see each individual search request you make on Google (or any other search engine). As a result, the searches you make on Google (including the search terms) are not being tracked by your phone company.
However, as soon as you click on a search result in the search engine and decide to visit that website directly, your ISP will know which website you have visited, and it will be able to keep a record of that web visit.
How does a phone company or ISP track your online habits?
When you connect to the internet and visit a website, your ISP routes your traffic to that website. To establish the connection between you and the online services you use, your ISP must resolve your DNS queries.
This allows the phone company to know exactly which websites or online services you visit – whether that be Google search, eBay, Amazon, Netflix, or anything else.
Despite this, nobody at the phone company is actually sat behind a desk monitoring everything you do online. Instead, your information is stored on a server so that it can be accessed at a later date. Check out our what is DNS page for more information on this topic.
How long do phone companies store data?
Due to how many customers phone companies and ISPs have, collecting customer data indefinitely is not financially viable. As a result, ISPs tend to compile useful information to sell it onto third parties such as marketing companies. Following that, the ISP deletes the data so that they don't need to pay for expensive storage space.
Unfortunately, governments understand the value of the data passing through an ISP's servers. Authorities want to use this data for surveillance purposes, and, as a result, they have passed Mandatory Data Retention Directives that force ISPs to store web history data for a specified period (usually between six months and two years).
What kind of data do ISPs harvest?
Phone companies and Internet Service Providers have access to two different types of data:
- Web browsing information. This is used to monitor which websites you visit and what kind of consumer items and services you are interested in. This data is valuable for marketing, but also has the potential to reveal sensitive private things about you. For example, your web history could reveal that you are a smoker – and the ISP could sell this data to a medical insurance company.
- Metadata. This data can be leveraged to monitor who you communicate with and when. This allows ISPs to compile information about who you email or communicate with using VoIP apps.
ISPs and government agencies can leverage this data to reveal extremely sensitive things about you. Studies prove that web browsing habits can reveal details about your political and religious beliefs, sexual preferences, health status, and many other things. This is why ISP tracking is such a massive invasion of privacy.
Who uses the data collected by phone companies?
Many phone companies leverage web browsing information to create a secondary revenue stream. As a result, ISPs might sell your data to marketing firms – or other third parties interested in it.
Depending on where you live, the government may also have passed Mandatory Data Retention directives that force your phone company to store your data to share it with the government.
What about the US?
Some countries don't have mandatory data retention directives that force ISPs to store web browsing histories and metadata. In those countries, ISPs usually opt to delete your data once they have extracted any useful information.
The USA is a country that has no Mandatory Data Retention Directives. However, US law permits ISPs to harvest user information to sell it for profit. This results in ISPs retaining user data on file, which can permit the government to access it using a warrant.
What's more, because of the US' implementation of gag orders, it is possible that an ISP might have to share your data with government snoops while also keeping it a secret. You can read our full guide to find out more about data retention.
How to prevent phone companies tracking your web visits
The only way to prevent your ISP from monitoring your web visits is to encrypt your data before it leaves your device and passes through its gateway servers. The best way to do this is to use a Virtual Private Network (VPN) service.
A VPN works by securing your web traffic in an encrypted tunnel. The VPN also proxies your DNS requests inside that tunnel, so the ISP does not know which websites you have asked to visit.
When the data arrives at the VPN server, the VPN resolves the DNS query and forwards your data to the website. The VPN also encrypts the data on its return journey to prevent your ISP from tracking anything.
Because of this process, your ISP becomes completely blind. Even if your country enforces mandatory data retention directives, your ISP cannot comply because there is no data available to track.
This makes a VPN the easiest way to prevent your phone company from tracking what you do online. To find out more about VPNs, we recommend you read our what is a VPN guide. And, if you want to prevent your ISP and the government from tracking your web habits, check out the best VPN services of 2021.