I’m not sure what the issue is here… Did you know that your ISP has a record of every website you’ve ever been to on a server you don’t control and they can look at it whenever they want?
This is pretty much entirely incorrect.
It is part of the purpose of HTTPS that your ISP does not have the URLs of pages you visited, nor the content of the data sent in either direction. That information is all encrypted from your browser to the web server and vice-versa.
Encryption became standard in browsers in two waves: first, with the commercialization of the Web in the late 1990s and the need to encrypt financial credentials (e.g. credit card numbers) to do e-commerce; and second, after the Snowden NSA scandal that led to almost all non-commercial web sites adopting HTTPS as standard, followed by most browsers flagging unencrypted sites as “insecure”.
Classically, your ISP would have the domain names (e.g. lemmy.world) as you’d usually be using your ISP’s DNS server; and even if you were using a remote DNS server the DNS traffic would be unencrypted through your ISP’s network.
But these days, they might not even have the domain names, as DNS over HTTPS is used in many browsers today.
Even today though — unless you’re using a VPN, Tor, or some other form of encrypted tunneling — your ISP can certainly discover the IP addresses of hosts you communicate with.
This is pretty much entirely incorrect.
It is part of the purpose of HTTPS that your ISP does not have the URLs of pages you visited, nor the content of the data sent in either direction. That information is all encrypted from your browser to the web server and vice-versa.
Encryption became standard in browsers in two waves: first, with the commercialization of the Web in the late 1990s and the need to encrypt financial credentials (e.g. credit card numbers) to do e-commerce; and second, after the Snowden NSA scandal that led to almost all non-commercial web sites adopting HTTPS as standard, followed by most browsers flagging unencrypted sites as “insecure”.
Classically, your ISP would have the domain names (e.g.
lemmy.world
) as you’d usually be using your ISP’s DNS server; and even if you were using a remote DNS server the DNS traffic would be unencrypted through your ISP’s network.But these days, they might not even have the domain names, as DNS over HTTPS is used in many browsers today.
Even today though — unless you’re using a VPN, Tor, or some other form of encrypted tunneling — your ISP can certainly discover the IP addresses of hosts you communicate with.