Comment by simonw
21 hours ago
How would your ISP connect that data if every search engine uses HTTPS now, so there's no way for the ISP to see what you were searching for?
21 hours ago
How would your ISP connect that data if every search engine uses HTTPS now, so there's no way for the ISP to see what you were searching for?
DNS lookups are still frequently in the clear, and even if they're not, that just means you're trusting some DNS-over-HTTPS provider. The incentives are perverse.
And of course whoever you are performing your search with, like, oh, an ad company like Google, Meta, or Facebook? They just might use that search data for something.
Exactly. Google or Meta can correlate behavioral data like this. Your ISP cannot do that by intercepting your searches.
I care about accuracy when it comes to privacy conversations. I don't want people wasting their time on theories that aren't true when they should be focusing on the real issues at stake.
For what it's worth, the ISP may not know the search terms entered, but it can see "google.com" followed by "itchybuttcream.net" when people click the first results. The data will grow more granular over time as users click the second or even third result on Google.
On WiFi you control this risk can be mitigated (force DNS to your own server that uses ODoH or similar) but for most people ISPs are still sitting on data gold mines obtained from passively observing DNS.
1 reply →
Yeah, it's Google and Facebook - not the ISP.