r/degoogle u/eeyth 8h ago

Help Needed Can your isp see your reddit history ?

I know they can know what websites you are on. But can they know which posts or videos are you watching in reddit. People who have experience in this please share your opinion. This is only for education purposes 🙂

33 Upvotes

87% Upvoted

42 comments sorted by

36

u/PragmaticTroubadour 8h ago

Depends if you live in a country, that injects own TLS certificates to OS, and monitors everything as MITM. 

6

u/x0rchidia 7h ago

How’s that?

5

u/[deleted] 5h ago

[deleted]

1

u/x0rchidia 3h ago

Source?

1

u/PragmaticTroubadour 7h ago

What do you mean? 

5

u/x0rchidia 6h ago

How does a "country" (gov, I assume) inject its own TLS certs without you installing it? Is this technically possible?

9

u/PragmaticTroubadour 6h ago

I don't remember which country it was.

But, the country demanded Microsoft to install their root certificate in order to be able to sell Windows within their country.

So, residents of that country got modified Windows distribution. 

4

u/x0rchidia 6h ago

Ah, that's dirty! Definitely this is not the case with Linux. Any ideas if something similar happened with Apple?

6

u/PragmaticTroubadour 5h ago

I caught only this thing by random. Don't know, as I don't follow it closely. 

7

u/nshire 5h ago

Kazakhstan

•

u/blasphembot Mozilla Fan 22m ago

....greatest country in the world!

1

u/matthewpepperl 2h ago

That only works if where you are connecting dose not use key pinning otherwise you cant connect at all and the vast majority of apps on mobile use key pinning

21

u/hsifuevwivd 7h ago

No, you connect to websites using HTTPS which means your connection is encrypted. Your ISP will just see the URLs that you visit.

18

u/DryVermicello 7h ago

ISP will see the domain name/server; but not the full URL (which would reveal the actual post/thread).

3

u/ReverseTornado 3h ago

Why cant they see the full URL it seems kinda silly that they cant.

7

u/Jan_Asra 3h ago

It's just how the internet is structured. I don't know it well enough to go into details, but everything is built on layers of what came before.

2

u/ushred 3h ago

Think of it like a folder in Windows explorer. You connect to the website server and that can be seen, but once you're in there, they don't know what folders you navigate to or files you access, generally speaking. 

2

u/mdibmpmqnt 2h ago

It's sent inside an envelope which is encrypted. See the OSI model and network packet envelopes for details.

•

u/SkeletalElite 17m ago

Think of it like sending a series letters too and from someone. When you visit reddit youre sending a letter to the reddit server, but the letter is sealed and your isp cant look what's inside. The letter is opened once it reaches reddit and it has information on what you want to access and reddit sends a letter back with the front page. When you click a post you send a letter to reddit again saying you want to look at this post and they send a letter back with the contents of the post. The ISP only knows letters are being sent between you and reddit and the size of the letters. They don't know the contents though.

13

u/WellEndowedWizard 4h ago edited 4h ago

As others have said, the contents of packets are TLS encrypted for HTTPS sites. You can see where they’re going (reddit.com, youtube.com, pornhub.com, etc) but they won’t see the exact path (reddit.com/r/degoogle) and content.

With that said, there’s nothing stopping Reddit from selling information such as u/<your burner here> with IP <your ip> visited r/<freaky subreddit> at <timestamp>, <timestamp>, <timestamp>, …. That is partly why you’re able to use this platform for free, after all.

(Tangent:) it’s not just the sale of your freaky subreddit history that’s concerning btw. For example, I imagine it would be trivial for a car insurance corporation to purchase data about r/AlcoholicsAnonymous users and cross reference IPs, etc with users to hike their rates. Up to you if that’s morally right.

4

u/eeyth 4h ago

Thanks for the clarification. And the selling part that's a shit move but in this economy every platform does its own share of shit move. Google,Meta nobody has a clean hand.

4

u/NotPresearchCom 3h ago

Nobody should accept their shit moves.

3

u/eeyth 3h ago

Most of their actions are invisible to the public eye, after all we all are corporate slaves

•

u/LagKnowsWhy 57m ago

Regardless of them selling the exact data, if not specifically set your router will not encrypt your DNS requests, essentially "showing" the ISP which sites you visited

•

u/WellEndowedWizard 36m ago

Interesting, I didn’t consider this

17

u/FlyBeneficial3078 8h ago

No...i dont think so. When you go to a sub they only see the reddit.com but not what else you do because its https

10

u/zxuvw 8h ago

No. They or anyone can only know that you visited reddit or any site but they can't know what you did on the website.

3

u/faulternative 5h ago

Metadata, though. I may not know what you talked about on the phone, but I know you called the suicide hotline at 2:00am from the Brooklyn Bridge.

4

u/TCCogidubnus 3h ago

Metadata for an IP packet using HTTPS will contain the domain but not what page on the website was being viewed.

2

u/[deleted] 8h ago

[deleted]

2

u/PragmaticTroubadour 8h ago

There's no technical difference between GET and POST from the MITM attack perspective. Both is content of TLS connection.

There's a different handling if communication goes through proxy, if setup. Which is another way if MITM. However, companies use custom set up proxies to protect leaking of own data. 

4

u/mangoburgerEWW 8h ago

We never know...

•

u/runtimenoise 1h ago

We do know, you can inspect browsers TLS cert chain.

•

u/mangoburgerEWW 1h ago

I said we never know, when how whose data are on check by gov.

2

u/Rich-Chicken-Hawk 4h ago

for education purposes, if your ISP thinks you're doing something illegal or watching some messed up stuff they could alert the authorities and if the gov wanted to see your phone, if you have an iphone, could they access your phone via permission from Apple using your apple ID?

edit: fix to question, format

•

u/runtimenoise 2h ago

Unless your browser is compromised,which is typically something that ISPs don't do, the path of domains are encrypted, can't be seen. Assuming https schema, not http.

They can see you been on reddit and that's it.

0

u/Elegant_Tale1428 8h ago

Get out NSFW subs 😒

15

u/TrackLabs 8h ago

theres more reasons people dont want their history to be seen, that isnt just porn...

3

u/PragmaticTroubadour 7h ago

Dating for married?

(trolling here)

1

u/Elegant_Tale1428 6h ago

should I add /s necessarily for you to get it 😅 + "for education purpose" is either a sarcasm too or literally what I meant

-1

u/faulternative 5h ago

I'm not technical enough to be certain, but I assume my ISP can see everything, and are probably recording it somewhere.

1

u/TheZoltan 3h ago

In simple terms they know your computer is talking to Reddit but not what you are saying. Check out u/WellEndowedWizard comment as it seems the best explanation in this thread.

-1

u/Normal-Science-4760 7h ago

Yes

1

u/matthewpepperl 2h ago

Most places use tls they can only see the ip you are connecting too and maybe the main dns address and thats it tls inspection is a thing but that will not work against most mobile apps