With traditional information transmission, each midpoint between the two connection endpoints sees the data transmitted through it. In the case of your ISP, it is a single midpoint through which all information is channeled, and thus it can view all data you send to the connection endpoint.
There is of course a way to guard against this, by using an encrypted connection - with an encrypted connection, some data (the encryption/decryption keys) are not transmitted via the connection, and thus only the endpoints can reconstruct the original data, while the midpoints between the endpoints only see the encrypted stream. Encryption comes in various strengths, some can be easily attacked by a human, some can be easily attacked by simple machine algorithms, and some require heavy computation, available with custom equipment.
So basically yes, in principle and by definition, your ISP is capable of reading every single byte you send out.
To (partly) guard you and your tinfoil hat against this, I recommend you look into mail encryption programs like Gpg and only visit websites through https links. Also, you should not use your ISPs proxy server, as this is a very convenient place to implement logging/tracing.
To give the whole thing a perl spin, here is a small network tracer as it could be used by your ISP to trace your traffic or by yourself to check whether all your traffic is encrypted or not:
#!/usr/bin/perl -w
use strict;
use Net::PcapUtils;
use NetPacket;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP;
use NetPacket::TCP;
use Data::Hexdumper;
sub packet {
my ($self, $header, $packet) = @_;
my $ip_obj = NetPacket::IP->decode(eth_strip($packet));
my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
print $ip_obj->{src_ip} . ":" . $tcp_obj->{src_port},"\n";
return unless $tcp_obj->{data};
print hexdump data => $tcp_obj->{data};
};
Net::PcapUtils::loop(\&packet, SNAPLEN => 32768, NUMPACKETS => -1, FIL
+TER => 'ip');
Please note that due to the nature of the TCP/IP protocol, the ISP will always know the two endpoints of every connection made. To further guard against this, you could want to have a look at http anonymizing services.
perl -MHTTP::Daemon -MHTTP::Response -MLWP::Simple -e ' ; # The
$d = new HTTP::Daemon and fork and getprint $d->url and exit;#spider
($c = $d->accept())->get_request(); $c->send_response( new #in the
HTTP::Response(200,$_,$_,qq(Just another Perl hacker\n))); ' # web
|