Everyone has an ISP – even the VPN and VPS providers and the websites you visit – have ISPs. Most governments regulate their ISPs to monitor and censor.<p>To comply with these regulations, ISPs deploy appliance/boxes that can do packet inspection and blocking. It used to be IP blocking and DNS blocking.<p>As silicon became faster, these boxes have become more powerful. They can operate at multiple 100Gbps+ packet header scale and not just L3/L4, but also L7 packet headers (a.k.a deep packet inspection). Both of my ISPs (home and mobile) do this.<p>These same appliance companies sell data monetisation solutions to collect and sell metadata – usually done indirectly by a sister entity.<p>These boxes can also inject ads directly into plain http pages and manipulate DNS responses to do the same nefarious thing. In fact this clickjacking injection is the thing that turned me towards VPNs.<p>While the VPN solves the clickjacking injection problem, I’m fully aware of the fact that my VPS provider’s ISP maybe logging and selling all the metadata.<p>Even with https or TLS connections the domain name is revealed in plain text during connection setup. ESNI solves this problem, but no browser supports it by default yet. Other metadata collected usually includes – time, location, connection protocol fingerprinting to uniquely identify devices (TV, phones, laptops etc) behind customer IP address, frequency of access, bytes transferred per connection etc.<p>The real danger is this – as adtech evolves the lines are blurred between plain advertisement vs personalised experiences and targeted digital brainwashing.
Election manipulations, shifting the sentiments (distributed lobbying) in favor of desired outcomes, addictive spending - these become just natural evolution/extensions of this ad tech. With ISPs data mining and selling to invisible companies we won't be cognizant of this manipulation.