Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can i get internet activity or browsing history from my ISP

Posted on 2016-08-04
18
Medium Priority
?
2,982 Views
Last Modified: 2016-08-06
I have a client that is in need of the browsing history for a location due to legal issues with an employee.  I was asked if I could get the browsing history from the ISP as there is no equipment onsite that has any of this data stored.  I called the ISP (Windstream) and was told that they do not store this information and that it would be illegal for them to do that as it would be an invasion of privacy.  Now, much of what I read online says differently.  Since I am not an expert on these issues I thought I would come here.  Does anyone have any information on whether that information indeed exists and, if so, how to obtain that information.

Thanks,
karislove
0
Comment
Question by:karislove
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 3
  • +2
18 Comments
 
LVL 10

Accepted Solution

by:
ecarbone earned 2000 total points
ID: 41743329
Some of the large ISPs (Windstream, Comcast, Verizon) may collect information within their legal limits, but they only use it for their own BI. Highly unlikely that they would give you this data - even if they WERE recording it.

Smaller ISPs (like host.net) offer this as a paid service (just like managed firewall or managed router service). You would have had to sign a contract for this service, and there is a monthly fee.

It doesn't help you now, but in my opinion your best bet is to install something internally.

There are appliances you can purchase (Cisco, SonicWALL, etc) or there are software solutions you can install on your network (Untangle, GFI WebMonitor)

Final thoughts - I supposed your company would also have to update their employee policy to let everyone know that this type of monitoring is in effect. Not sure what the privacy laws are, but there are solutions for monitoring and filtering content within an organization.
1
 

Author Comment

by:karislove
ID: 41743339
ecarbone,

Thanks for the reply.  I appreciate you taking the time.  I would like to accept your answer but it doesn't sound like you are speaking from first hand experience.  Do you have experience in dealing with this matter directly?  Can that nut be cracked with a court order?  I understand that law enforcement can compel this information.  However, that is just what I think I know.

Also, your advice is good advice.  I gave my client the same speech a while ago.
0
 
LVL 10

Expert Comment

by:ecarbone
ID: 41743343
I have never called a major ISP to demand that they give me data which I cannot even prove they have. So you're correct in your assumption. You'd have to consult with an attorney.

As I mentioned, my advice doesn't help you now, but for this type of situation going forward I recommend putting something in place, internally.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 10

Expert Comment

by:ecarbone
ID: 41743347
One other thing to consider - most likely all of the computers on your internal network are going out through the same 'pipe' to the Internet, through the same IP Address. So EVEN IF they were monitoring such information, how would they know WHICH computer it came from and furthermore, how would they even be able to prove it was a specific person on that specific computer at that specific time? The information you're looking for seems very granular, and I am sure any information your ISP had, would be at a 10,000 foot view.
0
 

Author Comment

by:karislove
ID: 41743356
ecarbone,

This location only has one computer that connects to the Windstream router.  The high level view would be fine.

Thanks
0
 
LVL 10

Expert Comment

by:ecarbone
ID: 41743362
Still no way to prove that person was on that computer though, right? I'm just offering my non-attorney opinion.  ;-)     I think your best bet is to consult with an attorney.
0
 

Author Comment

by:karislove
ID: 41743372
ecarbone,

Oddly enough there is video of the time in question so placing the employee at the computer is rather easy.  Sadly, at least for this specific instance, the camera was not pointed at the screen.  

Consulting an attorney could be the next step.  I was hoping that someone would be able to help me avoid that.

Thanks,
karislove
0
 
LVL 9

Expert Comment

by:Antzs
ID: 41743800
Instead of getting it from the ISP, which I think is a dead end anyway.

Is there anything left on the PC itself?  Even though it has been deleted, it may be worth recovering depending on how important the case is.

Browsing history maybe?
0
 
LVL 25

Expert Comment

by:nickg5
ID: 41744170
I can tell you that a local computer shop that builds systems and is involved in computers related to local authorities told me that the user (in this case your employee) can delete browsing history all day long.
But it will always be retrievable from the hard drive unless the hard drive is literally taken apart and destroyed.
So if it is a serious security issue and you do not mind buying a new system or new hard drive, then remove the hard drive and based on what I was told the data is there.

Lawyer? Why not confront the person, re-install a good camera and tell them that if they do not reveal their browsing history, then they will lose their job and you will take the computer to the police internet department.

They might give you what you want and then resign to keep from having a firing on their record.
0
 

Author Comment

by:karislove
ID: 41744175
Anthony,

PC is a dead end.  The PC was upgraded to W10 and reset with the clean wipe feature before the issue was detected.

Thanks,
karislove
0
 

Author Comment

by:karislove
ID: 41744176
nickg5,

The employee had already been terminated for other reasons before this issue came to light.

Thanks,
karislove
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41745435
karislove

You said:
"The PC was upgraded to W10 and reset with the clean wipe feature before the issue was detected"

I assume that you are referring to the Windows 10 upgrade where you choose not to retain any files.  This may or may not be a complete "wipe" as offered by utilities that are designed to "nuke" all data on a hard drive.  It is more likely to be a simple format or even just a file deletion, but I cannot say this with certainty.

You probably already know this, but when files are deleted from a hard drive they are not actually removed.  The areas on the drive where they existed as chunks are only marked as free to be re-used, and the files are no longer visible.  There are some great file recovery applications that are able to recover deleted files from hard drives, and some can even recover data from drives that have been formatted (not securely "wiped" though).

The main rule for file recovery is to immediately stop using the computer that is to be examined, because even normal use creates new files that may overwrite the data that you want to try and recover.  The other rule is that a data recovery application should be run from another computer to which the affected drive as been temporarily connected, or use a bootable CD that runs the application from its own operating system that does not write files to the computer's hard drive.

I have used GetDataBack (https://www.runtime.org/data-recovery-software.htm) for many years with good results.  It is free to run and determine what has been recovered, but to copy the files out to another storage medium you need to buy a licence.  They offer a bootable Linux CD (https://www.runtime.org/data-recovery-live-cd.htm), but under the same conditions as the installable software.

The problem with "undelete" programs and other data recovery applications is that they recover so many files that it is extremely time consuming to try and sift through them all looking for relevant ones.  Depending on the browser and how it stores its history, you may also need additional tools to analyse the data for evidence.

If this is of sufficient importance that you would be willing to spend what could amount to a fair amount of money (and possibly little or no proof in the end), I would recommend that you hand the PC over to a fully qualified Forensics Data Analyst.  An expert follows procedures that retain file time and date stamps, whereas casual users can ruin these essential elements of proof while tinkering.
0
 

Author Comment

by:karislove
ID: 41745523
BillDL,

W10 has a clean wipe reset feature.  This is not an upgrade feature.  It cleans\wipes the drive and reloads a clean copy of the OS.  This is not a simple delete operation or reformat operation.

The PC has been taken offline for the time being.  Although, it is currently being classified as a long shot last option source of information.

My guess is it will boil down to a question of whether recovery will be < or > the loss.  Explains the attempt to get the data from the ISP.

Otherwise, good tutorial on the drawbacks of "delete".

Thanks,
karislove
0
 

Author Closing Comment

by:karislove
ID: 41745526
Thanks for the assist.  Other conversations have led to the conclusion that the Windstream tech was not correct.  If the other conversations are to be believed, Windstream does record and retain this information.  However, it is only available to law enforcement or the courts with a court order.  It is not available to the customer.  It is in the hands of the attorneys and accountants now.

Happy computing,
karislove
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41745552
From what I understand the Win10 "wipe > reset" feature has 2 options that do as follows:

1. Just Remove My Files = Quick Format i.e. data still available for recovery using a simple "undelete".
2. Fully Clean The Drive behaves differently for encrypted and unencrypted drives:
    (a) Encrypted = Quick Format.  The info necessary to decrypt the disk is unavailable so data is effectively lost.
    (b) Unencrypted = Full Format writing zeros to every sector.  Same as    format c:\ /P:0    command.

From what you have described, you chose the "Fully clean my drive" option, in which case recoverying anything from the drive is more than a long shot.
0
 

Author Comment

by:karislove
ID: 41745565
BillDL,

Yup.  I pretty much put it aside just to make others feel better.  I don't think it is even possible (NSA magic excepted) to recover anything after that.

Hope is a crazy thing in corporate decision making.  That is how accountants earn their keep.  They rip hope to shreds with dollar signs and keep hopeful people from making expensive stupid decisions.

Thanks,
karislove
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41745580
Clearly the company I work for does not have a very competent accountant, because a lot of expensive decisions have been put into the hands of some incredibly stupid people over the past few months :-(
0
 

Author Comment

by:karislove
ID: 41745589
BillDL,

I feel your pain.  If I had the money spent on every project that was able to be clearly and concisely defined, in advance, as "stupid" I would be a very wealthy man.

However, I probably wouldn't be here on a Saturday typing weekend rants to you.  I would be relaxing in a hammock somewhere with cool breezes.

So, not all bad then...

Thanks,
karislove
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question