Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3953
  • Last Modified:

Can i get internet activity or browsing history from my ISP

I have a client that is in need of the browsing history for a location due to legal issues with an employee.  I was asked if I could get the browsing history from the ISP as there is no equipment onsite that has any of this data stored.  I called the ISP (Windstream) and was told that they do not store this information and that it would be illegal for them to do that as it would be an invasion of privacy.  Now, much of what I read online says differently.  Since I am not an expert on these issues I thought I would come here.  Does anyone have any information on whether that information indeed exists and, if so, how to obtain that information.

Thanks,
karislove
0
karislove
Asked:
karislove
  • 9
  • 4
  • 3
  • +2
1 Solution
 
ecarboneCommented:
Some of the large ISPs (Windstream, Comcast, Verizon) may collect information within their legal limits, but they only use it for their own BI. Highly unlikely that they would give you this data - even if they WERE recording it.

Smaller ISPs (like host.net) offer this as a paid service (just like managed firewall or managed router service). You would have had to sign a contract for this service, and there is a monthly fee.

It doesn't help you now, but in my opinion your best bet is to install something internally.

There are appliances you can purchase (Cisco, SonicWALL, etc) or there are software solutions you can install on your network (Untangle, GFI WebMonitor)

Final thoughts - I supposed your company would also have to update their employee policy to let everyone know that this type of monitoring is in effect. Not sure what the privacy laws are, but there are solutions for monitoring and filtering content within an organization.
1
 
karisloveAuthor Commented:
ecarbone,

Thanks for the reply.  I appreciate you taking the time.  I would like to accept your answer but it doesn't sound like you are speaking from first hand experience.  Do you have experience in dealing with this matter directly?  Can that nut be cracked with a court order?  I understand that law enforcement can compel this information.  However, that is just what I think I know.

Also, your advice is good advice.  I gave my client the same speech a while ago.
0
 
ecarboneCommented:
I have never called a major ISP to demand that they give me data which I cannot even prove they have. So you're correct in your assumption. You'd have to consult with an attorney.

As I mentioned, my advice doesn't help you now, but for this type of situation going forward I recommend putting something in place, internally.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
ecarboneCommented:
One other thing to consider - most likely all of the computers on your internal network are going out through the same 'pipe' to the Internet, through the same IP Address. So EVEN IF they were monitoring such information, how would they know WHICH computer it came from and furthermore, how would they even be able to prove it was a specific person on that specific computer at that specific time? The information you're looking for seems very granular, and I am sure any information your ISP had, would be at a 10,000 foot view.
0
 
karisloveAuthor Commented:
ecarbone,

This location only has one computer that connects to the Windstream router.  The high level view would be fine.

Thanks
0
 
ecarboneCommented:
Still no way to prove that person was on that computer though, right? I'm just offering my non-attorney opinion.  ;-)     I think your best bet is to consult with an attorney.
0
 
karisloveAuthor Commented:
ecarbone,

Oddly enough there is video of the time in question so placing the employee at the computer is rather easy.  Sadly, at least for this specific instance, the camera was not pointed at the screen.  

Consulting an attorney could be the next step.  I was hoping that someone would be able to help me avoid that.

Thanks,
karislove
0
 
AntzsInfrastructure ServicesCommented:
Instead of getting it from the ISP, which I think is a dead end anyway.

Is there anything left on the PC itself?  Even though it has been deleted, it may be worth recovering depending on how important the case is.

Browsing history maybe?
0
 
nickg5Commented:
I can tell you that a local computer shop that builds systems and is involved in computers related to local authorities told me that the user (in this case your employee) can delete browsing history all day long.
But it will always be retrievable from the hard drive unless the hard drive is literally taken apart and destroyed.
So if it is a serious security issue and you do not mind buying a new system or new hard drive, then remove the hard drive and based on what I was told the data is there.

Lawyer? Why not confront the person, re-install a good camera and tell them that if they do not reveal their browsing history, then they will lose their job and you will take the computer to the police internet department.

They might give you what you want and then resign to keep from having a firing on their record.
0
 
karisloveAuthor Commented:
Anthony,

PC is a dead end.  The PC was upgraded to W10 and reset with the clean wipe feature before the issue was detected.

Thanks,
karislove
0
 
karisloveAuthor Commented:
nickg5,

The employee had already been terminated for other reasons before this issue came to light.

Thanks,
karislove
0
 
BillDLCommented:
karislove

You said:
"The PC was upgraded to W10 and reset with the clean wipe feature before the issue was detected"

I assume that you are referring to the Windows 10 upgrade where you choose not to retain any files.  This may or may not be a complete "wipe" as offered by utilities that are designed to "nuke" all data on a hard drive.  It is more likely to be a simple format or even just a file deletion, but I cannot say this with certainty.

You probably already know this, but when files are deleted from a hard drive they are not actually removed.  The areas on the drive where they existed as chunks are only marked as free to be re-used, and the files are no longer visible.  There are some great file recovery applications that are able to recover deleted files from hard drives, and some can even recover data from drives that have been formatted (not securely "wiped" though).

The main rule for file recovery is to immediately stop using the computer that is to be examined, because even normal use creates new files that may overwrite the data that you want to try and recover.  The other rule is that a data recovery application should be run from another computer to which the affected drive as been temporarily connected, or use a bootable CD that runs the application from its own operating system that does not write files to the computer's hard drive.

I have used GetDataBack (https://www.runtime.org/data-recovery-software.htm) for many years with good results.  It is free to run and determine what has been recovered, but to copy the files out to another storage medium you need to buy a licence.  They offer a bootable Linux CD (https://www.runtime.org/data-recovery-live-cd.htm), but under the same conditions as the installable software.

The problem with "undelete" programs and other data recovery applications is that they recover so many files that it is extremely time consuming to try and sift through them all looking for relevant ones.  Depending on the browser and how it stores its history, you may also need additional tools to analyse the data for evidence.

If this is of sufficient importance that you would be willing to spend what could amount to a fair amount of money (and possibly little or no proof in the end), I would recommend that you hand the PC over to a fully qualified Forensics Data Analyst.  An expert follows procedures that retain file time and date stamps, whereas casual users can ruin these essential elements of proof while tinkering.
0
 
karisloveAuthor Commented:
BillDL,

W10 has a clean wipe reset feature.  This is not an upgrade feature.  It cleans\wipes the drive and reloads a clean copy of the OS.  This is not a simple delete operation or reformat operation.

The PC has been taken offline for the time being.  Although, it is currently being classified as a long shot last option source of information.

My guess is it will boil down to a question of whether recovery will be < or > the loss.  Explains the attempt to get the data from the ISP.

Otherwise, good tutorial on the drawbacks of "delete".

Thanks,
karislove
0
 
karisloveAuthor Commented:
Thanks for the assist.  Other conversations have led to the conclusion that the Windstream tech was not correct.  If the other conversations are to be believed, Windstream does record and retain this information.  However, it is only available to law enforcement or the courts with a court order.  It is not available to the customer.  It is in the hands of the attorneys and accountants now.

Happy computing,
karislove
0
 
BillDLCommented:
From what I understand the Win10 "wipe > reset" feature has 2 options that do as follows:

1. Just Remove My Files = Quick Format i.e. data still available for recovery using a simple "undelete".
2. Fully Clean The Drive behaves differently for encrypted and unencrypted drives:
    (a) Encrypted = Quick Format.  The info necessary to decrypt the disk is unavailable so data is effectively lost.
    (b) Unencrypted = Full Format writing zeros to every sector.  Same as    format c:\ /P:0    command.

From what you have described, you chose the "Fully clean my drive" option, in which case recoverying anything from the drive is more than a long shot.
0
 
karisloveAuthor Commented:
BillDL,

Yup.  I pretty much put it aside just to make others feel better.  I don't think it is even possible (NSA magic excepted) to recover anything after that.

Hope is a crazy thing in corporate decision making.  That is how accountants earn their keep.  They rip hope to shreds with dollar signs and keep hopeful people from making expensive stupid decisions.

Thanks,
karislove
0
 
BillDLCommented:
Clearly the company I work for does not have a very competent accountant, because a lot of expensive decisions have been put into the hands of some incredibly stupid people over the past few months :-(
0
 
karisloveAuthor Commented:
BillDL,

I feel your pain.  If I had the money spent on every project that was able to be clearly and concisely defined, in advance, as "stupid" I would be a very wealthy man.

However, I probably wouldn't be here on a Saturday typing weekend rants to you.  I would be relaxing in a hammock somewhere with cool breezes.

So, not all bad then...

Thanks,
karislove
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 9
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now