[laveur]

When I bought my fist house a few years ago here in the Bay. Comcast tried to give me one of their new routers wifi and everything built in. I let them but I wasn't happy. I hooked up my own router and ended up double natting it. After a few hours of frustration I went out bought my own cable modem. Installed that and returned the one comcast had provided. When asked why I sighted security and privacy concerns. Working for a fortune 500 means they could easily do some sneaking and see a lot of stuff that I worked on. Either way I use Ubiquity hardware throughout my house. Its a bit expensive but god is it good.

[notyourday]

I had one of those icky things from a cable company. It is not possible to get rid of it. So the thing is sitting inside a home made Faraday cage with a Linux box acting as a router/firewall.

[EADGBE]

Does not using their own routers make ISP traffic sniffing that much harder?

I'd assume if you're using their pipes, they can see what goes through it, regardless.

Genuinely intrigued in this.

[etskinner]

End-to-end encryption like SSL (https) is meant to limit the middle man's ability to 'see everything'. Instead of seeing the details of your Google search, all they see is that you accessed Google at [x] time, and exchanged [y] amount of data.

This is why there is such a push for end to end encryption on web traffic, chat apps, etc.

[Scottn1]

ISP can very easily see what you searched for even with SSL. SSL encrypts the TRAFFIC so they can't see the content of the webpages, But your search terms are right there naked in the URL even though it is https secured. This is unfortunately the case for Google, Bing and even DuckDuckGo. Try it and you can see for yourself.

At least DDG offers in their options to scramble the URL but one has to know about that feature AND enable it. It is in their settings under Privacy and you have to turn OFF GET (2nd option). https://duckduckgo.com/settings#

[tombrossman]

> But your search terms are right there naked in the URL even though it is https secured

You are correct that the terms are in the URL, however only the browser and endpoint can see them. All your ISP sees is that you accessed example.com, and not example.com/search-terms-here. The TLS handshake is for the domain only, then encryption kicks in, then everything after is encrypted.

Your ISP cannot see what you are searching for, they can only see which sites you use for search.

[pritambaral]

URLs are not sent in plaintext under HTTPS. Only the hostname is, and only for SNI.

[dsr_]

Using their CPE routers implies (but does not guarantee) that you are using them for NAT and firewalling, and thus the ISP has a device inside your security perimeter.