[snowwrestler]

It's a shame you're getting downvoted because you are correct. The dramatic acceleration of TLS adoption means that your ISP is getting less and less info about their customers' behaviors.

But if your browser has ever logged into something like Facebook or Google, then any site with embedded content will be sending info about your behavior back to them. A LOT of sites carry pixels from those companies, but anything can do it: an embedded tweet, a YouTube player, a "like" button, etc. This is on top of the info they collect from your direct interactions with them.

[bretpiatt]

He's not correct which is why he's being downvoted. As TLS rolls out further I suspect you'll see more ISPs move from firewall/router devices being deployed with their service to an edge proxy under the guise of additional security, "our new routers terminate all connections before they reach your computer directly allowing us to block malware and other dangerous packets" -- while that statement is 100% true what it doesn't say which is also true is "...and allows us to see all of the information on all of your sessions and process that per the terms of our privacy policy".

[908087]

Your argument is that I'm wrong because of some theoretical situation which hasn't happened, and would be near impossible for ISPs to implement without massive backlash from pretty much the entire internet/world?

[tedunangst]

Which browsers are going to trust an ISP signing cert?

[bretpiatt]

As the ISP I'd pop up a reply asking you to load my certificate into your browser, example for Chrome: https://support.google.com/chrome/a/answer/3505249?hl=en

With a notice informing you if you refuse you won't get the malware blocking and scanning services to protect you. Depending on the laws the ISP may require you to accept the certificate in order to pass TLS traffic.