How much data of a user get recorded by service providers?

eziowareziowar Member Posts: 3 ■■□□□□□□□□
edited October 2022 in Cybersecurity
If someone from India has optical fiber connection internet for windows10 PC and mobile phone 4g network provider’s internet for android cell phone using 4g sim card, now sometimes he uses PC’s OFC internet in mobile and mobile’s 4g internet in PC using wifi hotspot and both PC and mobile phone’s internet/network service provider companies are different but constant, and he uses and as DNS server instead of ISP’s dns server for PC, and he saves all login credential on Edge browser on both PC and cell phone and two devices’ browsers are synced and he uses autofill during login in a website on Edge browser,  then -

1)- Does/can ISP store all his browsing history ? also can/does ISP see/know what he’s doing inside a specific website like what he’s searching on google and which file he is storing in google drive, which files he is downloading, like can they know the stored/downloaded file’s name and content inside? Can/do they see His login credentials for a website? If they can then for how long do they keep the data stored before erasing completely? Does law allow them to do that and does law allow police to get those data from ISP and how much police can ask for?

2)- Does/can network service provider of a cell phone record all the voice calls/messages/whats app chats of a user? If so then for how long do they keep the data stored before erasing completely? Does law allow them to do that and does law allow police to get those data from ISP and how much police can ask for?

N.B. During the occurrence of all those above said events the user had no police case against him and Police was not trying to do anything at all against/about him and police did not even know his existence at all as he doesn’t have any criminal record in the past at all. But only days later of those events for the first time in his life police may start to try to acquire those above said datas which occurred in the past.

N.B. Please don't remove my post because of the off topic part about law, please answer only about the tech part if the law part can’t be answered here. Sorry for many questions at the same time, but those are so tightly related that I could not find a way to ask them separately.


  • Options
    TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    edited October 2022
    I can't say for India, but tracking every users activity, down to every thing they type would take an insane amount of storage to retain it for any length of time. One estimate in 2018 that 2.5 quintillion bytes of data was generated a day globally. Assuming you contracted Amazon to store the data for you, at .21 cents per gigabyte, that gives you 525 million dollar storage bill per month. So storing every day that month, for a month of data storage, that equal 15.75 billion dollars a month, 12 months in a year, your bill comes out to 1.2 trillion dollars, will that be cash or check? 

    So no, there no way to store every byte of data send, the volume of data exceeds most countries national budgets, of course this figure is globally, any counties given share of the data would exceed there ability to pay for it, assuming its possible to store it all. I would think most cell phone providers have some SMS data they can get history from, but calls wouldn't be recorded, unless there was a reason to do so, and it was have to be arranged in advance. The sheer volume to data would make any type of SMS data retrieval limited to maybe months at best, not that they wouldn't want to store every text, but it be too expensive to do so, in the off chance the government would want to see what one particular user was up to.

    Whats up and Kik provide end to end encryption, so yes you can store all the data between users, but you couldn't read it, not without a man in the middle attack. Google does scan the data they host, I assume amazon does as too. I had a SANS instructor that stored some malware samples on a google drop box and when google scans detected them, they deleted his entire drive. I also recall a case where police was alerted when child **** was detected on a users drop box drive.  So the lesson here is if your going to store data on a 3rd party hosting app, encrypt it first.

    Now I don't think most people would be outraged that someone dabbling in Child ****  was caught this way, but the question becomes what else they scanning for? They seeing what your passwords are for your online banking, what you bit coin encryption keys are, your private key for PGP emails? In the case above this was all done without a warrant, so once they have your unencrypted data, you pretty much are giving them a free pass to do what every they want with it.   
    Still searching for the corner in a round room.
Sign In or Register to comment.