Can my landlord see my internet history?

Hi all,

I’m pretty clueless as far as internet security goes, but I’m wanting to know in what situations my landlord could see my internet history.

Currently I’m in a ~60 unit complex owned by a larger company. The internet is included in rent, but I set up my own service on their “bulk account”. How difficult would it be for them to see any of my history? Do they actually care?

A place I’m looking at is similar in size and ownership strategy, though this one actually has an on-property manager. They’re pre-wired, but internet is not included in the bill. I’d assume that gives me somewhat more protection from my landlord snooping?

What can I do to prevent them from seeing any “my landlord sucks” and “what exactly IS the fire code” posts?

They can see:

What website you are talking to e.g. pornhub.com

They cannot see, if using HTTPS:

What content you are viewing on that website - e.g. step sister or whatever

But they could technically see that if you use HTTP

If you use a VPN they will see only which VPN server you are talking to, but only if you also use HTTPS or IPSEC to encrypt the data. VPNs tend to use IPSEC and most websites default to HTTPS.

VPN is good in either case but probably required in the first situation.

Your ISP is if anything more willing/likely to spy on you given the chance, although I don’t know what they’d do with that information. Try to send you ads in the mail? Into the trash it goes, I guess. Your landlord on the other hand is inherently vindictive just by nature of being a landlord.

HTTPS will protect your interactions over the web- So they can see www.reddit.com/, but not r/privacy/comments/…, but obviously not traffic data as that’s required for routing. A VPN will protect this part, too.

You could use sites that are https vs http. You could set you dns to any of a number of dns severs instead of the one provided. You could use duck duck go. So many ways to reduce the chance other watching you.

If you’re posting on Facebook or something and it’s not public view, they won’t see it. The most they can see is what site, but not what you’re doing.

They absolutely can.

Or use the Tor browser

He cannot, unless if he installed a wire tap but then he would be breaking the law.

FYI: any evidence gathered illegally will be thrown out in a court of law.

Everything can be seen in our new metaverse

Just use the brave browser on private

You are using the landlords service, chances are he can see all, as well as your hacker neighbors they see all as well. Use a VPN.

The first question about security is nicely answered, so this is about the 2nd one about seeing your posts :
Whatever technical measures you will put in place will not prevent your landlord from seeing your posts, if you have enough bits and pieces of info that will identify the property then the landlord could figure out who is posting

This man is answering the questions others are afraid to even ask

They can see

What website you’re going to (e.g. pornhub.con)

They cannot see, if using HTTPS

I wish this was true but alas, it is not.

As the Internet functions today for the vast majority of sites and users, it’s just as easy to determine what site an HTTPS request is going to as it is with HTTP. That’s not an exaggeration, it can be done trivially and passively with a basic traffic sniffer

With HTPS the way it is currently configured on the majority of sites, the content of the request/response is protected- as well as the most specific of the request metadata (the URL path) but the DNS name (e.g. www.pornhub.com, or whatever,) is not

There are roughly three ways to determine what site an HTTPS request is for, though in practice the third is the most reliable and precise since the first two are not always available and/or won’t always reveal the exact FQDN. Depending on the server configuration, the second method may only reveal the domain (e.g. pornhub.com) but not the FQDN (e.g. grannies.pornhub.com)

Those limitations with the first two methods are a result of local DNS caching (when using #1, the DNS leak) and wildcard certificates (when using #2, the TLS certificate DNS SAN leak)

The three ways to get this data:

1. DNS queries. A DNS query is made immediately before the browser knows what IP address to connect to (plaintext, from client to DNS server and DNS server to client)
2. The DNS SAN values in the certificate, which are required by modern browsers if you don’t want users to get an giant untrusted site warning page. For browsers to trust a site, the site’s certificate must contain (at least) the DNS name of the site being requested by the browser (plaintext, flowing from HTTPS server to browser)
3. The most precise and common method uses the Server Name Indication (SNI) extension value, which all modern browsers send. It is sent even if the server/load-balancer isn’t actually using SNI for anything (plaintext, from browser to HTTPS server)

Unfortunately, the SNI issue will remain an issue until servers are configured to support TLS1.3 and Encrypted SNI (ESNI) in a default configuration

ESNI is new(ish), only supported in TLS1.3. TLS1.3 is becoming common but is still not universally adopted. ESNI is rare

Cloudflare is raising awareness and aggressively pushing ESNI adoption but it’s not likely to be used by all major sites for quite a while. That said, I haven’t checked the specific exemple (pornhub.com)

What are your options if you want to have privacy from your router/gateway and ISP? Aside from waiting for ESNI?

1. Use a VPN to mitigate the issues entirely, but be aware that the VPN provider will be able to snoop on you in the same way. It’s a tradeoff
2. Use DNS over HTTPS or another DNS tunneling mechanism to mitigate the DNS leak but be aware that this is an incomplete (if not pointless) solution since it does nothing to mitigate the SNI and certificate SAN leak

I’m always a bit surprised at the misconception that HTTPS offers privacy for anything other than the content of the request. TLS up to 1.2 didn’t even consider the metadata a privacy concern. The same is true of DNS, except DNS is worse and didn’t even concern itself with the integrity of the request/response- meaning it can be tampered with while in flight, not just exposed

EDIT: fix words and sentences, fixed baffling double post (oops!)

EDIT #2: I just reinterpreted your (confusing) phrasing and layout and am not sure you’re saying what I thought you were saying. If you aren’t, I’ll still leave this here as a potential resource for others not familiar with the issue

Then the vpn will see all your internet traffic. That’s just moving goal posts.

You could get a vpn

But a VPN will put all your traffic under one tunnel, if you’re signed into anything tagged to your real name you’re tainting all that traffic

Edit: edit.

I have my own router and modem. Is that enough to prevent them from seeing?

If the landlord controls the router they can see any traffic over their network.

This is nonsense. Virtually all connections are SSL or otherwise encrypted. Assuming full control of the router, an adversary can see (1) DNS requests (eg what domains a web browser is visiting or loading javascript or other resources from) and (2) what domains someone is communicating with. Nothing else.

If the landlord is monitoring network traffic they would still see the content of standard DNS queries, so they could tell what websites are being visited. This is an insufficient answer.

The question is why would they want to and are they even allowed to? Unless you are doing something illegal, it doesn’t make sense that they would be allowed to just snoop anyones history