How Data Brokers Sell Access to the Backbone of the Internet – ISPs are quietly distributing ‘netflow’ data that can, among other things, trace traffic through VPNs

There’s something of an open secret in the cybersecurity world: internet service providers quietly give away detailed information about which computer is communicating with another to private businesses, which then sells access to that data to a range of third parties, according to multiple sources in the threat intelligence industry.

The information, known as netflow data, is a useful tool for digital investigators. They can use it to identify servers being used by hackers, or to follow data as it is stolen. But the sale of this information still makes some people nervous because they are concerned about whose hands it may fall into.

At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location.

See How Data Brokers Sell Access to the Backbone of the Internet

#technology #privacy #VPN #netflow

Image/photo

ISPs are quietly distributing "netflow" data that can, among other things, trace traffic through VPNs.