What Is Deep Packet Inspection?

“But what is Deep Packet Inspection?,” you might ask. Well, we aim to offer a comprehensive but straightforward answer to that question in this article, as well as showing you how to combat it.

While DPI might seem harmless, it can actually have a very negative impact on your online privacy.

How Does Deep Packet Inspection Work?

DPI is normally performed at a firewall level, specifically at the 7th layer of the Open Systems Interconnection – the Application Layer. The method evaluates the contents of any data packet that goes through a checkpoint.

The way DPI evaluates the contents of data packets is based on rules established by the network administrator. DPI performs the evaluation in real-time, and it can tell where (which application or service, to be precise) the data packets came from. Filters can also be established to have DPI redirect traffic from online services (like Facebook, for example).

DPI in Different Countries

ISPs have long been able to track and record your every move online. Also, they can and will block users from accessing specific sites. This practice is commonly used by certain countries that have imposed bans on Internet content. The US, Russia, North Korea, China, Iran, and other countries use DPI to block access to websites for censorship purposes and to monitor their citizens.

For instance, the Chinese government is using Deep Packet Inspection to censor content that’s deemed “harmful” to Chinese citizens and state interests. For this purpose, Chinese ISPs use DPI to track certain keywords going through their networks, restricting connections if such information is found.

Another example is the USA’s National Security Agency which is using DPI for Internet traffic surveillance. Also, the Iranian Government’s allegedly uses DPI to gather info on individuals and block communications.

How Do ISPs Use Deep Packet Inspection?

One of the main ways ISPs use DPI is to look for P2P content – especially in countries where torrenting is not exactly legal. When they find P2P content, they will either slow down the user’s download speeds (best case scenario), or they will hand over the user’s data to the authorities and copyright agencies (resulting in DMCA notices, huge fines, or even prison time for the user).

Besides that, ISPs can rely on DPI if they need to block access to a certain websites. Normally, they do this to comply with government and potentially copyright regulations regarding content.

ISPs can also use DPI to snoop on user connections, and compile comprehensive profiles based on their online activities and preferences, which they might then sell to third-party advertisers. It’s the kind of thing that can legally happen in the US, and behind the scenes in other countries.

Lastly, it is also possible for your ISP to use DPI for bandwidth throttling. Because DPI gives them so much insight into what you do online and what you download, they can potentially slow down your speeds if they consider you use “too much data” for a certain activity – like online gaming, online streaming, or downloading files (like we mentioned above when we talked about torrenting).

How Does DPI Affect You?

Since all the info you send and receive online is compiled into small packets of data which are then scanned and analyzed by your ISP, it’s pretty clear that DPI is a huge breach of your privacy.

Basically, if DPI goes unchecked and you choose to ignore it, here’s what might happen:

• You might start getting tons of personalized, intrusive ads if your ISP has been sharing DPI data with advertisers.
• You might get in legal trouble for downloading torrents if you live in a country where it’s a legal issue.
• Your connection speeds might be intentionally slowed down as a way to “convince” you to pay for a pricier subscription or a more expensive data plan.
• You’ll have to live the rest of your life knowing that everything you do online is never private – there will always be someone snooping on your browsing habits and conversations.
• You might not be able to access certain websites if your ISP is forced to use DPI to block them.

How to Prevent Deep Packet Inspection?

While the situation seems bleak, there is something you can do to fight back – especially against ISP DPI. Basically, you need to encrypt your online connections to make sure nobody – not even your ISP – can read them.

“How Do I Encrypt My Online Connections?”

You essentially have 2 options:

1. Use Tor
2. Use a VPN

Tor (The Onion Router) is an anonymity network that redirects your online traffic through a large network of relays in an effort to enhance its privacy. While Tor can be pretty useful, there’s one big problem – it doesn’t encrypt your connections 100%. There’s no encryption used when the connection passes through the exit relay (the last relay before the connection reaches its destination), so whoever runs the exit relay can see your traffic and data.

A VPN (Virtual Private Network), on the other hand, is a much better option because it uses powerful encryption to secure the connection between your device and the VPN server. If your ISP uses DPI, they won’t be able to see what you’re doing online. At most, they might manage to see the VPN server’s IP or that your traffic is encrypted, but that’s pretty much it.

Plus, if the VPN provider allows it, you might get to use the OpenVPN protocol which DPI has a harder time detecting – not to mention it can use the port 443 which your ISP can’t really block because it’s the same one that’s used by HTTPS, meaning it’s vital for things like online shopping and banking.

Of course, you’ll have to make sure you choose a reliable VPN provider – preferably one that doesn’t log your data. That’s not just important to protect your personal information – a no-log policy also means a VPN provider doesn’t use DPI on its users.

And while free VPNs might sound appealing, the reality is that they’re extremely dangerous.

Conclusion

While Deep Packet Inspection might have some understandable security uses (especially in an office setting), it can be extremely harmful for the Internet privacy of all online users when enforced by ISPs.

Basically, DPI lets your ISP know everything you do online – what websites you visit, what files you download, who you talk to, and so on. To protect your privacy, you need to encrypt your online traffic. And the best way to do that is using a VPN (maybe alongside Tor for an extra layer of security).