How can mom monitor my internet history from a distance?

Question

This might sound like a funny question from a twelve-year-old. The less funny part is that I am 21 and currently studying at university (I don't live at University, although I am 15 minutes away. I do not use university network). You might or mightn't believe me, but I have more than enough information to know surefire that both Mom and the university are spying on me from a distance.

I know this sounds really paranoid, but let's not discuss it and instead assume that what I say is true. I am wondering in what ways it could be possible, and how I could counter it. Some information about my situation:

• Mom pays for the internet.

• Mom lives about 500 miles away.

• Mom comes every week-end, but cannot physically access my computer (I am always at home, I would know if she did)

• Mom is incredibly computer-illiterate, but I believe she gets help from people at my uni, as I am sure some of them know more than they should about me.

My first thoughts were:

• My ISP: she might be calling my (her ...) ISP for internet history. I don't know if it is common practice, but it is theoretically plausible. After all, they can monitor my internet traffic, and since mom pays for the internet, she has legal rights to access history.
  I don't really know if there is a way to counter it. Would using Tor work against it?

• Wi-Fi and neighbors: she might have gotten the Wi-Fi key and sent it to neighbors, relaying information to her. However, I rarely, if ever, use Wi-Fi. I am directly connected by cable. It is on though, so I don't know if they can still access my computer.
  If that's the case, can I just disable Wi-Fi and just use cable internet? Is there another way to counter it?

• (Unlikely, but still): a trojan has been installed on my computer. However, Kaspersky doesn't tell me that anything is wrong. So I can't do anything about it if I don't find it. That probably won't happen because it most likely doesn't exist, and if it does, it is definitely well-hidden.

Would Tor solve this problem? Is it all I need? I'd really like to find an alternative solution, since using it for a long time would make me become suspicious even to the eyes of people other than mom.

---

@Matthew Peters: By spying, I mean virtually everything I look up. I don't download much. For example, she might know what youtube videos I watch, or what Wikipedia article I read, basically anything, whether HTTPS or not.

Answer 1

Be careful about assuming too much. You say that you know "surefire" that your university is spying on you, but your only evidence is that your mom is computer illiterate and you're "sure some of them know more than they should" about you (WARNING - this is a red flag for those of us not in your situation, you do indeed sound extremely paranoid).

If you don't use the university network (which seems unusual when you're on campus with your computer, but I'll take it as given), then your university has no interest in your browsing history, full stop. If someone there in some way helped her get access to your activity, they could go to jail.

You wonder if your mom has conscripted your neighbors into her spying scheme (another red flag). Unless your neighbors are the absolute pinnacle of unscrupulous busybodies, they have no interest in your browsing history - they could also go to jail.

Very few people could legally help your mother to spy on you, and no one is interested in breaking the law to spy on you.

The ISP could theoretically provide her some of your browsing history:

• If they offer some sort of network monitoring service for child safety, then they would provide her whatever they offered to provide her, but it's highly unlikely that such a service actually keeps records, and more likely that it is meant to just block content - if you're not being blocked, such a system wouldn't care what you're doing.
• If you fall afoul of the DMCA by downloading copyrighted content and the copyright holder both discovers you and sends a notice to your ISP, that notice would be forwarded to your mother as the ISP account holder.

... ISPs are big, they have a lot of customers, and storing browsing history takes up a lot of space they for information they don't want to be legally liable for (e.g. if they record browsing history, they can be subpoena'd for it), so it's unlikely that they could provide this information to your mother.

That's assumption 1.

You then say that she knows what you browse whether you access it over HTTPS or not. This categorically rules out any sort of "from a distance" spying - once your request leaves your browser, no one knows what that request is until it reaches the server it's going to.

What this means practically is that if you use HTTPS URLs, someone (theoretically) could know that you went to YouTube, but they couldn't know what you watched. They could know you went to Wikipedia, but not which articles you read.

If someone is capable of breaking HTTPS encryption, that person has far more lucrative opportunities than helping mothers spy on their sons.

Even if you're mistaken and only HTTP URLs are affected, it still requires someone to basically perform an illegal wiretap to access that information because, as we've determined above, no one who has direct access to your browsing history is interested in keeping it or showing it to anyone.

Which leaves us with what is by far the most likely scenario: There are oodles and oodles of spyware programs out there that have varying degrees of legitimacy - as others have said, many are marketed as tools to give parents just this level of access. Your mother could have found such a tool by typing full sentences into Google easily enough, and they're probably one-click installers just for people like her. Have you confirmed that there is no hardware device like a keylogger installed on your machine? All of these methods get at your history the moment it's created, before it has a chance to be encrypted or go over the wire. They are also the most legally defensible ways for someone to view your browsing history.

A big honorable mention goes to the person in the other answer or comment that suggested that if you have a browser profile logged in on a computer that your mother has at her house, then she can view your ongoing internet history as if it were her own. Simplest fix would be to browse in in-cognito mode (or equivalent for your browser if not Chrome), it won't record your history.

As for what to do about all of this, I'm going to go the tough love route:

1. Talk to your mother. Tell her to back off, or if she won't tell her she's welcome to view your history but it won't change what you look at. You're a big boy, act like it.
2. Pay for your own ISP. As I've stated I don't believe this avenue is being exploited to see your information, but if she's paying for your service and using that as a justification to spy on you, then it's time to take the next step to separate yourself from reliance on her.
3. Reformat your computer. If there's any concern that something is installed that you can't find, just backup your important documents, erase the thing and start over. Don't put a bandaid on a bullet hole by using ways to hide your traffic from spyware.
4. This one I'm just throwing out there to see if it sticks, if it doesn't describe your scenario then sorry, I'm mostly keying in on the above mentioned red flags: if you're off your meds, get back on them.

Answer 2

This sounds like it would mostly likely be some kind of Internet monitoring software (a.k.a legal spyware) installed on your computer when you set it up. Some ISPs provide this kind of service either network blocking or device monitoring (e..g this article from the UK).

From the statement that they can view HTTPS connections, we can rule out just standard traffic sniffing as they wouldn't be able to intercept the content of HTTPS connections without having installed a root certificate on your computer.

So a first question would be, did you install any software on your computer when you setup the connection? Can you uninstall it (bearing in mind that it may cause your access to be blocked, depending on how the system is configured)

Assuming that as part of your connection you got a WiFi network, you could try with another device (e.g. cheap tablet, phone) and see whether a) it works and b) your mother is aware of surfing that goes on there. For example you could go watch this classic a couple of hundred times on that device and see if she mentions it.

If you don't have access to another device a second option would be to boot your computer into an alternate operating system off a USB key. that's a pretty cheap approach, and should avoid most spyware software. something like xubuntu should be light enough to run reasonably from USB.

Answer 3

One possibility that I came across by accident:

Google (and possibly other search engines), keep track of what you search for, if you are logged in.

Anyone with (access to) your login name and password can access your search history. This includes any computer you logged in to Google on (e.g. if you accessed your Gmail from your mother's computer). I do computer support for my parents, and left myself logged in to Gmail - and suddenly started getting other things in my search history (thankfully, it was about cycling tours, not anything I'd need therapy for ;)

If you think this may be the case, go to Gmail, log in, go to the bottom of the page, and look for "last account activity in...." click on the link and "sign out of all other web sessions". Change your password.

Answer 4

Sorry if I'm stating the obvious, but:

• Why don't you ask your mother how she's doing it?
• Or someone at the uni, if your mom is not cooperative?
• Or, if you receive support from a social worker, ask him/her?
• Or, if all the above fails, a sufficiently trusted computer-literate friend who can gain access to your computer (if the monitoring is device-based) or network (if network-based).

This is a very specific question which only someone with first-hand knowledge of the situation can answer reliably. Asking "how can X remotely monitor my internet history" is not the same as asking "how can a person remotely monitor someone else's internet history", which anyone could discuss.

By the way, you may be aware that interception of your electronic communications may only be carried out by a public authority and only under the cases specifically contemplated by the law (Loi n° 91-646 du 10 juillet). So if you are quite sure that you are being monitored, better clear that up with all the parties concerned before they dig themselves in too deep a hole.

Answer 5

Was your computer supplied by the university, or using a university OS image, or custom network access software? You mentioned you're not using the university network, however if you have their network monitoring software installed, then they still could see your history.

It's unlikely to be your ISP. They don't typically have the resources, or inclination to monitor your network traffic.

Do you by any chance use a Chrome profile on your computer that you've also used on your mum's computer? If so, could you have left it signed in? Is it possible your mum might have guessed your Google password?

I'm curious about how you're certain you're mum can check your history? If she said something like "I know you've been accessing porn", then she's just having an educated guess ;-)

If you have any concerns about the security of your wifi, then change the passphrase and ssid.

Answer 6

First thought that came into my mind is shared browser user, maybe you have used computer at home with your account, and then did not sign out? For example, if you use Chrome, all your browser history is being synced between all of your devices, including your moms computer.

You could use a different browser, and some kind of VPN to ensure that your traffic is not seen for ISP.

Answer 7

You could use Tor, or maybe simply a VPN, for no more time than necessary to find out if she still knows what you've been browsing. If positive, you have determined that your computer is compromised. Now:

• Make sure there are no weird pieces attached to it (there are hardware keyloggers).
• Format your hard drive and do a clean install of the operating system and your usual software.
• Don't ever let anyone have unrestricted, unsupervised (yes, it's unsupervised if you're drunk - just saying) access to your computer/user account/administrative privileges. Since you say your mom is computer-illiterate, and she doesn't have access to your PC, it's possible that someone you trust (a close friend to you, anyone really) is helping her. (¹)
• You may also consider using Full Disk Encryption, like BitLocker on Windows or Truecrypt (cross-platform) or any other.

But, before you do that...

If you feel brave enough, go to a lan-house or someone else's computer, download a HIPS/firewall combo to a flash drive and learn how to use it; then install it on your computer, set it's alert level to maximum and watch out for anything suspicious, like direct access to key strokes.
Don't trust Kaspersky (or any Antivirus suite, for that matter) on detecting unknown or custom-made invasions, since they are usually ineffective on this case. Anyone who knows how to use a C compiler can grab some source code from the internet which will result in a "undetectable" keylogger (to antivirus, that is).

(1) I know what it's like to have paranoid / overprotective guardians. Also I've been in a situation in which I could be this guy who betrays someone else's trust in order to bring "peace of mind" to his mother. So my final comments on this issue are: If you actually find out who is helping her get unauthorized access to your stuff, they can face time in prison. In most places I know it's also illegal even if it's your mother who's doing it, and you could sue her, even if she pays for your internet bill, but that's another story altogether.
Finally, assuming you can actually provide compelling evidence you're being eavesdropped, you may get help from the autorithies. This is very serious.

Answer 8

Others have mentioned shared profiles, known passwords, and google history, and the ways to resolve those.

But even more likely is: what do you get if you google your name, plus the word "youtube"? Do you get the videos she mentioned, because those are the ones you have commented on using your account?

That is to say - perhaps she is not spying on you, just stalking you?

Answer 9

She pays for your internet. Many providers offer plans "for kids" with parental control, including full reports of visited resources. Using those is the easiest and most obvious option for computer-illiterate person.

Changing PC or other hardware won't help of course as long as you use same internet access. If your PC is free of non-standard security certificates, any tunnel (e.g. VPN, Tor) leading outside of boundaries of your ISP's network will work.

If you don't care that she will know hosts that you visit and only want to keep final paths hidden, just making sure that you use HTTPS everywhere would be enough too.

Answer 10

I say that you haven't given us enough information to identify how this is done. Your mother's lack of technical literacy may not matter much as long as she knows somebody (or knows somebody who knows somebody) who was willing to lend a hand getting a solution installed.

Perhaps, also, it's not your mother who is spying on you, but someone else (with more proximity) is closely spying on you, and is providing your mother with some summarized details. This idea is highly based on speculation, so I'm just throwing it out as a possibility to consider. Now, on with some more technical focus...

Most of the other answers seem to focus on the idea that network traffic is being monitored. That is one possibility. You could make changes on your computer, or even replace your entire computer, and the situation could continue.

There are other possibilities. Your keystrokes may be logged. (In that case, she may also have passwords.) With some "remote administration" software, a person may be able to see files on your hard drive, which could include a list of recently visited sites and/or cached files. In that case, you could even change Internet providers, and the situation could continue.

Without knowing more specific details about the situation, there is little possibility for us to provide confidence in a very specific fix. Even if you can find a piece of spying software on your computer, successfully removing that software might only remove part of a multi-component problem, so you may continue to be violated or at risk of easy re-implementation (if they can re-install the software at will, possibly more hidden the next time).

There are some general steps that you may be able to take. These might be like using a bazooka to kill a fly (overkill), or might actually be exactly what you need.

Your first step is to back up any data that you care about, because much of the rest of the process may be prone to erase lots of data.

Get into a trusted situation. That means taking care of the computer you use. That means using trusted hardware (mostly people trust hardware that they buy off the shelf; though there are some reports of such hardware being compromised, there may be no reasonable safer way to do it), and making sure your operating system disc is trusted. (Mainly, that means using either a commercial disc, or a disc that you wrote to using an image that you downloaded from a trusted site.)

Using network-privacy technologies like a VPN or Tor may help. However, you may need to set up passwords/etc. Don't bother doing that until you are on trusted hardware. Then, make sure that any new passwords (to a remote server) are communicated using encrypted protocols (e.g., HTTPS rather than HTTP).

Answer 11

If you want to be sure that you are safe, reinstall your operating system from a clean (stock) image. Then turn on 2-factor authetication for all possible services (Google, Facebook) and change all passwords (including your mailbox password).

Against network traffic spying you have to use VPN connection - it encrypts traffic from your computer to the VPN provider. For example Avast SecureLine.

Answer 12

The key here is your university. More than likely, the university intercepts all traffic on it's network and applies filtering (as well as logging). Thus your mother simply gets that info from them.

I would suggest using a VPN for your connection. Tor maybe over kill and isnt even the best solution for this case.

Note that in some cases the school may not allow VPN connections so you may need to do some fancier stuff or simply use a different network altogether.

Answer 13

I would almost disagree with Matthew. Not saying its impossible but to release that information would require more than just "Being a parent". We are talking about Warrants and Subpoenas to obtain that information given that she does not lease the Line for the university and you are older than 18.

My guess is something similar to a Trojan. She installed a software similar to K9 web protection, http://www1.k9webprotection.com/ , on your computer and thus can view the logged traffic. If added to the trusted applications on Kaspersky it would not view this as malicious.

I would be willing to bet performing a clean wipe and install of your computer might help solve this issue.

That being said, that seems like an overly bearing Mother, and you are well old enough to be considered an adult. This is a crime, regardless of relationship. I would ask your mom to cease and desist this action immediately, as a scare tactic. I realize you would not report your mom. Still the option is there.

Answer 14

Given the current information there are a lot of possibilities how this could happen. Try to eliminate a few.

Do you have a mobile device with a separate data plan that is not paid by your mom? If not you can get cheap prepaid ones for like 10$.

If you have a mobile data plan do all your surfing on your computer for some time over this mobile plan by setting up a mobile hotspot through your mobile device. If you mom still knows what sites you are surfing it might be a software on your computer.

If she doesn't know what sites you are surfing after this experiment it might be the ISP or the router.

Answer 15

It is taken as given that your mother is spying on you, and somebody might be helping. I will also take as a given that you don't want just the data you send to a site and what specific pages on that site you visit to be private. Please take note that what your mother and her helpers are doing is illegal and if you have proof, you should tell them (your mother and who ever else) to cease and desist. If that isn't an option for some reason here are some suggestions.

1. Use a VPN. VPN's allow you to access some other LAN (Local Area Network, think everything connected to your router), that you aren't physically connected to. If you have ever used a gaming service like Himachi you have used a VPN. There are various browser addons that you can use to hep make this process easier. Please note that this will be slower than a plain Internet connection and will cost money (generally about $10 a month, but varies quite a lot). Your VPN provider can also log what you do, so make sure you pick one with a good reputation that promises as much privacy as possible.
2. Use tor. Tor works like this, say you have a letter you want to send privately, the way tor would do this is by putting a letter inside of a letter inside of a letter and so on. You would then send the letter to the first person, they would open it, and then send the letter inside to the address on it. Every layer of this is encrypted over each other, so the only thing known by each node that forwards your letter is where it came from and where the next step is. If the data you're trying to send isn't encrypted (not https), the last step on the network (the exit node) can read what you're doing. Tor is free, but is also slow. This would be a great solution while you're doing things you want private, but might be inconvenient if you're doing something that requires a lot of bandwidth. https://www.torproject.org
3. Use Tails. Tails is a live usb drive that allows you to boot into another operating system with out affecting your computer. Tails uses tor and therefore has all the flaws it has, but the advantage is that if you suspect there is any kind of monitoring software on your computer tails would go completely around it (Keep in mind if there is a hardware keylogger or a bios infection tails won't go around that). This would probably have to be used while doing things that you want private, and would be inconvenient as a general purpose OS, but if you want to use it all the time, go for it. Tails also has a feature to store files in a secure, encrypted manner called "encrypted persistence." https://tails.boum.org

Some notes on these: depending upon where you live, using any of these might arouse suspicions by your ISP and government. Always remember to use your best judgment when it comes to this kind of stuff as if you live in certain places you can be arrested.