DPI(deep packet inspection) could also tap into people searches if set up just right.
Some ISP's use DNS redirection to force their customers to go to a 'ISP sanctioned' search engine, when the user mistypes a name for a website in their browser(also called a 'search helper', instead of DNS hijack). 'Sanctioned' meaning that the ISP gets paid by the search engine site, to force the customers away from Freedom of Choice(Freedom of Communication via Constitutional Rights).
https://www.eff.org/deeplinks/2011/07/widespread-search-hijacking-in-the-us
Earlier this year, two research papers reported the observation of strange phenomena in the Domain Name System (DNS) at several US ISPs. On these ISPs' networks, some or all traffic to major search engines, including Bing, Yahoo! and (sometimes) Google, is being directed to mysterious third party proxies.
These proxies collect the users' web searches and the corresponding search results, mostly forwarding them to and from the intended search engines. This allows Paxfire and/or the ISPs to directly monitor all searches made by the ISPs' customers and build up corresponding profiles, a process on which Paxfire holds a patent. It also puts Paxfire in a position to modify the underlying traffic if it decides to.
http://arstechnica.com/tech-policy/news/2011/08/small-isps-turn-to-malicious-dns-servers-to-make-extra-cash.ars
Nearly 2 percent of all US Internet users suffer from "malicious" domain name system (DNS) servers that don't properly turn website names like google.com into the IP addresses computers need to communicate on the 'Net. And, to make matters worse, the problem isn't caused by hackers or malware, but by the local ISPs people pay for access to the Internet.
Though the 2 percent number might sound low, it's astonishingly high for a core Internet function, as is clear from the fact that no other country—apart from Haiti—sees more than 0.17 percent malicious DNS servers. What has gone wrong in America?
According to researchers from Microsoft and from the Polytechnic Institute of NYU, the malicious DNS servers exist to make a little extra cash for Internet providers.
If you use FireFox, you can encrypt many of your search engine searches(on Google), as well as some websites that support encryption over the entire or part of the site. (Noting that with a slower internet connection, your speeds will slowdown, during encryption).
Encryption extension for firefox.
https://www.eff.org/https-everywhere
FireFox browser.
https://www.mozilla.org/
FireFox add-ons(extensions).
https://addons.mozilla.org/en-US/firefox/?browse=featured
Adblock plus(and subscriptions). You can whitelist sites to always allow ad's. As some sites may have an Ad before a video, and depending on Ad blocking rule sets, is the video may not play without the Ad being allowed(white listed).
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
FlashBlock(blocks flash ad's and videos). Note that with some sites for video's, is there is a flash based cookie(you may see a flash icon in the top left of the page during blocking), that if it does not load, is the video will not play. You can white list a site to be able to always allow flash.
https://addons.mozilla.org/en-US/firefox/addon/flashblock/
Encrypted Google search. (Note that some Google buttons may not be there for other things).
https://encrypted.google.com/
Encrypted Google news.(U.S. version).
https://news.google.com/news?ned=us
Note that with the Google searches/news, is that once you click a link to a site, the Google encryption stops.
Alternative DNS IP's. Noting that some ISP's will force the ISP's DNS to be dominant, via the Modem firmware or some form of DNS hijacking(hacking of the user data streams).
Open DNS. https://www.opendns.com/
208.67.222.222
208.67.220.220
Google DNS. https://code.google.com/speed/public-dns/
8.8.8.8
8.8.4.4
Put DNS numbers in your computer or router.
PingPlotter freeware. Use to see the path that your traffic takes to it's destination.
http://www.pingplotter.com/freeware.html
Also noted is some ISP's have used DNS to block websites. An example is where an ISP redirects a user from various 'speed test' site's, in order to redirect the users to the ISP's own speed test site, in order to cover up ISP congestion issues with the ISP's connection to the Internet. It's a crime to redirect or block sites without a legally justified 'open' court order. 'Secret courts' are a pain in the Constitutional ass of the World.
An ISP could even prioritize speeds(fraud), when it see's the user is on a speed testing site.
And DPI(deep packet inspection) could also harvest various user data(log data of certain sites during the website visit, or just log the sites visited), if someone at the ISP were inclined to be a criminal. Not that users would even notice their data being harvested. It's how governments collect the data on users, from the users ISP's.
