In this day and age, people have questions about their security online. How does social media know that much about me? It is really that easy to access information that used to be so private? The internet literally read my mind—but is it just coincidence…or not?

In April 2017, the Data Retention Law made it mandatory for Australian Internet service providers (ISPs) to store data about their customers’ Internet usage – justified by the government as a measure to ensure national security. This means that over the course of an investigation, entities like the Australian Federal Police and Australian Criminal Intelligence Commission can access the data stored by your ISP, even if they don’t have a warrant.

But what exactly do the data ISPs collect about you, and what are the repercussions of someone being able to access that data? Here’s how much the Internet really knows about you.

Your IP address

Internet Protocol (IP) address is your computer’s name and identity when you connect to a network to access the Internet. Your IP address is different for every device – your home computer’s IP address is different from the one assigned to the computer you use at work, at a library, or at school.

IP address isn’t displayed like an ID badge, but it’s still accessible if you know how to find it. It’s common for network administrators of websites to be able to view the IP addresses of visitors to their sites, although they won’t be able to know your name or personal details.

Your personal details

Your ISP, however, does know your personal details, such as name, date of birth, physical address, email address, billing information, and other details provided to them when you signed up.

ISPs are required to keep that information confidential. They won’t be giving your details away to any Tom, Dick, or Harry who rings up their call centre without adequate verification. However your ISP won’t be able to hide your information from law enforcement agencies if they’re served with a subpoena.

Your location

Even if they keep your actual address private, IP addresses can reveal your location. Website administrators can find out where in the world their sites are being accessed using geolocation. There are many free services available online to look up the general location of a user, so long as you can provide their IP address.

Your communication details

Your ISP is required to store metadata about your communications, or the information surrounding your correspondences with others on the Internet. To quote Attorney-General George Brandis, “The metadata is the name and address on the envelope, not the content of the letter.” This includes the method of communication you used to contact a person – like email, social media messaging, text messages, or phone calls – as well as the date, time, duration, and receiver of these communications.

Even though the actual content of your conversations cannot be accessed, it will still be possible to establish patterns and draw conclusions about your interactions based on this information alone. This is great for catching terrorists and for issues of national security – not so great for the ordinary person if this information falls into the wrong hands.

Your interests

It’s no secret by now that Google and Facebook keep track of our searches “in order to tailor the content we see” on their sites. Translation – so they know what ads to show on your feed in hopes of making money off us clicking through ads or buying items through affiliate links.

Have you ever experienced Googling an item, then for the rest of the week finding ads for similar items sprinkled throughout your Facebook News Feed? Totally creepy, although less scary than the government stalking you. Sites like this have an opt-out option to have this information stored, but not all providers are required to offer you the option, so your data might still be stored and sold to the highest bidder.

Your browsing history

Australia can’t access your browser history via your ISPs, but this won’t be the case if you travel outside the country. ISPs in countries like the United States are legally now allowed to sell your data to generate extra revenue. It’s similar to what Google and Facebook do, except now everything you search for outside of those sites can be filed away somewhere.

It’s more than trying to hide your porn, your torrent downloads, or a celebrity’s hands you’ve been Googling lately. Some searches are incredibly sensitive, for example: people searching for information on a medical condition, domestic abuse victims researching how to leave their abuser safely, LGBTQ individuals trying to find anonymous online support. Can you imagine if the browsing information of these people fell into the wrong hands? And no – using incognito browsers or erasing your browser history straightaway isn’t going to help.

Protect your privacy

It’s lucky that in Australia, digital privacy protection laws are stringent. And while ISPs store your information, they’re also strictly required to guard it. But as we mentioned, the case won’t be the same if you leave the country.

Still, there are certain measures you can take to protect yourself. Use messaging services with solid encryption – iMessage, FaceTime, Facebook Messenger, Telegram, Skype – instead of texting or making phone calls. For next level protection, getting on a virtual private network (VPN), stops your ISP from seeing information about you. Instead of seeing your IP address and metadata, all they will see is the data of the VPN. Protection like this will cost extra, but the extra layer of protection might also be worth it. You can’t stop the Internet from keeping tabs on you, but you can be vigilant about what is seen.