Your ISP, internet service provider, is the company you pay in order to have an internet connection, be it at home or in the office. The most used ISP in Mauritius, if I'm not mistaken, is Mauritius Telecom (MyT). Following several allegations made by the former CEO of MyT concerning the government's interest in [essentially] spying on consumers. This has raised several questions as to how safe and secure we are under MyT's, and the government's, watch.
What the ISP sees
The gateway to your network is the ISP-provisioned router. In my case, I have the HG8145V5 router/modem from Huawei, although you may have the older HG8245H. These devices play many roles, including router, wireless access point, and optical network terminal. Most interestingly, they see all the internet traffic entering and leaving your network. This may pose some privacy concerns as your ISP can therefore see all the websites you visit. However, as long as HTTPS is used, the ISP cannot see your login credentials (for ex: e-banking)
The next thing is the control panel which you can access through the IP address 192.168.100.1, with username <admin> and password <rootHW>. It is always a good idea to change the credentials from the default. Anyway, on this page, you are able to see your own devices. I will focus on the raspberrypi entry here.
The details which the ISP can see are the device name, MAC address, IP address, and uptime. Let's have a look at the MAC address.
MAC stands for Media Access Control. The MAC address is an identifier unique to that device; no other device in the world has the same address. A simple search on the MAC address can reveal more information on the device, such as the chipset used for networking, and maybe even the motherboard model.
A simple lookup gives this information, which may seem like nothing at first. However, knowing exactly which device you are dealing with opens quite a few doors for snooping or intrusion into your devices. Before exploring that, it is necessary to assert that the ISP already has entire access to the router's network. Given that we are using their router (and cannot change it) it is almost certain that the ISP has a backdoor into the router and hence our network although this is purely speculation on my behalf.
Combining the knowledge of exactly which devices are connected to the network, as well as the unrestricted access to the network, it would be [relatively] trivial for a dedicated malicious actor to exploit a zero-day vulnerability in any of your devices. This is an increasingly big concern due to the FCC Bill 66 which gives authorisation to bypass legal frameworks under the suspicion that the person is doing something illegal.
Edit to add (11/01/2024): After doing some more digging, I found that, first of all, the router I have, supplied by the ISP, still runs the Linux kernel 3.10. Additionally, I found a page which would let you download the configuration file of your router or upload a new one to the router. Both downloading and uploading a config file is impossible. This seems awfully suspicious since the configuration file lists all user accounts on the router, and would allow you to know concretely if the ISP has backdoor access through a superuser account.
In a world which seems to be taking 1984 (by George Orwell) as an instruction manual, will the ISP be the first stepping stone to limitless governmental surveillance?