How to Protect Your Privacy From Your ISP

Your internet service provider sees more of your online activity than almost any other company. Every website you visit, every DNS query your devices make, every connection timestamp, and the volume of data you transfer all pass through your ISP's network. In the United States, ISPs can legally sell this browsing data — and several major providers have been caught doing exactly that. Here is what your ISP knows about you and how to limit their surveillance.

What Your ISP Can See

When you connect to the internet through your ISP, your traffic passes through their infrastructure before reaching its destination. This gives them visibility into a surprising amount of your activity:

• Every domain you visit: Even with HTTPS encryption, your ISP can see the domain names you connect to (e.g., they know you visited example.com, though not which specific page)
• DNS queries: By default, your device uses your ISP's DNS servers to translate domain names to IP addresses. This gives your ISP a complete log of every site you attempt to visit
• Connection timestamps: When you connected, how long you stayed, and when you disconnected
• Data volumes: How much data you uploaded and downloaded, and to which servers
• Unencrypted traffic: Any data sent over plain HTTP (without the "S") is fully visible, including page content, form submissions, and login credentials
• Smart home device activity: Every smart speaker, thermostat, camera, and IoT device in your home communicates through your ISP

How ISPs Have Abused Your Data

This is not a theoretical concern. Major ISPs have been caught mishandling customer data in documented cases:

• Verizon secretly injected tracking "supercookies" into customers' web traffic, allowing advertisers to track users across the internet — even when they cleared their browser cookies
• AT&T, T-Mobile, and Sprint were found selling real-time customer location data to third-party brokers, who resold it to bounty hunters, stalkers, and unauthorized parties
• Comcast has faced scrutiny for its data collection practices and for lobbying against broadband privacy regulations

The data your ISP collects can end up in the hands of advertisers, data brokers, and eventually on people-search sites — feeding the same ecosystem of personal data trading that exposes your information online.

Use a VPN to Encrypt Your Traffic

A Virtual Private Network (VPN) is the single most effective tool for protecting your privacy from your ISP. A VPN creates an encrypted tunnel between your device and the VPN server. Your ISP can only see that you are connected to a VPN — they cannot see which websites you visit, what DNS queries you make, or what data you transfer.

What a VPN Hides From Your ISP

• The domains and IP addresses you connect to
• Your DNS queries
• The content of your traffic
• Your browsing patterns and habits

What a VPN Does Not Hide

• The fact that you are using a VPN
• The total volume of data transferred
• Connection timestamps to the VPN server

When choosing a VPN, look for a provider with a verified no-logs policy, strong encryption standards (WireGuard or OpenVPN), and a jurisdiction with strong privacy laws. Avoid free VPN services, which frequently monetize your data — defeating the entire purpose.

Switch to Encrypted DNS

Even if you do not use a VPN, you can prevent your ISP from logging your DNS queries by switching to encrypted DNS. Two protocols accomplish this:

DNS-over-HTTPS (DoH)

DNS-over-HTTPS sends your DNS queries through an encrypted HTTPS connection. Most modern browsers support it natively:

• Firefox: Settings, then Privacy & Security, then scroll to DNS over HTTPS and enable it
• Chrome: Settings, then Privacy and Security, then Security, then enable "Use secure DNS"
• Edge: Settings, then Privacy, Search, and Services, then enable "Use secure DNS"

DNS-over-TLS (DoT)

DNS-over-TLS works at the operating system level rather than in the browser, covering all applications on your device. Android 9 and later supports it natively under Settings, then Network & Internet, then Private DNS. Use providers like 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google) that support encrypted DNS.

Encrypted DNS prevents your ISP from seeing which domains you query, but it does not hide the IP addresses you connect to afterward. For full protection, combine encrypted DNS with a VPN.

Understand the Limits of HTTPS

HTTPS is now standard on most websites, and it encrypts the content of your connection — your ISP cannot see which pages you read, what you type into forms, or what files you download from an HTTPS site. However, HTTPS has a significant gap.

During the initial connection to an HTTPS website, your browser sends the domain name in plaintext through a mechanism called Server Name Indication (SNI). Your ISP can read this SNI field and log which domains you visit, even though the page content itself is encrypted.

Encrypted Client Hello (ECH)

Encrypted Client Hello is a newer protocol extension that encrypts the SNI field, hiding even the domain name from your ISP during the connection handshake. ECH is still being rolled out — Firefox and Chrome have experimental support, and Cloudflare has enabled it on their network. As adoption grows, ECH will close one of the last remaining gaps that allows ISPs to monitor which sites you visit.

Stop Using ISP-Provided Services

Your ISP likely offers email, cloud storage, and other services bundled with your internet plan. Using these gives your ISP direct access to even more of your data:

• ISP email: Your ISP can read the contents of emails sent and received through their email service. Switch to a privacy-focused email provider that offers end-to-end encryption
• ISP-provided router: Routers supplied by your ISP may include tracking firmware, limited security updates, and configurations that benefit the ISP rather than you. Consider purchasing your own router and modem
• ISP DNS servers: As discussed above, switch to encrypted third-party DNS providers

Secure Your Smart Home Devices

Smart home devices — voice assistants, smart TVs, security cameras, thermostats, and appliances — send data through your ISP's network constantly. Many of these devices do not support VPN connections natively, which means your ISP can see their traffic unless you route it through a VPN at the router level.

Steps to reduce smart home data exposure:

• Configure your VPN at the router level to cover all connected devices
• Place IoT devices on a separate network segment (most modern routers support guest networks or VLANs)
• Disable features you do not use — voice assistants that are always listening generate continuous network traffic
• Review and restrict the permissions and data sharing settings on each device

Use the Tor Browser for Maximum Privacy

For situations requiring the highest level of anonymity, the Tor Browser routes your traffic through multiple encrypted relays operated by volunteers around the world. Your ISP can see that you are using Tor but cannot determine which websites you visit or what data you exchange.

Tor is slower than a VPN because of the multi-hop routing, which makes it impractical for everyday browsing. However, it is an important tool for particularly sensitive research or communication where even your VPN provider should not see your destination.

How ISP Privacy Connects to Data Broker Exposure

The data your ISP collects does not exist in isolation. ISPs sell browsing data to advertisers and data brokers, who combine it with information from public records, purchase histories, app data, and other sources to build detailed consumer profiles. These profiles end up at companies like LiveRamp, Epsilon, and Oracle Data Cloud — and eventually on people-search sites that display your personal information to anyone.

Reducing what your ISP can collect about you limits one of the key inputs that feeds the data broker ecosystem. This complements the work that PrivacyOn does on the other end of the pipeline. While PrivacyOn focuses on removing your personal information from 100+ data broker and people-search sites, protecting your ISP privacy reduces the flow of new data into those same brokers. Together, they address both sides of the problem — cutting off the supply of new data while cleaning up what is already out there.

PrivacyOn plans start at $8.33 per month and include continuous monitoring and automated re-removal when your data reappears. Combined with the ISP privacy measures in this guide, you create a comprehensive defense that is far more effective than either approach alone.