What Does Your Internet Service Provider (ISP) Know About You? - A Quick Guide
Your Internet Service Provider or ISP might know more about you than you think. They can see:
The domains you visit
They can even see specific pages you visit (for instance, what videos you watch)
Any information you fill out on websites
Fortunately, there is an easy way that helps to protect you against spying ISPs: using a VPN. A VPN hides your IP address and encrypts your traffic, making it unreadable for your ISP and third parties snooping around through your data. Other options include:
Using a proxy server
Using the Tor browser
An excellent VPN we highly recommend to protect your privacy is NordVPN. This VPN provider offers excellent encryption protocols and has a strict no-logs policy. The latter means they don’t store their users’ data.
Want to learn more about what your ISP knows about you and how to protect your privacy? Check out the full article down below.
Whenever you connect to the internet, you are doing so through an internet service provider (ISP). After all, they are responsible for the infrastructure (usually a whole bunch of cables) that connects your device to the other servers on the internet.
Since your ISP is the link — the tunnel if you will — between you and the rest of the internet, they can see exactly what goes through that tunnel. That is if you don’t take steps to prevent this. In this article, we will explain how you can do this.
We will also discuss what your ISP is able to see and how and why they do this. We’ll discuss the legality and possible (serious) consequences of ISPs monitoring your data as well.
What Does My ISP Know About Me?
Below we’ll discuss a few of the things that your ISP can very easily find out about you. In this section, we’ll highlight the “worst-case scenario,” so you can better understand how an ISP can use your data against you.
The domains you visit
Even if you only visit (knowingly or unknowingly) websites that use the safer HTTPS protocol, the secure alternative to the traditional HTTP protocol, your ISP can still see what websites you visit.
Pages that use HTTPS encrypt your data, making it unreadable to parties that can see your data, such as your ISP. However, ISPs can still check and monitor the website requests you make to the Domain Name System.
This is the system that translates a website name that humans can read and understand, to an IP address that machines use to communicate with each other.
If you visit pages that don’t use HTTPS, it’s even easier. Your ISP can see exactly what URLs you visit. This brings us to the next point.
Specific pages (URLs)
If you visit unsecured (HTTP) pages, your ISP can see exactly what these pages are. Let’s say you visit a questionable website that isn’t protected with HTTPS. In this case, your ISP will see exactly what video you’re watching and as such gets a very creepy insight into your sexual preferences.
Of course, this is an extreme example, but many privacy-minded netizens will even be concerned about less revealing information their ISP is obtaining this way.
Information you provide
Perhaps even more shocking is the fact that ISPs can even see what you type on a website. If the page you’re on is not HTTPS-secured and you’re not using any other safety measures to protect your information (such as a VPN), your ISP can easily track everything.
Let’s say you’re writing a comment on such a page, or filling out personal information. Your ISP will be able to see all the information being sent or received. Do note that business apps like Microsoft Teams or Slack encrypt messages, so they can’t be read easily.
On the other hand, there’s always a risk that your ISP might sell more revealing data to third parties. In the US for example, there is currently no law that prohibits this practice. As such, ISPs can effectively sell your data to whoever they wish.
Let’s say they sell data about your health and medical conditions to a third party. Who knows what might happen if this data, being passed on from party to party, eventually ends up in the hands of a health insurer, for instance?
In our current big data ecosystem, there’s no telling where your sold data will eventually end up. There are many rules and guidelines around the world that mandate or advise making such data anonymous.
But do you really want to take the risk that every ISP fully adheres to these rules? And leave your data unprotected from your ISP?
Then there is the issue of censorship in some countries. In some countries, ISPs are actually used to censor what content you’re able to see. In countries with oppressive regimes, governments often mandate ISPs to block certain websites for their inhabitants (this happens based on users’ IP addresses).
Similarly, this also happens in some very religious countries with websites like gambling platforms or pages with pornographic content. While this isn’t technically a case of your ISP spying on you, it’s another example of something that’s easily prevented by safeguarding your privacy a bit better from your ISP. Below we’ll explain how to do this.
How to Prevent My ISP From Seeing What I Do Online
As explained above, your ISP has access to much of your online activity. Fortunately, there are a few things you can do to protect your data and online activity from your ISP and make your browsing more secure and anonymous. The following three tips can help you with this:
Using a VPN
Utilizing a proxy server
Using the Tor browser
Down below we’ll explain each of these options in some more detail.
1. Being more anonymous online with a VPN
Using a VPN is probably the best and definitely the easiest way to protect yourself from parties (potentially) infringing your privacy, such as your ISP. After all, a VPN encrypts your data traffic, making it unreadable to nosy ISPs and third parties.
It also guides your data traffic through a secure “VPN tunnel” and past one of the VPN’s servers. This will actually change your IP address to the VPN server’s IP.
Your IP address is one of the main ways your ISP and third parties can use to recognize you online. As such, hiding it, or continually changing it, will make you much more anonymous.
In short, the encryption will help you to make your browsing information unreadable, and the altering of your IP will make it very difficult for your ISP to identify where that data is coming from. This winning combination makes a VPN an excellent way to protect your privacy.
NordVPN is an excellent and very privacy-minded VPN. The VPN provider offers some extremely secure encryption protocols, relying on NordLynx, which is its own iteration of the blazing-fast WireGuard protocol. Moreover, they have a strict no-logs policy. This means they couldn’t even give away your data if forced by authorities, because they simply don’t store it.
As such, NordVPN is an excellent way to keep your data safe from your ISPs and other third parties (in the case of your data being sold). If you want to try out NordVPN for yourself, they have a fantastic deal on right now! You try it out without risk, thanks to NordVPN’s 30-day money-back guarantee.
NordVPN
Our choice
Deal
Save big with 69% off a two-year subscription + three months free!
Although many people use free VPNs, we strongly recommend against them if privacy is on your mind. After all, free VPNs often don’t have a no-logs policy (stating they don’t store your data) and often use your data to keep their servers afloat.
In fact, some free VPNs in the past have even been reported to sell user data. It may sound cheesy, but often, if you’re not paying for a product, “you are the product.” Think about it, free VPNs also have costs they need to cover, such as (many) servers and infrastructure.
Another reason we don’t recommend using free VPNs is that using them can be quite bothersome. After all, many free VPNs enforce data, bandwidth, and speed limits, which can make your online experience much less enjoyable.
2. Proxy servers: Change your IP to become more anonymous
Just like a VPN, a proxy server will change your IP address, because your data passes through them. As such, your IP will change to the proxy server’s IP address. This is great if you want to avoid censorship enforced by your ISP, for instance.
However, it’s not really enough to really protect your data from your ISP. After all, most proxy servers do not actually encrypt your data. This means that, although they will likely not know who it belongs to, your ISP can still see and gather your data.
Keep in mind your ISP might also have other ways at their disposal to track you, apart from your IP address, such as different kinds of cookies.
3. Tor browser: Triple protection from your ISP?
The Tor browser is a great privacy tool. Used right, it makes it practically impossible for your ISP to see what you do online. After all, the Tor browser guides your internet traffic through at least three of their many servers (spread out all over the world).
At every server (node) your traffic gets encrypted again, so you’re traffic is extremely well protected. For even greater protection, we recommendusing the Tor browser in combination with a VPN.
Why Do Internet Service Providers Track Your Data?
Now that you know how to prevent internet service providers from snooping around and going through your data, you might want to know why they do it in the first place. There are different reasons for this, a few important ones of which we’ll discuss below.
Legal reasons
Some countries actually require ISPs to store users’ data. In Russia for instance, telecommunication providers are required to store metadata belonging to messages and emails. Moreover, they have to store voice recordings of phone conversations — it is unclear to us if this only concerns “traditional phone conversations or also online ones” — for six months.
The above could prove very problematic from a privacy viewpoint. After all, Russia forces messaging services such as WhatsApp to provide law enforcement with cryptographic backdoors (ways to read messages) so they can spy on their citizens. This combined with ISPs monitoring data traffic is obviously a serious problem from a privacy standpoint.
Advertising
In our information society, data is everything. Advertisers have come to realize this as well. Since ISPs have access to a lot of data, advertisers are naturally very interested in forming “partnerships” with them.
As mentioned earlier, in many jurisdictions, such as the US, ISPs can legally sell people’s data to advertisers. This helps advertisers to make their ads more specific to their viewers, which ultimately helps increase their ROI.
Censorship
Some countries censor parts of the internet that are not in line with their government’s ideology or the (majority of the) country’s religious beliefs. Examples include countries like China, Russia, Saudi Arabia, and Iran. They generally do this by making a blacklist of pages or even domains and requiring ISPs in the country to block these.
ISPs simply block the main access points and IP addresses for these websites in specific regions, thus preventing access altogether.
Laws About ISP Data Collection and Sharing
The laws focusing on internet service providers and their data collection and sharing activities vary around the world. In the US for instance, there is no federal law that governs these practices. After all, the Trump administration repealed a few federal rules proposed by the Federal Communications Commission that stated ISPs would need permission to share customer data with external parties.
Largely in response to this repeal, a few states passed their own laws on the matter. As it stands, three states have enacted such laws: Maine, Minnesota, and Nevada. The law in Maine requires ISPs to obtain consent before sharing or selling customer data.
The laws in Nevada and Minnesota require ISPs to keep personally identifiable customer data private. Moreover, the law in Minnesota also requires ISPs to ask for permission before sharing customers’ online surfing habits and internet sites visited.
Then moving on to quite possibly the strictest world region, as far as online privacy is concerned: the EU. This one is a bit tricky, as the EU’s General Data Protection Regulation only seems to mention the collection and processing of data and doesn’t discuss sharing or selling data in detail.
According to the regulation, ISPs do have a legal basis to process customer data, even without asking for consent. After all, they have a contract with customers to provide a service, which is one of the situations in which the GDPR allows data processing.
On the other hand, the GDPR also mentions express user consent is required to collect and process data if there is no legal basis. It is therefore unclear to us if an ISP selling customer data without consent is allowed, although we strongly suspect it’s not.
As for other countries and regions, you’d be best off consulting a webpage listing internet privacy laws in your country or an expert on the matter, as the laws generally vary and tend to change quite frequently.
What Does Your Internet Service Provider (ISP) Know About You? - Frequently Asked Questions
Do you have a specific question about your data and ISPs? Check out our FAQ down below. Or, leave a comment below and we’ll get back to you as soon as possible!
What does my ISP know about me?
In most cases, your ISP can see what websites you visit, even if you only browse safe HTTPS pages. This is because they can see the DNS requests coming from your IP address.
If you browse unsafe unsecured HTTP pages, and you’re taking no steps to protect your data, they can see even more. Your ISP will see the exact pages (URLs) you’re visiting, videos you’re watching, products your shopping for, etc. Here’s everything your ISP knows about you.
Can my ISP see my private browsing?
Absolutely. Your private browser will just make sure your browsing history, cookies and site data, or information entered in forms are not saved on your device. It doesn’t affect what your ISP knows about you. The only way to give your ISP no or less information about you is by using solid encryption and changing your IP address. A great way to do so is by using a VPN.
How do I prevent my ISP seeing what I do?
The best way to prevent your ISP from seeing what you do is to use a VPN. A VPN encrypts your information and changes your IP address. Read the full article about what your ISP knows about you and how to protect yourself so you know just how much of your data your ISP can access.
Nathan is an internationally trained journalist with a special interest in the prevention of cybercrime. For VPNOverview he conducts research in cybersecurity, internet censorship, and online privacy. He contributed to developing our rigorous VPN testing and reviewing procedures.