Every time you browse the web, your activity passes through your internet service provider(cửa sổ mới) (ISP). While encryption prevents ISPs from seeing everything you do online, they can still collect a surprising amount of information about your browsing habits.

Whether you’re checking your bank account, streaming a movie, shopping online(cửa sổ mới), or scrolling social media, every connection to the internet passes through your ISP. Unlike Google, Meta, or Amazon, you can’t simply log out of your ISP or choose not to use it. For many, it’s an unavoidable part of getting online.

In this guide, we’ll explain what information ISPs can collect, how they use it, why privacy advocates have raised concerns about ISP tracking, and what you can do to reduce the amount of information your provider can access.

What can your ISP really see?

Modern websites typically use HTTPS encryption to protect the data you send and receive. That encryption limits what your ISP can see, but it doesn’t make your browsing completely private.

HTTPS prevents your ISP from reading the contents of encrypted webpages. For example, if you’re browsing Reddit, your ISP can’t see what posts you’re reading. If you’re logged into your online banking, it can’t see your account balance or transactions. 

Depending on your connection and the services your provider offers, your ISP may be able to see:

  • The websites and domains you visited
  • When you visited them
  • How long you remained connected
  • The amount of data you transferred
  • Your approximate physical location through your network connection
  • Which devices are connected to your home network

This information comes from DNS requests, connection metadata, and the network infrastructure that routes your internet traffic.

A 2021 report(cửa sổ mới) from the U.S.(cửa sổ mới) Federal Trade Commission examined the data practices of six major ISPs serving roughly 98% of the U.S. mobile internet market. It found that several providers collected large amounts of customer data, combined information across different products and services, and shared it with third parties with limited opportunities for users to opt out.

For providers that also operate email services, search engines, television platforms, or smart home products, the amount of data collected can be even broader.

Why ISPs have so much data

Unlike individual websites or apps, your ISP sits between you and the internet itself. Every website you visit, every app you open, every connected device in your home ultimately communicates through your internet provider. That gives ISPs visibility into activity across your entire digital life rather than within a single service.

Some providers have expanded well beyond broadband connections. They also offer:

  • Mobile phone services
  • Television platforms
  • Email services
  • Smart home devices
  • Cloud services
  • Search products

This allows some companies to combine information from multiple services to build a more detailed picture of their customers.

According to the FTC report, several ISPs used this combined data to place customers into advertising categories based on inferred characteristics, including interests and demographics, before sharing those audience segments with advertisers and other third parties.

Unlike social media platforms, however, most consumers have very limited choice when it comes to broadband providers. In many areas, households have only one or two realistic options for internet access.

How ISP privacy protections changed

While privacy laws differ around the world, and several U.S. states have since introduced their own protections, there is still no single federal privacy standard governing how ISPs collect and use customer browsing data. For consumers, however, the result is a patchwork of protections that often depends on where they live.

In 2016, the U.S. Federal Communications Commission (FCC) adopted privacy rules(cửa sổ mới) that would have required ISPs to obtain customer consent before collecting and monetizing certain types of browsing data. However, Congress repealed those rules before they ever took effect.

In 2017, Congress repealed the regulations using the Congressional Review Act. Later that year, the FCC also voted to repeal net neutrality protections, with those changes taking effect in 2018.

Together, these changes significantly reduced federal oversight of how ISPs handle customer data and manage internet traffic. While some states have introduced stronger protections, privacy rules for ISP customers still vary widely depending on where they live.

Can Your ISP Slow Your Connection?

ISPs don’t just provide access to the internet. They also control the infrastructure(cửa sổ mới) your data travels across, giving them significant influence over how internet traffic is delivered.

One of the best-known examples involved Netflix and Comcast. In 2013 and 2014, Netflix customers on Comcast experienced severe performance problems as streaming quality deteriorated. Netflix argued that Comcast used its market position to demand additional payments for direct network connections before restoring normal service, with the company’s CEO describing the arrangement as an “arbitrary tax.”

The issue resurfaced in 2024 when Netflix argued before the FCC that ISPs which also own competing streaming platforms may have financial incentives that create conflicts of interest, even if no specific act of interference can be proven. Rather than alleging deliberate sabotage, Netflix argued that the structure of the market itself creates incentives that can disadvantage competing services.

A separate example emerged during California’s 2018 Mendocino Complex Fire, when the Santa Clara County Fire Department reported that Verizon had throttled the data connection used by one of its emergency response vehicles. According to the department, internet speeds were dramatically reduced while firefighters coordinated operations across the state, and restoring normal service initially required upgrading to a more expensive plan before Verizon later described the incident as a customer support mistake.

While these incidents involved very different circumstances, both illustrate the level of control internet providers can exercise over the networks that millions of people rely on every day.

Can your Wi-Fi router track you inside your home?

One of the lesser-known developments in networking technology is Wi-Fi sensing. For over a decade, researchers have demonstrated that Wi-Fi signals can be used to detect movement by analysing how wireless signals reflect off people and objects inside buildings. Academic studies have shown these techniques can identify movement, breathing patterns, and even estimate body position through walls under controlled conditions.

Today, some routers and smart home devices include forms of human presence detection designed to automate lighting, security systems, and other connected devices. Industry estimates suggest that tens of millions of U.S. households already have access to some level of Wi-Fi sensing technology through ISP-provided hardware. One Verizon Fios router included built-in human presence detection, while Wi-Fi sensing company Cognitive Systems partners with more than 160 internet providers.

It’s important to distinguish between today’s consumer products and what’s possible in research laboratories. Most commercially available systems perform relatively simple presence or motion detection rather than identifying individuals or reconstructing detailed movements. Even so, the technology highlights how much capability now exists inside devices that many people simply rent from their ISP.

Because providers often control the firmware on ISP-issued routers, they also control which features those devices receive over time. While there’s no evidence that today’s consumer routers perform the more advanced forms of Wi-Fi sensing demonstrated in research, the technology illustrates how networking hardware continues to evolve, and why it’s worth understanding what your devices are capable of.

How to reduce ISP tracking

Although your ISP handles your internet traffic, you can reduce how much information it can collect. While no single privacy tool prevents all forms of tracking, combining several measures can significantly limit what your provider is able to see.

Use a VPN

A VPN(cửa sổ mới) encrypts(cửa sổ mới) your internet traffic before it leaves your device. Instead of seeing every website you visit, your ISP generally sees only that you’re connected to a VPN server. This prevents your provider from monitoring your browsing destinations through normal connection metadata.

Switch to encrypted DNS

Traditional DNS requests can reveal the websites you visit, even if the contents of those websites are encrypted. Using encrypted DNS technologies such as DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) helps prevent ISPs from viewing those requests in plain text. Many modern browsers and operating systems now support encrypted DNS.

Use your own router

Many households simply use the router supplied by their ISP, but purchasing your own compatible router gives you greater control over firmware updates, security settings, and available features.

Enable HTTPS whenever possible

Most websites already use HTTPS by default, but it’s still worth ensuring your browser always prefers encrypted connections. HTTPS doesn’t hide which websites you visit, but it does prevent your ISP from viewing the contents of encrypted webpages, adding another layer of privacy to your online activity.

Your ISP may not see everything, but it still sees a lot

Your ISP occupies a unique position in your online life. It doesn’t necessarily know every page you visit or every message you send, but it can often see where you’re connecting, when you’re online, and how much data you’re using. In many cases, it can also control the hardware that connects your home to the web.

As networking technology continues to evolve, that visibility may expand even further.

Fortunately, protecting your privacy doesn’t require disconnecting from the internet. Simple steps like using a VPN, enabling encrypted DNS, choosing your own router, and understanding what your ISP can and can’t see can significantly reduce the amount of information your provider is able to collect.

While individual privacy tools can’t solve broader regulatory or industry issues, they can help you take back some control over your online activity.