In the US, UK, and Australia: your internet service provider (Comcast, AT&T, Verizon, BT, Telstra) can legally sell your browsing history to advertisers. They do it. Your medical research, financial queries, relationship problems, and private searches are being sold — without your meaningful consent. A VPN is the only effective tool to stop this.
The Law That Made ISP Spying Legal in the US
In 2017, the US Congress voted to eliminate FCC privacy rules that prevented ISPs from selling customer browsing data. President Trump signed the repeal. The result: US ISPs can collect and sell detailed records of every website you visit, every search you make, every app you use — without asking your permission beyond burying it in their terms of service. The vote passed 215-205 in the House and 50-48 in the Senate.
Comcast's response to the rule change: confirmed they sell "aggregated and de-identified" data. Verizon's Precision Market Insights division has been selling ISP browsing data to advertisers since before the repeal. AT&T charges customers extra to opt out of tracking — effectively making you pay for basic privacy.
What Your ISP Can Actually See
- Every domain you visit (even HTTPS sites — they see the domain, not the exact page)
- When you visit, for how long, and how often
- What apps make network requests on your devices
- Your IP address and location history
- Your streaming services, gaming activity, and app usage patterns
- DNS queries — effectively a complete list of websites you visit
What ISPs Cannot See (With HTTPS)
Modern HTTPS encryption (the lock icon in your browser) means your ISP can see you visited nytimes.com — but not which specific article. They can see you visited your bank's website — but not your account balance. The URL-level content is protected. However, DNS queries (which still often happen unencrypted) often reveal the specific subdomain and page path. DNS-over-HTTPS (DoH) closes this gap — but most people have never enabled it.
The Data That Gets Sold About You
A 2024 investigation by Senator Ron Wyden's office found that major US data brokers purchase ISP browsing data and sell detailed profiles including: inferred medical conditions (based on health sites visited), financial stress indicators (based on loan sites visited), religious beliefs (based on sites visited), political affiliation (based on news sources consulted), and relationship status (based on dating app traffic). This data is sold to insurance companies, employers, banks, and advertisers.
How a VPN Stops This
A VPN encrypts all traffic between your device and the VPN server. Your ISP sees only one thing: encrypted traffic going to a VPN server's IP address. They cannot see domains, cannot see DNS queries, cannot see apps, cannot see timing patterns. The data they can sell about you becomes: you use a VPN. That is all.
ISP Data Sales — FAQ
Your ISP privacy questions