What Does Your ISP Actually See?
Your Internet Service Provider (ISP) is the company that connects you to the internet — and by default, they have an unobstructed view of much of what you do online. Without any privacy measures in place, your ISP can see:
- Every domain you visit (e.g., facebook.com, reddit.com)
- The timing and volume of your traffic
- Your unencrypted DNS queries
- Metadata about your connections (even over HTTPS)
In many countries, ISPs are legally permitted — or even required — to log this data, and some sell anonymized browsing data to advertisers.
Step 1: Switch to Encrypted DNS (DoH or DoT)
Every time you visit a website, your device first sends a DNS query to look up that site's IP address. By default, these queries are sent in plain text — meaning your ISP can log every domain you look up.
DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt these queries so your ISP can't read them. You can enable DoH in:
- Firefox: Settings → General → Network Settings → Enable DNS over HTTPS
- Chrome/Edge: Settings → Privacy and Security → Use secure DNS
- Windows 11: Network settings → DNS server assignment → Manual → Enable DoH
Use a trusted resolver like Cloudflare (1.1.1.1) or NextDNS for the best privacy.
Step 2: Use a VPN
A VPN is the most effective single tool for hiding your activity from your ISP. When you use a VPN, your ISP only sees that you're connected to a VPN server — nothing else. All your actual traffic is encrypted inside the VPN tunnel.
When selecting a VPN for ISP privacy, look for:
- A strict no-logs policy (ideally audited by a third party)
- The VPN's home jurisdiction (avoid countries with mandatory data retention laws)
- Support for modern protocols like WireGuard or OpenVPN
Step 3: Use HTTPS Everywhere
While HTTPS doesn't hide which domains you visit from your ISP, it does encrypt the content of your communications. Make sure you're always using HTTPS by installing the HTTPS Everywhere browser extension (by EFF) or enabling "Always use HTTPS" in your browser settings. This prevents ISPs and other parties from reading the actual content of your web sessions.
Step 4: Consider Using Tor
The Tor network provides the strongest protection against ISP surveillance. Your traffic is encrypted and bounced through at least three relays before reaching the destination. Your ISP can see you're using Tor, but nothing beyond that. The trade-off is significant speed reduction.
For everyday browsing this may be impractical, but for sensitive activities it's the gold standard in ISP-level privacy.
Step 5: Audit Your Smart Home Devices
Many people overlook that smart TVs, IoT devices, and home assistants generate a constant stream of traffic that your ISP can see. Segment these devices on a separate network (using a guest VLAN if your router supports it) and consider running them through a dedicated Pi-hole or DNS filter to block unnecessary tracking calls.
Quick Summary
| Method | What It Hides | Effort |
|---|---|---|
| Encrypted DNS (DoH) | DNS queries | Low |
| VPN | All traffic destinations & content | Low–Medium |
| HTTPS | Content of web pages | Very Low |
| Tor | Everything (slowest) | Medium |
You don't need to implement all of these at once. Start with encrypted DNS and a reputable VPN — that combination will dramatically reduce what your ISP can observe about your online activity.