This post is a guest submission. Please see our Affiliate Disclosure & Notification for details.
You’re fully justified to be concerned about this. Of course, not all Internet Service Providers (ISPs) have a hidden agenda and scheme to monetize your privacy. But enough of them do it to make you doubt your own ISP.
You could ask them about this or investigate their company, sure, but that’s not going to solve the problem. It’s much better to be proactive and find a way to keep your online browsing private from them. Don’t worry – you won’t need to read complicated guides since we’ll tell you everything you need to know right here.
TL;DR – just use a VPN. If you’re in a hurry, the best American VPNs are only a click away.
If you have time, though, keep reading for the slightly longer version. We’ll talk about whether ISPs can sell your data, how they violate your privacy, and how you can stop them.
Do US ISPs Sell Your Data?
It sure seems like it. Back in 2017, the US Congress and President repealed rules that would have forced American ISPs to get your permission before selling your data.
True, when the FTC recently started investigating if US ISPs actually do that, all of them denied it. They also denied doing that in 2017.
Nice reassurance, but it’s hard to trust them when they actually praised the government’s decision to repeal the rules we mentioned above. Plus, AT&T, T-Mobile, and Sprint were actually caught selling user location data.
In our opinion, it’s safe to say at least some American ISPs are profiting off their customers’ data.
How Do ISPs Collect Your Data?
Here are the main ways your ISP can violate your privacy:
They Can See Your Online Browsing
All your connection requests and traffic go through your ISP’s network. So they can see what websites you browse. The exact thing you type in your URL bar? Yep, they can see that.
Now, the real problem is when you use HTTP websites. Their lack of encryption not only endangers your data, but it also lets your ISP see what you do on those sites – what web pages you browse, what you type, what you download/upload.
With HTTPS websites, your ISP can only see the website domain – in theory, at least. In reality, they can actually identify unique web page visits by just analyzing your traffic (timing, destination, and size). Also, ISPs can still see your DNS queries (connection requests) since they’re usually not encrypted.
They Use Supercookies
They’re pretty similar to cookies because they’re also tracking files. However, that’s where the similarities end.
While you can get rid of cookies, you can’t delete ISP supercookies – even if you manually remove all the cookies on your device or use a cleaning tool like CCleaner.
Because the supercookie files aren’t placed on your device. Instead, your ISP stores them on their servers. When your connection requests go through its network, they will insert supercookies into your data packets. With them, they can track your digital footprints.
Also, get this – ISP supercookies contain UIDH (Unique Identifier Headers) that allow them to recognize every single device that goes through its network. So they can tie your online browsing to your computer, laptop, or mobile phone.
Is this legal?
There isn’t any specific law against this, though ISPs have to offer an opt-out option. Otherwise, they can end up with a huge fine like Verizon.
But here’s the problem – ISPs don’t make the opt-out option too visible. You might have to go through many hoops to get out of their supercookie scheme.
How to Keep Your Browsing Private – Just Use a VPN!
It’s an online service that hides your IP address and encrypts your Internet traffic. Here’s an overview of how it all works:
- You download and install a VPN app on your device. Next, you run it and connect to a VPN server.
- The VPN client and server negotiate a connection and establish an encrypted tunnel between them.
- All your connection requests will go through the VPN server. Similarly, all the content you request will be sent to your device through the server.
- All the traffic that flows between the client and the server is encrypted, so your ISP can’t monitor it.
So instead of being able to see that you’re connecting to “netflix.com,” your ISP will see something like “OFS2sKuBAMlbfFv6gKt6Lw==.”
Nice and private. Just like it should be.
Also, the VPN encryption protects you from ISP supercookies. Since your data packets are encrypted, your ISP can’t insert supercookies into them anymore – much more convenient than having to deal with annoyingly hard-to-find, long, and complicated opt-out forms.
Need a good recommendation? Some of the best American VPNs are only a click away!
What Can Your ISP See When You Use a VPN?
Nothing that can violate your privacy:
- The IP address of the VPN server – they won’t be able to see the IP addresses of the websites you browse.
- Your original IP address – they assigned it to you, and you go through their network before you connect to the VPN server.
- That you’re using a VPN – your ISP can look up the IP address of the server and see it’s a data center. Also, they can see what ports your connection uses, and some of them are used by VPN protocols (UDP port 500 by IKEv2, for example).
- Other unimportant data – when you connect to the VPN server, how long you stay connected to it, and how much data you exchange with it.
Does Incognito Mode Help?
No. Incognito mode can only keep your device free of cookies. But it can’t hide your traffic from your ISP. There’s even a disclaimer for that on all the incognito mode tabs you open.
And no, incognito mode won’t stop your ISP from using supercookies.
How Do You Protect Your Privacy?
ISPs don’t have it out for you, but they’re not great at respecting user privacy either. That’s why you should use a VPN whenever you go online. It stops them from monitoring your traffic.
What other things should people do to prevent unneeded ISP snooping? Let us know in the comments and on social media.