What your internet provider can see — and sell — about your browsing.
24 Jun 2026 · 3 min read · Comments
This article contains affiliate links. If you buy through them, we may earn a commission — at no extra cost to you.
Every website you visit passes through your internet provider's network first. They see it. In many countries, they're allowed to keep records of it and sell what they learn.
Most people think of their internet provider as a pipe — a neutral conduit that moves data from one place to another without caring what it is. That's not quite accurate. The pipe is owned by a company, and that company can see a substantial amount of what moves through it.
Not the content of encrypted HTTPS pages — but the domains. Every site you visit. When you visited it. How often. From which device. ISPs sit between you and the internet, and that position comes with a detailed view of your browsing patterns.
What ISPs can actually see
The selling part
In the United States, Congress repealed FCC privacy rules in 2017 that would have required ISPs to get permission before selling customer data. ISPs can legally package browsing data and sell it to advertisers and data brokers. Some do.
In the EU, GDPR provides stronger protections, but enforcement is inconsistent and the rules apply to personal data — ISPs still collect and retain substantial metadata for varying periods.
The point isn't to map every jurisdiction's rules. It's that your internet provider has both the access and, in many places, the legal permission to monetise your browsing. Most people don't know this and haven't been given the opportunity to opt out.
How a VPN changes this
A VPN encrypts your traffic before it leaves your device and routes it through a VPN server. What your ISP sees is an encrypted connection to that server — not a list of domains. The domain-level visibility disappears.
You're not invisible — your ISP can still see that you're connected to a VPN, and the VPN company itself occupies the position your ISP used to hold. This is why the VPN's no-logs policy matters: a VPN with a verified no-logs policy has nothing to sell even if asked.
- NordVPN's no-logs policy has been independently audited and verified.
- Your ISP sees only an encrypted connection to NordVPN — not your browsing.
- Works on every device. One subscription covers up to six devices simultaneously.
Your browsing is generating data whether or not you've thought about it. The question is who gets to keep it.
Frequently asked questions
Does a VPN make me anonymous online?+
No. A VPN encrypts your connection and hides your traffic from your ISP and other network observers, but websites can still identify you through cookies, browser fingerprinting, and account logins. A VPN protects your network layer — not your identity layer.
Are free VPNs safe to use?+
Many free VPNs fund themselves by logging and selling your browsing data to advertisers — the opposite of their stated purpose. Research from Privacy International has found multiple free VPN apps sharing user data with third parties.
When does a VPN actually help?+
A VPN meaningfully helps when using public Wi-Fi (coffee shops, airports, hotels), when your ISP sells browsing data, and when accessing region-locked content. It adds less value when you're on a trusted home or work network.
