>
ADVERTORIAL

What your internet provider can see — and sell — about your browsing.

24 Jun 2026 · 3 min read · Comments

This article contains affiliate links. If you buy through them, we may earn a commission — at no extra cost to you.

Every website you visit passes through your internet provider's network first. They see it. In many countries, they're allowed to keep records of it and sell what they learn.

Most people think of their internet provider as a pipe — a neutral conduit that moves data from one place to another without caring what it is. That's not quite accurate. The pipe is owned by a company, and that company can see a substantial amount of what moves through it.

Not the content of encrypted HTTPS pages — but the domains. Every site you visit. When you visited it. How often. From which device. ISPs sit between you and the internet, and that position comes with a detailed view of your browsing patterns.

What ISPs can actually see

Your ISP's view of your browsing session
Data point
Visible?
Domains you visit (e.g. nytimes.com)
Yes
Time and frequency of visits
Yes
Device identifiers
Yes
Specific pages within a site (HTTPS)
Usually no
Content of HTTPS pages
No

The selling part

In the United States, Congress repealed FCC privacy rules in 2017 that would have required ISPs to get permission before selling customer data. ISPs can legally package browsing data and sell it to advertisers and data brokers. Some do.

In the EU, GDPR provides stronger protections, but enforcement is inconsistent and the rules apply to personal data — ISPs still collect and retain substantial metadata for varying periods.

The point isn't to map every jurisdiction's rules. It's that your internet provider has both the access and, in many places, the legal permission to monetise your browsing. Most people don't know this and haven't been given the opportunity to opt out.

How a VPN changes this

A VPN encrypts your traffic before it leaves your device and routes it through a VPN server. What your ISP sees is an encrypted connection to that server — not a list of domains. The domain-level visibility disappears.

You're not invisible — your ISP can still see that you're connected to a VPN, and the VPN company itself occupies the position your ISP used to hold. This is why the VPN's no-logs policy matters: a VPN with a verified no-logs policy has nothing to sell even if asked.

Your browsing is generating data whether or not you've thought about it. The question is who gets to keep it.

Frequently asked questions

Does a VPN make me anonymous online?+

No. A VPN encrypts your connection and hides your traffic from your ISP and other network observers, but websites can still identify you through cookies, browser fingerprinting, and account logins. A VPN protects your network layer — not your identity layer.

Are free VPNs safe to use?+

Many free VPNs fund themselves by logging and selling your browsing data to advertisers — the opposite of their stated purpose. Research from Privacy International has found multiple free VPN apps sharing user data with third parties.

When does a VPN actually help?+

A VPN meaningfully helps when using public Wi-Fi (coffee shops, airports, hotels), when your ISP sells browsing data, and when accessing region-locked content. It adds less value when you're on a trusted home or work network.

Remove your ISP from the picture
NordVPN encrypts your connection before it reaches your provider. Audited no-logs policy. 30-day money-back guarantee.
⭐ 4.7/5 · 14+ million users
Get NordVPN →

Sam Feldman
Sam Feldman
"A good banner has no fixed form and has no inherent meaning."
Austin, TX · https://sams.blog/weekly
RELATED READING
VPN — what it really does, and what it doesn't
Is a VPN worth it? An honest breakdown
That free VPN? It's probably selling your data
You’re About to Get the Exact Security Setup I Built for My Own Parents — the One That Actually Works

Most people have one layer of protection. They’re missing three.

  • The 3-layer setup I’d never skip — stripped to what matters.
  • Who’s really watching you — your browser, your provider, and the “free” tools selling your data. How to shut them out.
  • A 30-second leak check — most people’s passwords are already out there. See if yours are, and what to do.
  • Pull your info back, data brokers are selling your address and number right now. Here’s how to get removed.

20 minutes, start to finish — then it runs in the background. Enter your email and I’ll send it over.

Something went wrong — please try again.
You're in — check your inbox shortly.
100% confidential. Unsubscribe anytime.