Shield VPNShield VPN
← All posts
← Back to Blog
Privacy·8 min read

ISP Tracking Exposed: Everything Your Internet Provider Knows About You

Your Internet Service Provider has a front-row seat to your entire digital life — and in many countries, they're legally allowed to sell that data. Here's exactly what they track and how to stop it.

Key Takeaways

  • ISPs can see every domain you visit — even in HTTPS — and record timestamps, duration, and data volume for each session
  • In the US, ISPs are legally permitted to sell browsing data without user consent under current FCC rules
  • A 2024 FTC report found that major ISPs collect up to 15 distinct categories of personal data, including real-time location, browsing history, and device fingerprints
  • A VPN with AES-256 encryption completely prevents ISP tracking by encrypting all traffic before it leaves your device
  • Incognito mode, clearing cookies, or using HTTPS alone does not stop ISP tracking

What Data Does Your ISP Actually Collect?

Your ISP is the gateway between your device and the internet. Every byte of data passes through their infrastructure — and they can log all of it. Here is a comprehensive breakdown of what major ISPs are capable of collecting, based on privacy policy analyses and regulatory filings:

Data CategoryWhat ISPs Can SeeCollection Prevalence
Browsing HistoryEvery domain visited (netflix.com, chase.com, etc.)Standard practice
DNS QueriesEvery website name resolved to an IP addressStandard practice
App UsageWhich apps connect to the internet and whenIncreasingly common
Real-Time LocationPhysical location via cell tower triangulationMobile ISPs: standard
Device FingerprintDevice type, OS version, MAC addressStandard practice
Connection TimestampsExact times you connected and disconnectedStandard practice
Data VolumeHow much data you consume per sessionStandard practice
Unencrypted ContentFull content of any HTTP (non-HTTPS) trafficTechnically possible

The Business Model: How ISPs Monetize Your Data

ISP data collection isn't just about network management — it's a revenue stream. The global ISP data monetization market was valued at approximately $11 billion in 2024, projected to grow significantly as ISPs expand their advertising and data brokerage operations.

ISPs monetize your data through three primary channels:

  1. Targeted Advertising — ISPs build detailed user profiles and sell ad targeting based on your real browsing behavior, not just inferred interests. Unlike Google or Meta, ISPs see your entire internet activity, not just your activity on their platforms.
  2. Data Brokerage — Anonymized (but often re-identifiable) browsing data is sold to data brokers, market research firms, and financial institutions. Hedge funds have purchased ISP data to track consumer trends before earnings reports.
  3. Traffic Shaping & Premium Tiers — Some ISPs analyze your usage patterns to upsell "premium" plans or throttle specific services unless you pay more (a practice partially restricted but not eliminated by net neutrality regulations).

Did You Know?

The FTC reported in 2024 that major US ISPs "routinely amass large amounts of sensitive consumer data" and "often fail to provide consumers with meaningful choices about how their data is used." The report documented one ISP collecting over 40 billion data points per day across its user base.

Does HTTPS Protect You From ISP Tracking?

Partially, but not enough. HTTPS encrypts the content of your communication with a website — so your ISP cannot see what you're typing, reading, or watching on that site. However, HTTPS has a critical blind spot: the Server Name Indication (SNI) field, which contains the domain name in plaintext. This means your ISP can see that you visited "reddit.com" or "pornhub.com" even if they cannot see which specific pages you viewed or what you posted.

Additionally, DNS queries — which translate domain names into IP addresses — are typically unencrypted by default. Even if you use HTTPS for browsing, your ISP can build a complete log of every website you visit through DNS monitoring alone.

Incognito Mode: The Billion-Dollar Misunderstanding

A class-action lawsuit against Google resulted in a $5 billion settlement in 2024 after revelations that Chrome's Incognito mode did not prevent tracking — it only prevented local storage of browsing history. The lawsuit exposed a widespread consumer misunderstanding: Incognito/Private Browsing mode prevents your browser from saving history; it does absolutely nothing to prevent your ISP, employer, or network administrator from seeing your activity.

Expert Distinction

Incognito Mode = hides activity from other users of the same device. VPN = hides activity from your ISP, network administrators, and anyone monitoring the network. These are complementary tools, not substitutes.

How a VPN Stops ISP Tracking: The Technical Explanation

When you connect to a VPN, the following happens:

  1. Encryption at the source — Before any data leaves your device, it is encrypted using AES-256-GCM. This creates ciphertext that is mathematically infeasible to decrypt without the key.
  2. Encrypted DNS — DNS queries are routed through the encrypted tunnel, not sent in the clear. Your ISP cannot see which domains you're resolving.
  3. Single destination — From your ISP's perspective, all your traffic goes to one IP address (the VPN server) over one encrypted connection. They see encrypted data flowing to a single endpoint — no domain names, no content, no patterns.
  4. No logging at the VPN server — A verified no-log VPN (like Shield VPN) does not record your activity at the server side. Even if the VPN server were compromised, there would be no user activity logs to expose.

VPN vs Other Privacy Tools: What Actually Stops ISP Tracking

ToolStops ISP Seeing Domains?Stops ISP Seeing Content?Stops ISP Seeing DNS?
HTTPS OnlyNoYesNo
Incognito ModeNoNoNo
DNS over HTTPSNoYesYes
Tor BrowserYesYesYes
VPN (AES-256)YesYesYes

Country-by-Country: ISP Data Laws

The legal landscape for ISP data collection varies dramatically:

  • United States — ISPs can collect and sell browsing data without explicit consent (no federal privacy law restricts this). Some states (California, Virginia) have stronger protections via state laws.
  • European Union — GDPR requires opt-in consent for data collection. However, some EU countries mandate data retention for law enforcement purposes (6-24 months depending on country).
  • United Kingdom — The Investigatory Powers Act requires ISPs to retain browsing records for 12 months, accessible by numerous government agencies without a warrant.
  • Australia — Mandatory metadata retention for 2 years under the Telecommunications Act.
  • Canada — PIPEDA provides privacy protections, but ISPs can collect data for "legitimate business purposes" with implied consent.

FAQ: ISP Tracking

Can my ISP see my Google searches?

Yes, but only that you visited google.com — not the specific search terms (because Google uses HTTPS). However, your ISP can infer a lot from the domains you visit immediately after a search.

Does a VPN slow down my internet?

Modern VPNs using WireGuard protocol typically add less than 5% latency. If you're experiencing significant slowdowns, it's either an under-provisioned VPN server or a protocol issue — not an inherent limitation of VPNs.

Can my ISP tell I'm using a VPN?

Yes — they can see that you're connecting to a known VPN server IP address over an encrypted protocol. However, they cannot see what you're doing through the VPN.

Is using a VPN to hide from my ISP legal?

Yes, VPNs are legal in the vast majority of countries. Using encryption to protect your privacy is a fundamental right in most jurisdictions.

Stop your ISP from tracking you

Shield VPN encrypts 100% of your traffic with AES-256. Your ISP sees nothing but encrypted data.

Download on Google Play