The short version
In the US, yes — your ISP can legally sell your browsing history. Congress repealed the FCC broadband privacy rules in 2017 before they ever took effect, so your provider doesn’t need your permission to monetize your data. Your ISP browsing history — every domain every device in your home connects to — is visible to them — phones, laptops, smart TVs, consoles. The one thing that actually stops it: a VPN router, which encrypts all of that traffic before it ever reaches your provider.
Most privacy threats are things you can partly manage. Block a cookie, disable a setting, skip an app. Your ISP is different. Every packet you send travels through their pipe — there is no setting to turn that off, no incognito window that hides it, and in the United States, no law requiring them to ask before they profit from it.
Key takeaways
- Congress repealed the FCC’s broadband privacy rules in 2017, removing the requirement that ISPs get your consent before sharing your data.
- Your ISP sees the domains every device in your home connects to, plus timing and volume — enough to profile your household in detail.
- The FTC studied six of the largest US providers — AT&T, Verizon, Charter, Comcast, T-Mobile and Google Fiber — and found they collect more than customers expect.
- Most ISP-supplied gateways can’t run a VPN at all, so the one box between you and your provider is a box they control.
- Incognito mode does nothing here. It hides history from your browser, not from your provider.
- HTTPS hides the contents of pages, but not which sites you visit.
- A VPN router encrypts traffic from every device before it leaves your home — your ISP sees only that you connected to a VPN.
Can your ISP legally sell your browsing history?
In the United States, yes. In 2016 the FCC adopted rules that would have required internet providers to get your explicit opt-in consent before selling or sharing sensitive data like your browsing history. In 2017, Congress voted to repeal those rules before they took effect, and the President signed the repeal. There is currently no federal law that requires your ISP to ask your permission first.
This isn’t a hypothetical loophole. In 2021 the Federal Trade Commission published a staff report on the privacy practices of major internet providers and concluded they collect far more data than consumers realize, share it in ways that are difficult to see, and offer opt-outs that are limited or confusing. Some ISPs have also marketed “ad-supported” discount tiers — a plan where you knowingly trade browsing data for a lower bill. That such products exist tells you exactly how the data is valued.
What does your ISP browsing history actually reveal?
More than most people assume, and slightly less than the scariest headlines claim. Being precise here matters, because the accurate version is alarming enough:
| What your ISP sees | Without a VPN | With a VPN router |
|---|---|---|
| Every domain you visit | Visible — via DNS lookups and connection metadata | Hidden |
| When and how long you browse | Visible | Hidden |
| Which devices are in your home | Visible — TVs, consoles, phones, smart devices | Hidden |
| What you type on a secure site | Encrypted by HTTPS — not visible | Not visible |
| That you used a VPN | N/A | Visible — but nothing about what you did |
“But I use HTTPS — isn’t my traffic already encrypted?”
HTTPS encrypts what you send and receive on a site — your passwords, messages, and form entries are safe. What it does not hide is which site you went to. Your ISP still sees the domain name through your DNS lookups and the connection handshake. Think of it as a sealed envelope: they can’t read the letter, but they see every address you mail to, and how often. That list alone reveals your health concerns, finances, politics, and habits.
Which ISPs collect your data?
Effectively all of them — the question is only how much and how visibly. In 2021 the Federal Trade Commission ran a formal study of six of the largest US internet providers: AT&T, Verizon, Charter (Spectrum), Comcast (Xfinity), T-Mobile, and Google Fiber. The FTC concluded they collect considerably more data than their customers realize, combine it in ways that are hard to see, and offer opt-outs that are limited or confusing to use.
A few things worth knowing about the provider you’re actually using:
| Provider | What to know |
|---|---|
| Comcast / Xfinity | Included in the FTC’s six-provider study. Leased Xfinity gateways don’t support a VPN client, so there’s no way to encrypt your network from the box they rent you. |
| Verizon (Fios / 5G Home) | Included in the FTC study. Like most ISP-supplied routers, the standard gateway has no router-level VPN option. |
| Charter / Spectrum | Included in the FTC study. Same limitation on leased hardware. |
| AT&T | Included in the FTC study. Fiber gateways are typically locked down and can’t run VPN firmware. |
| Starlink | Like any ISP, it can see the addresses your traffic connects to. The stock Starlink router won’t run a VPN client — you need a capable router behind it. |
The FTC’s findings describe industry-wide data practices, not an accusation that any single named provider sells browsing history. The point is simpler: US law doesn’t require them to ask you first.
Notice the pattern in that table. Nearly every provider hands you a gateway that cannot run a VPN — which means the one device standing between your home and your ISP is a device your ISP controls. We’ve written before about why Xfinity customers can’t rely on leased Comcast hardware, and about how to run a VPN with a Starlink connection. The fix is the same in both cases: put a router you control between your devices and your provider.
Does incognito mode hide your browsing from your ISP?
No. This is the single most common misconception about online privacy, and it’s worth being blunt: private browsing hides your history from other people who use your computer. That is all it does. It doesn’t hide anything from your ISP, your employer’s network, the sites you visit, or advertisers. The moment your request leaves your device, it looks exactly the same to your provider whether the window was incognito or not.
How do you stop your ISP from tracking you?
Encrypt your traffic before it reaches them. That’s the whole answer — and it’s why this is the one privacy problem a VPN solves cleanly rather than partially. When your connection runs through a VPN, your ISP can see that you’re connected to a VPN server and how much data you’re moving. It cannot see which sites you visited, what you searched, or what you streamed. There’s nothing left to log, package, and sell.
The catch with a VPN app is coverage. Installing one on your laptop protects your laptop. It does nothing for the smart TV in the living room, the streaming stick, the console, the tablet, or the dozen smart-home gadgets quietly chattering to the internet all day — and many of those devices can’t run a VPN app at all. Your ISP still sees all of it.
That’s why the router is the right place to solve this. It’s the single door every device in your home passes through on the way to the internet. Encrypt there, and everything behind it is covered — automatically, permanently, with nothing to install on each device. It’s also the only approach that protects gear that can’t run VPN software at all.
Take your data off the market
Privacy Hero 2
Privacy Hero 2 encrypts every device in your home from a single box — so there’s nothing left for your ISP to log or sell. It sets up in minutes through a guided, browser-based process, is VPN-optional with streaming relocation built in, and requires no technical skills at all. Whole-home coverage, one device, done.
Explore Privacy Hero 2 →Already have a VPN provider you trust? FlashRouters ships pre-configured, pre-flashed routers — ASUS models running AsusWRT by default, with AsusWRT-Merlin available on request, plus native OpenWrt options from GL.iNet — ready to plug in, and compatible with 30+ major VPN services. Just be sure the provider itself is worth trusting: not all of them are. Take the 60-second router quiz to find your match.
Frequently asked questions
Can my ISP sell my browsing history?
In the United States, yes. Congress repealed the FCC’s broadband privacy rules in 2017 before they took effect, so there is no federal requirement that your internet provider get your consent before sharing or selling your browsing data.
What exactly can my ISP see?
Your ISP can see every domain you connect to, when you connect, how long you stay, how much data you use, and which devices in your home are online. HTTPS encrypts the contents of pages, so it cannot read what you type on secure sites — but it still sees which sites you visited.
Does incognito mode hide my browsing from my ISP?
No. Incognito or private browsing only prevents your browser from saving history locally. Your ISP, the websites you visit, and advertisers can all still see your activity exactly as they would otherwise.
Does a VPN stop ISP tracking?
Yes. A VPN encrypts your traffic before it reaches your provider, so your ISP can see only that you are connected to a VPN and how much data you are using — not which sites you visit or what you do there. This is the one privacy problem a VPN solves completely rather than partially.
Which ISPs collect your browsing data?
The FTC's 2021 staff report studied six of the largest US providers — AT&T, Verizon, Charter (Spectrum), Comcast (Xfinity), T-Mobile and Google Fiber — and found they collect more data than customers expect, with opt-outs that are limited or hard to use. Because Congress repealed the FCC's privacy rules in 2017, no US provider is required to get your consent first.
Why use a VPN router instead of a VPN app?
A VPN app only protects the device it is installed on. A VPN router encrypts traffic from every device in your home — including smart TVs, streaming sticks, consoles, and smart-home devices that cannot run VPN apps — so your ISP sees nothing from any of them.
Your ISP can’t sell what it can’t see
Encrypt every device in your home from one box. Set up in minutes — no technical skills required.
Shop Privacy Hero 2 →Not sure what fits? Take the 60-second router quiz
100,000+ Routers Shipped · 15+ Years of VPN Expertise · Official NordVPN Partner · US-Based Experts
