Can Your ISP See Your Browsing, Search & Mobile Data History?

Your ISP owns the infrastructure through which all your browsing data travels. As a result, ISPs can monitor all your online activity, including your location, the websites you visit, and what you do on them.

In many countries, the law requires ISPs to store your data. In others, they store the data for commercial purposes.

There’s a lot of confusing information online about what ISPs can actually see, though. Here’s an overview of the data your ISP can see in the majority of cases:

Browsing Type	What can your ISP see?
Websites	Websites you visit, and sometimes web pages, too.
Search queries	Only that you visited a search engine.
YouTube videos	Only that you visited YouTube.
Deleted browsing history	Websites you visit, and sometimes web pages, too.
Private browsing history	Websites you visit, and sometimes web pages, too.
App activity	Which apps you use. In some cases, the data too.
Activity in private browsers	Websites you visit, and sometimes web pages, too.

This information is true for traditional ISPs and mobile carriers. If you’re using mobile data, your cell phone provider can see as much of your browsing history as your ISP can on your desktop or laptop.

If you use someone else’s WiFi, their ISP can still monitor your activity. They’ll also be able to see the device you’re using, and this may be traceable back to you.

In many cases, the WiFi owner will be able to see your internet history, too.

Here’s a more detailed list of the information your ISP can see when you browse the internet:

1. The Websites You Visit

Without encryption, your ISP can see the full web address of any website you visit. That includes the articles you read, the search queries you make, and the videos you watch.

However, many websites today use HTTPS encryption, which significantly restricts what your ISP can see. You can tell if a website uses HTTPS by looking for a padlock in the address bar of your web browser.

Hypertext Transfer Protocol Secure (HTTPS) is used to create a secure connection between your computer and the website you’re visiting. When you’re shopping, it protects your payment details and other sensitive information so nobody can intercept it.

Today, about 80% of web pages use HTTPS, even if they’re not handling sensitive data. There are two reasons for this:

• HTTPS improves your security, because it prevents attackers from intercepting your web traffic and inserting malicious code in it (known as a man-in-the-middle attack).
• HTTPS improves your privacy, because it stops most third parties from monitoring the details of your web traffic.

When you visit a HTTPS website, your ISP can see the domain name of the website you visit, but not the specific page. Your ISP also knows how long you spend on each web page, and the device you’re using.

HTTPS improves your online security, but it is still technically possible for your ISP to monitor your encrypted traffic. If legally obliged to do so, your ISP can use deep packet inspection (DPI) to identify the files you’re downloading or the specific web pages you’re visiting.

While possible, it’s highly unlikely your ISP is doing this. It’s difficult, and unlikely to be profitable. However, if privacy is of the utmost importance, we recommend only visiting HTTPS websites with a VPN. A VPN will encrypt your traffic and prevent your ISP from seeing your browsing activity.

2. Search Queries

Most search engines, including Google, use HTTPS. That means your ISP can see that you visited Google, but it can’t see your search history or results. Unless your ISP is inspecting your traffic and monitoring for anything untoward, it can’t see your search queries.

However, if you click a result, your ISP can see which website you visit. If the site does not use HTTPS, your ISP can see the exact web page you visit, too.

Added: For example, your ISP will see www.top10vpn.com/guides/ rather than www.top10vpn.com

Bear in mind that some ISPs now own and operate search engines, and may combine your browsing data with your search history. Verizon, for example, owns Yahoo.

3. YouTube

YouTube uses HTTPS, which means your ISP cannot see exactly which videos you watch. However, it can see how long you spend on YouTube and how often you visit the YouTube domain.

If you’re watching lots of videos, your ISP will also be able to see the amount of bandwidth you’re using.

While the videos you watch will be hidden for the most part, it’s technically possible for your ISP to identify the videos you’re watching on YouTube using DPI if they need to. Law enforcement agencies can also request this information from YouTube itself. However, this is highly unlikely.

You can change your YouTube account settings to prevent it from storing your watching history, but this will not affect what your ISP can see.

4. Deleted Browsing History

Your ISP can see your internet browsing history even if you delete it on your device.

Your browser stores the details of the websites you visit. The browser uses your history to automatically complete web addresses as you type them in, and stores web pages (or parts of them) on your computer so you can view them more quickly next time.

When you delete your browsing history from your device, it only removes the data from your computer or phone. If your ISP has logged the websites you’ve visited, you can’t delete their record of it.

5. Incognito or Private Browsing History

If your connection is not encrypted, your ISP can still see the websites you visit in incognito mode.

Incognito mode is a privacy feature in Google Chrome that stops your browser from storing your history on your computer. On Safari the feature is called Private Browsing, and in Microsoft Edge it’s called InPrivate browsing. These privacy features do not make you anonymous online, and will not prevent your ISP from seeing your activity.

When you close the browser or the private browsing session, it will delete your history, cookies, and any data entered into forms. Your bookmarks and downloads are saved on your computer as usual, but your download history is wiped.

Incognito browsing does not add any additional encryption, which means it does not change what your ISP can see. Your ISP can still record the websites you visit in incognito mode, as well as the specific web pages you visit if you are not using HTTPS or a VPN.

6. App Activity

When your apps connect to an online service, that data must go through your ISP. That connection can use encryption, just like a web browser can.

If an app does not use encryption, your ISP can see the data sent by the app, as well as which app you’re using.

If an app does use encryption, your ISP can most likely see which app you’re using, but not see the data that is being transmitted.

Unfortunately, it’s more difficult to see whether an app uses encryption or not. To find out, you’ll need to check them on a case-by-case basis.

The Federal Trade Commission (FTC) found that several leading ISPs in the US collect app usage data for advertising purposes. Users may be categorized according to the type of app they enjoy (e.g. business, finance, or sports).

7. Activity in Private Browsers, Such as DuckDuckGo

DuckDuckGo offers a private browser for iOS and Android. Unlike alternatives such as Google Chrome, this browser blocks advertising trackers, enforces a HTTPS connection where available, and does not profile you.

However, even the best private browsers still send your data through your ISP or mobile data provider. Your ISP can see the websites you visit, no matter which browser you use.

In many countries, ISPs are legally required to monitor and store data about your browsing history for an extended period of time. This is called mandatory data retention.

Mandatory data is used for policing, government surveillance, and sometimes even advertising. The length of time ISPs must retain data varies by country.

The U.S. government requires ISPs to keep records of customers’ internet history for a minimum of 90 days. The UK and European Union requires ISPs to keep browsing records for up to 12 months.

It’s not always clear which types of data are retained, or by whom. In the UK, for example, there’s no requirement for all ISPs to store data.

However, the UK government can require ISPs to retain data, and almost certainly does so for large service providers. Exactly which ISPs are storing data for the government is kept secret.

Here’s a table comparing how long ISPs keep your browsing history in different countries:

6 months	1 year	18 months	2 years
Lithuania Luxembourg Malta Sweden	Finland France Greece Hungary Ireland Italy Portugal Spain UK	Latvia	Australia Poland

Data retention has been declared unconstitutional in Germany, the Czech Republic, and Slovenia, among others.

Data retention laws are also being challenged through the courts in many other countries.

In the US, Data retention laws are particularly vague. ISPs often voluntarily store data for advertising purposes, which government agencies can demand access to.

ISPs collect your browsing history for a number of purposes, including targeting advertising, censorship, and bandwidth throttling.

Here’s a detailed list of what your ISP uses your data for:

1. Customer & Network Management

ISPs collect data to better understand how customers use their services. It helps them to plan their network build-out, and can help with troubleshooting problems, too.

If you have a technical issue, a technician may look at your data to trace the fault, although they’ll be more interested in how much data you’re using than which websites you’re visiting.

In most cases, your ISP’s employees are not looking at your data – although the company will have ways to process it in bulk.

2. Targeted Advertising

In the US, ISPs often collect data purely for advertising purposes. According to the Federal Trade Commission (FTC), three of the top six ISPs in the US use web browsing data for advertising purposes, or may do so in the future.

Your browsing data may be enhanced with demographic data the ISP can buy from data brokers. Some of the demographic data may be sensitive, including ethnicity, household income, and political affiliation.

ISPs can also combine information from other services their parent companies operate. Any assurances from ISPs that they will not sell your data are meaningless, because they can often target adverts at you themselves, without disclosing your data to another company.

3. Mass Surveillance

ISPs in the US, UK, most of Europe, and many other countries are legally required to monitor and record your browsing history and to disclose it to government authorities on request.

This happens in secret: neither the ISP nor the government agency will tell you if they’re monitoring your online activities.

The justification is usually that the data is used for crime prevention, but there is often little oversight, and it’s especially problematic in countries that infringe human rights.

4. Bandwidth Throttling

ISPs have been known to throttle (or slow down) a user’s internet connection if they are engaged in activities such as torrenting or other heavy downloads.

Some ISPs deliberately target activities that consume large amounts of bandwidth, including streaming, gaming, and P2P file sharing.

This can be done by monitoring the IP addresses of well-known streaming services, or even inspecting your traffic to find common P2P protocols.

In 2019, AT&T Mobility reached a $60,000,000.00 settlement with the FTC after it was accused of deceptively throttling mobile internet speeds.

5. Enforcing Censorship

In some countries, the government bans gambling websites and adult websites, or restricts content that encourages political or social change.

As the gatekeepers to the internet, ISPs are often required to stop their subscribers accessing this content. By monitoring your web browsing activities, ISPs can see if you’re attempting to view content that is restricted and prevent you from accessing it.

There are a number of tools you can use to prevent your ISP from spying on your online activities, including a VPN, the Tor browser, and web proxies. You can also use HTTPS websites and change your DNS server to limit the information your ISP can capture.

1. Use a Virtual Private Network (VPN)

VPN software creates an encrypted tunnel between your device and the internet, shielding your activity from prying eyes.

When you connect to a VPN server, all your internet traffic is encrypted and routed through that server. As long as the VPN connection remains active, your ISP will be unable to see your browsing history, downloads, or the websites you visit.

If your ISP does inspect your traffic while you’re using a VPN, it will only be able to see strings of unintelligible letters and numbers.

As an added bonus, your IP address is also temporarily replaced with that of the VPN server. This helps prevent the websites you visit from tracking you, and lets you unblock content that is restricted in your region.

While a VPN can stop ISPs from seeing your activity, your ISP can still see that you’re using a VPN.

If you’re in a high-censorship country, we recommend choosing a VPN with obfuscation technology that disguises your VPN traffic.

All your internet traffic passes through the VPN, so it’s important to make sure your VPN service provider is trustworthy.

Look for a proven no-logs VPN with strong encryption, and ideally a company headquartered in a country without data retention laws.

We’ve reviewed 65 VPN services over more than 30,000 hours of testing. Based on our results, we recommend using ExpressVPN to successfully hide your browsing activity from your ISP. ExpressVPN’s test results were exceptional, establishing fast, secure and private connections around the world.

We recommend paying for a VPN service so you can benefit from a larger server network and unlimited data.

If these limitations don’t bother you, then our tests show that the best free VPN service for hiding your browsing activity from your ISP is Proton VPN.

2. Use the Tor Browser

When you use a VPN service, you’re entrusting the company behind it with your data. The best VPNs do not track or log your activities, but there is a theoretical risk that they could.

Unlike VPNs, the Tor browser is fully decentralized. It gives you access to a network of three servers or ‘nodes’ that are maintained by volunteers. At no point can any party see both your identity and your online activity. This is the biggest difference between Tor and VPNs.

As your data passes through this network of servers, your traffic is encrypted – preventing your ISP from seeing your traffic and hiding the domain names of the websites you visit.

However, your ISP can still see that you’re using Tor. Given its reputation for providing access to the dark web, this may flag you for surveillance.

If you want to keep your Tor connection hidden from your ISP, we recommend using one of the best VPNs for Tor and Onion over VPN.

3. Use An Encrypted Web Proxy

A web proxy can be effective at stopping your ISP from snooping on your web browsing, as long as it uses HTTPS encryption.

A web proxy acts as a middleman between your device and the web content you want to access. Most web proxies are unencrypted, but the best ones add HTTPS encryption to your connection.

That means your ISP cannot see the websites or the content you access, even if those websites do not use HTTPS themselves. Your ISP can only see that you’re connected to a web proxy service.

There are lots of bad proxies out there: many simply do not encrypt your traffic, and some even insert malware into your browsing traffic.

Hide.me and HideMyAss are two trustworthy free web proxy services. Simply visit one of those websites and enter the website you want to view through the proxy.

Most proxies are not as effective as VPN services. A VPN will seamlessly protect all your internet activity, all the time, without the need for a special interface to request the web page you want to view.

4. Use HTTPS websites

By exclusively visiting HTTPS websites, you can limit the extent to which your ISP can track your online behavior. It stops your ISP seeing the specific web pages you read, although it can still see the names of the websites you visit.

Most websites today use HTTPS. However, some websites may not be configured to use HTTPS by default, and you can end up on an unencrypted HTTP site by accident.

HTTPS Everywhere is a free browser extension that makes sure your connection uses HTTPS where possible. It doesn’t add encryption to websites that don’t have it, but it does ensure you don’t end up with an unprotected connection by mistake.

5. Change Your DNS Server

DNS servers convert domain names into an IP address that points to the website’s server. Usually, your DNS server is operated by your ISP – that’s how the ISP knows which websites you’re visiting.

You can change your DNS server to stop your ISP seeing the domain names you’re accessing. However, it will still see the IP addresses of the servers you visit, and it may store this information too.

Premium VPN software will route your DNS requests through the VPN’s DNS servers. This ensures that you don’t suffer from DNS leaks, where your online activities are exposed despite using the VPN.

If you’re not using a VPN, you can replace your ISP’s DNS server with Google’s (8.8.8.8 primary, and 8.8.4.4 secondary).

While changing your DNS server gives you some independence from your ISP, it will not replace your IP address or encrypt the domain names of websites that you access. Put simply: if privacy is your main concern, using custom DNS servers is less effective than using a VPN.

There is no rule or law that says you can’t hide your browsing activity from your ISP. However, some of the tools you might want to use are illegal or restricted in certain countries.

VPNs are legal in most of the world, including the USA, UK, Canada, Australia and most of Europe.

VPNs are illegal in Belarus, Iraq, North Korea, and Turkmenistan. They are restricted in China and Russia.

Tor is legal nearly everywhere, too. It is banned or blocked in Russia, Belarus, Turkey, Iran, Saudi Arabia, and China.