Disclosure: Top10VPN is editorially independent. We may earn commissions if you buy a VPN through links on our site.

Can Your ISP See Your Browsing History?

Headshot of Top10VPN.com Site Editor Callum Tennent

Callum Tennent oversees how we test and review VPN services. He's a member of the IAPP, and his VPN advice has featured in Forbes and the Internet Society. Read full bio

Our Verdict

Internet Service Providers (ISPs) can see everything you do online. This includes your browsing history, the videos you watch, and the websites you visit – even in private browsing mode. In most countries, ISPs can track and store this information for up to two years. The data is used for law enforcement, targeted advertising, and even bandwidth throttling.

criminal spying on someone through a window shaped like a phone

Your ISP is your internet service provider. It is the company that controls your access to the internet and often provides you with a router, too.

Whether your ISP supplies you with mobile data or a full broadband connection, its position at the center of your web browsing enables it to see everything that you do online.

It knows important information like your IP address, your location, and the DNS queries your devices make when using the internet. It is capable of seeing, tracking, and monitoring all of this information, as well as all unencrypted traffic that travels to and from your router.

Unfortunately, some ISPs abuse this power. In many countries, ISPs are legally obliged to collect and store data about your browsing history and share it with government authorities on request. Some even use this data for advertising, bandwidth throttling, and censorship.

In this guide, we’ll explain what your ISP can see and what it does with your browsing history. You’ll find out how long internet providers keep your history, and the best way to hide your activity, too.

EXPERT TIP: If you want to prevent ISPs monitoring and storing your browsing history, we recommend using a Virtual Private Network (VPN), which encrypts your web traffic and reroutes it through a remote server.

By encrypting your traffic with a VPN, your ISP will only see strings of unintelligible letters and numbers. We recommend using ExpressVPN, the top-rated VPN in our tests. It’s fast, highly-secure, and you can get it free for 30 days.

What Can Your ISP See?

Your ISP owns the infrastructure through which all of your browsing data travels. As a result, ISPs can monitor all of your online activity, including your location, all of the websites you visit, and what you do on them. In many countries, the law requires them to store your data. In others, they store the data for commercial purposes.

There is a lot of confusing information online about what ISPs can actually see, though. Here’s an overview of the data your ISP can see in the majority of cases:

Browsing Type What can your ISP see?
Websites Websites you visit, and sometimes web pages, too.
Search queries Only that you visited a search engine.
YouTube videos Only that you visited YouTube.
Deleted browsing history Websites you visit, and sometimes web pages, too.
Private browsing history Websites you visit, and sometimes web pages, too.
App activity Which apps you use. In some cases, the data too.
Activity in private browsers Websites you visit, and sometimes web pages, too.

This information is true for traditional ISPs and mobile data providers. If you’re using mobile data, your cell phone provider can see as much of your browsing history as your ISP can on your desktop or laptop.

If you use someone else’s WiFi, their ISP can still monitor your activity. They’ll also be able to see the device you’re using, and this may be traceable back to you.

EXPERT TIP: If you’re browsing an HTTPS website, your ISP can only see the domain name of the website you’re visiting, not the individual page you’re browsing. However, if legally obliged to do so, it’s possible for ISPs to use Deep Packet Inspection (DPI) to see the full extent of your browsing history, including your downloads, messages, and search queries.

Here’s a more detailed list of the information your ISP can see when you browse the internet:

1. The Websites You Visit

Without encryption, your ISP can see the full web address of any website you visit. That includes the articles you read, the search queries you make, and the videos you watch.

However, many websites today use HTTPS encryption, which significantly restricts what your ISP can see. You can tell if a website uses HTTPS by looking for a padlock in the address bar of your web browser.

HTTPS domain screenshot

You can identify websites using HTTPS by looking for the padlock in your browser’s address bar.

Hypertext Transfer Protocol Secure (HTTPS) is used to create a secure connection between your computer and the website you’re visiting. When you’re shopping, it protects your payment details and other sensitive information so nobody can intercept it.

Today, about 80% of web pages use HTTPS, even if they’re not handling sensitive data. There are two reasons for this:

  • HTTPS improves security, because it prevents attackers from intercepting your web traffic and inserting malicious code in it (known as a man-in-the-middle attack).
  • HTTPS improves privacy, because it stops most third parties from monitoring the details of your web traffic.

When you visit a HTTPS website, your ISP can see the domain name of the website you visit, but not the specific page. Your ISP also knows how long you spend on each web page, and the device you’re using.

HTTPS offers some protection, but it is still technically possible for your ISP to monitor your encrypted traffic. If legally obliged to do so, your ISP can use deep packet inspection (DPI) to identify the files you’re downloading or the specific web pages you’re visiting.

While possible, it’s highly unlikely your ISP is doing this. It’s difficult, and unlikely to be profitable.

2. Search Queries

Most search engines, including Google, use HTTPS. That means your ISP can see that you visited Google, but it can’t see your search history or results. Unless your ISP is inspecting your traffic and monitoring for anything untoward, it can’t see your search queries.

However, if you click a result, your ISP can see which website you visit. If the site does not use HTTPS, your ISP can see the exact web page you visit, too.

Bear in mind that some ISPs now own and operate search engines, and may combine your browsing data with your search history. Verizon, for example, owns Yahoo.

EXPERT TIP:While your ISP can’t always see your search queries, Google can. In fact, Google combines your search results with your activity on other Google services to build a profile of you that could be shared with government agencies. If that bothers you, we recommend combining ExpressVPN with the Firefox Browser and DuckDuckGo for improved privacy.

3. YouTube

YouTube uses HTTPS, which means your ISP cannot see exactly which videos you watch. However, it can see how long you spend on YouTube and how often you visit the YouTube domain.

If you’re watching lots of videos, your ISP will also be able to see the amount of bandwidth you’re using.

While the videos you watch will be hidden for the most part, it’s technically possible for your ISP to identify the videos you’re watching on YouTube using DPI if they need to. Law enforcement agencies can also request this information from YouTube itself. However, this is highly unlikely.

YouTube History settings

Even with YouTube History turned off, your ISP can still see your viewing history.

You can change your YouTube account settings to prevent it from storing your watching history, but this will not affect what your ISP can see.

4. Deleted Browsing History

Your ISP can see your internet browsing history even if you delete it on your device.

Your browser stores the details of the websites you visit. The browser uses your history to automatically complete web addresses as you type them in, and stores web pages (or parts of them) on your computer so you can view them more quickly next time.

When you delete your browsing history from your device, it only removes the data from your computer or phone. If your ISP has logged the websites you’ve visited, you can’t delete their record of it.

5. Incognito or Private Browsing History

If your connection is not encrypted, your ISP can still see the websites you visit in incognito mode.

Incognito mode is a privacy feature in Google Chrome that stops your browser from storing your history on your computer. On Safari the feature is called Private Browsing, and in Microsoft Edge it’s called InPrivate browsing.

Incognito mode screenshot

Incognito mode in Google Chrome warns you that your ISP can still see your activity.

When you close the browser or the private browsing session, it will delete your history, cookies, and any data entered into forms. Your bookmarks and downloads are saved on your computer as usual, but your download history is wiped.

Incognito browsing does not add any additional encryption, which means it does not change what your ISP can see. Your ISP can still record the websites you visit in incognito mode, as well as the specific web pages you visit if you are not using HTTPS or a VPN.

6. App Activity

When your apps connect to an online service, that data must go through your ISP. That connection can use encryption, just like a web browser can.

If an app does not use encryption, your ISP can see the data sent by the app, as well as which app you’re using.

If an app does use encryption, your ISP can most likely see which app you’re using, but not see the data that is being transmitted.

For example:

  • WhatsApp offers end-to-end encryption,so only your intended recipient can see the messages you send them.
  • Facebook Messenger does not use encryption unless you activate a “secret” conversation. Without this feature, your ISP can see the contents of any messages you send.

Unfortunately, it’s more difficult to see whether an app uses encryption or not. To find out, you’ll need to check them on a case-by-case basis.

The Federal Trade Commission (FTC) found that several leading ISPs in the US collect app usage data for advertising purposes. Users may be categorized according to the type of app they enjoy (e.g. business, finance, or sports).

7. Activity in Private Browsers, Such as DuckDuckGo

DuckDuckGo offers a private browser for iOS and Android. Unlike alternatives such as Google Chrome, this browser blocks advertising trackers, enforces a HTTPS connection where available, and does not profile you.

However, even the best private browsers still send your data through your ISP or mobile data provider. Your ISP can see the websites you visit, no matter which browser you use.

How Long Do ISPs Keep Your Browsing History?

In many countries, ISPs are legally required to monitor and store data about your browsing history for an extended period of time. This is called mandatory data retention. This data is used for policing, government surveillance, and sometimes even advertising.

The length of time that ISPs must retain data varies by country. The U.S. government requires ISPs to keep records of customers’ internet history for a minimum of 90 days, while the UK and European Union requires ISPs to keep browsing records for up to 12 months.

It’s not always clear which types of data are retained, or by whom. In the UK, for example, there’s no requirement for all ISPs to store data.

However, the UK government can require any ISP to retain data, and almost certainly does so for larger ISPs. Exactly which ISPs are storing data for the government is kept secret.

Here’s a table comparing how long ISPs keep your browsing history in different countries:

6 months 1 year 18 months 2 years
  • Lithuania
  • Luxembourg
  • Malta
  • Sweden
  • Finland
  • France
  • Greece
  • Hungary
  • Ireland
  • Italy
  • Portugal
  • Spain
  • UK
  • Latvia
  • Australia
  • Poland

Data retention has been declared unconstitutional in Germany, the Czech Republic, and Slovenia, among others. Data retention laws are being challenged through the courts in many countries.

Data retention laws in the US are particularly vague. ISPs often voluntarily store data for advertising purposes, which government agencies can demand access to.

What Do ISPs Do with Your Browsing Data?

ISPs collect your browsing history for a number of purposes, including targeting advertising, censorship, and bandwidth throttling.
Here’s a detailed list of what your ISP uses your data for:

1. Customer & Network Management

ISPs collect data to better understand how customers use their services. It helps them to plan their network build-out, and can help with troubleshooting problems, too.

If you have a technical issue, a technician may look at your data to trace the fault, although they’ll be more interested in how much data you’re using than which websites you’re visiting.

In most cases, your ISP’s employees are not looking at your data – although the company will have ways to process it in bulk.

2. Targeted Advertising

In the US, ISPs often collect data purely for advertising purposes. According to the Federal Trade Commission (FTC), three of the top six ISPs in the US use web browsing data for advertising purposes, or may do so in the future.

Your browsing data may be enhanced with demographic data the ISP can buy from data brokers. Some of the demographic data may be sensitive, including ethnicity, household income, and political affiliation.

ISPs can also combine information from other services their parent companies operate. Any assurances from ISPs that they will not sell your data are meaningless, because they can often target adverts at you themselves, without disclosing your data to another company.

3. Mass Surveillance

ISPs in the US, UK, most of Europe, and many other countries are legally required to monitor and record your browsing history and to disclose it to government authorities on request.

This happens in secret: neither the ISP nor the government agency will tell you if they’re monitoring your online activities.

The justification is usually that the data is used for crime prevention, but there is often little oversight, and it’s especially problematic in countries that infringe human rights.

4. Bandwidth Throttling

ISPs have been known to throttle (or slow down) a user’s internet connection if they are engaged in activities such as torrenting or other heavy downloads.

Some ISPs deliberately target activities that consume large amounts of bandwidth, including streaming, gaming, and P2P file sharing.

This can be done by monitoring the IP addresses of well-known streaming services, or even inspecting your traffic to find common P2P protocols.

In 2019, AT&T Mobility reached a $60 million settlement with the FTC after it was accused of deceptively throttling mobile internet speeds.

5. Enforcing Censorship

In some countries, the government bans gambling websites and adult websites, or restricts content that encourages political or social change.

As the gatekeepers to the internet, ISPs are often required to stop their subscribers accessing this content. By monitoring your web browsing activities, ISPs can see if you’re attempting to view content that is restricted and prevent you from accessing it.

How to Hide Your Browsing Activity from Your ISP

There are a number of tools you can use to prevent your ISP from spying on your online activities, including a VPN, the Tor browser, and web proxies. You can also use HTTPS websites and change your DNS server to limit the information your ISP can capture.

1. Use a Virtual Private Network (VPN)

VPN software creates an encrypted tunnel between your device and the internet, shielding your activity from prying eyes.

When you connect to a VPN server, all of your internet traffic is encrypted and routed through that server. As long as the VPN connection remains active, your ISP will be unable to see your browsing history, downloads, or the websites you visit.

If your ISP does inspect your traffic while you’re using a VPN, it will only be able to see strings of unintelligible letters and numbers.

how a virtual private network (VPN) works

When you use a VPN, your ISP cannot see the websites you visit.

As an added bonus, your IP address is also temporarily replaced with that of the VPN server. This helps prevent the websites you visit from tracking you, and lets you unblock content that is restricted in your region.

While a VPN can stop ISPs from seeing your activity, your ISP can still see that you’re using a VPN. If that’s a problem where you are, we recommend choosing a VPN with obfuscation technology that disguises your VPN traffic.

Here’s a summary of the activities a VPN will protect:

  • HTTP websites, which are normally unencrypted, are now encrypted.
  • All your internet activities, including using torrenting clients, are encrypted and hidden from your ISP.
  • Your ISP cannot see the websites you visit, because the VPN service changes your DNS server too.
  • Your ISP cannot see the IP address of those websites’ servers, either, because the VPN server is in the middle. All the ISP sees is the IP address of your VPN server.

All of your internet traffic passes through the VPN, so it’s important to make sure the VPN service provider is trustworthy. Look for a strict no-logs policy, strong encryption, and ideally a company headquartered in a country without any data retention laws.

We’ve reviewed 71 VPN services over more than 30,000 hours of testing. Based on our results, we recommend subscribing to ExpressVPN to successfully hide your browsing activity from your ISP. It’s fast, highly secure, and it reliably tops our list of the 10 best VPN services overall.

We recommend paying for a VPN service so you can benefit from a larger server network and unlimited data. If these limitations don’t bother you, then our tests show that the best free VPN service for hiding your browsing activity from your ISP is Windscribe. It’s trustworthy, but has a 10GB monthly data cap.

2. Use the Tor Browser

When you use a VPN service, you’re entrusting the company behind it with your data. The best VPNs do not track or log your activities, but there is a theoretical risk that they could.

Unlike VPNs, the Tor browser is fully decentralized. It gives you access to a network of three servers or ‘nodes’ that are maintained by volunteers. At no point can any party see both your identity and your online activity. This is the biggest difference between Tor and VPNs.

Data passing through the Tor network

The Tor network will encrypt your data without the risk of data logging.

As your data passes through this network of servers, your traffic is encrypted – preventing your ISP from seeing your traffic and hiding the domain names of the websites you visit.

However, your ISP can still see that you’re using Tor. Given its reputation for providing access to the dark web, this may flag you for surveillance.

EXPERT TIP: Tor will only protect your browsing traffic. Tails is a Linux-based operating system that uses Tor for all web communications, not just web browsing. This will stop your ISP from seeing all of your online activities.

3. Use An Encrypted Web Proxy

A web proxy can be effective at stopping your ISP from snooping on your web browsing, as long as it uses HTTPS encryption.

A web proxy acts as a middleman between your device and the web content you want to access. Most web proxies are unencrypted, but the best ones add HTTPS encryption to your connection.

That means your ISP cannot see the websites or the content you access, even if those websites do not use HTTPS themselves. Your ISP can only see that you’re connected to a web proxy service.

Image demonstrating how web proxies work, showing how they fail to encrypt web traffic.

Unencrypted web proxies will not encrypt your data or prevent ISP snooping.

There are lots of bad proxies out there: many simply do not encrypt your traffic, and some even insert malware into your browsing traffic.

Hide.me and HideMyAss are two trustworthy free web proxy services. Simply visit one of those websites and enter the website you want to view through the proxy.

Most proxies are not as effective as VPN services. A VPN will seamlessly protect all of your online activities, all the time, without the need for a special interface to request the web page you want to view.

4. Use HTTPS websites

By exclusively visiting HTTPS websites, you can limit the extent to which your ISP can track your online behavior. It stops your ISP seeing the specific web pages you read, although it can still see the names of the websites you visit.

Most websites today use HTTPS. However, some websites may not be configured to use HTTPS by default, and you can end up on an unencrypted HTTP site by accident.

HTTPS Everywhere is a free browser extension that makes sure your connection uses HTTPS where possible. It doesn’t add encryption to websites that don’t have it, but it does ensure you don’t end up with an unprotected connection by mistake.

5. Change Your DNS Server

DNS servers convert domain names into an IP address that points to the website’s server. Usually, your DNS server is operated by your ISP – that’s how the ISP knows which websites you’re visiting.

You can change your DNS server to stop your ISP seeing the domain names you’re accessing. However, it will still see the IP addresses of the servers you visit, and it may store this information too.

Premium VPN software will route your DNS requests through the VPN’s DNS servers. This ensures that you don’t suffer from DNS leaks, where your online activities are exposed despite using the VPN.

If you’re not using a VPN, you can replace your ISP’s DNS server with Google’s (8.8.8.8 primary, and 8.8.4.4 secondary).

While changing your DNS server gives you some independence from your ISP, it will not replace your IP address or encrypt the domain names of websites that you access. Put simply: if privacy is your main concern, using custom DNS servers is less effective than using a VPN.

Is it Illegal to Prevent Your ISP From Monitoring Your Activity?

There is no rule or law that says you can’t hide your browsing activity from your ISP. However, some of the tools you might want to use are illegal or restricted in certain countries.

VPNs are legal in most of the world, including the USA, UK, Canada, Australia and most of Europe.

a map showing everywhere in the world where using a VPN is legal

It is completely legal to use a VPN in the majority of countries.

VPNs are illegal in Belarus, Iraq, North Korea, and Turkmenistan. They are restricted in China and Russia.

Tor is legal nearly everywhere, too. It is banned or blocked in Belarus, Turkey, Russia, Iran, Saudi Arabia, and China.

FAQs

Can your ISP see your browsing history with a VPN?

When you connect to a VPN server, all of your internet traffic is encrypted and routed through that server. As long as the VPN connection remains active, your ISP will be unable to see your search queries, downloads, or the websites you visit.

However, your ISP will be able to see that you are using a VPN, as well as any websites you’ve visited outside the VPN connection.

Will Incognito mode stop my ISP monitoring my browsing history?

Incognito mode does not prevent your ISP from monitoring your activity. Incognito mode stops your browser storing your history on your computer, but it doesn’t change what your ISP sees.

Can I delete my ISP’s record of my browsing history?

You can’t access your ISPs records, and ISPs don’t provide a way for you to delete them. You can’t do anything on your device to remove your ISP’s record of your online activities.

About the Author


  • Headshot of Top10VPN.com Site Editor Callum Tennent

    Callum Tennent

    Callum Tennent oversees how we test and review VPN services. He's a member of the IAPP, and his VPN advice has featured in Forbes and the Internet Society. Read full bio