Is Your ISP Watching You? What Data They Actually Collect in 2026

What ISPs Are Legally Allowed to Collect

Since the 2017 rollback of FCC broadband privacy rules and the 2024 Supreme Court ruling limiting the FCC's net neutrality authority, US ISPs face minimal federal restrictions on data collection. Here is what the privacy policies of the 10 largest ISPs explicitly state they collect:

Data All Major ISPs Collect (From Their Own Policies)

• DNS query logs: Every domain name you visit (google.com, reddit.com, etc.) passes through your ISP's DNS resolver by default. This creates a near-complete record of every website you access, timestamped.
• IP connection metadata: Which IP addresses you connect to, when, for how long, and how much data you transfer. This reveals app usage even without DNS — connecting to known Netflix IP ranges identifies Netflix usage.
• Network management data: Traffic type (video streaming, gaming, video conferencing) identified via Deep Packet Inspection (DPI) for traffic management — and used to profile usage patterns.
• Device identifiers: MAC addresses, device types on your network, and number of connected devices.

What ISPs Do With This Data

• AT&T: Explicitly states in policy it "may share information about your internet usage with advertising partners." Opt-out available but buried in account settings.
• Comcast Xfinity: Provides browsing data to its own Effectv advertising platform. Opt-out exists via account privacy settings.
• Verizon: Offers "Custom Experience" program using network usage for targeted advertising. Default: enrolled. Opt-out required.
• Charter Spectrum: States it does not sell personal browsing data to third parties — one of the more privacy-protective policies among major ISPs.

Three Ways to Protect Your Privacy From Your ISP

1. Use encrypted DNS (DoH/DoT): Configure DNS-over-HTTPS via Cloudflare (1.1.1.1) or NextDNS. This encrypts your DNS queries so your ISP cannot read the domain names you visit. Available in Windows 11, macOS Ventura+, Firefox, and Chrome settings.
2. Use a reputable VPN: A VPN encrypts all traffic between your device and the VPN server, replacing ISP-visible traffic with encrypted blobs destined for the VPN's IP. Your ISP sees only that you are connected to a VPN. Use a no-log VPN (Mullvad, ProtonVPN) — you are trusting the VPN provider instead of your ISP.
3. Opt out of all ISP data programs: Log into your ISP account, navigate to Privacy Settings, and disable every advertising and data-sharing program. These are almost always opt-out, not opt-in by default.