ISPs are selling your private browsing history. Here’s how to prevent it.

browsing history privacy

Updated on January 31, 2019

Thanks to the passage of S.J.Res.34 in 2017, Internet service providers can sell and share users’ browsing history with advertisers. Here is our analysis of this law and the steps you should take to protect your privacy.

US lawmakers voted in favor of allowing Internet service providers (ISP) like Verizon, Comcast and AT&T to sell and share customers’ browsing history for advertising purposes. This is a major breach of browsing history privacy. This resolution was passed by Congress and signed into law by President Trump on April 4, 2017.

How did we get here?

The Internet today is largely driven by advertising, and the fuel that powers this multi-billion dollar industry is personal data which allows advertisements to become more and more targeted. Together, companies like Google and Facebook make over one hundred billion dollars per year by selling access to the insights gleaned from personal data such as search history and private email communications.

Previously, privacy regulations set by the Obama-era Federal Communications Commission (FCC) made it impossible for ISPs to violate customer privacy and sell browsing history to advertisers without explicit customer consent. To bypass these regulations, the US telecom industry directly lobbied 24 US senators, including contributing over $2.2 million to their re-election campaigns. As a result, Senate Joint Resolution 34 (S.J.Res.34) was introduced, passed, and signed into law.

What does this mean for online privacy?

An ISP is a company that provides you with web access.  ISPs can see everything you do and every website you visit since they own the internet infrastructure you are using. This means the amount of the data ISPs have on users is much larger than what search engines or social networks like Google and Facebook collect. Whether it’s Facebook, New York Times or a website that you visit in secret, your ISP has a record of all of your browsing history.

Since S.J.Res.34 became law, this highly personal and intimate data can be sold to the highest bidder, who can use this data to show invasive advertising that will pry into our private lives like never before. Even worse, no customer consent is required to do this, so your data can be sold without your permission.

How can you protect your browsing history privacy?

Because the legislation does not require ISPs to get your consent before providing your browsing history to advertisers, there is nothing you can do to opt-out of this privacy violation. Not using an ISP is also not a realistic proposition, as that is equivalent to not using the Internet. However, there are several things that can be done to make sure your private browsing activity stays private.

Use a VPN

The best way to prevent your online activity from being collected by your ISP is to use a Virtual Private Network (VPN). A VPN will shield your browsing history from the prying eyes of your ISP by encrypting and routing your Internet traffic through a private server. This makes it impossible for your ISP to monitor your browsing activity. ProtonVPN has a strict no logs policy to make sure that your online activity remains private. We also offer a free VPN service so that everyone can have secure and private access to the Internet. For more information about VPNs, see our article about choosing the best VPN service.

Don’t use email provided by your ISP

Your ISP likely provides you with a free email address (such as or Giving your ISP your browsing history is bad enough, don’t also hand over your personal email data. Going to an email provider like Gmail also isn’t a solution because Google may be even worse when it comes to your privacy. However, Gmail alternatives such as ProtonMail are much different.

Because ProtonMail utilizes end-to-end encryption, we don’t actually have the ability to read your emails, and therefore cannot sell your data to advertisers. Instead of paying with your privacy, ProtonMail is supported by paid users, which allows us to put your privacy first.

Lastly, if you are a US voter who is disturbed by this new legislation, you can also contact your Congressman or Senator to voice your objection. Now more than ever, it is important to oppose efforts that have put commercial interests ahead of privacy rights.

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

ProtonMail is funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Proton Team

Proton was founded by scientists who met at CERN and had the idea that an internet where privacy is the default is essential to preserving freedom. Our team of developers, engineers, and designers from all over the world is working to provide you with secure ways to be in control of your online data.


Comments are closed.

33 comments on “ISPs are selling your private browsing history. Here’s how to prevent it.

  • This is all such a disaster for privacy. To begin with, this data is ours, not the ISP’s. Why do they think they have the right to monitor, collect, and sell this information. That would be like your local phone company saying that because they provide the infrastructure, they have a right to listen in to, record, and sell all your phone conversations. It is B.S.

    My only fear is that the ISP’s will make it a requirement to use their proxy, or something similar, to prevent people from using VPN’s to obscure their browsing. A sad day indeed.

  • Three options:

    ProtonISP and like companies emerge, which use a completely different (ironically, also ‘old’) business model of customers just paying for the service without having their data monetised.

    Or massive movements and lobbying by people to make internet access free. In the end, what ISPs are doing is making Americans pay twice – once with money, and second time with data. Facebook and Google can only reasonably demand what they do because they are also free services. If ISPs decide they want to sell people’s data to make profit, they can’t also then ask for monthly cash payments. In a way, Facebook and Google have an incentive here to fight on this ground – they become utterly uninteresting to advertisers in comparison to the much greater data ISPs have.

    Or, finally, you reverse this monumentally awful decision. In the end, who would need the NSA when governments can just dip into the ISPs data banks?

  • And if ISP was became obsolete ?
    If they should not be able to furnish a loyal service as provider ; it could be the right time to develop another model (mesh runs well e.g).

    The net (privacy) is just on the other side of the mirror ; the real life without any rights is the default/standard in the most countries especially where you do thing it exist … e.u , france , uk , etc… and where you think there are not they do exist strongly … [guess].
    So, a law against privacy by the isp (they agree of course) means that in the real life you lost the right to be nothing more than a data that could be sold -nude or not- to anyone who should ask it.

    Nice day for the barbarian-age.

    I wonder if using tor&firefox could be safe after this law (u.s server/service).

  • Not really related to this article, but one thing that is preventing me from moving to a paid ProtonMail account is the inability to import or export mail to or from my account. I have several years of email that I need to be able to bring over from a Google account, and without the ability to import that can’t be done.

    From reviewing the forums it appears that this has been on the to-do list for over 2 years. That seems like a very long time to wait for what should be a basic feature of an email service that doesn’t allow POP3 or IMAP access (I understand why this is), yet for whatever reason, technical or otherwise, years have gone by without progress on this issue.

    Perhaps you can create a post detailing where things are in this regard, and when (if ever) people can expect to see the ability to import to ProtonMail.

    • Importing already works via the ProtonMail Bridge which is in closed beta testing right now.

      • Desperately want this released soon! The web interface is quite difficult and very slow to use.

  • Today, ProtonMail provides ProtonVPN for free to all paid ProtonMail users.

    Does this only apply to users who already had a paid account at the time this blog post was published or new paid Plus users as well?

    When using my free ProtonMail account and going into “SETTINGS > VPN it says ProtonVPN beta is currently available for Visioniary users. If you’re interested in participating in the ProtonVPN beta, consider upgrading to a Visionary plan. Neither a hard refresh (CMD + SHIFT +R) or purging of browser history had any effect.

    • hi,
      i hope that they will offer a free access (even restricted by month or data or bandwidth ?) to this new feature protonmail vpn ; i know & it was yet said & written ; it cost a lot & the paid version must be reserved first for both ProtonMail Plus and ProtonMail Visionary users.
      i hope that they will do some exceptions maybe for the free plan users registered 1 or 3 months ago and not only for organizations or their relatives/relations.
      anyway there are a lot of problem about the quality of the connection & the strength and i have some doubt about the ‘integrity’ of tor.
      https://protonirockerxow.onion works fine & better than
      thank you for your innovation & nice blog.

  • Do they actually collect information routed through their network or just DNS requests (logs) though? It seems to me that implementing an entirely separate logging system would be needlessly cumbersome when they already do it with their DNS resolvers. So using an alternative DNS provider, especially if those requests are sent encrypted, would protect you from this except in the case of very aggressive ISPs.
    Some VPNs have their own resolvers but a lot of them just farm it out to a 3rd party which might leak everything to your ISP, so I think it’s worth looking for that when signing up for one.
    What we really need are whistleblowers inside these ISPs to reveal how they collect this information, otherwise we’re waving around in the dark.

  • I want POP/SMTP. I hate gmail. I hate tabs. I want folders.

    I’ll bet one of the bought and paid for Senators was Blunt and heartless senior. He’s only in it for the money. The Tea Taliban party is ruled by hatred and greed. Greed is the big G word of economics — the reason why none of the -isms work.

    The only way to be safe is to stop using the internet.

  • I found an article on ESETs website about a new “bug” in Whatsapp. The article can be found here:

    The part that struck me: “They state: ‘After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked.’”

    Doesn´t it mean, that they upload your communication, attachments to check for “malicious” content and then encrypt it? The whatsapp to whatsapp communication would still be technically safe and encrypted, but they gain access to all your communication (for any reasons)?

    What do you guys think?

  • could you provide some test on a web page comparing your vpn vs another of our choice ?
    give some precision of course but it should be clearer for my poor:weak mind if i read green/red : pass/rejected.
    a test does not show a compromised server:team.
    btw what do you think about calomel addon ?

  • We need a citizen’s brigade, decentralized, grass roots and slightly advanced version of a sneaker net. One that employs private citizen’s in their vehicles with wireless transmitters and receivers for sending and receiving data once a day to mail boxes equipped with wireless 1 terabyte hard drives. Like digital postal carriers. Eventually, when autonomous vehicles are approved, we could automate the process.

    • wonderful idea : a genius civic action _ by motorcycle or drone or plane or relay on the roof ?

  • While your concern is spot on, your allegations are way off base. The Obama administration let this issue languish for 8 years then instituted this though a government department rather than con incinerator people of the benefits and securing the necessary votes. That is the way America is supposed to work. And you at correct that we can now contact our representatives to try and change this law and possibly regulate Google, Facebook, and others.

    One more note, the Obama rule on privacy was to take effect in December of this year, so the law doesn’t do anything but keep the status quo. The Obama administration new this rule itself was not popular the was it was designed and that it would be overturned before it took effect. They just wanted someone else to get blamed. Apparently, based upon this article, most people just repeat the headlines they read. You should do better.

    But please keep up the good work of helping secure our privacy and our lives.

    • This law gives the impunity & a police force status in the hands of the isp : this law will apply of course every where (borders and abroad) the influence & the request of this new america will be present ; a large map will be provided with the data, the connection by correlation between people & sites , and the users. So, they come knock on your door or prohibit & steal your devices … the consequences are deep, long & go a little bit far than words (lol) : without civil basic rights who are you ? a number … on a bank card, in a room, behind or in front of something but certainly not someone.
      It is unfair because you can be outside of the scope if you choose the right place & the right standing , it is fair because all the anti economic data will be erased (which real person/life/privacy of course). I think that trump & his support are sincere increasing the happiness and the security for the most people & the number of multi-millionaire.
      But will you be the winner of this lottery ?

  • Do you have instructions or even the ability to provide your VPN service on my PFSense router/firewall? I am shopping VPN providers today. I would try yours first if it would work for my whole house on my router.

    • well , as user, i could answer to your underline report a long long explanation with few strong argument ; i prefer tell you that you miss the point , like some readers , you read badly the post/article and you do not understand clearly that is written (article&comments).
      Why do you not write in your native language or e.g let your pgp key ?

  • What we do on the net is ours, ISPs has no right to sell it to anyone. This should be stopped or we should stop using ISPs and switched to vpn now. Glad I have Astrill.

  • >”An Internet Service Provider (ISP) is the company that provides you with web access. ISPs can see everything you do and every website you visit, since they own the internet infrastructure you are using. This means the amount of the data ISPs have on users is much larger than what search engines or social networks like Google and Facebook collect. Whether it’s Facebook, New York Times or a website that you visit in secret, your ISP has a record of all of your browsing history.”

    Woah… this is just blatantly incorrect.

    1. The ISPs do not own the “internet infrastructure”
    2. ISPs cannot see everything you do. They cannot see HTTPS encrypted connections – just the IP, but not the domain or the resource string or any data within. Especially today – with more and more encryption – they see less.
    3. The ISP has NOT a record of “all your browsing history”. This is just a blatant lie, sorry. Neither Facebook nor the NYT website can be viewed without HTTPs. They both have an automatic redirection. Your ISPs cannot see what you are doing on the sites if they are protected by HTTPS. They can only see the IP you are connecting too – nothing more (and this does not always mean, that they know which site you are accessing – multiple domains on one system (shared hosting) means, that the ISP cannot even tell what domain you are accessing). And “website that you visit in secret” is exactly that: secret. Your ISP cannot see it.

    I’m quite surprised about such a statement of ProtonMail here. But it is clear that they just want to sell their own products. I’m quite disappointed.

    • Actually, you are misinformed. ISPs do in fact own the Internet backbones.
      Yes, they cannot pierce HTTPS, but that’s not the point. They see what IPs you connect to, so they see what sites you visit (and yes, the IP is sufficient to see what site was visited).

  • Does the ISP know that you are connecting to a VPN? Yes, they cannot access the data itself, but can then see that you are actually VPNing?