How can I protect my browsing history from my ISP?

By Jerry Hildenbrand
published

You ISP has been given free reign to record 100% of what you do online and sell that information to the highest bidder. An FCC rule designed to at least get your permission was voted away by the people elected to represent us, and an existing FTC suggestion to allow us all to opt out will continue to be ignored.

Your personal information and data is no longer yours or personal once your ISP gets ahold of it.

There just isn't anything you or I can do to change the fact that we pay for a service and the people who collect our money every month can sell everything they know about us and they have no obligation to anonymize any of it. To the companies that provide internet access, we are cattle. Moo moo buckaroo.

We don't have to give them any useful information, though, and there are a few things you can do to make some of the data about where, when and how you use the internet nothing more than wasted hard drive space if you'd rather decide for yourself how it gets spread around.

Not all data collection is terrible

First, let's be clear on a couple things. Your ISP, whether it's Comcast or Time Warner or AT&T or whoever (including the people you pay for data on your phone every month) collecting data isn't always a bad thing and that's not what has a lot of people upset about the recent changes. Any company that provides a service can provide a better service when they know how people are using it, and there's probably not someone in a basement office watching you use the internet. Trading data for a better service is something most of us do all the time, even if we don't know it.

A service can become a better service if the people offering it know how we use it, but selling it off is a different matter.

Google, Facebook, Microsoft, Apple and plenty of other companies also offer services that use your data as currency instead of charging actual cash. What they collect is every bit as intrusive as what your ISP is collecting and we all need to remember that. The difference is that we aren't paying every month and we can say no and not use their services. We're also told up front what is being collected and what is being done with it all and even your Android phone gives you the option to just say nope and not use anything from one of these data-thirsty companies. Incidentally, the companies who make the phones we love to buy don't have a similar opt-out. You either say yes to letting Samsung or HTC or whoever collect your data or you put your brand new phone back in the box and sell it on Swappa because it's now used. Another post for another time.

So if you need internet service — and we think internet service is now a need the same way electricity and potable water are — you have no option other than paying someone who will handle your personal information with zero regards to your privacy.

Your best protection

We can't stop them from harvesting our data then using it in a way that raises security and privacy concerns, but we can try and make the data worthless as possible by changing how you use the internet. There are two ways to go about this, and luckily both are pretty easy to use with our Androids. Both involve intercepting the web traffic to and from your phone.

Use a VPN

Most people are familiar with the term VPN, but not everyone knows what exactly a VPN is. Think of it as a computer on the internet that lets you connect and use its connection to send and receive web traffic. It's more complicated than that, and if you're curious how they work and why Cisco's Internet Protocol Journal will tell you everything you ever wanted to know about them and then some.

Using a VPN means a look at the data collected by your ISP will show when you connected to your VPN, what VPN you used and where you were when you used it. That sounds like the easy fix, right? Not really. There are some issues with relying on a VPN to keep you completely anonymous, and they can't be ignored.

  • Using a VPN only changes the "area of attack." You need to make sure the VPN you are using doesn't keep any records and is in a location where they aren't required to do anything extra to fulfill a request for user data. There is nothing keeping a VPN company from selling your data back to your ISP other than their own policies.
  • A VPN won't block data collection from apps and services that are probably already installed on your phone. If you bought your phone from a carrier, they probably have something in the software to tell them exactly how you are using it. They can now sell that data.
  • Not everything can use a VPN and those fancy internet-of-things gadgets can create a nice little profile about you for your ISP to sell to someone with enough cash to afford it. Many of those gadgets have an app that can collect extra data from your phone itself.
  • A VPN can't stop an evil company from injecting evil data packets to track your every move while you're online. Yes, this is what Verizon got caught doing. But don't think Verizon is any eviler than anyone else.

You can find companies who sell VPN service and provide an Android app to make using it on your phone easy. I hesitate to list the best of them because that depends on your needs. Look for a company that doesn't collect data, is in a country that doesn't require them to enable collection when asked, and has no censor in place. Right now I'm using Privateinternetaccess' VPN Tunnel service (opens in new tab) and have also had great results with BlackVPN. But am always on the lookout for something better.

You can also get super hardcore and set up your own VPN on a remote server as well as run a tunnel through your router. Those are outside of the scope of this "easy" talk, though.

Use TOR

The TOR project is a volunteer-based group of people and companies who maintain servers that route encrypted internet traffic through a randomized and complex path of tunnels. From a user perspective, it's a proxy that we point our network traffic at, and the software used by folks who keep it up and running handles the rest.

TOR is recommended by organizations like Indymedia and the EFF to help keep anonymous and safe while online. U.S. Naval intelligence, as well as hundreds of law enforcement offices, use it when they need to hide their tracks online and so do millions of people like you and me. Using TOR means your ISP will see a connection to one of a pool of random servers instead of a connection to a particular website. But it also has some drawbacks that keep it from being the perfect solution.

  • TOR won't block data collection from apps and services that are probably already installed on your phone. If you bought your phone from a carrier, they probably have something in the software to tell them exactly how you are using it. They can now sell that data.
  • Not everything can use a TOR client and those fancy internet-of-things gadgets can create a nice little profile about you for your ISP to sell to someone with enough cash to afford it. Many of those gadgets have an app that can collect extra data from your phone itself.
  • Your ISP will see a connection to a random TOR node and know you're connected to a TOR node. Unfortunately, that can be a red flag. The U.S. Government is highly suspicious of everyone who uses TOR and considers users as a foreign national and a "cause of concern" by default. People and companies hosting exit relays are always at risk of being shut down and having equipment seized. Feel that freedom wash over you.
  • TOR can be slow. As in very slow.

On the plus side, TOR is easy to set up on Android. FireOnion (opens in new tab) is a preconfigured TOR proxy and browser you can get from Google Play that just works. OrBot (opens in new tab) is a preconfigured TOR proxy for Android that can be used with any app that allows you to use a proxy service. The OrFox Browser (opens in new tab) pairs well with OrBot, and both are official products from the TOR project themselves. They too are available from Google Play.

Every little bit counts

Neither of these options is foolproof. Outside of leeching from someone else's Wi-Fi and having your browser history connected to them (don't you dare) nothing is a 100% way to hide from a greedy ISP. But every little bit counts and this is what can be done in the now while people work on better ways to protect yourself in the future.

Stay safe.

Jerry Hildenbrand
Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

110 Comments
  • Appreciate the tips but going around these short cuts makes it look like something is being hidden, especially in the current world we live in... Doesn't this open up the possibility of further intrusion?
  • Sometimes it sure does. it shouldn't. Using tools to lock your stuff up on a computer is the same as using a lock on your front door.
  • There are people now that would like that you don't have a lock on your front door.
  • TOR is what I'm using, and orbit
  • Same here
  • idk why, but it was super slow on my laptop, so I had to pay for Nord VPN subscription - Great service! The problem now is the IP leak on ipv6 which is not fixed on mobile devices. Also the app is a battery hog.
  • Run a node then.
  • Once again you are being disengenuous Jerry. Nothing was voted away, the new rules weren't in place yet. All we are doing is staying with the status quo which we have had for years.There are already federal and state laws that protect us in place. https://cei.org/blog/six-reasons-fcc-rules-aren’t-needed-protect. Food for thought, you don't have to agree, but there is another side. Link isn't working.
  • This is fake information. Only two states have laws requiring ISP collection of data, Minnesota and Nevada and no federal laws.. There are no "state laws that protect us" in the other forty eight states.
  • Do some research
  • You should, too.
    http://www.sourcewatch.org/index.php/Competitive_Enterprise_Institute
    https://www.washingtonpost.com/news/the-fix/wp/2013/06/20/anatomy-of-a-w...
  • What's the problem? Everyone knows I'm a big corporate guy. Big Rand Paul guy also.
  • The FTC and state attorneys general can still hold ISP accountable for future privacy abuses.
  • This administration's FTC isn't going to hold any corporation accountable. And states reacting to abuses is kind of like closing the barn door after the horse is gone. Once your data has been sold and misused, there's no way to get it back.
  • this FTC is a **** ing joke, so good luck getting protecting from legally bribed corporate shills going through the revolving doors non stop.
  • Requiring, and allowing is two different stories. Besides, and no ISP is going to batt an eyelash at withholding commerical data mining for sale to people with money.
  • The majority of the rule had gone into effect. I read your link. I enjoy reading all opinions. But I can't agree with most of what they are saying.
  • thank you !
  • The laws were going to take effect, now they won't. That is a fact. Semantics aren't a good thing to get into. Fact is the laws were in motion, now that motion is stopped. Unless the current FCC decides to pass a different form of regulation, but this guy seems to be hell-bent on giving ISP's more freedom and less responsibilities.
  • Well no, now the FCC can't pass a similar type of regulation. It would take an act of Congress to get the protections put back in place.
  • A good reason to vote Democratic in 2018.
  • Too much federal regulation.
  • Said no one ever. Democrats are the most destructive group to ever exist!!
  • Unless you want corporations spying on your every move
  • Yeah... I'd rather have the Democratic government spying on me than corporations. /sarcasm The answer is not to vote for a Democrat OR a Republican... but to vote for ANYONE else.
  • A good reason to vote for Justice Democrats in 2018. FIFY justicedemocrats.com. Say no to the corporate dems who are directly responsible for the rise of Trump.
  • exactly! also , to get the money out of politics by Amending Constitution wolf-pac.com
  • So where was the uproar two or three years ago? Like I said we are staying with the status quo. Nothing has changed. We were enacting regulations for something that might happen. I do think there will be something different in the pipeline down the road regarding regulation.
  • And status quo is the problem we are addressing here. right ? Just because we did not oppose this 2 years ago, does not mean it is right and we are ok now.
  • So have ISP been selling our data or not?
  • Verizon certainly was.
  • Verizon is an ISP? Are we talking Fios?
  • Verizon as Fios and Verizon Wireless are both ISPs. Both parts provide access to the Internet.
  • Yes, Verizon absolutely is an ISP, they are the largest provider of data to mobile users in the US. They cannot sell your phone call data because of FCC rules, but they are sure as F able to continue to sell data on your internet usage via your mobile phone! The FCC rules that the Republitards just blocked would have stopped that sale of your internet usage data, but now ISPs can keep on profiling you and reaping the rewards with no way for us to opt-out and no chance for the FCC to stop it. Thanks Marsha Blackburn, you've really improved the rights of all people in the US with your bill.
  • According to their user agreement they do not. Unless it has changed in the last month.
  • The point is that they were doing it and said they weren't. That's literally the whole point of the statement.
  • Then if they are breaking the agreement than Verizon should be held accountable. What's the problem here?
  • The point is that now they can include these as terms of service. Forcing people to agree to it or not have internet access, which isn't an option in this day and age.
  • We will see.
  • the cretin with his swampers literally brags about removing most of regulations , so yeah, let's see what consumer and citizen protection they will put before their monetary gains. get real, man. Wakey, wakey
  • The rules would have gone into place absent the Repugnant Party vote, so yes, something HAS changed. You have an interesting way to view the world, Erik.
  • There you go, groveling in the name-calling dirt. . .again.
  • What? Not liking a strong centralized federal government and over burdensome regulation.
  • Yeah, why have a single rule that applies equally to all people in all 50 states, when each of the 50 states can instead enact wide ranging rules blocking or allowing the sale of your data or decide to establish no rules at all. All done by their corrupt-in-multitudes-of-different-and-unchecked-ways state legislators. That's effective, easily enforceable, easily understandable as you travel from one state to another, and fair to everyone. Or not!
  • Come back to me in six months. If things are out of hand I'll eat crow. Right now nothing but knee jerk hysteria by techies.
  • Yes let's not follow common sense and just have an era of American history known as the "trial and error" age.... It's like a room full of monkeys flinging their poo at the walls and saying the ones that stick are keepers...
  • I really like the tunnelbear VPN, really simple and fun plus they say they don't keep logs.
  • I have been using Tunnelbear for a little while and so far it's been hassle free. You're right - they're based in Canada and do not keep logs. I'm still in the Free tier, but if it continues to meet my needs, I'll drop $50 for a year of unlimited use.
  • Agree with Jimy on this. TunnelBear is a really great service and it's really easy to set up and use. For something like hiding your browser history from the ISP I wouldn't be afraid to use TunnelBear. But they do store some data and if the right warrant was served they would have to share it. Gotta keep this in mind any time you're talking about privacy.
  • Most of these agenices don't follow a protocol of getting the right warrants. All they do is call up the provider tell them what agency they work for along with their DSN and presto they comply prior to obtaining a warrant.
  • Jerry,
    which router would you recommend for more security - VPNs , open source , etc ?
    And also seems like non of the VPN apps on Android truly work if the carrier is using the latest protocol ipv6 - Nord VPN stated that their working on fixing the leak. what do you know about that ?
  • The best way to protest this is a full scale cancellation of service with most home isp's. Show them that you mean business and hurt them at their change purse. however, not enough will do this to make any affect on them. So the best you can do is ask your current provider for stipulations to be included in your contract that they will not sell your data and find a provider who will do that.
  • My guess is that this is not up to negotiation. In reality, cutting ISPs off is a nice thought and a great way to "stick it to the man", but it would require a mass scale cancellation of service and people simply won't jump on board in the numbers needed to effect meaningful change. Then, of course there are the people who don't care that their information is being sold or viewed, for many different reasons. The whole thing pisses me off as a gross invasion of privacy, almost akin to following me around with a video camera all the time - even in my own home. I cannot see how this is justifiable as legislation from our Representatives. I doubt if they asked their constituents if they support it, they get a resounding "no."
  • they are only representing their donors not you or me - there is no representative democracy here. that's why we have to fight to get the money out of politics !!! free elections and criminalize bribery - lobbying. we gotta put that in Constitution - amendments are overdue!
  • That isn't an option. Internet is as essential as electricity and roads, and most areas only have one choice for their ISP.
  • I guess I'm not in most areas. I have three.
  • And all three will take advantage of the lack of regulation to sell this kind of data.
  • Good for you. Outside of metropolitan areas that's not the case. This hurts the rust belt and rural areas the most. Which is ironic give their typical political orientation...
  • Rust belt is basically all rural, gotcha. I know you didn't mean that, but this is actually what people on the east and west coast think. This is one of the reasons Dems lost the election. The Midwest and rust belt were sick and tired of being a afterthought or thinking the political elite were not paying attention to them.
  • I've lived there. And I've lived in rural outskirts of Houston.
  • I wholeheartedly agree with you on that. They (we depending on what period of my life I'm considering) were the assumed vote, but didn't see a damn thing come out of their support. What makes me the most angry is that they were duped last year. The people that opened their eyes simply pulled a different variety of wool over them. Dems lost by taking these people for granted, Reps have simply done what politicians do best, capitalized on that emotional uproar and taken advantage of them too.
  • Agree
  • And how do you propose to surf AC after you cancel your internet service?
  • The internet has never been a place for privacy.
  • I started using nordVPN. Very thorough setup process. Lots of tools too. $69/yr. Trying it out for the year so will see. Compatible on all OS.
  • How are your speeds when using it? Also are you getting any iPV6 Leaks? Some users were reporting that this was happening to them as recently as feb?
  • Also, I don't think that recommending people use TOR, which is a browser that it popular for deep/dark web access, is a responsible thing to do. It's all fun and games until someone gets hurt...
  • If I were directing people to the .onion sites where you can buy bulk packages of MDMA or modified handgun parts I would agree. But TOR is also an excellent way to browse http sites and leave less of a trail.
  • I don't disagree with that. The extra anonymity is great, but too people who are uninformed or uneducated on how TOR works and how they're accessing internet, it doesn't paint the picture of all of the bad things that are lurking out there
  • bulk MDMA....you don't say...
  • Why are you Deleting my Post? There is no Rule i'm breaking. All i did was Say that Tunnel Bear does Collect Information. It say's it on there Website Terms and Conditions.
    And also give the rest of the Mates here More Information and Recommendation for Android VPN's who have been known to Collect and Inject Malware?
  • Because you are a trouble maker. Jk
  • Nobody is deleting your posts. Must be a glitch in the software. What you've submitted so far is great information for everyone. Please keep posting!
  • " Hold on there professor, we fixed the glitch" - Office Space
  • haha!!! love that movie
  • "...or you put your brand new phone back in the box and sell it on Swappa because it's now used. Another post for another time." Wouldn't you check to see if the retailer you purchased it from has a return policy first?
  • "Feel that freedom wash over you." This line is the hook, line, and sinker. Excellent piece.
  • The mass hysteria the liberal media (esp tech side) are promoting is quite fun. All this concern over privacy reminds me of all the Android Central articles I never saw lambasting Obama when he expanded the terrible idea we call Bush's Patriot Act. We welcome all the "journalists" of the world back from their 8 year vacation
  • Your mentality is laughable. Your essentially saying that because SOME people didn't speak up about wrong doings in the past NO ONE should ever going forward. Do you hear yourself?
  • Obama's expansion of the patriot act wasn't about an internet service provider regulation, therefore a website dedicated to devices that use the internet weren't the best place to find such information. not really rocket science.
  • Good point HuntinWabbits
  • Also. use an ad blocker. ISP's are selling your data to companies that are going to use it to target you with ads. If their ads don't get through the value of your data is much lower.
  • This not news. How do you think Google built thier empire.
  • By offering a free service that nobody is obligated to use and has literally hundreds of competitors who offer similar services, then using targeted data in house to get money from people who want to display small text ads when people use those free services they didn;t have to sign up for and were told up front exactly what data was being collected, how it was being collected and asking you to verify you understand all of this before you click a button that says OK. The paid tier of Google's services do not collect the same data nor do they use it in any targeted ad campaigns. And they sure as shit don't sell it to anyone after they charge you for the service. So, pretty much the same as every other internet-focused company that's not a service provider like Comcast, AT&T or Verizon.
  • You can choose which websites you go to and which of their privacy policies you agree with enough to continue using their services. Google and most other websites don't charge most users any money, so they keep their services running by using advertising on their sites. Additionally, sites can only track you when you are on their website or their partner sites. ISPs get to see every single site or service you use, which generates a much more thorough profile of you and your family and is much more valuable to advertisers. Because this data doesn't have to be anonymized now, they can earn even more by including your personal contact information for an even higher price to advertisers. Pair that with the fact that most people do not have a choice for the ISP they have, it's use the big one or maybe one alternative, or have no broadband access, and the ISP is able to profile and sell extremely detailed information about every household in entire neighborhoods, towns, and cities where they provide the only internet access. ISPs charge us for access, and they charge a much higher prices than the cost of providing us bandwidth because they have a monopoly/duopoly in most of the country. No competition yields less innovation and inflated costs in all cases where regulations do not limit abuse by said monopoly/duopoly. It also enables collusion among the incumbent companies. Finally, the funniest part of people's "Google does it" argument is that they are, in fact, 100% wrong. Google sells NONE of your data. They sell access to your eyeballs by allowing advertisers to target specific demographics to whom Google will show the advertiser's ads. Google handles all of the analysis and never hands over your data to advertisers. Throw that in with Google allowing their users to see every bit of data they have collected and they give users the ability to selectively delete individual data points and you can see that Google is probably our number one open and transparent partner on the internet.
  • The ISP's are playing with fire. I foresee a day when our profile and other data is going to be required to cost effectively advertise to us. If enough people withhold it then we are in the driver's seat. As advertisers become more dependent on the web then the cost goes up making in un-targeted ads to expensive so they will pay us. A bit utopian but it could be a path forward.
  • LOL Nice spin job. You should run for congress. Our corporate overlords would love you.
  • I'd suggest Nordguard. Or any VPN that is not based within the 14 eyes. If your VPN is in a 14 eyes country it can be forced to give any of those counties the SSL keys under a gag order. Aka they can be forced to hand over access to all traffic to these 14 countries without you or anyone else knowing. Nord guard is in Panama and My Private Network is in Hong Kong, two good ones.
  • Hey all, I found this extremely interesting that many activist have already raised hundreds of thousands of dollars to BUY the browsing histories of everyone in Congress, who voted for this invasion of privacy. Should be very interesting to see just how long it takes to publish this information, and then for Congress to act. http://thehill.com/policy/technology/326462-internet-users-raise-more-th...
  • They're scammers. Due to sections of both the communications act and the wire tap act no one can buy individually identifying data from providers. It's sad that people are exploiting this for profit.
  • +1
  • Yep. You can buy data about people who live in the quadrant between Connecticut Ave, Rock Creek Park, Massachusetts Ave and Florida Ave but you can't single out "senators" when you buy blocks of user data. I wish someone in the national spotlight would set the record straight on it.
  • How the fck does something like this happen? Congress is supposed to represent THE PEOPLE. If you took a poll, Americans would certainly choose privacy.
  • Because most of our elected officials, be them Ds or Rs, care not one iota about us. Their main concern is lining their pockets. Anyone who gets rich in politics is a cook. They are all getting rich.
  • Another perspective: http://dailysignal.com/2017/03/30/why-congress-is-right-to-reject-fccs-d...
  • Good luck, he is from the Heritage Foundation. Link will be dismissed automatically around these parts.
  • as anything from the Heritage Foundation rightly should be dismissed...
  • Here's the problem with his perspective. Google can *only* make money doing datamining, or at least they only could when they started. ISP's want to triple-dip. Once for charging me to use their service, again when they charge for zero-rating as a cell carrier or to allow peering (look at what Comcast did to Netflix a few years back), and now again when selling my data. When I use Google, I know they're doing that, as that is how I pay Google. When I use my ISP, as a non-techie, I wouldn't think the ISP is selling data, since I'm paying them $ for the service. His idea would be fine, if you and I could start our own ISP to compete with them, and if everyone had a bunch of choices. This isn't like a small town where a Walmart opens, this is like *only* being able to choose Walmart or Target and nothing else. Those smaller ISP's are really only there because of regulation forcing AT&T to allow DSLExtreme and alike to use their lines (because AT&T was given tax rebates to build out, but didn't keep their promises).
  • ISPs should sell the connection and absolutely nothing else. They really do have ONE job. Also, no amount of privacy-protecting legislation is ever enough.
  • I have definately NOT been receiving warnings from my ISP about allegedly torrenting music. Would this fix that?
  • I know the current administration is REALLY pushing it when it comes to just about every policy – but not protecting our privacy? Now of course I don’t do anything illicit, I do not pirate, but still, my conversations with work, my employees, my family, etc., they are not up for the highest bidder! I do use WhatsApp, but for my S7 Edge and my family’s Android devices and Windows devices – there is just so much out there, I am literally overwhelmed. Everyone claims ‘we are the best’ – but which services ARE the best? Are there any all-in-one suite companies that offer a package that won’t bog down your system or devices?
  • I believe you forgot to mention PureVPN since it is the only most reliable option for us in these dark ages of anti privacy
  • The guidance on VPNs here, while well-intended, is at least a bit naive. It misses the issue that many VPNs can't be trusted to make users more secure at all, and many will likely make users less secure while giving them the opposite impression. https://arstechnica.com/security/2017/01/majority-of-android-vpns-cant-b...
  • What about Avira Prime? It's a good mid-range internet security package with unlimited VPN data. I mean, scans might be a little slower and it may miss a few things virus-wise, but you are not rooting around in shady sites and apps repositories, there is no reason you'd get snagged on anything...
  • Anyone know how the Cyber Ghost VPN stacks up?
  • And of course, the more you hide the more attention you draw to yourself by the various agencies charged with protecting you.
    I'm amused by the black phones that are meant to be super encrypted and un tappable. The NSA actually wrote the code for them, I imagine they left some back door for their own use if they want to see what you're up to, using such devices....
  • that is the valid point, but after that trumps user privacy matters, ( https://www.beencrypted.com/redefine-privacy-measures-trumps-threatens-u... ) now the search of privacy tools quickly increases!
  • "rein", not "reign"
  • If we just talked about browsers history related logs, you can salve this issue by Tor, Tor will be the complete solution, but is you talked about ISP monitoring, then you should probably use VPN service for full PC protection, whether is downloading or browsing.
  • If you are concerned about torrenting and afraid of receiving a legal notice than you can also opt for seed! but if your overall privacy is at stake and you have business details! and you store credit card details on browsers! than its crucial to opt a VPN!
    Its simple just go for a VPN! preferably the one not based in US! take the one as per your range! and budget!
    also do look at the pros and cons of broadband privacy! and editors choice for vpn
    https://www.usavpn.com/broadband-privacy-pros-and-cons/