GHOSTPORT
← Back to Dev Log

Your ISP Sells Your Browsing History

Here's the law that made it legal — and what you can do about it.
March 28, 2026 • GhostPort Technologies

In April 2017, President Trump signed Senate Joint Resolution 34 into law. With almost no media fanfare, Congress repealed the FCC's broadband privacy rules — regulations that would have required internet service providers to get your explicit consent before selling your personal data.

The rules never took effect. They were killed before they could protect anyone. And the result is the world we live in now: your ISP can legally collect, store, and sell your complete browsing history without ever asking your permission.

Most people have no idea this happened. The vote was buried under other news cycles. But the consequences are running silently through your router every single day.

What the FCC Rules Would Have Done

In October 2016, the FCC under Chairman Tom Wheeler passed broadband privacy rules that classified ISPs as common carriers under Title II. The rules were straightforward:

  1. ISPs must get opt-in consent before selling sensitive data (browsing history, app usage, location).
  2. ISPs must clearly disclose what data they collect and who they share it with.
  3. ISPs must take reasonable steps to protect customer data from breaches.
  4. Customers must be notified within 30 days of a data breach.
  5. Congress repealed all of it before any provision took effect.

SJ Res 34 didn't just repeal the rules. Under the Congressional Review Act, the FCC is also permanently barred from passing "substantially similar" regulations in the future. Congress didn't just close the door. They welded it shut.

What Your ISP Actually Collects

Your ISP sits in a unique position. Unlike Google or Facebook, which only see what you do on their platforms, your ISP sees everything — every connection from every device in your home flows through their infrastructure.

DNS queries: Every website you visit starts with a DNS lookup your ISP can log. Even in incognito mode.

Browsing history: Full URLs for HTTP sites, and domain names for HTTPS sites.

App usage: Which apps connect to the internet, when, and how often.

Location data: For mobile ISPs, precise GPS-level location tracking.

Device fingerprints: MAC addresses, device types, operating systems for every device on your network.

Connection timing: When you're online, when you sleep, when you're away from home.

This isn't theoretical. In 2021, the FTC published a staff report examining ISP data practices. The findings were damning: ISPs collect vast amounts of data, combine it with information purchased from third-party brokers, and use it to sort customers into advertising segments — all without meaningful disclosure or consumer choice.

Which ISPs Are the Worst

The short answer: all of them. But some have been more aggressive than others.

Comcast / Xfinity Patented a system in 2014 for tracking and selling household-level viewing and browsing data. Lobbied heavily for SJ Res 34.
AT&T Previously charged customers $29/month extra to opt out of browsing data collection on their fiber service ("Internet Preferences" program).
Verizon Caught injecting "supercookies" (UIDH tracking headers) into mobile web traffic in 2014. Paid $1.35M FCC fine. Still collects data through other means.
T-Mobile App Insights program sells aggregated location and app usage data. Opt-out is buried in account settings most users never find.

These companies spent millions lobbying for the privacy rule repeal. The return on investment has been enormous. The data broker industry, fed in large part by ISP data pipelines, is worth an estimated $250 billion annually.

Why "Private Browsing" Doesn't Help

When you open an incognito window, your browser shows a message that basically says "your activity won't be saved locally." People read that and think they're invisible. They're not.

Incognito mode only prevents your browser from saving history on your device. Your ISP still sees every DNS query. Your employer still sees the traffic. The websites you visit still log your IP. Incognito mode protects you from someone picking up your phone, not from the companies routing your traffic.

Even a VPN on one device doesn't solve the problem. Your smart TV, your thermostat, your kids' tablets, your gaming console — they're all still sending unencrypted DNS queries through your ISP. A VPN on your laptop means your laptop is private. Everything else in your house is still an open book.

The Actual Fix: Encryption at the Router

The only way to protect every device in your home is to encrypt DNS traffic at the point where all devices converge: your router.

When DNS is encrypted at the router level, your ISP sees connections but not destinations.

They know you're online. They can't see where you're going. There's nothing to log, nothing to sell, nothing to feed into an ad profile.

Every device on your WiFi — phones, laptops, smart TVs, IoT devices — gets protected automatically the moment it connects. No apps to install. No settings to configure on each device.

This is what GhostPort does. Pi-hole handles DNS-level ad and tracker blocking. Encrypted upstream resolvers (DNS-over-HTTPS) ensure your ISP can't see the queries. It runs on a Raspberry Pi 5 that sits between your modem and your devices. Every device on your network gets the same protection.

We're not going to pretend this makes you invisible on the internet. Websites you visit still know you're visiting. Services you log into still track your activity on their platforms. But the wholesale collection of your browsing habits by your ISP — the firehose that feeds the data broker industry — goes dark.

What You Can Do Right Now

Even before buying dedicated hardware, there are steps you can take:

  1. Check your ISP's privacy settings. Opt out of data sharing programs (usually buried in account settings).
  2. Switch your DNS on individual devices to a privacy-respecting resolver like Quad9 (9.9.9.9) or Cloudflare (1.1.1.1).
  3. Enable DNS-over-HTTPS in Firefox or Chrome (Settings → Privacy → Secure DNS).
  4. Understand these only protect individual devices — not your whole network.
  5. For whole-home protection, you need it at the router level.

Congress made the decision that your ISP's revenue matters more than your privacy. They made it permanent. No future FCC can undo it without new legislation, and no bill to restore these protections has gained traction in nine years.

The law isn't going to fix this. Your router can.

Related Articles

DNS: The Privacy Hole Nobody Talks About → The FCC Just Signed Advertisers' Death Warrants → What Your Smart TV Sends Home When You're Not Watching →

Encrypt your DNS. Block the trackers. Take back your network.

ghostporttechnologies.com
Three tiers. Real privacy. No subscriptions required.
GHOSTPORT TECHNOLOGIES • 2026 • YOUR NETWORK. YOUR RULES.
🎨
ACCENT COLOR
A+
TEXT SIZE