The Gateway to Your Digital Life
Your Internet Service Provider can see every website you visit. In the US, they can sell this data to advertisers without your consent. [1]
TP-Link controls 60% of the US home router market, and faces a potential ban over Chinese government security concerns. [2] Microsoft found Chinese state hackers using thousands of compromised TP-Link routers for attacks. [3]
Meanwhile, Amazon's Eero and ISP-provided routers collect data on every device in your home, when you're online, and your network usage patterns. [4]
Your router is the chokepoint through which all your internet activity flows. Everyone wants access to that data.
What Your ISP Sees
Your Internet Service Provider has a complete view of your online activity: [5]
- Every website you visit: even in incognito mode
- When you're online: login and logout times
- How much data you use: and on what
- What devices are connected: via MAC addresses
- Your physical location: tied to your account
Even with HTTPS encryption protecting the content of your communications, ISPs can still see which domains you visit and when. [6]
How Long They Keep It
ISPs typically store your browsing history for six months to two years, or longer. [7] This data sits on their servers, available for:
- Sale to advertisers and data brokers
- Law enforcement requests
- Internal marketing and product development
- Network management and throttling decisions
ISPs Can Sell Your Data Without Consent
In 2017, the FCC's broadband privacy rules were repealed. [1] These rules would have required ISPs to get your consent before selling your data.
Now:
- ISPs can share your data with third-party advertisers and data brokers
- They must offer opt-out options, but defaults favor data collection
- The FCC is forbidden from issuing similar protections in the future
What ISPs Do With Your Data
According to the Federal Trade Commission, three of the six largest US ISPs use web browsing data for advertising purposes. [8]
Your browsing data may be enhanced with demographic data the ISP buys from data brokers, including: [8]
- Ethnicity
- Household income
- Political affiliation
- Shopping preferences
This creates detailed profiles sold to advertisers who target you across the web.
The TP-Link National Security Crisis
In December 2024, the Commerce Department proposed banning TP-Link routers over national security concerns. [2] This could be one of the biggest consumer tech actions in US history.
The Problem
- TP-Link holds 60% of the US home router market, up from 10% in 2019 [2]
- Chinese national security laws can compel companies to share data with the government [9]
- Microsoft discovered thousands of compromised TP-Link routers being used by Chinese state hackers since 2021 [3]
- Malicious firmware implants were found targeting European government officials [3]
The Investigation
In August 2024, the House Select Committee on the CCP urged the Department of Commerce to investigate TP-Link. [9] Subsequently, the Departments of Commerce, Defense, and Justice all opened probes.
Microsoft's October 2024 report identified a botnet called "CovertNetwork-1658": thousands of compromised TP-Link routers used for "password spraying" attacks against Microsoft accounts. [3]
TP-Link's Response
TP-Link Systems (the California-based company that sells routers outside China) claims it split from its Chinese parent company in 2022 and has "no affiliation" with the mainland Chinese entity. [9]
If banned, existing owners could continue using their routers, but new sales would be prohibited.
Amazon Eero: Your Network's New Owner
Amazon acquired Eero in 2019. Privacy advocates immediately raised concerns. [4]
What Eero Collects
According to Eero's privacy policy, they collect: [10]
- Device models and serial numbers
- Technical details about your network
- Volume of data sent/received
- Network speed and performance logs
- Connected device information
- Usage patterns (when you're online)
The Amazon Integration Concern
Amazon claims it won't sell Eero customer data. But critics note Amazon's track record: [4]
"They have said that they do not intend to change Eero's privacy policy, but that should not be comforting to consumers. Amazon will probably just wait a few years, like Facebook did with WhatsApp and Instagram."
Christine Bannan, Electronic Privacy Information Center
Even if you opt out of certain data uses, Eero still collects nearly all the same data points: the opt-out only limits how that data can be used. [11]
ISP-Provided Routers: Maximum Surveillance
The router your ISP gave you is the worst option for privacy.
Using Your Own Router
With your own router, the ISP knows: [12]
- Your account information
- Your router's MAC address
- Total internet traffic
The router shields which specific device uses which part of the traffic.
Using ISP-Provided Equipment
With an ISP-provided gateway (modem/router combo): [12]
- Every device registers with its unique MAC address
- Each device's traffic is separated and categorized
- The ISP can see exactly which device visits which sites
- More detailed data collection is possible
Xfinity WiFi Motion Tracking
Comcast's Xfinity routers now include WiFi motion sensing: detecting movement in your home based on WiFi signal disruption. [13]
Privacy implications raised by tech experts:
- ISPs could "tell law enforcement/courts whether anyone was home at a certain time" [13]
- Creates a record of presence and activity patterns
- Another data point for household surveillance
The Third-Party Data Harvesters
It's not just ISPs and router manufacturers. Companies like Plume partner with ISPs to collect even more data. [14]
Plume's Two Faces
- To users: Promises enhanced connectivity and network optimization
- To ISPs: Promises marketing insights based on deep analysis of online behaviors
Plume harvests sensitive data including tracking when you're present in your home, selling these insights to ISPs who partner with them. [14]
The Mesh WiFi Market: Growing Fast
The mesh WiFi market reached $6.8 billion in 2024 and is growing at 11.2% annually. [15]
Market Size
- $6.8 billion in 2024 [15]
- 48+ million mesh systems deployed worldwide
- 33% of connected homes use mesh
- 27% year-over-year adoption growth
Market Share
- TP-Link: 60% of US market [2]
- Top 5 companies: 76% of market volume [15]
- Google, Eero, Netgear: Major players
- North America: 38% of global market
Data Collection
- All major brands collect some user data [16]
- Data used for marketing (often with third parties)
- Cloud connectivity = cloud data storage
- Local-only options are rare
What Routers Can See
Modern routers can capture: [17]
- DNS queries: Which domains you're trying to reach
- Connection metadata: Timestamps, data volume, connection duration
- Device inventory: All devices on your network with MAC addresses
- Network patterns: When you're active, what times you're online
HTTPS encryption protects the content of your communications, but not the metadata, which is often enough to build detailed profiles.
Deep Packet Inspection
Some routers (especially ISP-provided ones) can perform Deep Packet Inspection (DPI): analyzing the content of your traffic, not just metadata. [17]
With DPI, they can see:
- Application-level data
- File types being transferred
- Streaming content details
- Potentially even encrypted traffic patterns
Security Vulnerabilities
Beyond privacy, routers have significant security issues.
Outdated Encryption
Approximately 5% of WiFi networks still use WEP or WPA1 encryption, protocols that can be easily exploited. [18]
Default Credentials
Many users never change default passwords, leaving routers open to attack.
Unpatched Firmware
Most consumer routers rarely receive security updates. Known vulnerabilities persist for years.
How to Protect Yourself
Use a VPN
A VPN encrypts all your traffic, hiding it from your ISP and router manufacturer. [6]
- Choose a reputable, no-log VPN provider
- Enable it on all devices or at the router level
- Be aware: VPN providers can now see your traffic instead
Use DNS-Over-HTTPS (DoH)
DNS queries reveal which sites you visit. DoH encrypts these queries: [6]
- Enable in your browser settings (Firefox, Chrome, Edge support this)
- Or configure at the router/system level
- Use providers like Cloudflare (1.1.1.1) or Quad9
Buy Your Own Router
Don't use ISP-provided equipment:
- Purchase a router from a privacy-respecting manufacturer
- Consider open-source firmware options (OpenWrt, DD-WRT)
- Disable cloud features and telemetry where possible
Router Settings to Change
- Change default admin password immediately
- Disable remote management unless needed
- Update firmware regularly
- Use WPA3 encryption (or WPA2 minimum)
- Disable WPS (WiFi Protected Setup), it's insecure
- Turn off UPnP to prevent automatic port forwarding
- Check for telemetry settings and disable if possible
Privacy-Focused Router Options
- Synology RT6600ax: Clearly states it doesn't collect personal data from users' traffic; local web interface instead of cloud [11]
- OpenWrt-compatible routers: Install open-source firmware with no built-in tracking
- Firewalla: Privacy-focused with local processing
- Ubiquiti: Enterprise-grade with more control (though requires more setup)
Advanced: Pi-hole + VPN
For maximum privacy:
- Install Pi-hole on your network to block tracking at the DNS level
- Run a VPN to encrypt all traffic leaving your network
- Use your own router with custom firmware
- Segment IoT devices on a separate network
What About "Private Browsing"?
Incognito mode and private browsing do NOT hide your activity from: [5]
- Your ISP
- Your router
- Your employer (if on company network)
- Websites you visit (they still see your IP)
Private browsing only prevents local storage of history, cookies, and form data on your device. Everyone upstream can still see your traffic.
The Bottom Line
Your ISP sees everything you do online. They can sell this data without your consent. And your router (whether from TP-Link, Amazon, or your ISP) is collecting even more.
TP-Link faces a potential US ban over Chinese government concerns. Microsoft found thousands of compromised TP-Link routers used for state-sponsored attacks. Amazon's Eero collects network data that could eventually be integrated with your shopping profile.
The 2017 repeal of FCC privacy rules means ISPs can sell your browsing history to advertisers and data brokers. They store this data for up to two years.
To protect yourself:
- Use a VPN to encrypt traffic from your ISP
- Enable DNS-over-HTTPS in your browser
- Buy your own router: don't use ISP equipment
- Consider open-source firmware for more control
- Change default passwords and keep firmware updated
- Disable telemetry and cloud features where possible
Your router is the gateway to your digital life. Right now, that gateway is wide open to ISPs, manufacturers, advertisers, and potentially foreign governments. Taking control of it is one of the most important privacy steps you can take.
References
- Comparitech - How to Stop Your ISP Tracking Your Browser History
- Krebs on Security - Drilling Down on Uncle Sam's Proposed TP-Link Ban (November 2025)
- Malwarebytes - TP-Link faces US national security probe, potential ban on devices (December 2024)
- TechCrunch - What Amazon's purchase of Eero means for your privacy
- Top10VPN - Can Your ISP See Your Browsing & Search History?
- Safety Detectives - How to Hide Your Browsing History From Your ISP in 2025
- Incogni - Can your internet provider see your search history?
- BroadbandNow - ISP Tracking: What Your Internet Provider Can See
- CBS News - U.S. mulls ban on Chinese-made TP-Link routers over security concerns
- Eero - Privacy Notice
- History Tools - Why You Should Avoid Amazon Eero Mesh WiFi Routers
- Dong Knows Tech - Online Security and Privacy Risks: Watch Your Wi-Fi Router!
- Cybernews - Xfinity router is now a WiFi motion sensor: some users worried about their privacy
- Proton - The spies in your home: How WiFi companies monitor your private life
- Wise Guy Reports - Mesh Wifi Router Market: Future Outlook and Trends 2035
- BGR - Your Wi-Fi Router Might Be Spying On You
- ExpressVPN - How to Delete Wi-Fi Router History
- Cybernews - Your WiFi and Bluetooth devices are mapping you for everyone to see