Skip to main content
Limp Secure VPN
All news

Data Brokers and ISPs: What They Collect About You — and How to Cut It Off

Data Brokers and ISPs: What They Collect About You — and How to Cut It Off

In short: The most persistent tracking of ordinary users is not done by hackers — it is done legally, by companies you already pay or use. Your internet provider can log the domains you reach; data brokers buy and merge signals from apps, loyalty cards and public records into a profile. You cannot delete yourself entirely, but you can meaningfully cut the flow of new data.

What your ISP can see

Even with HTTPS everywhere, your provider still resolves your DNS queries and sees the IP addresses you connect to. That is enough to know which sites and services you use, when, and how often. In several regions providers are permitted to use or sell aggregated browsing data for advertising, and almost everywhere they must hand records to authorities on request.

Encryption of the page does not hide the destination. "You visited a health forum at 11pm" is metadata, and metadata is what profiles are built from.

How data brokers build a profile

Brokers rarely need to hack anything. They combine app SDK data, purchase histories, location pings, warranty cards, and public records. Each source is mundane; merged, they identify a specific household with startling accuracy — income band, health interests, political leaning, travel patterns. That profile is then sold to advertisers, insurers and, sometimes, anyone with a credit card.

What a VPN does and does not solve

A VPN replaces your real IP with the server's and encrypts DNS, so your provider can no longer log which sites you visit — it sees only an encrypted tunnel. That removes one of the richest, most passive data sources about you.

It does not stop tracking that happens after you log in. If you sign into an account, accept cookies, or grant an app your location, that data still flows regardless of the tunnel. A VPN is the network-layer half of privacy; account hygiene is the other half.

A realistic reduction plan

Run a VPN on every device so your ISP stops seeing destinations — a provider with a genuine no-logs policy means the tunnel does not simply move the logging elsewhere. Deny apps location and tracking permissions by default. Use a browser that blocks third-party cookies. Where your country offers data-broker opt-outs, use them — and expect to repeat the process, because brokers re-acquire data over time.

The goal is not invisibility. It is starving the profile of fresh input, so what exists about you goes stale.