πŸ›‘οΈ Your ISP Logs Every Site You Visit β€” One Setting Stops It

Tutorials & Methods
, ,
1

:detective: ISPs Sell DNS Logs to Advertisers β€” This 2-Minute Fix Kills That

Right now, your internet provider can see every single website every device in your house touches. Changing one setting fixes that.

Think of DNS like a phone book your ISP controls. Every time you type a website address, your device asks β€œwhat’s the number for this site?” β€” and your ISP answers that question. Which means they see every question you ask. Every site. Every device. Timestamped.

That’s your phone, your TV, your kid’s tablet, your smart fridge β€” all of it routed through your ISP’s DNS by default. Many ISPs sell this data to advertisers. Some hand it to governments without a fight. And the fix takes about 2 minutes.

πŸ” What DNS Actually Is β€” The 30-Second Version

Every website has a secret address made of numbers (like 142.250.80.46 for Google). Nobody types that. You type google.com, and a DNS server translates that name into the number address so your device can connect.

By default, your internet provider (ISP) IS that translator. Every translation request = one logged entry in their system. That’s your browsing history β€” built automatically, without you doing anything.

What Your ISP Sees What That Means
Every domain you visit Full browsing log β€” not just browser, but every app on every device
Exact timestamps They know when you visited what, down to the second
All devices on your network Phone, laptop, smart TV, gaming console, IoT devices β€” everything
Sellable data Many ISPs package and sell β€œanonymized” DNS logs to data brokers

:light_bulb: Trick: HTTPS (the lock icon in your browser) encrypts the content of what you see on a website β€” but NOT the domain name you visited. Your ISP can’t see what you read on Reddit, but they see that you went to Reddit. DNS is the leak.

Changing DNS doesn’t hide your IP address β€” for that, you need a VPN. But it does three things a VPN doesn’t always do:

  1. Stops your ISP from logging your domain requests (the biggest privacy win for zero effort)
  2. Speeds up browsing β€” most ISP DNS servers are slow and bloated
  3. Can block malware and ads before your browser even loads them β€” no extensions needed
🧭 Which DNS Should You Pick β€” Sorted by What You Actually Want

No single DNS is β€œthe best.” The best one depends on what problem you’re solving. Pick your row:

Your Priority Best Pick Why This One
Raw speed Cloudflare 1.1.1.1 Fastest DNS globally β€” consistently under 5ms. Set and forget
Maximum privacy Quad9 Swiss non-profit, Swiss privacy law, strict no-log policy, built-in malware blocking
Block malware + phishing Quad9 or Cloudflare 1.1.1.2 Blocks known dangerous domains before your browser loads them β€” like a bouncer for your network
Block ads on every device AdGuard DNS Ad and tracker blocking at the DNS level β€” no apps to install, works on every device automatically
Family / kids network CleanBrowsing Family or OpenDNS FamilyShield Adult content blocked, SafeSearch enforced, zero configuration
Full control + analytics NextDNS Per-device rules, logs you control, custom blocklists β€” like running your own Pi-hole without the hardware
Simple privacy upgrade Surfshark DNS Free, no account needed, no logs, just set the IP and forget it
Most reliable / trusted Google 8.8.8.8 100% uptime since forever β€” when everything else fails, this works

:light_bulb: Trick: Google DNS is the most popular, but Google logs your queries for up to 48 hours and keeps anonymized data indefinitely. Cloudflare purges logs within 24 hours and publishes independent audits. If privacy is the goal, Cloudflare or Quad9 beats Google every time.

πŸ–₯️ How to Change DNS β€” Every Platform, Step by Step

Pick your device. Each takes under 2 minutes.

Windows 10 / 11:

  1. Open Settings β†’ Network & Internet β†’ Wi-Fi (or Ethernet) β†’ click your connection
  2. Scroll to DNS server assignment β†’ click Edit
  3. Switch to Manual β†’ turn on IPv4
  4. Type your chosen DNS addresses (example: 1.1.1.1 and 1.0.0.1 for Cloudflare)
  5. Click Save. Done.

Mac:

  1. Open System Settings β†’ Network β†’ select your connection β†’ Details β†’ DNS
  2. Click + and add your DNS addresses
  3. Click OK. Done.

Android:

  1. Open Settings β†’ Network & Internet β†’ Private DNS
  2. Select Private DNS provider hostname
  3. Type: one.one.one.one (for Cloudflare) or dns.quad9.net (for Quad9)
  4. Save. Done.

:light_bulb: Trick: Android’s β€œPrivate DNS” setting automatically uses DNS-over-TLS β€” meaning your DNS requests are encrypted. This is better than just changing DNS numbers, because it also prevents your ISP from reading the requests in transit. Use this method, not the manual IP method.

iPhone / iPad:

  1. Open Settings β†’ Wi-Fi β†’ tap the (i) icon next to your network
  2. Scroll to Configure DNS β†’ switch to Manual
  3. Delete existing entries β†’ add your DNS addresses
  4. Tap Save

Router (protects every device on your network):

  1. Open your router’s admin page (usually 192.168.1.1 or 192.168.0.1 in your browser)
  2. Find DNS settings (usually under WAN, Internet, or DHCP settings)
  3. Replace the DNS addresses with your chosen ones
  4. Save and reboot the router

:light_bulb: Trick: Changing DNS on your router is the power move. One change protects every device that connects to your Wi-Fi β€” phones, TVs, game consoles, smart home gadgets β€” without touching each device individually. If you only do one thing from this post, do this.

πŸ” Level Up β€” Encrypt Your DNS (So Your ISP Can't Even See the Requests)

Changing your DNS server is step one. But if you just change the IP addresses without encryption, your ISP can still see the requests β€” they just can’t answer them anymore. Think of it like changing who you send your postcards to, but the mailman can still read them.

Encrypted DNS puts those postcards in sealed envelopes. Two protocols do this:

Protocol How It Works Best For
DNS-over-HTTPS (DoH) Wraps DNS inside normal web traffic on port 443 β€” looks identical to regular browsing Personal devices, browsers, hardest to block
DNS-over-TLS (DoT) Dedicated encrypted channel on port 853 β€” cleaner but easier for networks to block Routers, Android β€œPrivate DNS”, home networks

How to enable it:

Chrome: Settings β†’ Privacy and Security β†’ Security β†’ scroll to β€œUse secure DNS” β†’ pick a provider

Firefox: Settings β†’ Privacy & Security β†’ scroll to DNS over HTTPS β†’ select β€œMax Protection” β†’ pick Cloudflare or NextDNS

Windows 11: When entering DNS in Settings, also enable β€œDNS over HTTPS” in the dropdown β€” Windows 11 supports this natively for Cloudflare, Google, and Quad9

:light_bulb: Trick: Firefox’s DoH is independent from your system DNS. Even if your router uses your ISP’s DNS, Firefox can encrypt its own requests separately. This is useful on networks you don’t control (office, hotel, coffee shop). Enable it and your DNS is invisible to the local network β€” they literally cannot see which sites you visit.

βœ… Test If It's Working β€” Prove Your ISP Is Blind

Changed your DNS? Prove it actually took effect:

Step 1 β€” Go to dnsleaktest.com and click Standard Test

Step 2 β€” Look at the results. You should see your chosen DNS provider (Cloudflare, Quad9, etc.) β€” NOT your ISP’s name.

You See What It Means
Your ISP’s name DNS change didn’t stick β€” check your settings again
Cloudflare / Quad9 / etc. Working β€” your ISP is no longer handling DNS
Multiple providers Possible leak β€” your system is using fallback DNS alongside your chosen one

Chrome users: Type chrome://net-internals/#dns in the address bar β†’ look for β€œSecure DNS” entries

Firefox users: Type about:networking#dns β†’ check for β€œTRR” (Trusted Recursive Resolver) status β€” if active, DoH is working

:light_bulb: Trick: Some ISPs use β€œtransparent DNS proxies” β€” they intercept port 53 traffic and answer DNS requests themselves, even if you changed the DNS addresses. The fix: enable DoH or DoT (see previous section). Encrypted DNS can’t be intercepted because the ISP can’t read it. If dnsleaktest still shows your ISP after changing DNS numbers, encryption is the answer.

🚫 What DNS Does NOT Do β€” Don't Confuse It With a VPN

DNS protects one thing: which websites your ISP sees you requesting. That’s it. Important β€” but limited.

DNS Fixes This DNS Does NOT Fix This
ISP logging which domains you visit Hiding your IP address from websites
Slow DNS resolution from your ISP Encrypting your web traffic
Malware/ad domains loading (if using a filtering DNS) Bypassing geo-restrictions
DNS-based censorship (in some countries) Full anonymity

The layered approach:

  • DNS change = stops your ISP from seeing domain requests (free, 2 minutes)
  • Encrypted DNS (DoH/DoT) = prevents ISP from even intercepting the requests (free, 5 minutes)
  • VPN = hides your IP + encrypts all traffic + bypasses geo-blocks (usually paid)

You don’t need all three. But each layer adds something the others can’t.

:high_voltage: Quick Hits

Want Do
:high_voltage: Fastest DNS, zero thinking β†’ 1.1.1.1 / 1.0.0.1 β€” Cloudflare, set and forget
:locked: Best privacy + malware blocking β†’ 9.9.9.9 / 149.112.112.112 β€” Quad9, Swiss non-profit
:prohibited: Block ads on every device β†’ 94.140.14.14 / 94.140.15.15 β€” AdGuard DNS
:family_man_woman_girl: Family-safe network β†’ 185.228.168.168 / 185.228.169.168 β€” CleanBrowsing Family
:gear: Full control + logs + per-device β†’ NextDNS β€” free up to 300K queries/month
:magnifying_glass_tilted_left: Test what DNS you’re using now β†’ dnsleaktest.com β€” run Standard Test
:shield: Best one-change-protects-everything β†’ Change DNS on your router β€” covers all devices

Your ISP has been reading your mail. Time to buy some envelopes.

3 Likes
2

You’re just letting another company doing the same thing. Now they can log every site you visit.

It won’t give you more privacy, but did you know you can setup your own DNS resolver ?