Hi there, I’m looking to get into self-hosting for privacy reasons and I wanted to ask y’all: how inadvisable is it to utilize an ISP-owned router/modem? I feel like they’re able to track everything I do online with their more than likely integrated spyware.
ISP can see your traffic anyways regardless if their router is at your end or not. In here any kind of ‘user behavior monitoring’ or whatever they call it is illegal, but the routers ISPs generally give out are as cheap as you can get so they are generally not too reliable and they tend to have pretty limited features.
Also, depending on ISP, they might roll out updates on your device which may or may not reset the configuration. That’s usually (at least around here) made with ISPs account on the router and if you disable/remove that their automation can’t access your router anymore.
So, as a rule of thumb, your own router is likely better for any kind of self hosting or other tinkering, but there’s exceptions too.
Honest answer, why tf would s/o vote this down?
I’ve often wondered about down votes as well. It’s not the points, as I care nothing about that. However, if you’re going to down vote something, have the balls to explain why. Maybe the down voter knows something that we all can learn from. It just seems like a common courtesy to do so.
It might just be an error. It’s not too hard to hit one by mistake when scrolling on a touch screen device.
Could be. Not ruling that out. It seems to pile up tho on certain comments tho. Makes me wonder. I’m always down to be schooled. Shit son, ring the bell! Ahhh the internet.
However, if you’re going to down vote something, have the balls to explain why.
This is why downvoting is fundamentally flawed. It could be “I don’t like it” all the way up to “I know for a fact that’s wrong,” but nobody else will ever know the rationale.
I don’t even see downvotes on my instance, and I never want to, because it just raises questions and confusion.
because it just raises questions and confusion.
This. I think, waay back in the day, down voting was a way to filter bad information. Whenever I see a down vote on something I’ve said, I’m always left wondering if I gave erroneous information, was I out in the weeds smokin’ crack? I’m always down for being educated.
Regardless of whether your ISP is leveraging their ownership of your router to violate your privacy, they are using it to exploit you financially. Owning your own equipment is always going to save you money compared to what an ISP will charge you in rent.
Well, AT&T for example requires that you use their provided modem+router combo, which they provide for free (unless you include their plans being generally more expensive than their competitors as an extra fee). They do try to sell you on range extenders for, what I assume to be, the shit router they give you.
Their router gives you less control than you’d get with your own router, helps with lock-in because it makes it harder to change providers, and allows AT&T full root access to your network, so I wouldn’t recommend it for self-hosters. However, it is the cheapest option since you’re requited to use it anyway. Besides, of course, using a different ISP, which saves me tooons of money over AT&T.
Even if you control your router/modem, they still control the other end, it connects to. And some more infrastructure along the path. So i think it depends a bit where you’re going with this. If you’re worried about them doing packet inspection, or logging IP numbers you connect to, I don’t think there’s a big difference. They could do it anywhere. And they’ll likely do it in some datacenter.
A router interfaces with your local network, though. So in theory a router can be used to connect to your internal devices and computers and maybe you have an open network share without password protection or something like that. But we’re talking violating your constitutional rights here. It’s highly illegal in most jurisdictions to enter your home and go through your stuff.
I’ll buy my own router because I can then configure it to my liking. And my ISP charges way too much for renting one. And what I also do is not use my ISP’s DNS service. That’d just send every domain name I open to their logfiles. Instead I use one from OpenNIC
Instead I use one from OpenNIC
Fast? How would it compare to the evil Cloudflare?
I did one DNS query and it took 22 msec with the nearest OpenNIC server and 24 msec with Cloudflare’s 1.1.1.1
So dunno… roughly same responsiveness? Maybe OpenNIC is a tad faster? For a proper answer we’d need to do more measurements, though. And with OpenNIC you definitely need to pick a good server, not just any random one. They’ll have different locations, different policies and they’re in widely different datacenters.That makes sense, since you’re in EU and opennic is in DE.
I’ll have to check it out. Thanks.
Recently, a major ISP in the Netherlands was determined to be streaming metadata from within their customer’s networks to Lifemote, a Turkish AI company.
Here’s a report in Dutch: https://tweakers.net/nieuws/245620/odido-router-stuurde-analyticsdata-naar-turks-ai-bedrijf.html
This is just the latest one to get caught doing it, but determine how comfortable you are having your internal network exposed to a 3rd party.
I’ve used personal/non-ISP modems and routers for 25 years because I’m not comfortable with it it. At all… But hey, you do you.
While I would say sending MAC Addresses and Wi-Fi names is very far from tracking everything you do on the internet, this highlight another very important point: The routers that provided by ISPs are usually very cheap and crappy, and this in itself security implications.
Like this example of pulling a script from an unverified HTTP source and executing it as root 🤯… Not to mention that firewalling and port forward configuration options may be pretty simplified and limited.
This is why I got a mini PC with five Ethernet ports and configured it as a router/pihole.
Everything goes through a WireGuard VPN, and I have DNS that’s private.
And I know it’s secure because I wrote the iptables myself.
Most ISPs have remote access to their modems. You should use your own if possible. If you can’t, then put it in bridge mode and connect your own router to it.
In the US, most IPSs have remote access to your modem as well, even if you purchased it yourself from a store unaffiliated with your ISP.
Removed by mod
Owning your own modem/router gives you full access to security features. It gives you opportunity to install custom firmware. If you can spring for the $$, I think it would be advisable. That way, the only thing you need from your ISP is the cable/delivery device piping internet into your house.
I would get a router that supports an open source firmware or operating system like OpenWRT. Which one depends entirely on your use case. Getting a router from your ISP is fine if you’re allowed to and capable of flashing it, and if you trust them (I’m lucky that I have an ISP with a track record of fighting for their users’ privacy and integrity).
Depends entirely on the ISP
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network DNS Domain Name Service/System HA Home Assistant automation software ~ High Availability HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol NAS Network-Attached Storage NAT Network Address Translation PiHole Network-wide ad-blocker (DNS sinkhole) RPi Raspberry Pi brand of SBC SBC Single-Board Computer SSD Solid State Drive mass storage SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network XMPP Extensible Messaging and Presence Protocol (‘Jabber’) for open instant messaging
[Thread #172 for this comm, first seen 16th Mar 2026, 17:50] [FAQ] [Full list] [Contact] [Source code]
It’s pretty simple if you don’t own the router you don’t own the Wi-Fi. You can treat your home Wi-Fi a little bit like a public Wi-Fi and just make sure all of your devices are secure using encrypted DNS and encrypted traffic and overall not open on any unsecured ports and you should be fine.
Personally, all of my services on my home server are only available through my WireGuard VPN, so it doesn’t matter what Wi-Fi I’m using, it’s always going to be encrypted peer-to-peer.
make sure all of your devices are secure using encrypted DNS and encrypted traffic
Which is so easy it really should be the default nowadays yet sadly isn’t.
It’s extremely unlikely that they are going to do any kind of deep traffic inspection in the router/modem itself. Inspecting network traffic is very intensive though and gives very little value since almost all traffic is encrypted/HTTPS today, with all major browsers even showing scare warnings if’s regular unencrypted HTTP. Potentially they could track DNS queries, but you can mitigate this with DNS over TLS or DNS over HTTPS (For best privacy I would recommend Mullvad: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls)
And of course, make sure that anything you are self-hosting is encrypted and using proper HTTPS certificates. I would recommend setting up a reverse proxy like Nginx or Traefik that you expose. Then you can route to different internal services over the same port based on hostname. Also make sure you have a good certificate from Letsencrypt
Many German providers have hardcoded DNS servers in their rental routers though and they block everything from torrent directories to iptv sites.
The only thing they can realistically harcode is the DNS server their router’s DHCP provides.
Just configure devices to not use that setting, also use DoH or DoT (which you should do anyway, not just to circumvent your router’s settings).
I haven’t used such a router in decades, I just know from doing IT support at friends homes. These people have no clue how to get around these DNS filters.
These people have no clue how to get around these DNS filters.
But not thanks to the virtue of some effective blocking but just a lack of knowledge of the average user…
I have used several of those cheap routers over the years. And they simply can’t block you from using encrypted DNS (unless they want to create giant blocklists and want to play wack-a-mole with DNS servers…).
So all they usually do is very low tech like ignoring the DNS you set in the router configuration and reroute it (or not providing such configuration in the first place). But they can effectively ony do so with unencrypted DNS.
With encrypted DNS they could at best try to block the default port used by DNSoverTLS but that still leaves DoH. And they can’t block that because it’s just regular encrypted HTTPS traffic (with the DNS quesry inside).
Iirc even Windows allows easy configuration of DoH nowadays (and for much longer if you were ready to edit the registry) where you can simply chose between unencrypted, DoH only or encryption preferred if available.
