You may be using HTTPS (Secure) web sites or a browser that secures your HTTP trafic, but that won't hide where you're going from the prying eyes that want to see what you're up to.
Before you can get to a webpage your browser has to lookup the address of its website and it uses DNS to do that. That search, by default, takes place in the open. Your ISP can collect that search information and add it to the list of places that you visit. They can also share that list with Alphabet Agencies.
It doesn't have to be that way. You can use a tool that keeps all your searches on the down low. The tool that I like to use is knot-resolver. It is a caching nameserver.
Here is a copy-and-paste configuration file. It must be save as knot-resolver/kresd.conf
-- SPDX-License-Identifier: CC0-1.0
-- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/
-- Network interface configuration
-- for ipv4
net.listen('127.0.0.1')
-- for ipv6
net.listen('::1')
-- Load useful modules
modules = {
'predict', -- Prefetch expiring/frequent records
}
-- Cache size
cache.size = 100 * MB
policy.TLS_FORWARD({
{'9.9.9.9', hostname='dns.quad9.net'},
{'149.112.112.112', hostname='dns.quad9.net'},
})