My router was playing up, initially I couldn’t get my phone to connect, which I thought was my fault - since I started running grapheneOS but then other devices stop connecting and then those that were connected couldn’t access certain sites etc.
I still live at home, so my mum who isn’t technologically literate phoned the ISP, and attempted to fix it. Turns out it just needed a reset, as the last time it had been reset was 8 years ago.
What was a surprise was that the ISP guy told my mum how many devices were connected to the internet. She found that immensely creepy.
I doubt there’s anything I can do to reduce the trust burden with an ISP, beyond telling my mum to use a VPN. My threat model always had ISPs as a risk that had to be taken, however I am curious as to if there is anything at all that can be done! That’s also not immensely impractical?
Use your own router, if you don’t want your traffic/activity watched, you must use a VPN. There are several routers that have built in VPN clients, that should be more convenient then per client VPN.
For reference on what your ISP is using to watch your traffic from the subscriber through the core and to the internet, you will want to read about sflow/netflow, which reads packet headers. Technically, the ISP can capture all traffic and would have the full ability to read unencrypted data. There is also the ability to do MITM TLS shenanigans, but typically you see that at the enterprise level as end devices need to trust the certificate issued to the proxy. Also note that there is such thing as lawful intercept, which in the US means that law enforcement agencies can also snoop your traffic “with a court order” at any point, often without the ISP being explicitly notified.