Self Hosting for Privacy - Importance of Owning your own Modem/Router?

Submitted ⁨⁨6⁩ ⁨hours⁩ ago⁩ by ⁨bmebenji@lemmy.blahaj.zone⁩ to ⁨selfhosted@lemmy.world⁩

Hi there, I’m looking to get into self-hosting for privacy reasons and I wanted to ask y’all: how inadvisable is it to utilize an ISP-owned router/modem? I feel like they’re able to track everything I do online with their more than likely integrated spyware.

source

Comments

Sort:hotnew top

cenzorrll@piefed.ca ⁨37⁩ ⁨minutes⁩ ago
You’re ISP probably provides some overpriced really crap hardware that they probably have a back door to, that I’m also not about to screw around with. I’ve always had a router behind their modem/router combo for many reasons, the first being that I have had a 100 ft Ethernet cable since 2005 that let’s me put my router where I want, I can place my wifi where it works best, not just within 6-10 feet of wherever someone 20 years ago decided to drill a hole. Second is because a ddwrt router is so much better than anything you’ll get from your provider, and you can find pretty good compatible ones on eBay or at your local thrift store for cheap.

I’ve always begrudgingly purchased rather than rented from my provider because after a year or so it is usually paid for. So far I’ve purchased four modems over almost 20 years so it’s worked out for me. As for the device itself, I don’t trust it, but I’ll still set some firewall rules just because. I have my router behind it where I do the real stuff. If I’m ever given a device that I need to connect for some sort of monitoring, like my solar panels or something like that, it can connect to my ISPs crap and do whatever sketchy shit it’s gonna do.

source
- scrubbles@poptalk.scrubbles.tech ⁨17⁩ ⁨minutes⁩ ago
  Each of these points makes it worth it. Price is always overlooked. Renting is same as a subscription. If you buy your modem it’s more expensive, but at the end you still have a modem. Renting at the end you have nothing.
  
  source
IsoKiero@sopuli.xyz ⁨6⁩ ⁨hours⁩ ago
ISP can see your traffic anyways regardless if their router is at your end or not. In here any kind of ‘user behavior monitoring’ or whatever they call it is illegal, but the routers ISPs generally give out are as cheap as you can get so they are generally not too reliable and they tend to have pretty limited features.

Also, depending on ISP, they might roll out updates on your device which may or may not reset the configuration. That’s usually (at least around here) made with ISPs account on the router and if you disable/remove that their automation can’t access your router anymore.

So, as a rule of thumb, your own router is likely better for any kind of self hosting or other tinkering, but there’s exceptions too.

source
- Cobrachicken@lemmy.world ⁨5⁩ ⁨hours⁩ ago
  Honest answer, why tf would s/o vote this down?
  
  source
  - irmadlad@lemmy.world ⁨4⁩ ⁨hours⁩ ago
    I’ve often wondered about down votes as well. It’s not the points, as I care nothing about that. However, if you’re going to down vote something, have the balls to explain why. Maybe the down voter knows something that we all can learn from. It just seems like a common courtesy to do so.
    
    source
    -> View More Comments
ultranaut@lemmy.world ⁨6⁩ ⁨hours⁩ ago
Regardless of whether your ISP is leveraging their ownership of your router to violate your privacy, they are using it to exploit you financially. Owning your own equipment is always going to save you money compared to what an ISP will charge you in rent.

source
- chisel@piefed.social ⁨1⁩ ⁨hour⁩ ago
  Well, AT&T for example requires that you use their provided modem+router combo, which they provide for free (unless you include their plans being generally more expensive than their competitors as an extra fee). They do try to sell you on range extenders for, what I assume to be, the shit router they give you.
  
  Their router gives you less control than you’d get with your own router, helps with lock-in because it makes it harder to change providers, and allows AT&T full root access to your network, so I wouldn’t recommend it for self-hosters. However, it is the cheapest option since you’re requited to use it anyway. Besides, of course, using a different ISP, which saves me tooons of money over AT&T.
  
  source
  - BromSwolligans@lemmy.world ⁨31⁩ ⁨minutes⁩ ago
    AT&T fiber does allow IP passthrough mode though so if you want to run your own hardware you can.
    
    source
haroldfinch@feddit.nl ⁨6⁩ ⁨hours⁩ ago
Recently, a major ISP in the Netherlands was determined to be streaming metadata from within their customer’s networks to Lifemote, a Turkish AI company.

Here’s a report in Dutch: tweakers.net/…/odido-router-stuurde-analyticsdata…

This is just the latest one to get caught doing it, but determine how comfortable you are having your internal network exposed to a 3rd party.

I’ve used personal/non-ISP modems and routers for 25 years because I’m not comfortable with it it. At all… But hey, you do you.

source
- SirHaxalot@nord.pub ⁨5⁩ ⁨hours⁩ ago
  While I would say sending MAC Addresses and Wi-Fi names is very far from tracking everything you do on the internet, this highlight another very important point: The routers that provided by ISPs are usually very cheap and crappy, and this in itself security implications.
  
  Like this example of pulling a script from an unverified HTTP source and executing it as root 🤯.. Not to mention that firewalling and port forward configuration options may be pretty simplified and limited.
  
  source
hendrik@palaver.p3x.de ⁨5⁩ ⁨hours⁩ ago
Even if you control your router/modem, they still control the other end, it connects to. So i think it depends a bit where you’re going with this. If you’re worried about them doing packet inspection, or logging IP numbers you connect to, I don’t think there’s a big difference. They could do it anywhere.

A router interfaces with your local network, though. So in theory a router can be used to connect to your internal devices and computers and maybe they have an open network share without password protection or something like that. But we’re talking violating your constitutional rights here. It’s highly illegal in most jurisdictions to enter your home and go through your stuff.

I’ll buy my own router because I can then configure it to my liking. And my ISP charges way too much for renting one. And what I also do is not use my ISP’s DNS service. That’d just send every domain name I open to their logfiles. Instead I use one from OpenNIC

source
- irmadlad@lemmy.world ⁨3⁩ ⁨hours⁩ ago
  
  Instead I use one from OpenNIC
  
  Fast? How would it compare to the evil Cloudflare?
  
  source
  - hendrik@palaver.p3x.de ⁨1⁩ ⁨hour⁩ ago
    I did one DNS query and it took 22 msec with the nearest OpenNIC server and 24 msec with Cloudflare’s 1.1.1.1 So dunno… roughly same responsiveness? For a proper answer we’d need to do more measurements, though.
    
    source
    -> View More Comments
Semi_Hemi_Demigod@lemmy.world ⁨6⁩ ⁨hours⁩ ago
This is why I got a mini PC with five Ethernet ports and configured it as a router/pihole.

Everything goes through a WireGuard VPN, and I have DNS that’s private.

And I know it’s secure because I wrote the iptables myself.

source
irmadlad@lemmy.world ⁨6⁩ ⁨hours⁩ ago
Owning your own modem/router gives you full access to security features. It gives you opportunity to install custom firmware. If you can spring for the $$, I think it would be advisable. That way, the only thing you need from your ISP is the cable/delivery device piping internet into your house.

source
Nighed@feddit.uk ⁨6⁩ ⁨hours⁩ ago
Depends entirely on the ISP

source
versionc@lemmy.world ⁨5⁩ ⁨hours⁩ ago
I would get a router that supports an open source firmware or operating system like OpenWRT. Which one depends entirely on your use case. Getting a router from your ISP is fine if you’re allowed to and capable of flashing it, and if you trust them (I’m lucky that I have an ISP with a track recoding of fighting for their users’ privacy and integrity).

source
cmnybo@discuss.tchncs.de ⁨5⁩ ⁨hours⁩ ago
Most ISPs have remote access to their modems. You should use your own if possible. If you can’t, then put it in bridge mode and connect your own router to it.

source
- i_am_not_a_robot@discuss.tchncs.de ⁨5⁩ ⁨hours⁩ ago
  In the US, most IPSs have remote access to your modem as well, even if you purchased it yourself from a store unaffiliated with your ISP.
  
  source

Decronym@lemmy.decronym.xyz ⁨5⁩ ⁨hours⁩ ago

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters	More Letters
CGNAT	Carrier-Grade NAT
DNS	Domain Name Service/System
HA	Home Assistant automation software
~	High Availability
HTTP	Hypertext Transfer Protocol, the Web
HTTPS	HTTP over SSL
IP	Internet Protocol
NAS	Network-Attached Storage
NAT	Network Address Translation
PiHole	Network-wide ad-blocker (DNS sinkhole)
RPi	Raspberry Pi brand of SBC
SBC	Single-Board Computer
SSD	Solid State Drive mass storage
SSH	Secure Shell for remote terminal access
SSL	Secure Sockets Layer, for transparent encryption
TLS	Transport Layer Security, supersedes SSL
VPN	Virtual Private Network

[Thread #172 for this comm, first seen 16th Mar 2026, 17:50] [FAQ] [Full list] [Contact] [Source code]

source

SirHaxalot@nord.pub ⁨6⁩ ⁨hours⁩ ago
It’s extremely unlikely that they are going to do any kind of deep traffic inspection in the router/modem itself. Inspecting network traffic is very intensive though and gives very little value since almost all traffic is encrypted/HTTPS today, with all major browsers even showing scare warnings if’s regular unencrypted HTTP. Potentially they could track DNS queries, but you can mitigate this with DNS over TLS or DNS over HTTPS (For best privacy I would recommend Mullvad: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls)

And of course, make sure that anything you are self-hosting is encrypted and using proper HTTPS certificates. I would recommend setting up a reverse proxy like Nginx or Traefik that you expose. Then you can route to different internal services over the same port based on hostname. Also make sure you have a good certificate from Letsencrypt

source
- comrade_twisty@feddit.org ⁨6⁩ ⁨hours⁩ ago
  Many German providers have hardcoded DNS servers in their rental routers though and they block everything from torrent directories to iptv sites.
  
  source
  - Ooops@feddit.org ⁨3⁩ ⁨hours⁩ ago
    The only thing they can realistically harcode is the DNS server their router’s DHCP provides.
    
    Just configure devices to not use that setting, also use DoH or DoT (which you should do anyway, not just to circumvent your router’s settings).
    
    source
    -> View More Comments
Alvaro@lemmy.blahaj.zone ⁨5⁩ ⁨hours⁩ ago
It’s pretty simple if you don’t own the router you don’t own the Wi-Fi. You can treat your home Wi-Fi a little bit like a public Wi-Fi and just make sure all of your devices are secure using encrypted DNS and encrypted traffic and overall not open on any unsecured ports and you should be fine.

source
- Ooops@feddit.org ⁨4⁩ ⁨hours⁩ ago
  
  make sure all of your devices are secure using encrypted DNS and encrypted traffic
  
  Which is so easy it really should be the default nowadays yet sadly isn’t.
  
  source
devtoolkit_api@discuss.tchncs.de ⁨4⁩ ⁨hours⁩ ago
Owning your own router is important, but I would prioritize it differently depending on your threat model:

High priority (do first):

Use your own router running OpenWrt or pfSense — ISP routers often have remote management backdoors

DNS-level privacy (Pi-hole + encrypted DNS upstream)

VPN on the router level for devices that cannot run their own

Medium priority:

Your own modem matters less for privacy and more for reliability/speed. ISP modems work fine for most people.

The bigger privacy win is what runs BEHIND the modem: your DNS, firewall rules, and network segmentation.

The real wins for self-hosting privacy:

Self-host your DNS (Pi-hole/AdGuard Home)

Self-host your email (hard but high impact)

Self-host your dev/productivity tools so sensitive data never hits third-party servers

Use E2EE messaging (Matrix/XMPP self-hosted)

Start with the router and DNS — those are the highest ROI changes.
source