Everyone, even people who aren’t skilled with computers, knows that browsing the web comes with certain privacy risks. The sites you visit, what you do while you’re there, where you’re physically located, and which internet-connected apps you use are all broadcast to your internet service provider (ISP).

In October 2016 the FCC approved rules that would prevent ISPs from gathering that data and reselling it without consumer consent, and yesterday the US House of Representatives overturned those rules, The bill is now headed to the White House, where President Trump is expected to sign it.

Internet users are right to be concerned: Without those restrictions in place, everything you do on the web can be tracked, collected, stored, and sold without your permission. That isn’t just a problem for those tired of intrusive advertisements—it’s also a potential treasure trove for hackers.

It can’t be that big a deal, right?

Every time you open a browser window—incognito or not—your ISP knows what you’re doing. Each web request you make first goes through your ISP, giving them a record of every site you visit.

So, if you visit WebMD they know it. And if you navigate to the page on (insert embarrassing medical condition here) they know it. Suddenly you start seeing ads for creams, tinctures, and pills designed to treat that embarrassing condition everywhere you go, and guess what? It’s not a coincidence and it made someone money.

It’s alarming to think that your ISP is using your browsing history as a means to make more money, and it’s even more alarming to think what could happen to that data in the case of a data breach. Those advertisers just want to sell you embarrassing creams. Hackers want to trade your data for cases of the stuff.

It’s easy to protect data on the web, right?

Browsing the web is a lot like going out in public: There are certain things you simply can’t do without someone noticing. In this case the entity noticing is your ISP, and the things they notice are worth big dollars to other companies.

The most common method of anonymizing browsing habits is using a browser’s incognito mode, but that really isn’t hiding anything: All it does is prevent the computer you’re using from storing data-the traffic to and from your computer is fair game for anyone looking.

Ad blockers, script stoppers, and other plugins only protect your embarrassing browsing history from your friends and family. Your ISP still has access to everything you do. True protecting is difficult and comes with drawbacks but it is still possible.

How to protect yourself from the prying eyes of your ISP

There are a lot of reasons to want to anonymize your presence on the web, and not all of them are nefarious or illicit. If you want to stop your ISP from potentially selling your personal info here are a few things you can do.

1. Use ToR: There are many articles on Tor Browser and for good reason, it works. That doesn’t mean it’s easy to set up or get used to, though. One more reason not to rely on ToR for daily browsing is that lots of websites block ToR traffic because it’s impossible to monetize.
2. Use a VPN: Virtual private networks are sort of like ToR, in that they relay your traffic through a bunch of servers before spitting you out at your destination. The free ones aren’t that good, however, and the good ones are far from free. Expect slower browsing speeds too: All that rerouting takes precious milliseconds.
3. Consider local ISPs: Some of the biggest lobbyists for the repeal of regulations protecting consumer data are ISPs like Comcast and Verizon—they stand to make billions in targeted ad deals. Some small-scale local ISPs have said they won’t collect or sell data, so take a look at them if you’re looking for a new provider.
4. Research: If you’re curious about your ISP’s position on data gathering look into it. Call, email, or check out their website and if you don’t find an explicit statement saying they don’t collect or sell data it’s safe to assume they will.

The safest way to browse the web is, unfortunately, not to do it. In today’s age that’s practically impossible, so until internet traffic is safe you’re going to be hard pressed to find easy ways to protect yourself.

The three things you should consider:

1. The US House and Senate have both voted in favor of repealing regulations that prevent ISPs from recording and selling web browsing data and other personal customer information.
2. That information is sold to companies for targeted ad creation, but it could also be stolen by hackers.
3. Anonymizing your presence on the web and protecting your personal information is tough, but it can be done through the use of ToR, VPNs, and good research.