I don’t think people really answered to what OP asked.
There are ways in which an ISP can gather data about you and multiple types of buyers, depending on the data.
- Unencrypted traffic (DNS and HTTP)
Here an ISP or any middleman can see what you are browsing or downloading and can inject whatever junk in your webpages. Not much you can do to protect against it other than to block JavaScript and do a deny by default policy of connections to domains. And forget about protecting data, because even if you don’t get ads served, the ISP still knowns exactly what you like and build a profile on you.
- Encrypted traffic (HTTPS) with unencrypted DNS
Here the ISP can see what domains you are visiting (e.g. google.com, or subdomains like videos.google.com), but cannot see what resources you are accessing (they can’t see that you are visiting google.com/your-search-query). But they can see what domains you are querying in DNS, so they can still build a profile on you depending on what websites you visit (e.g. if you visit level1 forum, arstechnica, servethehome, anandtech and gamersnexus, they can accurately guess you are into tech and serve you ads for PCs, monitors and TVs, or can sell the data to Google or ad networks who will serve those ads to you on the internet; if they see lots of connections to a power tools websites, you might get served ads for power tools and so on).
- Encrypted DNS with either encrypted or unencrypted trafic
If you aren’t using your ISP DNS, your ISP can still determine what sites you are visiting by the connections to internet IPs on ports 80 (http) and 443 (https) that you are establishing. If you do encrypted traffic, the same thing as point 2. applies, just that instead of looking directly at your DNS queries, they look at your connections and do a reverse DNS query on the IPs you are connected to determine what sites you are visiting. Some websites have the same IP for different subdomains. Say for example level1techs and forum.level1techs - haven’t checked if they do, it’s just an example, so ISPs can’t determine what sites you visit as accurately, but they can get the big picture and still build a profile on you.
If you use unencrypted traffic and encrypted DNS, then the same as above and point 1. applies.
So if you don’t trust your ISP, how can you protect your data? A VPN is probably the obvious choice for most. What a VPN does, either a VPN to your own server on the internet, a VPN to your company or a VPN Service Provider (things like Mullvad, I call them VSPs), is that they encrypt all your traffic (usually, unless you have a special “split tunnel,” we won’t talk about those, because they are rare). So all your ISP will see will be a DNS query (encrypted or unencrypted, doesn’t matter) to your VPN server of choice and an established connection to your VPN. All trafic goes through the VPN and consequentially, your connections to other websites will show as if the VPN server is connecting to them and what’s important in our case, the ISP won’t be able to tell what sites you are visiting, all it can see is your connection to the VPN server.
But your VPN becomes the next point of trust. If you use a VSP like Mullvad, they will be able to see exactly what you were hiding from your ISP. So you switch the point of trust to another party. Same for a company VPN (+all the traffic restrictions and agreements with them). If you go the DIY route, let’s say you build your VPN at a friend’s house, you have to trust his ISP now. If you use a VPS (virtual private server, Linode) or cloud server (virtual private cloud or VPC, AWS) for your VPN, now you have to trust the VPS / VPC provider. Everything from 1., 2. and 3. applies, but to another party.
Technically, a VSP and a VPS / VPC have more privacy, because they can’t serve you ads directly. But they can still data mine you and sell your data to third parties, just that they won’t be the same ad networks that your ISP was selling your data to.
One issue with using a VPN is that usually ISPs, being the dicks that they are (at least in the US), will throttle your traffic to anything that is not a connection to a port 80 or 443. The workaround is usually to make a tcp VPN and use port 443 for it. If you only visit websites, you should not see much of a performance difference, but if you also use UDP programs through it, you will notice considerable lag, while some programs might misbehave.
An alternative to VPNs is to use a darknet. Tor comes to mind first, because it’s the most popular. A darknet for our case with hiding data from an ISP is similar to how VPNs look to them: they will only see a connection to a darknet and that’s it. I won’t get into how darknets work. But Tor has what is called exit nodes. Exit nodes are used so you can access clearnet (the internet) websites from within Tor network. Websites will see traffic coming from the Tor node. The ISP, as is the case with VPNs, will only see that you are connecting to a Tor entry node, but won’t know what exit node you are using (or even if you are using one at all), because data is scrambled throughout the Tor network. But IMO exit nodes are dumb, people should stay inside the darkwebs. There are other discussions about Tor vs i2p and their inherent design, but I won’t get into it here, I think that’s pretty much the whole of it. Just note that due to all the traffic scrambling, redirecting, encrypting and what darknets do to fibrin, they will be from slow to dog slow. I don’t recommend darknets just to browse the clearnet.
I didn’t discuss what alternatives you have with ISPs. There are other ways, albeit not as convenient, to combat ISP surveillance. You can use big platforms only and get your news and videos only from there, but that means not visiting other websites. You can use a cloud PC, kinda like an Azure windows VM (or any VM with VNC on a VPS / VPC), but with added latency and it will work basically like a VPN. And the last, but not least, but part of the last resort options, switching ISPs (if you have more than 1 in your area). The nuclear option is cutting your internet cable and moving in a cabin in the woods