Selfhosted

When there were ISP-owned routers, I just set a private router on the inside. As long as their box does their job, mine did work for me.

A router provided by an ISP is not your hardware, thus any network behind it is by definition not controlled by you. There have been numerous cases where they have backdoors or known admin passwords. In cases where there is a wire type transition (for example incoming over coax or fiber) it might be necessary to use it though. Same if it is necessary due to your contract.

In my cases I always turn off the wireless antennas and switch it to bridge mode, then place my own router/firewall device behind it.

Edit: still learning to spell.

Your router is an important security device that you should own and control your self if you want any semblence of ownership over your network.

Your modem is remotely controlled by the ISP even if you own it, and is mostly there to demodulate from the medium installed by your ISP (usually cable, or fiber but those are called ont's not modems) to a standard cat. 6 Ethernet connection you can plug into most routers.

The main benefit of owning your own modem is not having one with a router built in and not having to pay an equipment fee.

ISP can see your traffic anyways regardless if their router is at your end or not. In here any kind of 'user behavior monitoring' or whatever they call it is illegal, but the routers ISPs generally give out are as cheap as you can get so they are generally not too reliable and they tend to have pretty limited features.

Also, depending on ISP, they might roll out updates on your device which may or may not reset the configuration. That's usually (at least around here) made with ISPs account on the router and if you disable/remove that their automation can't access your router anymore.

So, as a rule of thumb, your own router is likely better for any kind of self hosting or other tinkering, but there's exceptions too.

Router provided by my ISP is just garbage. The settings are so scrace, I might as well just connect my PC directly (if I could, cause cable is DOCSIS). Had to buy 10yo DOCSIS router that actually is usable.

If your router is fine in settings, maybe changing it won't be necessary. As for ISP spying on you - probably possible but certainly is not likely.

Regardless of whether your ISP is leveraging their ownership of your router to violate your privacy, they are using it to exploit you financially. Owning your own equipment is always going to save you money compared to what an ISP will charge you in rent.

Recently, a major ISP in the Netherlands was determined to be streaming metadata from within their customer's networks to Lifemote, a Turkish AI company.

Here's a report in Dutch: https://tweakers.net/nieuws/245620/odido-router-stuurde-analyticsdata-naar-turks-ai-bedrijf.html

This is just the latest one to get caught doing it, but determine how comfortable you are having your internal network exposed to a 3rd party.

I've used personal/non-ISP modems and routers for 25 years because I'm not comfortable with it it. At all... But hey, you do you.

This is why I got a mini PC with five Ethernet ports and configured it as a router/pihole.

Everything goes through a WireGuard VPN, and I have DNS that’s private.

And I know it’s secure because I wrote the iptables myself.

Owning your own modem/router gives you full access to security features. It gives you opportunity to install custom firmware. If you can spring for the $$, I think it would be advisable. That way, the only thing you need from your ISP is the cable/delivery device piping internet into your house.

You're ISP probably provides some overpriced really crap hardware that they probably have a back door to, that I'm also not about to screw around with. I've always had a router behind their modem/router combo for many reasons, the first being that I have had a 100 ft Ethernet cable since 2005 that let's me put my router where I want, I can place my wifi where it works best, not just within 6-10 feet of wherever someone 20 years ago decided to drill a hole. Second is because a ddwrt router is so much better than anything you'll get from your provider, and you can find pretty good compatible ones on eBay or at your local thrift store for cheap.

I've always begrudgingly purchased rather than rented from my provider because after a year or so it is usually paid for. So far I've purchased four modems over almost 20 years so it's worked out for me. As for the device itself, I don't trust it, but I'll still set some firewall rules just because. I have my router behind it where I do the real stuff. If I'm ever given a device that I need to connect for some sort of monitoring, like my solar panels or something like that, it can connect to my ISPs crap and do whatever sketchy shit it's gonna do.

I would get a router that supports an open source firmware or operating system like OpenWRT. Which one depends entirely on your use case. Getting a router from your ISP is fine if you're allowed to and capable of flashing it, and if you trust them (I'm lucky that I have an ISP with a track record of fighting for their users' privacy and integrity).

Even if you control your router/modem, they still control the other end, it connects to. And some more infrastructure along the path. So i think it depends a bit where you're going with this. If you're worried about them doing packet inspection, or logging IP numbers you connect to, I don't think there's a big difference. They could do it anywhere. And they'll likely do it in some datacenter.

A router interfaces with your local network, though. So in theory a router can be used to connect to your internal devices and computers and maybe you have an open network share without password protection or something like that. But we're talking violating your constitutional rights here. It's highly illegal in most jurisdictions to enter your home and go through your stuff.

I'll buy my own router because I can then configure it to my liking. And my ISP charges way too much for renting one. And what I also do is not use my ISP's DNS service. That'd just send every domain name I open to their logfiles. Instead I use one from OpenNIC

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

16 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

[Thread #172 for this comm, first seen 16th Mar 2026, 17:50] [FAQ] [Full list] [Contact] [Source code]

Depends entirely on the ISP

It's extremely unlikely that they are going to do any kind of deep traffic inspection in the router/modem itself. Inspecting network traffic is very intensive though and gives very little value since almost all traffic is encrypted/HTTPS today, with all major browsers even showing scare warnings if's regular unencrypted HTTP. Potentially they could track DNS queries, but you can mitigate this with DNS over TLS or DNS over HTTPS (For best privacy I would recommend Mullvad: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls)

And of course, make sure that anything you are self-hosting is encrypted and using proper HTTPS certificates. I would recommend setting up a reverse proxy like Nginx or Traefik that you expose. Then you can route to different internal services over the same port based on hostname. Also make sure you have a good certificate from Letsencrypt

Most ISP's in the US are always looking for a government handout. When the government decides to tie that handout with a backdoor attached you will never know about it. If they control the router you don't get a choice.

Not to mention they buy the cheapest POS they can get to do the job. Then when the wifi sucks they will rent you some mesh nodes. And you can only hope they update them if there is a flaw.

I run OpnSense and have for about 10 years now. I've considered using a gPON sfp module so I can get rid of the ONT.

It's pretty simple if you don't own the router you don't own the Wi-Fi. You can treat your home Wi-Fi a little bit like a public Wi-Fi and just make sure all of your devices are secure using encrypted DNS and encrypted traffic and overall not open on any unsecured ports and you should be fine.

Personally, all of my services on my home server are only available through my WireGuard VPN, so it doesn't matter what Wi-Fi I'm using, it's always going to be encrypted peer-to-peer.

Most ISPs have remote access to their modems. You should use your own if possible. If you can't, then put it in bridge mode and connect your own router to it.