Most of the traffic on the web is encrypted. And more websites are adopting basic encryption measures every day. That means that, in theory, eavesdroppers have a hard time seeing whom you're writing to on Gmail or what you're looking up on Wikipedia.
But there's a catch. Big sites like Google and Facebook can see what links you click from their services, and use tracking cookies to follow you around the web. Various tools can help you block this type of tracking, but another big window into your browsing habits remains. Your broadband provider or someone who has hijacked your internet connection could still see what sites you're visiting. They might not be able to tell what you're watching on, say, Pornhub, but they can know that you visited the site.
That's an obvious problem for people who live under authoritarian regimes. But there are other reasons to worry. Many broadband providers in the US are also media and advertising companies. Verizon, for example, has an extensive digital advertising operation thanks to acquisitions of AOL and Yahoo. It's perfectly legal for carriers to their customers' internet history to target advertising.
For the past two years, the Internet Engineering Task Force, which sets standards for the web, has been working on a new protocol for the internet's address book—the domain name system, or DNS—that would make it harder to spy on what pages you visit. The standard isn't finalized, but the security company Cloudflare appears to be launching a service called "220.127.116.11 that supports the new protocol. Some test versions of the Firefox web browser already use Cloudflare's service.