There are few devices where privacy is more essential than a Wi-Fi router. Almost all of our internet traffic travels through a router on the way to our devices. That’s a lot of data — enough to make privacy a reasonable point of concern when you’re picking one out.

The problem is that it’s next to impossible for the average person to glean very much about the privacy practices of the companies that make and sell routers. Data-collection practices are complicated to begin with, and most privacy policies do a poor job of shedding light on them. Working up the will to read through the lengthy legal-speak that fills them is no small task for a single manufacturer, let alone several of them. Even if you make it that far, you’re likely to end up with more questions than answers. Fortunately, I have a strong stomach for fine print, and after spending the last few years testing and reviewing routers here on CNET, most manufacturers tend to respond to my emails when I have questions. So, I set out to dig into the details of what these routers are doing with your data — here’s what I found. (You can also find out why your Wi-Fi router may be in the wrong spot, and where to find the best internet providers.)

All of the problems with privacy policies

I combed through about 30,000 words of terms of use and other policy documents as I tried to find answers for this post — but privacy policies typically aren’t written with full transparency in mind. “All a privacy policy can really do is tell you with some confidence that something bad is not going to happen,” said Bennett Cyphers, a staff technologist with the privacy-focused Electronic Frontier Foundation, “but it won’t tell you if something bad is going to happen.”“Often, what you’ll see is language that says, ‘we collect X, Y and Z data, and we might share it with our business partners, and we may share it for any of these seven different reasons’, and all of them are very vague,” Cyphers continued. “That doesn’t necessarily mean that the company is doing the worst thing you could imagine, but it means that they have wiggle cover if they choose to do bad stuff with your data.” He’s not wrong: Most of the privacy policies I reviewed for this post included plenty of the “wiggle cover” Cyphers described, with broad, vague language and relatively few actual specifics. Even worse, many of these policies are written to cover the entire company in question, including all of its products, services and websites, as well as the way it handles data from sales transactions and even job applications. That means that much of what’s written might not even be relevant to routers.   READ MORE