I found out that the landlord of my building is able to access all my internet URLs even though they are HTTPS. Ex they are able to see this entire URL: https://www.google.com/search?q=stackoverflow including path and query params.
I verified by clicking on the lock icon of my browser that the certificate issuer is "Google Trust Services". They are able to see all URLs, not just google.
Therefore, I am not able to understand how are they able to access all my internet traffic (I am certain they are able to access it). I am not sure if they can see the request/response body & content as well. We are using AT&T internet (not sure if they have a Netgear Nighthawk router connected in the middle). I cannot access the router interface (192.168.0.1) because the attacker (the landlord) is able to see all my URLs.
Is there a way to thwart their attack by using some browser plugin or a similar solution? I found out that Chrome has HTTPS Everywhere Plugin but that might not help because my browser is already showing that the connection is HTTPS. Ideally I would like to find a way to also detect (and prove) that they are looking at my web browsing history, ex: I can create a website and use javascript to log visitor information (but it will be hard to pinpoint that they are the attacker), in case I decide to show it to our local authorities.
I use Firefox and Chrome for browsing the internet.