Its a 1st, necessary step. The rest requires some end-to-end encryption of even the destination - and maybe a secure, anonymous DNS query reflector or some such.

Or I'm talking nonsense. But a secure ISP that is not capable of eavesdropping is a start.