What Can Your ISP See? (And How to Stop It)
Your internet service provider is the most comprehensive surveillance tool most people never think about. Even with HTTPS, your ISP can see every domain you visit, the timing and volume of your traffic, and in many countries they're legally required to store this data for 1–3 years. A VPN moves this surveillance out of your ISP's view.
What your ISP can see without a VPN
In the US, ISPs can legally sell your browsing data to advertisers since the FCC rollback of privacy rules in 2017.
- Every domain you visit: DNS queries are typically unencrypted. Your ISP sees 'google.com', 'pornhub.com', 'reddit.com' — the full list of every site you visit.
- Traffic timing and volume: How long you spent on each domain, how much data transferred, when you were online.
- Unencrypted content: Any HTTP (not HTTPS) traffic can be read in full — contents of pages, form data, passwords.
- Your real IP address: Always visible to your ISP.
- Which services you use: Even with HTTPS, ISPs can fingerprint Netflix traffic, VoIP calls, gaming protocols — just not the content.
What HTTPS hides (and doesn't)
HTTPS encrypts the content of your traffic — the specific page you loaded, what you searched for, what you posted. But HTTPS does NOT hide the domain name you're visiting. Your ISP sees 'amazon.com' but not the specific product page. They see 'gmail.com' but not your emails.
What your ISP can see with a VPN
With a VPN, your ISP sees only one thing: encrypted traffic going to a VPN server's IP address. They cannot see:
Your ISP can see THAT you're using a VPN (the traffic pattern is identifiable) but not WHAT you're doing through it.
- Which domains you're visiting
- What content you're accessing
- How long you spend on specific sites
- Whether you're streaming, torrenting, gaming, or browsing
ISP data retention laws by country
In many countries, ISPs are legally required to store browsing data:
- UK: ISPs must retain browsing records for 12 months under the Investigatory Powers Act (2016)
- EU: Varies by country — the Data Retention Directive was struck down, but many countries have national laws
- Australia: ISPs must retain metadata for 2 years
- US: No federal mandatory retention, but ISPs voluntarily retain data and can sell it
- Switzerland: No mandatory retention — one reason ProtonVPN's Swiss jurisdiction matters
Frequently asked questions
Can my ISP see I'm using a VPN?
Yes. Your ISP can see encrypted traffic going to a VPN server's IP address. They typically know it's a VPN connection but can't see the content. Some VPNs offer obfuscation (NordVPN, ExpressVPN) that makes VPN traffic look like regular HTTPS.
Can my ISP block a VPN?
ISPs can block known VPN server IPs. This is rare in Western countries but common in China, Russia, and Iran. Obfuscated VPN protocols make blocking much harder.
Does a VPN hide torrenting from my ISP?
Yes. Without a VPN, your ISP can see your BitTorrent traffic and may send copyright violation notices or throttle your speed. With a VPN, they see only encrypted data to a VPN server.