We all know that VPNs are an excellent way to hide what you do online from your ISP (Internet Service Provider). But you have to wonder - what does your ISP see when you use a VPN?
There's a lot of misinformation about this topic online, so we have put this quick guide together to offer a clear answer.
Do they still see everything you do? Or do they just stare at a blank screen?
Well, both scenarios are exaggerations and not true. In reality, your ISP will see a bit of information about your browsing when you are connected to a VPN. After all, you'll have to go through their network before connecting to a VPN.
However, what they can monitor won't be enough to violate your privacy. Here's a list of the kinds of things they'll see:
A lot of stuff. You need to understand that all your data packets go through your ISP, and they can analyze their contents if they're unencrypted. They can also spy on your DNS queries (the connection requests you send to websites) since they go through their DNS server.
And you're not safe even if you exclusively use HTTPS websites. In theory, HTTPS should only allow your ISP to see the website name. But they can actually monitor network traffic and use information like the size, timing, and destination of data packets to identify unique page visits or guess the contents of your traffic.
What does that mean exactly? Simply put, without a VPN, your ISP can see the following:
"Okay, but what if I use incognito mode?"
It's really not the same thing. We already have an article regarding incognito vs. VPN, but the main idea is that incognito mode will only delete cookies and browsing history. It won't hide your traffic from your ISP at all.
It might seem like your ISP sees a lot of data when you use a VPN, but that's not the case at all. Sure, the list of information they get on your connection seems a bit long, but they can't do anything with it. Once you are connected to a VPN server, your ISP will have no idea what you do on the Internet.
On the other hand, if you don't use a VPN, your ISP will get to monitor all your online browsing. Maybe they will even share that data with advertisers for a profit, or they'll use it to serve you ads instead.
All in all, if you value your privacy, you should always use a VPN when you go online.
No, they can't do that because VPNs use end-to-end encryption to mask your traffic. If your ISP tries to spy on it, they'll just see a string of random characters.
However, your ISP can detect VPN traffic.
Besides looking for port numbers, your ISP can use DPI (Deep Packet Inspection) to spot VPN traffic. Simply put, DPI helps ISPs analyze your data packets to the point where they can detect VPN traffic patterns. They have an especially easy time with OpenVPN since the protocol has a unique signature.
Also, your ISP can easily tell if you're using a VPN server by checking the client sessions on their network. They'll just have to look for the one with no DNS queries. Remember that your device isn't asking to translate an IP address to a website name when you connect to a VPN server.
Yes, you actually can - by using a VPN that offers obfuscation. That feature goes by many names (stealth mode, camouflage, cloaking), but it does the same thing in all cases - it hides your VPN traffic.
Long story short, VPN obfuscation removes metadata from your data packets and adds more encryption to make VPN traffic look like regular HTTPS traffic.
If you'd like to find out more about it, check out our in-depth article about VPN obfuscation. You'll also find a list of the best-obfuscated VPNs in the guide.
Typically, they can't. The only way they would be able to do that is if they had access to your device or the VPN provider's servers.
So, ISPs cracking VPN encryption is just a myth - except in one country. In Kazakhstan, the government actually forced ISPs to have their users install government-issued certificates on their devices. They allow government agencies to intercept user traffic and decrypt it. Yes, even HTTPS traffic.
If they can see it, they can block it, right?
Well, yes. And if they do that, you won't be able to connect to the VPN server anymore.
Usually, they wouldn't have any reason to do that unless the law forces them to do it, or they're scared their customers use VPNs to anonymously torrent movies, games, and TV shows - which, needless to say, is illegal.
Basically, they will use a firewall to apply inbound and outbound traffic rules to your IPÂ address (the one your ISP assigns to you). These rules will say you can't access the VPN server's IP address on the network anymore.
And if your ISP doesn't want to have the staff keep their eye on VPN server IP addresses, they could use a VPN IP blacklist. Some online lists of VPN and datacenter IPs are free to use, like this one, for example. The good news is that those lists don't generally get frequent updates.
The only way to bypass firewall rules like that would be to use an anonymous proxy or a different VPN to hide your IP address. But using a VPN or proxy to unblock a VPN is a bit pointless.
That's why you should always use a VPN with tons of servers. When there are hundreds or thousands of them, you don't need to worry about your ISP blocking them all. Also, IP blacklists can't keep up with them either. If you need help finding such a service, check out our guide on VPNs with the most servers.
If your VPN suffers a leak, your ISP will be able to monitor some (if not all) of your digital footprints. It depends on how severe the leak is, like whether the VPN leaks your IP address, your entire traffic, or your DNS queries. Whichever the case, things won't look good for your privacy.
Here is a quick overview of what kinds of VPN leaks can happen:
To avoid these kinds of leaks, you need to use a VPN that offers leak protection and a Kill Switch (a feature that shuts down your web access when the VPN connection goes down). Some of the best options include NordVPN, ExpressVPN, CyberGhost, Surfshark, and VyprVPN.
So what does your ISP see when you use a VPN?
Not much. Just your IP and the VPN server's IP address, when you connect to it, how much data you exchange with it, the encrypted traffic, and what VPN protocol you are using. Overall, nothing that can put your privacy at risk.
Just make sure you pick a reliable VPN. If it suffers leaks, your ISP could see more than you'd be comfortable with.
And if you happen to know more about other types of data that ISPs can see when people use VPNs, let us know in the comments below or on social media.