What Your ISP Can Actually See

Your Internet Service Provider (ISP) serves as the gateway to the internet. Since all your traffic passes through the ISP's network, they are technically positioned to access a significant range of your communication data.

Many users assume that HTTPS/TLS encryption makes their browsing completely private. In reality, HTTPS only encrypts the payload - the actual content of your communication. Metadata such as destination domain names, connection timestamps, and data volumes remain visible to your ISP.

Start by checking your connection details on IP Checker. The displayed IP address and ISP name show exactly which provider is handling your traffic.

The Specific Scope of ISP Data Collection

What an ISP can technically capture varies significantly depending on whether your traffic is encrypted.

With HTTPS Encryption

Even with HTTPS, your ISP can still obtain:

  • Destination domain names (readable from the SNI - Server Name Indication)
  • Connection timestamps
  • Data volumes (upload and download byte counts)
  • Destination server IP addresses
  • Communication frequency and patterns
  • DNS query contents (when encrypted DNS is not in use)

In short, your ISP can determine that you visited example.com, but cannot see which specific page you viewed or what you typed into a form.

Without Encryption (HTTP)

Over unencrypted HTTP, the ISP can additionally view:

  • Full URL paths (page-level browsing history)
  • Form data (login credentials, search queries)
  • Downloaded file contents
  • Email body text (over unencrypted email protocols)

While HTTP-only sites are now rare, some IoT devices and legacy applications still communicate without encryption. IoT security remains a concern in this regard.

What DNS Queries Reveal

DNS queries are among the most revealing data sources about user behavior. Traditional DNS is transmitted in plaintext, allowing your ISP to log every domain you attempt to visit. DNS leaks can expose this data even when using a VPN.

Why ISPs Collect Your Data

Legal Data Retention Obligations

Many countries require ISPs to retain communication metadata for a specified period. Australia's 2015 Metadata Retention Act mandates two years of metadata storage. The legal landscape varies significantly by jurisdiction - see our privacy laws overview for details. To build a comprehensive understanding of encryption technologies, encryption reference books can be helpful.

Network Management and Traffic Shaping

ISPs monitor traffic types and volumes for network stability. During congestion, they may throttle specific services like video streaming using Deep Packet Inspection (DPI) technology.

Advertising and Marketing

Some ISPs leverage collected browsing data for advertising purposes. In the US, legislation passed in 2017 allows ISPs to sell user browsing data to advertisers without explicit consent. Ad tracking can operate at the ISP level as well.

Deep Packet Inspection - How It Works and Why It Matters

DPI inspects not just packet headers but also payloads. While ISPs use it for traffic management and legal compliance, it poses serious privacy implications.

What DPI Enables

  • Traffic type identification (video streaming, VoIP, P2P, VPN)
  • Detection and blocking of specific applications or protocols
  • Content inspection of unencrypted communications
  • Service type inference from traffic patterns, even for encrypted connections

DPI Limitations Against Encryption

DPI cannot read the payload of VPN-encrypted traffic. However, traffic analysis techniques can infer service types from packet size distributions, timing patterns, and burst characteristics with surprising accuracy.

VPN Traffic Detection

DPI can also detect VPN traffic itself. China's Great Firewall and Russia's TSPU use DPI to identify and block VPN connections. To counter this, some VPN providers implement obfuscation techniques that disguise VPN traffic as regular HTTPS traffic.

Six Practical Defenses Against ISP Surveillance

1. Always-On VPN

The most effective defense is using a trusted VPN at all times. With a VPN active, your ISP sees only an encrypted connection to the VPN server. Enable the VPN kill switch to prevent IP leaks if the connection drops.

2. Encrypted DNS

Enable DNS over HTTPS (DoH) or DNS over TLS (DoT) to encrypt your DNS queries. Major browsers including Chrome, Firefox, and Edge all support DoH natively.

3. Enforce HTTPS Everywhere

Enable HTTPS-Only mode in your browser to force all connections over HTTPS. Chrome, Firefox, and Edge all include this feature.

4. Encrypted Client Hello (ECH)

ECH encrypts the SNI field in TLS handshakes, preventing ISPs from identifying destination domains. Cloudflare broadly supports ECH, and Firefox enables it by default.

5. Tor Browser

For maximum anonymity, consider the Tor Browser, which routes traffic through multiple relay nodes with layered encryption.

6. Metadata Minimization

Reduce the total metadata you generate by limiting background app communications, using privacy-focused search engines, and disconnecting unused devices.

Recent Developments (2025-2026)

ECH Adoption and ISP Responses

ECH adoption is accelerating, with AWS CloudFront and Fastly joining Cloudflare in supporting the standard. Some ISPs have responded by attempting to block ECH, forcing browsers to fall back to unencrypted Client Hello.

QUIC Protocol and ISP Visibility

The QUIC protocol underlying HTTP/3 exposes less information to ISPs than traditional TCP + TLS. QUIC encrypts connection IDs, making session tracking by ISPs significantly harder. For a comprehensive understanding of network security, network security reference books can be helpful.

How to Check Your Exposure Level

Verify DNS Encryption Status

  1. Visit IP Checker and review your current DNS server information
  2. If the DNS server belongs to your ISP, your DNS queries are likely unencrypted
  3. Consider switching to encrypted DNS providers like Cloudflare (1.1.1.1) or Google (8.8.8.8)

VPN Leak Testing

  1. Connect to your VPN and verify your IP address has changed on IP Checker
  2. Run a DNS leak test to confirm DNS queries stay within the VPN tunnel
  3. Perform a WebRTC leak test to check for browser-level IP exposure

Check Browser Encryption Settings

  • Verify that HTTPS-Only mode is enabled
  • Confirm DNS over HTTPS is active
  • Check ECH (Encrypted Client Hello) status (Firefox: verify network.dns.echconfig.enabled in about:config)

Summary

Your ISP sits at the gateway of your internet connection and can technically access a broad range of communication data. While HTTPS has made content interception difficult, metadata such as domain names, traffic patterns, and DNS queries remain exposed. By combining an always-on VPN, encrypted DNS, and ECH, you can significantly reduce the information available to your ISP. Start by checking your current connection status on IP Checker.

Related Terms

IP Address A numerical label assigned to each device connected to a network. Expressed as 32-bit (IPv4) or 128-bit (IPv6) values, it identifies the source and destination of communications... DNS (Domain Name System) The foundational internet system that translates domain names into IP addresses, enabling browsers to connect to the correct servers when you enter a URL... VPN (Virtual Private Network) A technology that encrypts internet traffic and routes it through a remote server, protecting your real IP address and communication content from third parties... DNS over HTTPS (DoH) A protocol that encrypts DNS queries using HTTPS, preventing ISPs and network administrators from intercepting the domain names you visit... Metadata Data about data. In communications, it refers to ancillary information such as source and destination IP addresses, timestamps, and data sizes rather than the content itself...