Are you wondering, can my ISP see my VPN?
The short answer is yes.
If they care enough to find out, your ISP can see that you are using a VPN. That’s not to say that they cannot check what you are doing online.
Since they can’t see what you are doing online, it also means they can’t sell or record your online activity or store it in a database that could potentially be hacked.
All your ISP can see is that you are connecting to a VPN server, but that’s about it.
How an ISP Knows You Are Using A VPN
Your ISP won’t know by default that you’re using a VPN, but it’s easy enough to find out.
If they took a close look at your traffic it’s pretty obvious because all the communication leaving your computer travels to a single IP address.
There aren’t many other reasons for this to happen.
When ISPs are really trying to find out who’s using VPNs and what they are doing with them, they turn to AI-powered deep packet inspection. This is what’s used by the Great Firewall of China.
Unless you live in an authoritarian state, worrying about this is seriously overestimating the concern that most ISPs have for whether or not their customers are using a VPN. Your bank might check the VPN server against a known list of VPN servers, and block the connection if it’s a match. Netflix does something similar, which is why it’s good to use a lesser-known VPN provider that still has a good reputation. If this happens, just connect to a different server and try again.
How A VPN Hides What You Do Online
All the data that travels between your device and the VPN server is encrypted.
From watching movies, we all know that only the holder of a specific key can decrypt encrypted information. That’s how it works with VPNs too. The data is encrypted with a key that only your device and the VPN server knows. So, if somebody were to intercept the data, all they would see is gibberish.
The encryption used by most reputable VPN providers is 256-bit AES which is the same as what’s used by banks and Wall Street. There’s no breaking encryption. That’s something the movies get wrong. There are older encryption algorithms that no longer work, but there’s no known way to break the ones that are in use today. Anyone who works it out will be too busy bringing down the financial system to bother with your search history.
Think of a VPN as a mail forwarder. It’s just wrapping your packets in an encrypted envelope, receiving them, and then sending them on to their real recipient. All it knows is where it came from and where it needs to go next.
The path your data takes looks like:
Your computer -> ISP -> VPN -> End destination
The encryption happens at the client, which is software that’s installed on your computer that’s configured to communicate with the VPN server.
Some VPN providers also offer a browser extension, which does the same thing as the client but for just your web traffic. You can get these from the Chrome store or Firefox add-ons. They’re not as good as the client because they don’t encrypt all your traffic, but they’re better than nothing.
What do ISPs do with your data?
The rules that govern Internet service providers and how they may treat their customers differ between countries. In some countries, ISPs aid authoritarian governments by censoring the Internet. In other nations, ISPs have shut down the Internet. This happened in Uganda, in 2021, on the eve of an election.
In the United States, ISPs have had the right to sell your personal surfing history since 2017, as long as they anonymized your personal information. AT&T Comcast, and Verizon, among other major American ISPs, stated that their clients would be able to opt out of data collection.
In the European Union, data collection and storage by ISPs is more stringently regulated. Nevertheless, in 2016 it was revealed that British Telecom, Sky Broadband, TalkTalk, and Virgin Media had been harvesting user data and selling it to advertising companies.
A VPN will protect you from your ISP’s prying eyes, whether they are engaged in nefarious activities or not.
Unfortunately, these ISPs don’t have great track records when it comes to protecting their customers’ privacy. Verizon was fined for employing “supercookies” to monitor its users’ online activity. These cookies would remain on your computer even if you deleted cookies from your browser. Meanwhile, AT&T tried to claim that customer privacy is a luxury service. If subscribers refused to allow AT&T sell their data to third parties, they paid 50% more for the monthly subscription.
Comcast was caught red-handed selling its customers’ private data without their consent or knowledge. One customer’s data was sold more than 26 times in just one month.
Even if you trust your ISP to protect your privacy, there’s always the possibility that their systems could be hacked. In 2018, a hacker managed to steal the email addresses and passwords of over a million Comcast customers. Another group of hackers took control of an estimated 500,000 routers belonging to Deutsche Telekom customers in 2016 and used them to launch denial of service attacks against websites like Twitter and Netflix.
These problems have finally elicited a response from the government. The FTC is looking into how ISPs handle personal information, particularly as to whether they pool and anonymize it, how long they retain it, and whether they share it with third parties. Maine went even further when it passed a law prohibiting ISPs from selling personal data without the consent of the customer. The California Consumer Privacy Act took effect on Jan. 1, 2020, giving consumers in California the option to opt out of having their data sold. This has prompted a slew of additional states to consider similar privacy protection measures.
Let’s Wrap This Up
If you’re still with us, congratulations! You now know more about how VPNs work than most people. We hope that this article has been helpful in explaining what your ISP can and can’t see while using VPN.
With a VPN, your ISP can’t see what you’re doing online, nor can they sell your data to third parties. Additionally, a VPN will encrypt all of your traffic, making it more difficult for hackers to intercept your data.