What Can Your ISP Know About You?
To know if your Internet Service Provider (ISP) knows the sites you visit, type some URL in your browser, for example site.com. Here is how this URL looks like for computer networks: http://site.com. The “http” part on the left means the unencrypted data transfer protocol. Since the data is transmitted openly, it’s quite clear that your ISP “sees” everything you do: opening websites, transmitting data, etc. It’s easy to extract your passwords and logins for sites and read your insecure communications in social media. It’s also worth mentioning that torrent downloads don’t involve data encryption: a tracker just transmits data to the torrent client via HTTP. So your ISP sees exactly what content you downloaded (games, music, movies), who downloaded it, when the downloads were started and finished.
Now let’s see what happens when you access an encrypted site, for example https://whoer.net (in this case the protocol is HTTPS, not HTTP). When you access this site, your ISP sees only the IP address of the end server, transmitted and received traffic for this address, and that’s all. Any other data transmitted by your device can’t be decrypted.
Note that your ISP is obliged to keep users’ logs for three years and hand them over to authorities on request. If you use encrypted communication channels, these logs look like this: “On April 12, 11:11 am, user vpnhook accessed Internet via his smartphone, opened whitehouse.org, was reading it for 3 hours, spent 1 GB of traffic, and disconnected.” Data entropy for your ISP is about 99% (meaning encryption), and nothing can be done about it. If, however, you used non-encrypted connection, your ISP will get full information.
How can you prevent your ISP from seeing all your sites and traffic?
The answer is simple: use VPN. If you do, your ISP can only see your encrypted traffic to some IP address. Of course, it lets them know a lot of things too, like the range of transmitted virtual servers, but they can’t track the entire chain of transmitted data. At most, they can directly track users by matching their traffic with the server traffic.
Note that sometimes your OS (any OS) can let you down. When your VPN connection is suddenly lost due to various reasons, your traffic starts transmitting “directly” without encryption, and your provider instantly sees your actual IP. That’s why we recommend to set up the OS accordingly when you start using VPN.
Some VPN data transmission features are common for browser extensions too. These extensions are used by various technologies, and some of them in theory can track users’ actions.
Don’t forget about TOR as well. TOR prevents transmission of the address of the site you visit in any way, and your ISP sees only the IP address with data flows. TOR continuously updates this address.
Today no technology is able to decrypt TOR traffic, but it’s quite easy to establish the mere fact of its usage. This alone is considered suspicious activity on the part of the user and can trigger serious tracking.
In conclusion, your ISP can easily track you whether you use VPN or not, but it’s unlikely that they’ll do it on purpose if you’ve never violated any rules online. Tracking is costly, and online operators don’t want to increase expenses. Operators are likely to use your logs to monitor only the actions they want to know, for example, visiting sites of their competition. Try to do so, and you can get a call from your ISP to learn if you are happy about their service.