What Your ISP Actually Sees (and What Most People Don't Realize)
Every time you open a browser, launch an app, or stream a video, your traffic passes through your internet provider's network first. That gives them a detailed view of your online behavior — more detailed than most people expect.
Here's what your ISP can typically see, even when you're using HTTPS:
- Every domain you visit. HTTPS encrypts the content of a page, but your ISP can still see that you connected to netflix.com, reddit.com, or a health information site. The domain name is exposed through DNS queries and the SNI (Server Name Indication) field during the TLS handshake.
- When you connect and for how long. ISPs log connection timestamps, session duration, and idle patterns. They know when you go online, when you stop, and how your usage changes throughout the day.
- How much data you transfer. Volume metadata reveals what you're doing — a 2 GB session at 8 PM likely means streaming video. Small, frequent bursts suggest messaging or browsing.
- Your DNS queries. Unless you use encrypted DNS (DoH or DoT), every website lookup goes through your ISP's DNS servers in plain text. That's a complete log of every site you try to reach.
- Unencrypted traffic in full. Any HTTP connection (no "s") is completely visible — including page content, form submissions, and search queries.
The HTTPS misconception
Many people assume HTTPS means their ISP can't see anything. That's only half true. HTTPS protects the content of your communication — what you type, what you read on a page — but the destination (which site you visit) is still visible. Think of it like sending a sealed letter: the post office can't read what's inside, but they can see exactly where it's going and when.
What ISPs Do With Your Data
Seeing your browsing data is one thing. What ISPs do with it is where things get concerning.
Selling and sharing your data
- Advertising partnerships. Major US ISPs have built advertising subsidiaries that use browsing data to build user profiles and sell targeted ad placements. In 2017, Congress rolled back FCC broadband privacy rules, making it legal for ISPs to sell browsing data without explicit opt-in consent.
- Data broker relationships. ISP data flows into the broader data broker ecosystem, where browsing patterns are combined with purchase history, location data, and app usage to create detailed consumer profiles.
- Cross-device tracking. Because your ISP sees traffic from every device on your home network, they can build a household-level profile that covers phones, laptops, smart TVs, and IoT devices simultaneously.
Profiling and throttling
ISPs use traffic analysis to categorize users by behavior. Heavy streaming users may face deprioritization during peak hours. Some ISPs have been caught throttling specific services — slowing down video streaming from certain platforms while leaving their own services untouched.
Legal compliance and government access
ISPs are required to respond to lawful data requests from government agencies. In many jurisdictions, stored browsing metadata can be accessed with a court order — and in some cases, through broader surveillance programs without individual warrants.
Real Incidents: Salt Typhoon, FISA 702, and the Data-Selling Industry
This isn't theoretical. Recent events show exactly how ISP data becomes a real problem.
The Salt Typhoon telecom breach (2024–2025)
In late 2024, US authorities confirmed that Salt Typhoon — a Chinese state-sponsored hacking group — had penetrated at least nine major US telecommunications providers, including AT&T, Verizon, and T-Mobile. The attackers accessed call metadata, text messages, and in some cases real-time communications of targeted individuals, including government officials.
The breach persisted for months before detection. It showed that the massive data stores ISPs maintain aren't just valuable to advertisers — they're high-priority targets for nation-state intelligence operations. If your ISP collects it, it can be stolen.
FISA Section 702 reauthorization (2024)
In April 2024, Congress reauthorized and expanded FISA Section 702, which allows US intelligence agencies to collect communications of foreign targets — including communications that pass through American telecom infrastructure. The expanded version broadened the definition of "electronic communication service provider," potentially bringing more companies into the scope of mandatory data sharing with intelligence agencies.
For everyday users, this means the browsing metadata your ISP collects can be swept into intelligence databases as part of broad collection programs, even if you're not personally targeted.
The ISP data-selling industry
A 2024 FTC report confirmed what privacy researchers had documented for years: major ISPs collect and monetize vast amounts of user data, often through complex subsidiary structures that make it difficult for consumers to understand or opt out. The report found that ISPs combine browsing data with location information, demographic data, and third-party purchases to build detailed profiles.
The Surfshark browser data study
Research published by Surfshark in 2025 analyzed how major browsers handle user data and found that even privacy-focused browser settings can't prevent ISP-level tracking. The study highlighted that while browser-level protections help with website tracking, the network layer — controlled by your ISP — remains exposed unless additional encryption is in place.
What's Visible vs. What's Protected: With and Without a VPN
| Activity | Without VPN | With VPN |
|---|---|---|
| Domains you visit | Fully visible to ISP via DNS and SNI | Hidden — ISP sees only VPN server connection |
| Page content (HTTPS sites) | Encrypted, not visible to ISP | Encrypted, not visible to ISP |
| Search queries | Domain visible; query content encrypted on HTTPS search engines | Fully hidden from ISP |
| Streaming activity | ISP sees which streaming service and can estimate content type by data patterns | ISP sees encrypted data volume only — no service identification |
| Connection timestamps | Fully logged by ISP | ISP sees when VPN connects/disconnects, not individual site visits |
| DNS queries | Visible in plain text (unless using DoH/DoT) | Routed through VPN tunnel — invisible to ISP |
| Data volume per site | ISP can attribute data usage to specific domains | ISP sees total VPN data only — no per-site breakdown |
The key difference: without a VPN, your ISP has a detailed map of everywhere you go online. With a VPN, they see a single encrypted connection and total data transferred — nothing about what's inside.
Real User Scenarios
Privacy isn't abstract. Here's how ISP tracking affects real situations people deal with every day.
You're researching a health condition
You search for symptoms, visit medical sites, check prescription information. Without a VPN, your ISP logs every domain — WebMD, Mayo Clinic, specific condition pages. That browsing pattern becomes part of your profile, potentially shared with data brokers who sell health-interest categories to advertisers and insurance-adjacent companies.
You're job hunting while still employed
Visiting LinkedIn Jobs, Glassdoor, and company career pages from your home network creates a clear pattern in your ISP's logs. If your ISP shares data with advertising networks, you might start seeing targeted job ads across devices — including shared household ones — before you've told anyone you're looking.
You're traveling and using hotel or airport Wi-Fi
Public networks add another layer of exposure. The network operator can see your traffic, and in many cases these operators partner with data collection firms. A VPN protects you from both the public Wi-Fi risks and the underlying ISP that serves that network.
You're streaming or browsing content you'd rather keep private
Whether it's political content, financial research, legal questions, or entertainment preferences — your ISP doesn't need to know. Without a VPN, they have a timestamped record of every site you visit. With one, that record disappears.
The real issue isn't what you have to hide
Privacy isn't about hiding something wrong. It's about the fact that a company you pay for connectivity shouldn't also be profiting from cataloging your behavior, sharing it with advertisers, or leaving it exposed to breaches. You wouldn't hand your browsing history to a stranger on the street — but that's essentially what happens at the network level without encryption.
Practical Steps to Protect Your Browsing
- Use a VPN for everyday browsing. This is the single most effective step. A VPN encrypts all traffic leaving your device before it reaches your ISP. They can see you're connected to a VPN server, but nothing about where you're going or what you're doing. Free VPN US makes this simple — connect with one tap and your ISP loses visibility into your browsing.
- Switch to encrypted DNS. If you're not using a VPN, at minimum switch your DNS to an encrypted provider (like Cloudflare's 1.1.1.1 with DoH or DoT). This prevents your ISP from seeing your DNS queries in plain text. Note: this only hides DNS — the rest of your traffic metadata remains visible.
- Check your ISP's privacy settings. Most ISPs offer some form of opt-out for data sharing and targeted advertising, usually buried deep in account settings. Find it and opt out. It won't stop all collection, but it limits what gets actively shared with third parties.
- Keep VPN connected on all networks. ISP tracking happens at home, on mobile data, and on public Wi-Fi. The protection needs to be consistent. Use a VPN on your phone's cellular connection too — your mobile carrier is an ISP with the same data access.
None of these steps require technical expertise. The most impactful one — using a VPN — takes about ten seconds to set up and runs quietly in the background. The point isn't to become invisible. It's to stop giving your ISP a detailed record of your entire online life for free.
Frequently Asked Questions
Can my ISP see what I do online even with HTTPS?
Yes. HTTPS encrypts the content of your communication, but your ISP can still see which domains you visit, when you connect, how long you stay, and how much data you transfer. DNS queries are also visible unless you use encrypted DNS.
Do ISPs actually sell my browsing data?
In many countries, yes. In the US, ISPs have been legally allowed to sell anonymized browsing data since 2017. Major providers have been documented sharing user data with advertising networks and data brokers, often through subsidiary companies.
Does a VPN completely hide my activity from my ISP?
A VPN encrypts your traffic so your ISP cannot see which sites you visit, what you stream, or what you search for. Your ISP can see that you are connected to a VPN server and how much data you transfer, but the actual content and destinations are hidden.
Is incognito mode enough to stop ISP tracking?
No. Incognito or private browsing mode only prevents your browser from saving local history, cookies, and form data. It does nothing to hide your activity from your ISP, which sees your traffic at the network level before it reaches your browser.
Related Questions
More things people ask about ISP tracking and browsing privacy.
Related Reads
Stop Sharing Your Browsing History With Your ISP
Free VPN US encrypts your traffic before it reaches your internet provider. One tap, no logs, no browsing profile built from your data.
- No-logs policy
- One-tap connection
- Encrypts all traffic