Online privacy

What does my ISP know about me?

Founder, Privacy PC

Author Bio ▼

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.
January 4, 2019


Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

Basically, it’s not so simple with internet service providers.

In some European countries, they are legally required to check users’ traffic for possible legal violations. They definitely do not watch what each user does there every minute, but document the basic data – nobody checks this without reason. Info gets recorded automatically.

If the user opens a particular webpage, is this noticeable to the provider?

Yes, generally it’s the domain name that is visible, seldom just the IP address. Additionally, the time when you visited the site is documented. The content of the websites also is visible.

And if I open the website using the secure HTTPS protocol?

Then the provider can see only the name of the website or its IP address and that is all. The provider doesn’t see the content since it’s a secure HTTPS connection with encryption. That’s why it’s recommended that you use it.

How can my internet service provider notice that I downloaded a film or program via torrent client?

The point is that torrent downloader application communicates with the torrent tracker using the http protocol, so the provider can easily see what you downloaded (simply by examining the page where the .torrent file was downloaded) and when it started and ended.

You can connect using https, but for some reason, even the biggest torrent websites don’t support that protocol – exactly why not is a mystery. Many people use VPNs to torrent privately and hide their activity from their internet provider.

Can my internet service provider find out that I downloaded a .torrent file?

Yes, that is what they are attempting to monitor: the interaction between torrent client and website server. They can’t examine web traffic inside the torrent network since it’s very expensive.

Does my ISP store everything I download?

No, it’s simply impossible physically; there wouldn’t be sufficient disk space. Your website traffic is processed on the fly; it’s the stats that are sorted and stored for long periods.

Can the provider see anything if I use VPN?

The point is, with VPN, ISPs would certainly not analyse the ‘mess’ – that is, the encrypted data – never mind decrypting, which is just about impossible. However, from the IP address they can see that a popular VPN service has encrypted that web traffic. So, they know what exactly is used but no more than that.

If I use OpenVPN computer software, will all my traffic go through it, including Windows updates?

Theoretically, yes, and generally it should be so. But practically, it all depends on your settings.

Can my provider learn the real IP address of a particular site if I visited it via VPN?

In fact, no, but there is, however, another thing. If all of a sudden, the VPN stops functioning, or if there is an error, in that case, Windows will simply begin working in the regular manner – that is, without using VPN, just directly.

To repair that, you have to configure the openvpn client itself and, secondly, use the firewall.

In other words, if my VPN glitches, the provider will be able to see which site I am on right now?

Unfortunately, yes: everything will be recorded automatically.

Can TOR protect my anonymity?

It can. However, it is recommended to set it up in a specific way so that addresses alter more often, for instance every three minutes. For the best effect I can recommend using bridges.

What does the internet service provider see when I receive packages from different IP addresses all the time?

Providers have a system for spotting the use of TOR, but I’m not sure if this system works when bridges\transponders are used. The fact of using TOR is also recorded and tells the provider this user can try to conceal something.

Does the provider see the website address I work through TOR or VPN?

No, they can see only the IP address of the VPN or the output node of the TOR network.

Can the ISP see the full IP address when I’m using the https protocol?

No, only the domain address is visible (that is, only, the connection time and the data volume transmitted).

But these data are not particularly useful for the provider in terms of information. Use the http protocol and everything transmitted is visible: the full address and everything you wrote or sent in a message by email, for example. But again, this doesn’t apply to Gmail; all its traffic is encrypted.

Does it mean that if I use encryption, I can already be on the suspects list?

No, not exactly. On the one hand, yes, but on the other hand, data encryption can be used not only by hackers but also by certain institutions concerned with the secure transfer of their data, which is logical particularly in the banking sector.

Does the provider see the fact of me using the i2p network?

It can see it. However, as of now, such a network is little known to providers compared to TOR, which attracts much more interest from secret services due to its popularity. The traffic in the i2p is seen by the provider as encrypted connections to different IP addresses, which implies that the client is working with the P2P network.

How can I see all traffic on my computer the same way providers can see it?

You can do that by a traffic sniffing utilities.

Is it possible to understand that you are being watched?

To date, almost no. Sometimes, perhaps with an active type of attack (the man-in-the-middle), but if passive shadowing is used, it’s just technically impossible to detect it.

But what to do then: is it possible to make it difficult to follow me?

It is possible to split your traffic that is your connection to the internet into two parts. When you visit social networks or dating sites, watch entertainment websites or films… do it all on an ordinary connection.

However, you can use an encrypted connection independently and simultaneously. For example, you can install a virtual machine for this. So, you will have a more or less natural environment, so to speak, since a lot of websites encrypt their traffic – Google in their services, as well as other large companies.

But nearly all entertainment websites usually do not encrypt traffic.

Notify of
Inline Feedbacks
View all comments