Things aren’t really clear-cut when it comes to Internet service providers (ISPs). The laws oblige them to keep an eye on their customers’ traffic and make sure they don’t do anything illegal. Of course, they don’t spy on what people are doing, but they do record the most significant fragments of data. Humans don’t examine that information unless there is a strong reason to do so. In other words, all the data is logged automatically.

Questions and Answers

If a user opens a specific website, can the ISP see it?

Yes. In most cases, what they see is the domain name, but sometimes it may be simply an IP address corresponding to it. They also log the time you visited the site. The content of web pages can be viewed, too.

What if I visit a site that uses HTTPS protocol?

In this scenario, the ISP will only see the domain name or its IP address. They won’t see the content due to HTTPS secure connection, where the communication between client and server is encrypted. That’s why it’s recommended to use it.

How can the provider figure out that I have downloaded a movie or software via a torrent client?

The thing is, torrent downloaders communicate with torrent trackers over HTTP protocol. Therefore, the ISP can see what you downloaded (by simply analyzing the page you downloaded the torrent file from) and when you did it. HTTPS connection is technically applicable in these cases, but for some reason, even major torrent services may not support this protocol. Why? It’s a mystery.

Does the ISP store everything I download?

No, that’s nearly impossible as they would run out of hard disks in no time. The traffic is processed on the fly and categorized to derive statistical data, which is what’s retained for years.

Can the ISP find out that I have downloaded a torrent file?

Yes, they can. In fact, that’s exactly the kind of information they try to track – the interaction between torrent client and server. Meanwhile, they cannot analyze traffic within the torrent network, simply because it’s too problematic from a technical perspective.

If I use a VPN, the provider can’t see anything, can they?

With a VPN service added to the mix, the ISP will see unintelligible junk, that is, encrypted data that they won’t analyze or ever attempt to decrypt as it’s almost unfeasible. However, they can use IP servers to figure out that VPN is being used to encrypt traffic. This may give them a clue that the user has something to conceal, with all ensuing consequences.

If I use OpenVPN software, will it anonymize the online traffic generated by all of my apps and services, including Windows update?

In theory, yes. That’s the way it’s supposed to be. In practice, though, everything depends on the settings.

Can the ISP retrieve the real IP address of a specific site if I have visited it via VPN?

Actually, they can’t, but there is one thing to keep in mind. If the VPN stops working all of a sudden due to some error, Windows will be functioning in its regular mode, that is, without using the VPN service. In order to fix this, first of all, you need to configure the OpenVPN client the right way, and secondly, use a personal firewall solution that allows you to define global traffic rules.

If my VPN crashes, will the ISP see what website I’m currently on?

Unfortunately, that’s true. Everything will be recorded automatically.

Can Tor ensure anonymity?

It can, but you’re much better off tweaking its settings a bit. For instance, you might want to configure it to switch IP addresses every three minutes. Also, the use of Tor bridge relays will add some extra anonymity to your web surfing.

What does the provider see if I’m receiving data packets from different IP addresses all the time?

ISPs leverage a certain mechanism to identify the use of Tor, but I’m not sure whether it can get around bridge relays. The fact that someone is using Tor gets logged and suggests that this customer may be trying to conceal something.

With Tor or VPN enabled, can the ISP see a website URL?

No. All they see is the VPN’s IP address or a Tor exit node.

Can the ISP see the full URL when HTTPS protocol is used?

No. What’s visible is the server’s host name (that is, the “site.com” part only), connection time, and the amount of transmitted data. These details aren’t very informative for the provider, though. If the HTTP protocol is used, everything is out in the open, including the full URL and everything you wrote and sent in an email. But, again, this doesn’t apply to services like Gmail, where the traffic is encrypted.

So, if I use an encrypted connection it makes me a potential suspect?

Not really. On the one hand, it does. On the other hand, it’s not only hackers or home users who can leverage data encryption or global encryption of the entire network. Regular organizations that care about secure data transmission can use it as well, which makes perfect sense, especially in the finance sector.

Can the provider see me use an I2P network?

They can, but ISPs aren’t very familiar with these networks so far, unlike Tor that’s increasingly in the spotlight of law enforcement due to its popularity. Your provider sees I2P traffic as encrypted connections to different IP addresses, which indicates that the customer is working with some kind of a P2P network.

How do I find out if I’m under surveillance?

In some countries, you are watched by default as long as you are connected to the Internet. These are official requirements and all traffic has to go through the surveillance system, otherwise, ISPs and mobile network operators run the risk of losing their telecommunications license.

How can I see my whole traffic on a PC just like ISPs see it?

A network traffic sniffer can do the trick. Just install one, launch it and see what breadcrumbs you’re leaving behind.

Can I somehow figure out that I’m being watched online?

There are hardly any ways at this point. Sometimes it may become obvious when an active man-in-the-middle attack is underway. If passive surveillance is in place, there are no technical means to identify it whatsoever.

But what do I do in that case? Can I hamper the surveillance somehow?

You can split your online activities into two parts. Use regular connection to browse social networks, dating sites, entertaining sites, and to watch streaming movies. Use encrypted connection for more sensitive activities and do it in parallel with commonplace web surfing – for instance, install a virtual machine for it. This way, you will simulate a fairly natural Internet routine, because many websites encrypt their traffic, including Google and other major companies, whereas entertaining sites usually don’t bother encrypting it.