How can my ISP tell that I’m downloading copyrighted files?

Some ISPs are taking a more aggressive position to stop illegal file sharing. Your ISP can see a lot, including the fact that you are filesharing.


I recently changed from Verizon DSL to Charter Cable internet services. About a week later, I started receiving warnings via email from Charter telling me to stop downloading music from limewire (copyright infringement?). After that they sent notices to stop downloading movies from UTorrent. What’s funny is that both were files that never finished downloading. What I want to know is how do they know who I am, where I go on the internet and when I choose to save something to my computer? How does someone else know when your on a website downloading anything?

Well to start with, Charter isn’t just any “someone else” … they’re your ISP.

And as your ISP they know a lot about you, and have the ability to do a lot with that information.

Verizon could have but for whatever reason chose not to.

Let’s look at that in a little more detail.

Your ISP Sees (almost) All

The whole point of having an ISP is to use their services to provide you with a connection to the internet.

That means that when you send or receive data – any data – it travels from your computer through your router and immediately encounters equipment owned and operated by your ISP.

… for the most part even if the ISP can’t see what you’re sharing, the can see that you’re sharing.

Where, if they choose, they can look at the data.

Rarely do they look at the contents of the data, but more and more they’re looking at the type of data – they’ll note whether it’s email or a web request or an instant message.

Or file sharing.

Typically, traffic that crosses the internet is identified by the IP address of where it came from, the IP address of where it’s headed, and a “port number” that indicates what type of traffic it is. Port 80 is web traffic, 25 is email, and so on.

Looking CloselyAs I said, it’s unlikely that they look or care about what the data actually contains (though they could), but they do care about the type of traffic, and the quantity of traffic.

And file sharing is on many ISPs radars.

Your ISP’s Rules: The Terms of Service

Here’s an often frustrating catch: your ISP sets the rules about what they do and do not allow on their system.

That means that they can disallow file sharing protocols whether or not you’re using them to perform illegal downloads. The justification is typically that file sharing protocols use up a great deal of the ISPs capacity, and thus have to be disallowed in order to provide adequate service to all of its customers.

Whether or not you believe it is up to you, but it’s a plausible position.

And if you violate the ISPs rules – their TOS (terms of service) or AUP (acceptable use policy) – then the ISP has the right to disconnect you.

Your ISP Knows You

Of course your ISP also knows who you are. You pay them every month, they know where you live since they deliver the internet connection to your home.

And they also know your IP address, since in order to connect to the internet at all they had to give the IP address to you.

What that means is when (say) a movie studio says “we see one of our movies being downloaded to and shared from this IP address” your ISP can then turn right around and say “I know who that is … I’ll tell them to stop it”.

And you get the warning message you get.

It’s a File **Sharing** Protocol

When you use services like limewire, utorrent or others it’s important that you realize that you’re not only downloading whatever it is you’re downloading.

You’re also sharing what you’ve downloaded previously with others who are using the same service.

That’s why it’s called “peer to peer” file sharing – there is no central server, it’s everyone using the service sharing with each other.

That’s typically the copyright issue that most people get stuck on. If you download, say, a movie – well that’s you downloading one movie.

But with the file sharing software continuing to run, dozens if not hundreds of others could be “downloading” that same movie from your machine – even before you finish downloading it yourself. Now all of a sudden your machine becomes implicated not in one copyright violation – your download – but as a source of dozens or hundreds of other copyright violations as you make that same movie available to others.

That’s when the movie studios or record labels contact your ISP, and in turn when the ISP contacts you.

What About Encryption?

ISPs can’t see what you encrypt, it’s true. It’s one of the reasons VPNs and https and encrypted email are and should be in widespread use: no one who can see the traffic can read its contents. Many file sharing protocols have begun to do exactly that: encrypt.


The port number that defines what it is you are sending is not encrypted. It may change (25 is email, 465 is typically encrypted email), but it still defines what it is you are sending. They can’t see the contents, but your ISP can still see:

  • The IP address of where the data is being sent. (That must be in the clear so that internet routers know where to send the data.)
  • The IP address of where the data came from. (That must be in the clear for the TCP/IP protocol transmission acknowledgements to work.)
  • The port that identifies what the data is … email, web, etc. … which is also not encrypted.

They can’t examine the data, but they can still see where the data is coming and going, and what kind of data it is.

So even encrypted your ISP could still say “hey, you’re running peer-to-peer file sharing software, and we don’t allow that: knock it off”.

Yes, there are attempts to further obfuscate peer-to-peer file sharing traffic, but you get the idea – for the most part even if the ISP can’t see what you’re sharing, they can see that you’re sharing.

And for many, that’s enough.

There are 31 comments:

  1. Bob Reply

    Hehe… Leo, check your articles. The comments are getting spammed…

    I watch for spam religiously. Please point me at specifics I’ve missed.


  2. Lester Reply

    I’m with a small ISP that is about my only choice, since I’m in a rural area. They adamantly reject Peer to Peer downloading. And that’s just fine with me, because when a few people hog the bandwidth we all suffer. Maybe the big guys can swallow the extra overhead. Plus, I don’t like piracy of any sort, because in the long run we all suffer when that kind of mentality overtakes our culture.

  3. Me Reply

    Some ISPs have traffic shaping which will actually slow down uTorrent. Theres encryption for getting past that, however its not good for anonymous (the only thing it does is prevent passive listening, IIRC).

  4. Me Reply

    Oops. By “uTorrent” it should have said BitTorrent. uTorrent is the client I use.

  5. JC Reply

    In the same train of thought– if I am using a program such as PeerGuardian, how am I protected exactly? What information is hidden from 3rd parties, and how much (if any) is hidden from my ISP?

  6. Gord Campbell Reply

    When I use BitTorrent to download a new version of Ubuntu, it’s highly efficient and completely legal. I’d hate to see a technology blocked because it’s misused sometimes. Kind of like banning cars because some people drive when they are drunk…

  7. Sandy Smith Reply

    Regarding email encyprtion you should clarify that port 465 is (typically) TLS encryption which is just the credentials of the message – not the message itself. I think you should do an entire newsletter on encryption… it’s a topic people need to know – to protect themselves.

    Would love to see the reference for that. My understanding is that port 465 is a full-on encrypted connection – credentials, message, and so on. In fact I just confirmed that by packet sniffing my own email send.


  8. Slick Reply

    The one thing that has always puzzled me about this subject is this: With all the information (the IP address of where content is being sent from, your IP address, etc.) passing through ISPs, why is it so difficult for ISPs and the police to track down websites that host illegal content and particularly child abuse pictures?

    A) if they’re hosted in the US, it’s not hard. A court order and they’re done. (Assuming that law enforcement takes it as a priority.) b) if it’s overseas it’s much harder, as many foreign governments are less than tech-savvy, and often less than cooperative. Most problem sites are in the later category.


  9. Me Reply

    From what I understand, the police need a court order or something to get information from ISPs. But Im not sure how hard those are to get. And a lot of them I imagine are outside of jurisdiction.

  10. Long Dong Schlong Reply

    If your internet provider is Charter nothing of yours will be private. Charter is known for giving away your private info to anyone. Charter does NOTHING to protect your privacy, NOTHING!! They would sell their own mother out. Do yourself a favor and find out if the have fiber optics in your area. If they don’t have it in your area yet, find out when your area will come into the 21st century and get it. Fiber optics is the future and it’s WAY better than cable. It’s at least 10 times faster than cable. If you use fiber optics for your internet provider you will be SO MUCH HAPPIER. Cable is becoming OUTDATED, FIBER OPTICS is for the young and modern!!

  11. Ivor Nelluvanitch Reply

    Will BTGUARD (which is an anonymous proxy) make it likely that the peer to peer user is “cloaked”?

  12. john neeting Reply

    Hate to burst ‘knowledgeable’ bubble experts in communications. I’ve been reticulating for 44 years.
    Optic degrades 6 times faster than co-axial which means you have to strip it out and replace it every 6-10 years otherwise it becomes useless. Coaxial has a life of 50 years plus and is %10 of fiber cost. 90% of internet users [ non commercial] don’t NEED 100mb/sec as 10mb/sec is just fine [2 sec verses 20 sec ??]. Cost for connection of fiber escalate out of sight compared to coaxial cable. Coaxial is far easier to repair, resists damage where optic will crack, split, fracture, break and is a pain in the proverbial to join – joins further degrade efficiency. $1.6 billion to fiber optic a small city, $160 million with coaxial.

  13. Ken Reply

    Not being too knowledgeable about bandwidths etc, I thought that all the massive movie streaming, tv catchups etc that were being urged to watch (and my wife does due to the hours she works) would use more bandwidth than just downloading file-sharing material or am I wrong? I have music playing on the internet all day, am I being greedy? What’s an acceptable limit for daily use? Why don’t ISPs give us programs and guides to let us monitor our usage? Why don’t ISPs limit the amount of customers they take on if there’s not enough to go around??
    Getting back to the original question, I think I read somewhere that they can only track what we upload and not download, or am I wrong. It’s all so confusing.

  14. Rod Alys Reply

    I use a VPN!

    How and what are the protections of this vs. my ISP Co., and also what limitations does this have?

    Can they “see” what I’m doing (like using a Bit Torrent,) etc., and that is coming from my Acct.”?

    Thanks Leo for your GREAT Newsletter!

    You want this article: How does a VPN protect me?


  15. Wakkierob Reply

    They even know where your money is coming from so if you have a agreement and go over and you have a direct debit they’re charge direct from your bank. And you wont know until the next bank statement.

    If you Have or use a Elite Proxy your untraceable! lol

  16. Atari Reply

    To get around this, just download your movies using direct downloading (Hotfile/Fileserve/Filesonic/Mediafire/Megaupload/Rapidshare/Uploading) instead of using P2P. P2P, in fact, is ludicrously amateurish, and you will discover that once you learn to use Google.

    I would expect direct downloading sites to come under the same scrutiny as P2P. If not now then eventually since direct download is definitely becoming a larger repository for illegally shared files.


  17. Bob63 Reply

    Can my ISP see that I downloading files from a UseNet Server and if so what can they see? Filename, data type, etc? This seems to be the correct article to ask this question. Please don’t delete.

    Last I checked usenet was not encrypted so they can probably see everything – groups, files, file contents – everything.

  18. Peter Reply

    Hi Leo, thanks for your insight and you were correct about your comment on 30 Aug 2011! SOPA, Megaupload, etc.

  19. john Reply

    Great article Leo,

    I just bought an elite proxy for a few dollars per month.

    If I use this proxy on windows mail, will it stop my isp or others being able to view the data being sent etc.

    I’m not familiar with that proxy, so you’ll have to check with them.


  20. Stephen Reply

    I recently (past 3 weeks) began downloading movies off of torrent sites. As soon as the file was completed downloading I stopped it from seeding. After downloading about 80 movies I started receiving emails from my ISP saying that they were contacted by the movie distributors (ie. Sony, Universal, etc.) and forwarded the message to me. Each email listed the title of the movie in question and demanded that I remove the files and stop downloading or I will be disconnected.

    I have stopped downloading and removed the PSP sharing software (Vuze) from my computer but can they (my ISP or the movie distributor) see if I have actually deleted the movies off of my computer or personal shared network media drive?

    I understand how the ISP sees what I am doing but how did the movie distributor know I downloaded one of their movies? Do they upload the torrent themselves and watch to see who downloads it?

    Sorry for the long post but you obviously know what you are talking about and I hate to completely delete all of those movies if I don’t have to. But at the same time, I really don’t want to get in trouble or have my internet disconnected (guess I should have thought about that before I started downloading movies, haha!).

    Your input is much appreciated, Leo.

  21. Mark J Reply

    Ask Leo can’t, or won’t, respond to questions that ask to do
    something illegal, or ask for help with something that would
    be illegal or improper.

  22. Geoff Reply

    Nice informative article Leo, Can I just add that over here (UK) British Telecom Slow down but don’t stop file sharing, but after midnight to 7am they allow full speed.

  23. GW McClintock Reply

    You said, “That means that they (ISPs) can disallow file sharing protocols whether or not you’re using them to perform illegal downloads.”

    I am 63 and I do not d/l copyrighted material me being in the music business, so; my question would be: “Isn’t the ISP acting as a de facto agent of Law Enforcement, and just how did the ISP come to insert themselves as de facto law enforcement?” Granted it is “their” ISP however, when an intity inserts itself in to what may or may not be legal without sworn legal authority I’d think they are letting themselves in for a nice law suit especially if that ISP is the only “game” in town? Yes? No?

    I do believe that various government agencies are indeed asking, or perhaps even requiring ISPs to act as their enforcers. It’s aweful. However even where they don’t the ISPs will claim NOT that you’re downloading illegal content, but rather that the filesharing protocols use too much of their bandwidth and therefor must be disallowed.

  24. Mama Reply

    There are a lot of activities that use a lot of bandwidth, are all of them going to be disallowed? If so, I might as well kill myself now.

  25. Mama Reply

    A bettter title would be “How can my ISP not know what I’m doing? Afterall, they are almost up my butt.”

  26. Brandon Hunter Reply

    Im very sorry for posting here but i am completely out of ideas!! please someone help! I have a question, is it legal for a comcast internet tech to tell me i have to install something on my computer that in turn erased all my bookmarked pages that i use for reference for work? He had me install some “xfinity” software and told me i could just remove it when it was finished if i did not want it on my computer. Well, as soon as it was finished installing I imediatly opened google crome to start my work (writing ebooks on political topics). To my dismay, ALL of my reference matirial I had spent months looking for and bookmarking was gone!! No bookmarks!! I called the service center, they sent out a tech guy to my place again. He told me that he was not sure why they make people install this software because people are unhappy about it usually. He also told me that other people have had the same problem before and that there is nothing they can do about it. This is unacceptable to me!! It has ruined my focus and direction associated with my writing as I now have absolutely no references!! Please someone tell me this is illegal so i can put a stop to this kind of guided misfortune!! Thank you! B

    Illegal? No idea – you’ll need to ask a lawyer. I do have to say, though, that regular backups – particularly one taken just before this incident, could have restored your bookmarks.

  27. Debra Reply

    Just wanted to thank you for this simple, clear and concise post on downloading! It really helped me to understand this topic. I really appreciate it!

  28. Devon Reply

    I became instantly addicted with torrent downloading when i first found BitLord. I constantly downloaded discographies and many movies and games. With all of this foolish downloading came the most unexpected consequence: a copyright notice. One of the discographies i downloaded was of “Puddle of Mud” and that was who contacted my ISP (Charter). After reading a few articles, including this one, I’ve found out that i was caught primarily because many people were downloading the same thing i was (at least i think). That brings me to my question: if i were to download illegally again, it would be foolish i know, would charter know that I’ve done it again?

    • Mark Jacobs Reply

      It’s not normally your ISP who would go after you. When you download via a torrent, your IP number appears in a list of uploaders and downloaders. This list shows up in the torrent program of everyone sharing the files with that torrent. The owner of the copyright or a proxy just has to download that torrent to see the IP numbers of all the people sharing that file. They can determine which ISP you are using to share the file. ( They then send those IP numbers to their lawyers who get a court order to get the ISP to tell them who is downloading that file using that IP number.

    • Leo Reply

      Quite possibly, yes. Don’t do it. On charter or any other ISP. Illegal is illegal, regardless of whether or not you get caught.

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.