Yup.
Yes. Yes, they can.
Let’s look at what Virtual Private Networks (VPN) expose to your Internet Service Provider (ISP) that allows them to figure it out.
Become a Patron of Ask Leo! and go ad-free!
ISPs and VPNs
Your ISP can see you’re using a VPN by noting the IP addresses and ports associated with VPN services. They can’t, however, see the content of your encrypted data. Essentially, using a VPN shifts your internet visibility from your ISP to your VPN provider.
Connecting to a VPN
There are two characteristics of a VPN that cannot be hidden from your ISP:
- You are connecting to the IP address(es) owned by a VPN service.
- Your software is connecting to ports associated with VPN networking protocols.
Your ISP is responsible for taking a packet of data from you and sending it where it’s supposed to go. The only way it can do that is if it knows where the packet is supposed to go. If you’re using a VPN, that destination will be the VPN’s servers.
In fact, it’s possible that — even though your data is encrypted — the packets carrying your data have overhead information that could also identify it as traveling over a VPN.
If you’re in an area with a restrictive government, or are just concerned that the fact that you’re using a VPN might set off red flags to someone, this is important to know.
Attempts to hide further
I often see comments that using a port more commonly used for other purposes — for example, running a VPN over the ports more commonly used for webpage traffic — can hide the fact that you’re using a VPN.
This is not the case.
Your ISP can still see that you’re connecting to a server associated with a VPN service whether you use a non-standard configuration or not.
What the ISP cannot see
It’s important to realize that while your ISP can see that you are using a VPN, they cannot tell what you are using it for.
For example, you might connect to askleo.com through your VPN. In that case, your ISP can see only that you are using a VPN and exchanging encrypted data with it. That you are connecting to askleo.com, which pages you ask for, and the responses you get are all routed through the VPN, and thus are encrypted and inaccessible to anyone anywhere in between — including your ISP but excluding the VPN.
What the VPN can see
That’s an important detail that’s often overlooked.
When you connect to the internet through your ISP, they facilitate the connection to all the various sites and services you use. That’s why they can see it.
When you connect to the internet using a VPN, your ISP can see none of that. But the VPN service can. All you’ve done is moved your connection point away from the ISP. The VPN service then becomes the point that connects you to all the various sites and services you use.
In a sense, your VPN is acting as your ISP, as they’re providing the final connection to the rest of the internet. So they can see where you go and what you do there.
Do this
Most people don’t need to care about any of this.
- Most people don’t need to use a VPN. It is needed only if you are using an untrustworthy connection like an open Wi-Fi hotspot (and even then, it depends on what you’re doing).
- Most people don’t need to care that their ISP might see they’re using a VPN because most ISPs simply don’t care.
Both points make VPNs moot for most people. But if you find yourself in a situation where a VPN is called for, it’s important to know what it does and does not protect you from.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Thank you for the article, but can you explain what the end web/service know if you are using a VPN and what information they can obtain.
See my answer to Darrell. They can see the address of the VPN and whatever is in the data packets you send.
Can a Website Identify Me When I Visit?Can a Website Identify Me When I Visit?
In some cases, they might be able to identify you through the data you send, such as cookies and more.
Supercookies and Evercookies and No Cookies at All: Resistance Is Futile
I have Nord VPN on my android phone. I also like to read the Guardian News Paper via their ap. The ap alows you to read a number of news items per month and when this is exceeded you have to pay. I assume the ap is taking some form of ID from the phone so it knows how many articles you have read. I thought the VPN would overcome this but apparently not. The only way around it is to uninstall and reinstall the phone so.
Most streaming services and many other subscription websites block traffic from VPNs. It’s easy for the website you are accessing to know it’s a VPN. The website can see the IP address of the comptuters accessing it, which in this case is the IP address of the VPN. When a website is being acessed by many connections with the same IP address, they know, or at least, highly suspect it’s a VPN and block that IP address.
Another case where a VPN might not be accepted is when you are inside a corporate network. Some companies have packet inspection on their perimeter firewalls & a VPN connection that passes through the firewall without inspection will not be allowed.
This can be to protect the business against malware, look for abuse of company resources & monitor for exfiltration of company confidential info or IP.
The problem with the approach is that the firewall acts as a man-in-the-middle & can be abused. If this is a concern, then don’t use the company network for private business.
Obviously the same company will insist on a VPN connection for access to corporate resources from outside the corporate network.
That’s only one reason to avoid using a company network for private business. Never use a company computer for personal business under almost any circumstances.
A reason for using a VPN to limit ISP access to your traffic is privacy.
There are ISPs that collect information on their customers traffic and sell this to data brokers.
Some ISPs have been reported to inject adverts into customer traffic.
I’ve had NordVPN for some time now and really like it. I recently bought a static IP address on one of their servers in the Dallas, Texas area (I don’t live in Texas).
I got a VPN for connecting up when in a public place like a hotel, car dealership, restaurant, doctor’s office, anywhere public. Years ago I took a computer forensics certification course and part of it dealt with how easy it is for unscrupulous individuals to see everything you’re doing on your computer/laptop on a public access point…. As long as they have the correct sniffer software running the their system. It scared me into splurging for a VPN account and I feel the peace of mind has been well worth it!
Most (non-corporate) use of VPN is to “hide your internet activity” from your ISP. First, I used quotes around hiding internet activity because that’s mostly a futile effort – there is always someone out there that can track all your activity. This discussion isn’t complete without talking about who resolves your DNS requests (that’s translating your website requests to IP addresses). This can get complicated. Your DNS can get resolved in your computer (device), your router, your browser, by your ISP, or by your VPN. These can override each other depending of specific setups. With each option there are always selections of DNS servers and various companies associated with the service, so these entities can see what you are doing.
Not all VPN services work the same way. Some tunnel your DNS requests to the VPN company and use the VPN company’s DNS, but others use your default DNS (such as your ISP) and then use the retrieved IP to tunnel only the website request packet through the VPN. In the latter case your ISP then knows where you’re going, so all the VPN accomplishes is (perhaps) protect your data from a man-in-the-loop attack – a very unlikely scenario for most people. So, check the details of how your VPN service works and if there are specific configurations needed to use the VPN’s DNS. Bottom line is who do you trust least? Your ISP or your VPN?