What you're exposing with each.
This is an interesting question, particularly when it comes to understanding "IP-changing" services.
First, I need to clear up some terminology to be sure we’re talking about the same thing.
Become a Patron of Ask Leo! and go ad-free!
Your ISP can see that you're using a Proxy, VPN, or Tor. In the case of a proxy, your ISP might see data, possibly even encrypted data. In the case of a VPN or Tor, your ISP can not. Proxys and VPNs can see all unencrypted data. The destination site sees your data (of course, it has to) and the IP address of the Proxy, VPN, or Tor exit node, not your "real" IP address on the internet.
ISP versus IP
You say that you’re “using an ISP-changer program.” I think you mean IP, not ISP.
Your ISP is your Internet Service Provider. They're the company from which you get access to the internet, and to which you connect your computer and other internet-enabled equipment.
Your IP is your Internet Protocol (IP) address. That's the unique number that identifies your specific internet connection1. Your IP address is provided by your ISP when you connect.
"Changer" programs
When you connect to a site or service online -- even something as simple as a website such as Ask Leo! -- that site's servers have access to the IP address from which you connected: your IP address. This is required so the server knows where to send the data you requested.
You can use programs or services to make it look like you're coming from a different IP address -- what I think you're referring to as a "changer". Instead of your own home IP address, the remote service sees something else. For example, the Ask Leo! server would see the IP address of this changing service, rather than yours.
You haven't changed your ISP at all; the same company still provides your internet connection. You're not really changing your IP address either, as you're still connected to the internet using the IP address assigned by your ISP.
The only thing that changes is the IP address that you appear to be at, as seen at the other end of the connections you make.
It sounds like I’m being pedantic, but when we talk about things like security, we have to use correct terminology to make sure that we’re talking about the same thing.
A more correct way to phrase what you're attempting is: you want to hide your IP address as you use the internet.
Different approaches to hiding your IP address
When it comes to hiding your IP address, there are three different approaches2.
Proxies. These are services that you connect to normally that then make all subsequent requests on your behalf. You may have seen proxy configuration options in your web browser, and indeed, they are typically limited only to handling web-browsing traffic. Other than configuring the proxy in your browser, there's no additional change to your system. In practice, they're rare outside of the corporate environment.
VPNs. These services act similarly to proxies, except they handle all of your internet traffic. This requires that you install or configure a VPN service in your operating system, not just your browser. When you connect to anything on the internet, that request is sent first to the VPN service, and from there makes its way to whatever site or service you're trying to use. To that site or service, you "look like" you're coming from the VPN's IP address, not your own.
TOR. This is, in a way, a special case of a VPN, or perhaps a proxy on steroids. It is specifically targeted at web browsing, though I understand it can be used for other things. Rather than being a single server or service, you install a special browser, and your traffic is routed through a series of semi-randomly selected intermediate nodes until it reaches its destination. To the destination site or server, it "looks like" you're coming from the last node in your path, referred to as an exit node.
In all three cases, you still connect to the internet using your IP address, but each has a different impact on how easy it is to see your IP address and the data you're sending and receiving.
So your question might be further refined to "Can my ISP see that I'm using a VPN, proxy, or TOR?"
The answer, surprisingly, is yes. But what may matter more is what else they (and anyone in between) can or cannot see.
Who sees what
Exactly who sees what depends on the service you're using.
Proxy
- Your ISP can see you're using a proxy, and which proxy you're using. Depending on the proxy, your ISP may even be able to see the sites and services you're visiting, and in the worst case, the data you're sending and receiving.
- The site or service you're visiting can see your data, of course, but will see only the IP address of the proxy.
- The proxy service can see everything: your IP address, who you're connecting to, and the data you're exchanging. While normally that doesn't include data encrypted using https, in the case of some corporate proxies, it may.
VPN
- Your ISP can see you're using a VPN, and which VPN service you're using; that's all.
- The site or service you visit can see your data, of course, but will see only the IP address of the VPN.
- The VPN service can see almost everything: your IP address, who you're connecting to, and any unencrypted data you're exchanging, but not encrypted data like https.
TOR
- Your ISP can see you're using TOR, and how you are connecting to the TOR network; that's all.
- The site or service you're visiting can see your data, of course, but will see only the IP address of the TOR exit node.
- The last node in your data's path across the TOR network can see who you're connecting to and any unencrypted data you're exchanging. Intermediate nodes cannot.
What your ISP still sees
As I mentioned, your ISP can generally see that you are using one of these services. In most cases, they cannot see what websites or other services you connect to through these services, however.
What your ISP can see, however, is how much data you're transferring. They may not know what it is, but if you're downloading a lot, they'll certainly see that it's a lot.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
You got to realize that no anonymization service is 100% watertight.
Just depends on the money, and efforts, the adversary is willing or capable to use to spy on you.
A work around might be to install the anonymization program on a thumbdrive for use in a internet cafe, or access the internet from another location (wifi spot, and such). That’s a shure thing to hide your physical address.
And disable javascript of course.
But remember the NSA has backdoors in most operating systems in use nowadays.
So if you’re really into something meet-up instead of web-up.
I don’t believe that “the NSA has backdoors in most operating systems in use nowadays” at all. If they have access anywhere it’s much more leveraged at the ISP/infrastructure level. Even there I don’t think things are quite as bad as most of the current alarmist news would have us believe. Not that things aren’t bad, but not “eavesdropping on everyone” bad. We’re just not that interesting.
Do you still believe this?
I do.
There is planty of free open source OS that NSA or any other agncy upper hand on it , pickup the one you want and monitor traffic with 3d part hardware tools and see if anyone realy spy on you .
Will the real Leo Laporte please stand up? Please stand up, please standup.
Leo Laporte is not here. As you’ll see in the title of every page I’m Leo Notenboom. A good place to start for “the other Leo” is http://leoville.com.
good article I have actually been curious about that for a while, if an ISP such as comcast could see what was going on to and from the router to the vpn, I always assumed they could and the only way around that would be to setup and entire vpn server in my home before their router, to be honest they can keep watching me they already have my account numbers.
My question is then, if you were to create your own VPN in your home and have it connected to your ISP gateway, could they not still see were you are going? The VPN connection still has to go through their network. Were as if you were to pay for a VPN service they would see you connect to a VPN rather than seeing your VPN connect to were ever you were visiting. Is my logic correct?
How to hide data from aggressive government enforcement. In my part of the world i can see, i can listen but i cant speak. Even i am scared to say a thing against aggressive government enforcements on twitter or Facebook. If i use TOR to reach twitter or Facebook with a fake ID can my ISP track me and my contents of speech? If my opinion is not liked by aggressive government enforcements would they be able to track me and put me in their torture cells.
This is a relevant question in all parts of the world, as we see growing, totalitarian tendencies, also in Western countries.
I am here out of the same concern.
Thank you for your bravery, Faheem. Freedom of opinion and freedom of speech are important, basic values that need protection, and so do we.
Yes if you use Tor and they know they will brick your desktop or laptop computer
also with all them people working at Ft. Meade, you will get caught and if you’re
game enough you better use a crap laptop because if you use a new computer
say good by to it unless you have information in it you need don’t chance it,.
A VPN encryption service or proxy server, whether its your own or purchased online, hides the websites you are visiting from the ISP. The real question I have is, does the ISP have legal authority to deny your service if they cannot “see” the websites your visiting.
“Legal” -> I am not a lawyer. However I would expect that, yes, an ISP has every right to control how you use their service. All part of the terms of service you agreed to when you signed up.
Pretty sure that is extremely false. Isn’t there a net neutrality law or something like that?
It would have nothing to do with net neutrality. Your ISP is providing your internet connection. They are actually the service that sends you to different pages on the internet, so obviously their equipment can see where you are going. The likelihood that some human being is sitting there watching you is very slim – unless you are a high profile figure or doing something illegal.
It’s not like someone is re watching you’re every move. An analyst will likely look at numbers, notice something out of norm, and start monitoring irregularities. So if you’re online behavior is in line with the average user, it’s unlikely a gov employee will be peering in.
I suspect ISPs work very closely with the gov. For example, if they notice that a customer is connecting to multiple proxy servers frequently and everyone else in that area is in the norm, they could tip the the gov and let them slip into their back door and access data.
ISP already has all your info: name, address, etc. Now gov can start monitoring. A tiny slip up can give them information. Don’t forget about the PATRIOT act (if you’re a U.S. citizen).
What has me looking this far, is my own situation. I have downloaded copyrighted material (movies) from a torrent site such as ‘thepiratebay.com’ , and was severely legally reprimanded by my ISP (ATT) for having done that. They got the tip from Warner Brothers, who had a ‘snoop bug’ or something at the download site (Piratebay), and they told ATT to ‘make me stop or else: ‘jail time, fines, etc.’ So, as ATT was notified about my copyright infringement through bittorrent and their snoop on piratebay, ATT tells me they will kick me out of all internet use forever if I keep doing it. That’s why I want to know about Virtual PRIVATE networking. But nobody worth hearing from will tell HOW to do it, since I’m sure they think I’m a crook for downloading copyrighted movies for my own watching for free. I do NOT share them with anyone, and do NOT think I am evil for watching the downloaded movie from pirate bay. Of course, the guy with the Gold makes the Rules, and the cops are on his side. Who in their right mind would prosper from agreeing with me, and fighting the Gold? I DO want to do it again; I’m retired and old and alone. These movies are a comfort to me, and I’ve paid my dues at the theaters; now I want to watch them from my computer many times again, without having to buy a disc of it again. “I” think there are many people out there who want to download movies, too, for their OWN use, not to make bootleg copies for $$. I assume you won’t touch this topic with a 10′ pole–
I’m not touching your objective, but want to offer a few points to think about. First, like most people in the U.S. you probably have only one reasonable choice for an ISP. If AT&T entirely bans you from internet access, what are you going to do?
If your objective is not to pay money, know that there are several free movie sites online. For some of these you don’t even have to sign up. Of course, you won’t get the latest movies, but try these free sites first to see if you can satisfy your amusement needs.
Have you read Pirate Bay’s FAQ on its home page? They warn you, in multiple ways, that what you’re doing is illegal and you will be prosecuted. What part of this don’t you understand?
You may not know much about how TOR or VPNs work and somehow think that a VPN is some type of magic solution for your needs. Read Leo’s article again. A VPN won’t save you, even if the middle part of the acronym is PRIVATE. Also consider that Warner Brothers and AT&T have vastly more resources in defeating you than you can bring to the fight. You’ve already experienced this by your own admission. In other words, you’re taking a risk.
So, let’s say you get a VPN service, on top of your bittorrent. These don’t present an obstacle to law enforcement, not if they decide to go after you. Of course, you would have to pay for a reliable and secure VPN service, so in the end you may not be saving much money. Finally, here is the kicker about a VPN service: you have no idea who the company behind your VPN is and what they do with your information. For all you know, your VPN may be affiliated with AT&T or sell your information to AT&T.
Let me answer at this by paragraphs:
1. “most people”? Wrong: 41 internet providers–
Houston, TX has a total of 41 internet providers including 21 Fiber Internet providers, 12 Cable Internet providers, 17 DSL Internet providers, 15 Copper Internet providers, 12 Fixed Wireless Internet providers and 2 Satellite Internet providers. Do you need proof?
2.The “objective” is NOT about money; I am not poor by any means. My question was concerning VPNs or whatever might get me left alone, when I download what is there for the taking, without incarceration or a big fine. That would NOT be fair for just downloading a movie that paid for itself already, is old, and still has some value to people that want to see it again and again. Many are not even available, or to even FIND a title is impossible. The “free sites” almost ALWAYS require some kind of ‘payment’ or club dues, or talk about a VPN also. Many taalk of how they can’t find what they want for free, legally. I have few ‘needs’, and some ‘wants’, but that has nothing to do with my question. I believe there will not be a foolproof answer, but only chastisement for even thinking about it.
3. Yes, I have been to Pirate Bay numerously in the past. There is NO FAQ on the site! Have a look: https://thepiratebay.org/index.html No warnings. What’s to understand, or rather NOT understand?
4. Correct. I DON’T know much about VPNs or TORs, and they seem woefully inadequate for my wants. I read Leo’s article with understanding, and I don’t want a VPN or TOR. I am not a child or a FOOL who believes in “magic solutions”, as YOU suggest. I know that Warner Bros. has great resources to squash me. So, WHY aren’t they squashing the Pirate Bay???
5. You seem to still think of me as a ‘cheapskate’, AND that a highly paid VPN WOULD be “reliable and secure”. It would not. I will not take the risk. I have stopped. You have given reasons why a VPN is NOT SECURE, and that it may be dangerous in a virus/hacking way to me. Indeed, there have been times in the past that a VIRUS has also come to me in the download, but I have found sites that have no viruses, seemingly. Still, I do not feel good about DLing anything. NOT because of the viruses; I have software to keep me safe, but because of the greedy (though legally protected) big guns that want me to do without, even though some titles can’t be had anymore.
I have been candid, and truthful. I don’t give much heed for what others SAY is illegal, but I have to comply because the penalties are too harsh. What I have done in the past is of NO consequence to the movie industry, like they say it is. The law is against bootleggers, as it should be. I find myself labeled a ‘lawbreaker’ by software writer friends I have. But I will comply. Thanks for your replies. Hopefully you won’t think too badly of me.
look I will make the easy and simple using a VPN hides all your info even from your ISP. When you open your browser and, say you are using a VPN that is associated with the browser for instance there are VPN’s that are browser extensions and some that you download and they actually configure you OS. when you activate the extension VPN your ISP loses you after you leave the page that you were just visiting. When you are using an actual application configured VPN you are only seen by your ISP while your home page is being loaded. Also if i’m not being believed by some that are reading this just for fun activate your VPN and if you use comcast go login to your comcast account and you will see exactly what I am talking about even amazon prime members cant use there account to watch movies,{content removed for encouraging piracy}
It doesn’t take much to find out which IP address people are on when they download via a Torrent. I’m sure the movie companies have people who go to Torrent sites check who are sharing those files and then getting a court warrant to find out who was using that IP address when downloading.
Thanks for your reply, Mark Jacobs–I DO agree with you. Like playing Russian Roulette, the stakes are too high to engage in all the time (which I have no need for). But I DO occasionally like a movie or want to see one that I have missed at the theater, and don’t want to spend a bunch to “own the right to view” with restrictions attached. I don’t rent movies to make copies–never have–and don’t want to be considered a ‘nuisance’ by Warner Bros (who most often begins the screaming at me). I am just NOT THAT NASTY. Nope. My wife uses Netflix, etc, and on demand streaming movies are always available through ATT. I’m satisfied with that. She finds so many mini-series shows that are entertaining enough, and I get to spend time with her, discussing the plots. Thanks for your interest!
You say that you don’t engage in torrent downloads all the time. It only takes one time in some cases. The daughter of a friend was visiting and she downloaded a movie via a torrent. I got a bill from Warner brothers for about $1000. It was only a one time thing. She paid the settlement but as you said, it’s like Russian Roulette. It’s sometimes the first bullet that’s live.
Leo,
If I use a VPN or a Proxy can the website I’m on see that I’m using a VPN or Proxy but not know my IP address? I mean can they tell i’m actually using a VPN or Proxy? I’m asking because I own a business and I’ve applied for a couple of Business credit cards online for my business and I keep getting declined, which is really odd because my Business Credit scores are perfect and so is the payment History. The last one I applied for sent me a letter in the mail that stated I was declined for possible online or Internet fraud and I thought what the hell is going on with that? The only thing I can think of is they thought I was a fraudster using an VPN and or proxy to keep anonymous… Well that’s my guess but I don’t know. I called the Credit card provider to find out what’s going on and to continue the application to get it approved aver the phone but the person I talked to on the phone could not tell me why I got declined online or what the letter I got in the mail was referring to. I’d like to try and figure this out because the whole point of a VPN and Proxy is to keep my Business secure over the internet. I’d also like to know what happened so I can get those declines off my Business credit report.
Thanks
Doug
Yes. It’s very common that the server you’re connecting to can see that you’re using a VPN. It’s one of the ways that streaming services try to deny access from outside their service areas. And yes, many services take it not as a sign of fraudulent activity all by itself, but something that at least increases their suspicion.
Yes, it’s easy to tell. If they look up the IP address, they will see that it’s owned by a proxy or VPN service. I live in Europe and have been blocked from accessing videos on a a streaming website because they recognized I was using a VPN. Apparently if they are getting accessed too much from the same IP address, they’ll check to see if it’s a proxy. I’ve found one way around that is to use small VPN services which draw less attention. They cost a bit more, but they have a better chance of working. In your case, it may be that others using that VPN may have been committing fraud.
You can look up details about an IP address on https://whois.domaintools.com/.
You can find your IP address in this article and look it up on the Domaintools website