Yes. Yes they can.
Let’s look at exactly what VPNs expose to your ISP allowing them to figure it out.
Become a Patron of Ask Leo! and go ad-free!
ISPs and VPNs
Your ISP can see you’re using a VPN by noting the IP addresses and ports associated with VPN services. They can’t, however, see the content of your encrypted data. Essentially, using a VPN shifts your internet visibility from your ISP to your VPN provider.
Connecting to a VPN
There are two characteristics of a VPN that cannot be hidden from your ISP:
- The fact you are connecting to the IP address(es) owned by a VPN service.
- The fact your software is connecting to ports associated with VPN networking protocols.
Your ISP is responsible for taking a packet of data from you and sending it where it’s supposed to go. The only way it can do that is if it knows where the packet is supposed to go. If you’re using a VPN, that destination will be the VPN’s servers.
In fact, it’s possible that — even though your data is encrypted — the packets carrying your data have overhead information that could also identifying it as travelling over a VPN.
Attempts to hide further
I often see comments that by using a port more commonly used for other purposes — for example, running a VPN over the ports more commonly used for webpage traffic — can hide the fact that you’re using a VPN.
This is actually not the case.
Your ISP can still see that you’re connecting to a server associated with a VPN service, even if you’re using a non-standard configuration.
Alternate ports and other configurations attempt to bypass firewall rules that might block standard VPN ports. Unfortunately, this remains only partially effective, since the firewall can still see and block access to the entire VPN server.
What the ISP cannot see
It’s important to realize while your ISP can see that you are using a VPN, they cannot tell what you are using it for.
For example, you might connect to askleo.com through your VPN. In that case your ISP can see only that you are using a VPN and exchanging encrypted data with it. That you are connecting to askleo.com, the pages you ask for, and the responses you get are all routed through the VPN, and thus are encrypted and inaccessible to anyone, anywhere inbetween.
Including your ISP.
What the VPN can see
There’s an important detail that’s often overlooked.
When you connect to the internet through your ISP, they facilitate the connection to all the various sites and services you use. That’s why they can see it.
When you connect to the internet using a VPN, your ISP can see none of that. But the VPN service can. All you’ve done is moved your connection point away from the ISP. The VPN service then becomes the point that connects you to all the various sites and services you use.
In a sense, your VPN is acting as your ISP, as they’re providing the final connection to the rest of the internet.
Most people don’t need to care about any of this.
- Most don’t need to use a VPN. It needed only if you are using an untrustworthy connection, like perhaps an open Wi-Fi hotspot (and even then it depends on exactly what you’re doing).
- Most don’t need to care that their ISP might see they’re using a VPN, because most ISPs simply don’t care.
Both points make it moot. But if you do find yourself in a situation where a VPN is called for, it’s important to know just what it does, and does not, protect you from.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.