How can my ISP tell that I’m downloading copyrighted files?

Some ISPs are taking a more aggressive position to stop illegal file sharing. Your ISP can see a lot, including the fact that you are filesharing.


I recently changed from Verizon DSL to Charter Cable internet services. About a week later, I started receiving warnings via email from Charter telling me to stop downloading music from limewire (copyright infringement?). After that they sent notices to stop downloading movies from UTorrent. What’s funny is that both were files that never finished downloading. What I want to know is how do they know who I am, where I go on the internet and when I choose to save something to my computer? How does someone else know when your on a website downloading anything?

Well to start with, Charter isn’t just any “someone else” … they’re your ISP.

And as your ISP they know a lot about you, and have the ability to do a lot with that information.

Verizon could have but for whatever reason chose not to.

Let’s look at that in a little more detail.

Your ISP Sees (almost) All

The whole point of having an ISP is to use their services to provide you with a connection to the internet.

That means that when you send or receive data – any data – it travels from your computer through your router and immediately encounters equipment owned and operated by your ISP.

… for the most part even if the ISP can’t see what you’re sharing, the can see that you’re sharing.

Where, if they choose, they can look at the data.

Rarely do they look at the contents of the data, but more and more they’re looking at the type of data – they’ll note whether it’s email or a web request or an instant message.

Or file sharing.

Typically, traffic that crosses the internet is identified by the IP address of where it came from, the IP address of where it’s headed, and a “port number” that indicates what type of traffic it is. Port 80 is web traffic, 25 is email, and so on.

Looking CloselyAs I said, it’s unlikely that they look or care about what the data actually contains (though they could), but they do care about the type of traffic, and the quantity of traffic.

And file sharing is on many ISPs radars.

Your ISP’s Rules: The Terms of Service

Here’s an often frustrating catch: your ISP sets the rules about what they do and do not allow on their system.

That means that they can disallow file sharing protocols whether or not you’re using them to perform illegal downloads. The justification is typically that file sharing protocols use up a great deal of the ISPs capacity, and thus have to be disallowed in order to provide adequate service to all of its customers.

Whether or not you believe it is up to you, but it’s a plausible position.

And if you violate the ISPs rules – their TOS (terms of service) or AUP (acceptable use policy) – then the ISP has the right to disconnect you.

Your ISP Knows You

Of course your ISP also knows who you are. You pay them every month, they know where you live since they deliver the internet connection to your home.

And they also know your IP address, since in order to connect to the internet at all they had to give the IP address to you.

What that means is when (say) a movie studio says “we see one of our movies being downloaded to and shared from this IP address” your ISP can then turn right around and say “I know who that is … I’ll tell them to stop it”.

And you get the warning message you get.

It’s a File **Sharing** Protocol

When you use services like limewire, utorrent or others it’s important that you realize that you’re not only downloading whatever it is you’re downloading.

You’re also sharing what you’ve downloaded previously with others who are using the same service.

That’s why it’s called “peer to peer” file sharing – there is no central server, it’s everyone using the service sharing with each other.

That’s typically the copyright issue that most people get stuck on. If you download, say, a movie – well that’s you downloading one movie.

But with the file sharing software continuing to run, dozens if not hundreds of others could be “downloading” that same movie from your machine – even before you finish downloading it yourself. Now all of a sudden your machine becomes implicated not in one copyright violation – your download – but as a source of dozens or hundreds of other copyright violations as you make that same movie available to others.

That’s when the movie studios or record labels contact your ISP, and in turn when the ISP contacts you.

What About Encryption?

ISPs can’t see what you encrypt, it’s true. It’s one of the reasons VPNs and https and encrypted email are and should be in widespread use: no one who can see the traffic can read its contents. Many file sharing protocols have begun to do exactly that: encrypt.


The port number that defines what it is you are sending is not encrypted. It may change (25 is email, 465 is typically encrypted email), but it still defines what it is you are sending. They can’t see the contents, but your ISP can still see:

  • The IP address of where the data is being sent. (That must be in the clear so that internet routers know where to send the data.)
  • The IP address of where the data came from. (That must be in the clear for the TCP/IP protocol transmission acknowledgements to work.)
  • The port that identifies what the data is … email, web, etc. … which is also not encrypted.

They can’t examine the data, but they can still see where the data is coming and going, and what kind of data it is.

So even encrypted your ISP could still say “hey, you’re running peer-to-peer file sharing software, and we don’t allow that: knock it off”.

Yes, there are attempts to further obfuscate peer-to-peer file sharing traffic, but you get the idea – for the most part even if the ISP can’t see what you’re sharing, they can see that you’re sharing.

And for many, that’s enough.


  1. Bob

    Hehe… Leo, check your articles. The comments are getting spammed…

    I watch for spam religiously. Please point me at specifics I’ve missed.


  2. Lester

    I’m with a small ISP that is about my only choice, since I’m in a rural area. They adamantly reject Peer to Peer downloading. And that’s just fine with me, because when a few people hog the bandwidth we all suffer. Maybe the big guys can swallow the extra overhead. Plus, I don’t like piracy of any sort, because in the long run we all suffer when that kind of mentality overtakes our culture.

  3. Me

    Some ISPs have traffic shaping which will actually slow down uTorrent. Theres encryption for getting past that, however its not good for anonymous (the only thing it does is prevent passive listening, IIRC).

  4. JC

    In the same train of thought– if I am using a program such as PeerGuardian, how am I protected exactly? What information is hidden from 3rd parties, and how much (if any) is hidden from my ISP?

  5. Gord Campbell

    When I use BitTorrent to download a new version of Ubuntu, it’s highly efficient and completely legal. I’d hate to see a technology blocked because it’s misused sometimes. Kind of like banning cars because some people drive when they are drunk…

  6. Sandy Smith

    Regarding email encyprtion you should clarify that port 465 is (typically) TLS encryption which is just the credentials of the message – not the message itself. I think you should do an entire newsletter on encryption… it’s a topic people need to know – to protect themselves.

    Would love to see the reference for that. My understanding is that port 465 is a full-on encrypted connection – credentials, message, and so on. In fact I just confirmed that by packet sniffing my own email send.


  7. Slick

    The one thing that has always puzzled me about this subject is this: With all the information (the IP address of where content is being sent from, your IP address, etc.) passing through ISPs, why is it so difficult for ISPs and the police to track down websites that host illegal content and particularly child abuse pictures?

    A) if they’re hosted in the US, it’s not hard. A court order and they’re done. (Assuming that law enforcement takes it as a priority.) b) if it’s overseas it’s much harder, as many foreign governments are less than tech-savvy, and often less than cooperative. Most problem sites are in the later category.


  8. Me

    From what I understand, the police need a court order or something to get information from ISPs. But Im not sure how hard those are to get. And a lot of them I imagine are outside of jurisdiction.

    • russ

      well technically we have the right of privacy and when law enforcement try to invade that through ISPs then that is illegal, thats why they need to get a warrant first, its like breaking into a home. unless its a matter of national security then the police cant tell the isp to show them the data. or make a law about it

  9. john neeting

    Hate to burst ‘knowledgeable’ bubble experts in communications. I’ve been reticulating for 44 years.
    Optic degrades 6 times faster than co-axial which means you have to strip it out and replace it every 6-10 years otherwise it becomes useless. Coaxial has a life of 50 years plus and is %10 of fiber cost. 90% of internet users [ non commercial] don’t NEED 100mb/sec as 10mb/sec is just fine [2 sec verses 20 sec ??]. Cost for connection of fiber escalate out of sight compared to coaxial cable. Coaxial is far easier to repair, resists damage where optic will crack, split, fracture, break and is a pain in the proverbial to join – joins further degrade efficiency. $1.6 billion to fiber optic a small city, $160 million with coaxial.

  10. Ken

    Not being too knowledgeable about bandwidths etc, I thought that all the massive movie streaming, tv catchups etc that were being urged to watch (and my wife does due to the hours she works) would use more bandwidth than just downloading file-sharing material or am I wrong? I have music playing on the internet all day, am I being greedy? What’s an acceptable limit for daily use? Why don’t ISPs give us programs and guides to let us monitor our usage? Why don’t ISPs limit the amount of customers they take on if there’s not enough to go around??
    Getting back to the original question, I think I read somewhere that they can only track what we upload and not download, or am I wrong. It’s all so confusing.

  11. Rod Alys

    I use a VPN!

    How and what are the protections of this vs. my ISP Co., and also what limitations does this have?

    Can they “see” what I’m doing (like using a Bit Torrent,) etc., and that is coming from my Acct.”?

    Thanks Leo for your GREAT Newsletter!

    You want this article: How does a VPN protect me?


  12. Wakkierob

    They even know where your money is coming from so if you have a agreement and go over and you have a direct debit they’re charge direct from your bank. And you wont know until the next bank statement.

    If you Have or use a Elite Proxy your untraceable! lol

  13. Atari

    To get around this, just download your movies using direct downloading (Hotfile/Fileserve/Filesonic/Mediafire/Megaupload/Rapidshare/Uploading) instead of using P2P. P2P, in fact, is ludicrously amateurish, and you will discover that once you learn to use Google.

    I would expect direct downloading sites to come under the same scrutiny as P2P. If not now then eventually since direct download is definitely becoming a larger repository for illegally shared files.


  14. Bob63

    Can my ISP see that I downloading files from a UseNet Server and if so what can they see? Filename, data type, etc? This seems to be the correct article to ask this question. Please don’t delete.

    Last I checked usenet was not encrypted so they can probably see everything – groups, files, file contents – everything.

  15. john

    Great article Leo,

    I just bought an elite proxy for a few dollars per month.

    If I use this proxy on windows mail, will it stop my isp or others being able to view the data being sent etc.

    I’m not familiar with that proxy, so you’ll have to check with them.


  16. Stephen

    I recently (past 3 weeks) began downloading movies off of torrent sites. As soon as the file was completed downloading I stopped it from seeding. After downloading about 80 movies I started receiving emails from my ISP saying that they were contacted by the movie distributors (ie. Sony, Universal, etc.) and forwarded the message to me. Each email listed the title of the movie in question and demanded that I remove the files and stop downloading or I will be disconnected.

    I have stopped downloading and removed the PSP sharing software (Vuze) from my computer but can they (my ISP or the movie distributor) see if I have actually deleted the movies off of my computer or personal shared network media drive?

    I understand how the ISP sees what I am doing but how did the movie distributor know I downloaded one of their movies? Do they upload the torrent themselves and watch to see who downloads it?

    Sorry for the long post but you obviously know what you are talking about and I hate to completely delete all of those movies if I don’t have to. But at the same time, I really don’t want to get in trouble or have my internet disconnected (guess I should have thought about that before I started downloading movies, haha!).

    Your input is much appreciated, Leo.

  17. Mark J

    Ask Leo can’t, or won’t, respond to questions that ask to do
    something illegal, or ask for help with something that would
    be illegal or improper.

  18. Geoff

    Nice informative article Leo, Can I just add that over here (UK) British Telecom Slow down but don’t stop file sharing, but after midnight to 7am they allow full speed.

  19. GW McClintock

    You said, “That means that they (ISPs) can disallow file sharing protocols whether or not you’re using them to perform illegal downloads.”

    I am 63 and I do not d/l copyrighted material me being in the music business, so; my question would be: “Isn’t the ISP acting as a de facto agent of Law Enforcement, and just how did the ISP come to insert themselves as de facto law enforcement?” Granted it is “their” ISP however, when an intity inserts itself in to what may or may not be legal without sworn legal authority I’d think they are letting themselves in for a nice law suit especially if that ISP is the only “game” in town? Yes? No?

    I do believe that various government agencies are indeed asking, or perhaps even requiring ISPs to act as their enforcers. It’s aweful. However even where they don’t the ISPs will claim NOT that you’re downloading illegal content, but rather that the filesharing protocols use too much of their bandwidth and therefor must be disallowed.

  20. Mama

    There are a lot of activities that use a lot of bandwidth, are all of them going to be disallowed? If so, I might as well kill myself now.

  21. Mama

    A bettter title would be “How can my ISP not know what I’m doing? Afterall, they are almost up my butt.”

  22. Brandon Hunter

    Im very sorry for posting here but i am completely out of ideas!! please someone help! I have a question, is it legal for a comcast internet tech to tell me i have to install something on my computer that in turn erased all my bookmarked pages that i use for reference for work? He had me install some “xfinity” software and told me i could just remove it when it was finished if i did not want it on my computer. Well, as soon as it was finished installing I imediatly opened google crome to start my work (writing ebooks on political topics). To my dismay, ALL of my reference matirial I had spent months looking for and bookmarking was gone!! No bookmarks!! I called the service center, they sent out a tech guy to my place again. He told me that he was not sure why they make people install this software because people are unhappy about it usually. He also told me that other people have had the same problem before and that there is nothing they can do about it. This is unacceptable to me!! It has ruined my focus and direction associated with my writing as I now have absolutely no references!! Please someone tell me this is illegal so i can put a stop to this kind of guided misfortune!! Thank you! B

    Illegal? No idea – you’ll need to ask a lawyer. I do have to say, though, that regular backups – particularly one taken just before this incident, could have restored your bookmarks.

  23. Debra

    Just wanted to thank you for this simple, clear and concise post on downloading! It really helped me to understand this topic. I really appreciate it!

  24. Devon

    I became instantly addicted with torrent downloading when i first found BitLord. I constantly downloaded discographies and many movies and games. With all of this foolish downloading came the most unexpected consequence: a copyright notice. One of the discographies i downloaded was of “Puddle of Mud” and that was who contacted my ISP (Charter). After reading a few articles, including this one, I’ve found out that i was caught primarily because many people were downloading the same thing i was (at least i think). That brings me to my question: if i were to download illegally again, it would be foolish i know, would charter know that I’ve done it again?

    • Mark Jacobs

      It’s not normally your ISP who would go after you. When you download via a torrent, your IP number appears in a list of uploaders and downloaders. This list shows up in the torrent program of everyone sharing the files with that torrent. The owner of the copyright or a proxy just has to download that torrent to see the IP numbers of all the people sharing that file. They can determine which ISP you are using to share the file. ( They then send those IP numbers to their lawyers who get a court order to get the ISP to tell them who is downloading that file using that IP number.

  25. Chris Welke

    Thank you for writing a tech blog that filled in some blanks re: why my ISP has a hard-on for uTorrent and NOT being completely full of s#!t and ACTUALLY contributing to the depth and breadth of knowledge available on the internets…I downloaded uTorrent and started f-ing w/ Pirate Bay as a test to see if p2p networking was still POSSIBLE in 2014. In my university days (The Engineering Dorm) we all had windows 95 boxes connected via ethernet and a MASSIVE HP-UX server that took up most of the 1st floor of the CSC building … even though it was installed 20 yrs ago…it still works and is still in use.
    In 1998 this was “damn fast networking” we played Quake 2 and it felt like real-time, I could send a file over the network as fast as the circuit would allow (4MB/s?) and up/down to the interwebs was =lly impressive.

    We started out using FTP in conjunction with ICQ and IRC. From this, we could establish relationships with freshman dormies across North America, and for large files that were hard to download back then, we could grant each other “leech access.” Yes we shared copyrighted software, movies, music etc. et al.

    Our proudest moment was watching Star Wars Episode I a few weeks before it was in the theaters. NOT the “Kramer w/ a video camera version,” …some creep at LucasArts or Film or whatever was part of our IRC network and we talked him into sending the Final Cut (Nelson: “hahah!”). So what if the movie sucked? It saved everyone 10 bucks and it proved that if we wanted something, we could get it.

    Then Napster hit and all hell broke loose; not for US…I found TONs of extremely rare music you can’t even buy if you want to. Outside the dorms, we did the same using our ISP, who also didn’t notice or care.

    FTP didn’t always work so good on a cable modem (compared to the T1-ethernet on campus) and Napster was shutting itself on and off as it got into more legal trouble. I’d switched to a p2p called Poison that worked great and the files were virus-free. Not so for classmates who started using TOR – they’re adult entertainment ESPECIALLY came retrofitted with adware and the clients had names that made “poison” sound friendly in comparison. In fact they seemed to be specifying that they’d r— your sysreg if you used it. And they did.

    Recently I wanted to see if it was still possible – I’m a tech guy and I have readers who enjoy my online experiments, so I downloaded uTorrent as it seemed to be the safest choice. I used a win7box that gets used STRICTLY for experimentation purposes – it is a war-torn veteran– .js mouse-event Google account destruction occurred twice, registry overwrites and more malware/adware/viruses than you could count – by design – so I can backtrace the security hole, report it on my blog, show readers how to avoid it and sometimes I repaired the win7 box post-trauma. If machines could get purple hearts, that box has a couple and is quite sick with adware as I write.

    uTorrent specifies on their site “No downloading of copyrighted material” and seems to indicate that you can’t use uTorrent to download content not approved and licensed for file-sharing BY THEM.” —> This is TRUE unless you know how to hash a magnet-link and open a torrent locally and leave it wide open for down/up mania.

    I thought the p2p nature of file sharing would obfuscate the origins and destination of each file. I further thought the hashing would make identification of the filename or its contents, source, destination, etc too difficult to crack for an interested 3rd party to look any further into.
    —normally it would. What my ISP saw (and I tested the limits of what they’d notice) was 20 or 30 gigs coming in and out of my IP almost every day.

    THAT triggered SOMETHING that runs on my ISPs SSL –

    So I disabled uTorrent as per their request. Limit and max_rate of packets test is completed.

    One week of ~30GB transferred (15dn-15up) is enough to set off a flag at — communications —> Limit per day is <30Gb for daily usage and probaby <200Gb per week. Note that I was TRYING to set their alarm as my readers had been curious.

    Hashing and p2p masks neither the IP NOR the filename. Lesson learned. That was the point.

    Again…great blog – will add it to my shortlist of "Blogs that don't suck 2014," to be published around yrs end.

    I WOULD knock you for the js popup when I bookmarked….but it's actually a good idea, people who bookmark MAY ACTUALLY want to subscribe. Still the popup???….cmon dude! I think you're above that.

    Also – consider mentioning that you "consulted for" Microsoft. Do you really want tech readers, especially software engineers to know that you were on the payroll? xD



    • The popup timing was coincidental. I think it’s set for 30 or 60 seconds, not related to the bookmark. Should also show up only once every 6 months (unless you clear cookies).

      As for Microsoft – on the contrary, I’m quite proud of the time that I put in there. It was a wonderful experience.

  26. Frank

    Great Article and helped clear up a few questions but what are your thoughts on this: On Christmas Day 2014, AT&T sends me the alert due to being a part of the “participation in the Copyright Alert Program”. I don’t have or use any of these so called P2P’s (that I know of). I do use Google Drive & Google Music. Do you think that could be triggering it? Those are the only things I can think of that are putting my data out there and that’s for backing up purposes only. I’m a little ticked b/c I don’t share things nor do I have care to but what triggered this and is there a way to search all my devices for P2P so I don’t have to worry about this anymore? Thanks again!

    • I’d be shocked if it were limited to only P2P protocols. I’m sure traditional file up & download protocols, and maybe even a few backup protocols are monitored. Only solution I’m aware of is to encrypt prior to uploading.

  27. Bobby Weatherston

    Sky my ISP has given my ip information to an internet troll I am now waiting on a letter from them demanding money is this legal

  28. Ahmad Ahmed

    Hi Leo if you get warning from your isp about downloading illegal content and you stop downloading it for a while how can you tell them to remove the warning stars that you get from them

    • Mark Jacobs

      They should eventually go away. If not, your only option would be to contact your ISP directly by phone or email.

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.

Your email address will not be published. Required fields are marked *