How Your ISP Tracks Your Online Activity (And What to Do)
Your ISP is the pipe through which everything flows. Before it reaches Google, before it hits your VPN server, before any third-party tracker sees it — your ISP sees it first. And they've been building a detailed picture of your activity since the moment you signed up.
What Your ISP Can See
Every DNS query your device makes goes through your ISP's resolver by default. That's a timestamp and a domain name for every site you visit. Even if you're on HTTPS — even if the content of your browsing is encrypted — the DNS query reveals the domain. Your ISP knows you visited a mental health site at 2am, a recruitment site on Monday morning, and a political forum three times this week.
Beyond DNS, your ISP sees the IP addresses your device connects to, the volume of data transferred, and the timing. With this metadata alone — no content required — they can often identify which services you're using. Netflix traffic has a recognisable pattern. BitTorrent has a recognisable pattern. Even an encrypted VPN tunnel has a recognisable pattern.
Deep Packet Inspection
Some ISPs deploy deep packet inspection (DPI) — hardware that inspects the actual content of unencrypted traffic in real time. DPI can identify applications, extract unencrypted data, throttle specific traffic types, and in some countries, censor specific content. Telecoms-grade DPI hardware processes tens of gigabits per second.
The shift to HTTPS has reduced what DPI can read, but not what it can observe. Encrypted traffic still has metadata — packet sizes, timing, connection patterns — that DPI systems can analyse for traffic classification.
The Legal Framework They Operate Under
In the US, a 2017 Congressional resolution rolled back FCC privacy rules that would have required ISPs to get explicit consent before selling browsing data. The result is that US ISPs can legally sell anonymised browsing data to advertisers. In the EU, GDPR provides stronger protections but doesn't stop ISPs from retaining traffic metadata for law enforcement purposes.
The uncomfortable reality is that most ISPs have mandatory data retention obligations imposed by government. In the UK, it's 12 months. In many EU countries, court rulings have rolled back blanket retention requirements, but targeted retention on specific users can still be ordered.
What Actually Helps
DNS-over-HTTPS removes the DNS visibility your ISP had. A no-logs VPN removes the IP and content visibility. Together, they reduce your ISP to seeing encrypted traffic going to your VPN server — metadata-only, and not much useful metadata at that. Neither solution is magic, and neither replaces understanding what you're actually protecting.
The Metadata Problem HTTPS Doesn't Solve
Even with widespread HTTPS, ISPs retain significant visibility through metadata. Your ISP knows the timing and volume of your connections to every IP address — even if they can't read the content. With traffic analysis, ISPs can identify streaming services by bandwidth pattern, gaming by latency profile, and video calls by packet timing characteristics. Companies like Sandvine sell this classification technology commercially to ISPs in dozens of countries.
This is why HTTPS alone doesn't fully protect your browsing privacy. It encrypts the content. It doesn't hide that you connected, when, for how long, or how much data moved. Only routing traffic through an encrypted tunnel (VPN or Tor) addresses metadata visibility — and even then, your ISP can see you're using a VPN, which is its own form of information.
Check Your DNS Privacy
See whether your DNS queries are going to your ISP or a private resolver.
Run DNS Leak TestAbout Kunal Khatri
Kunal is a network security specialist and systems administrator with 8+ years of experience auditing secure connections and building network infrastructure.
Related Articles
How to Stay Actually Anonymous Online (Not Just Kinda)
Real anonymity online is harder than using a VPN and clearing cookies. It requires understanding the full stack of tracking mechanisms and making deliberate trade-offs.
How Accurate Is IP Geolocation, Really
IP geolocation is used for fraud detection, content licensing, and advertising targeting. Its accuracy varies wildly — from city-level precision to being hundreds of miles wrong.
Browser Fingerprinting: The Tracking Your IP Blocker Can't Stop
Change your IP, use a VPN, clear your cookies — browser fingerprinting tracks you anyway. It's the surveillance method that most privacy tools don't address.
How Tor Actually Works (And When You Should Use It)
Tor provides strong anonymity — but it's not magic and it's not for everyone. Understanding the actual mechanism helps you decide when it's the right tool.
