What Your ISP Can See (and Can't) About Your Traffic in 2026

Your internet service provider sits between you and every website you visit. Every packet you send goes through their network, and every response comes back the same way. That position gives them a privileged view of your traffic, but the picture is fuzzier than most people assume.

In 2026, the answer to "what can my ISP see" depends on three things: whether you use HTTPS, which DNS resolver you use, and whether you run a VPN. Get those three right and your provider is reduced to seeing destinations and timing. Get them wrong and they can read almost everything.

Photo by Brett Sayles on Pexels.

The Short Answer

With modern HTTPS-everywhere browsing, your ISP can typically see:

• The IP addresses you connect to
• The domain names you look up (unless DNS is encrypted)
• The amount of data going to and from each destination
• Connection timing and patterns
• The fact that you are using a VPN, Tor, or proxy (but not what flows through it)

What they cannot see on a properly configured connection:

• The specific pages you load on a website
• The contents of messages, emails, or form submissions
• The text of search queries on Google, Bing, or DuckDuckGo
• Video titles or watch history on YouTube or Netflix
• Files you upload or download over HTTPS

That is the headline. Now the details.

Why HTTPS Changed Everything

Before HTTPS became universal, your ISP could read most web traffic in plain text. Page contents, search queries, form data, even passwords on poorly configured sites. That world is gone.

According to Google's Transparency Report, more than 95 percent of web traffic now flows over HTTPS. The TLS encryption negotiated between your browser and the server scrambles everything inside the connection. Your ISP sees that you connected to, say, 142.250.190.78 and exchanged 4.2 megabytes of data, but they cannot see which Gmail conversation you read or which YouTube video played.

The ServerName Indication (SNI) field in older TLS versions did leak the hostname you were connecting to, even with HTTPS. Modern Encrypted Client Hello (ECH), now widely deployed by Cloudflare and supported in Firefox and Chromium, hides that field too. When ECH is in use, your ISP only sees the IP address, not the domain.

You can verify your own setup at Cloudflare's Browsing Experience Security Check. If you want to see what your current public IP looks like to the outside world, check My IP Address.

DNS: The Big Privacy Hole

Even with HTTPS locking down content, classic DNS lookups happen in plain text on UDP port 53. When you type "bankofamerica.com" into your browser, your computer asks a DNS server for the IP address, and by default that question travels in the clear.

Your ISP runs the default DNS resolver for most home connections. Even if you switch to Google's 8.8.8.8 or Cloudflare's 1.1.1.1, the DNS query still passes through your ISP's network unless it is encrypted.

This means a default home connection leaks every domain you visit, even when the page itself is encrypted. Your ISP cannot read the email you sent, but they can absolutely log that you visited Gmail at 9:14 PM, then a job site at 9:17 PM, then a competitor's career page at 9:18 PM.

The fix is encrypted DNS. Two protocols dominate in 2026:

• DNS over HTTPS (DoH) wraps DNS queries inside an HTTPS connection on port 443
• DNS over TLS (DoT) uses a dedicated TLS connection on port 853

Both prevent your ISP from reading or modifying lookups. Firefox enables DoH by default in many regions. Chrome, Edge, and Safari support it as a setting. iOS and Android support encrypted DNS at the system level. For a deeper walkthrough see our guide to DNS over HTTPS, and verify your resolver leaks nothing with our DNS Leak Test.

Traffic Metadata: What Patterns Reveal

Even with HTTPS and encrypted DNS, your ISP still observes traffic metadata: which IPs you connect to, how much data flows in each direction, and the timing of those connections.

That metadata is more revealing than people assume. A 2 GB download from a Netflix CDN at 8:30 PM looks like a movie. A burst of small connections to messaging-app servers every few seconds looks like an active chat. Hour-long connections to Zoom servers during weekday afternoons look like work meetings.

Researchers have shown that traffic-pattern analysis can identify specific videos being streamed even over HTTPS, by matching bandwidth fluctuations to known encoding profiles. This is academic for now, but the principle is real: shape and size leak information.

A VPN flattens this. Once you connect to a VPN, your ISP sees only one destination (the VPN server) and one big encrypted stream. They cannot tell whether you are watching Netflix, joining a Zoom call, or downloading a Linux ISO.

What Your ISP Logs (and for How Long)

ISP retention varies wildly by country. A few examples based on public regulatory filings and industry reports:

What is logged usually includes: subscriber identity, IP address assignments and timestamps, connection metadata (source, destination, port, bytes), and DNS queries when the ISP runs the resolver.

What is not usually logged on consumer connections: full packet captures (storage cost is prohibitive), encrypted payload contents, or specific page-level activity inside HTTPS sessions.

Note that "not logged" does not mean "cannot be logged." With a court order or wiretap, ISPs can be compelled to enable deeper interception on specific accounts.

Can ISPs Sell Your Data?

This depends entirely on jurisdiction.

In the United States, the 2017 repeal of the FCC's broadband privacy rules allowed ISPs to monetize browsing data unless customers opt out. Comcast, Verizon, and AT&T have all run advertising-targeting programs based on subscriber browsing. Some are now opt-in only following state-level laws in California, Nevada, and elsewhere.

In the European Union, GDPR makes monetizing browsing history without explicit consent essentially impossible. Most EU ISPs do not run targeted-ad businesses on subscriber traffic.

To see what categories your ISP may have inferred about you, check their privacy settings page. In the US, search "[your ISP name] internet privacy" and look for terms like "Cross-Context Behavioral Advertising" or "Customer Proprietary Network Information."

How VPNs Change the Picture

A VPN encrypts every packet leaving your device and tunnels it to the VPN provider's server. From your ISP's perspective, all that is visible is:

• A connection to a single IP address (the VPN server)
• Encrypted data flowing in both directions
• Connection timing and approximate volume
• The fact that the connection looks like VPN traffic (most VPN protocols have recognizable signatures)

Your ISP can no longer see which sites you visit, what DNS lookups you make, or what content you exchange. The trade-off is that the VPN provider now sees what your ISP used to see. That is why the choice of VPN provider matters: a logging VPN is just trading one observer for another. See our VPN Comparison for providers with audited no-logs policies, and confirm your tunnel is leak-free with our VPN Leak Test.

Some networks, particularly corporate, school, and certain national networks, block known VPN protocols. Obfuscated VPN modes disguise traffic to look like regular HTTPS, working around those blocks at the cost of some speed.

Tor: The Strongest Defense Against ISP Surveillance

Tor goes a step further. Your ISP sees you connect to a Tor entry node and nothing else. The entry node sees your IP but not your destination. The exit node sees your destination but not your IP. No single party in the chain knows both ends.

The trade-offs are real: Tor is much slower than a VPN, some sites block known Tor exit nodes, and the fact that you are using Tor is itself visible to your ISP, which can attract attention in some jurisdictions. For most people most of the time, a reputable VPN strikes a better balance. Compare them in Tor vs VPN.

What About HTTPS Inspection at Work or School?

If your employer or school issues a device, install a custom root certificate, or routes your traffic through a corporate proxy, the rules change. They can install a TLS-inspecting proxy that decrypts HTTPS, reads the contents, then re-encrypts and forwards it. Browsers usually flag this with a non-public certificate authority in the connection details.

You can spot this by clicking the padlock icon in your browser and inspecting the certificate chain. If the issuer is your employer's name rather than DigiCert, Let's Encrypt, or another public CA, you are being inspected. On a managed device, assume any traffic, including over HTTPS, is visible to the network owner.

This does not happen on home ISP connections to consumer devices, because there is no way for your ISP to install a trusted root certificate on your laptop without your cooperation.

Practical Steps to Minimize ISP Visibility

In rough order of impact:

1. Enable encrypted DNS in your browser or operating system. DoH or DoT closes the biggest leak that remains after HTTPS.
2. Use a reputable no-logs VPN for sensitive browsing. This collapses everything your ISP sees into a single encrypted stream.
3. Verify HTTPS is in use before submitting anything sensitive. Modern browsers warn on insecure forms, but the padlock is still worth a glance.
4. Update your router firmware. ISP-supplied routers often run outdated firmware with known vulnerabilities. See our Router Security Checklist.
5. Check for DNS leaks after configuring encrypted DNS. Our DNS Leak Test shows which resolver your queries actually reach.
6. For maximum privacy, use Tor Browser. Slower, but the strongest defense against an observing ISP.

The Bottom Line

Your ISP in 2026 sees a lot of metadata, almost no content. They know which servers you talk to, when, and how much. They do not know what you say to those servers if HTTPS and encrypted DNS are properly configured.

The default home setup leaks more than necessary, mainly through unencrypted DNS. Fixing that takes ten minutes and costs nothing. Adding a VPN on top reduces visibility to a single encrypted stream that reveals only that "this user is online and using a VPN."

Privacy on the modern internet is achievable, but it is not the default. A few deliberate choices, applied consistently, get you most of the way there.

Related Articles

• DNS over HTTPS Explained
• Tor vs VPN: Which Should You Use?
• How to Hide Your IP Address