Your internet service provider sits between your device and the rest of the internet. Every connection you make — every website you visit, every search you run, every app that phones home — passes through their infrastructure first. Without a VPN, they have a clear view of almost everything you do online.
With a VPN, that picture changes significantly. But it does not go completely dark. Your ISP can still detect that you are using a VPN. What they lose is the detail: the specific sites you visit, the content you access, and the behavior patterns that let them build a profile of who you are online.
Here is exactly what your ISP sees when you use a VPN — and what they cannot.
What Your ISP Can See Without a VPN
Without any VPN, your internet provider has a remarkably complete picture of your online activity:
- Every domain you visit — your ISP sees DNS queries, which reveal every website you attempt to reach, even if you never fully load the page
- Connection metadata — which IP addresses you connect to, when, how long, and how much data you transferred
- Unencrypted traffic content — for any site still using HTTP (not HTTPS), your ISP can see the actual content of what you send and receive
- Behavioral patterns over time — your browsing sequence, which services you use, when you are most active, and how your habits cluster
In the United States, ISPs are legally permitted to collect, use, and sell this data to third parties for advertising purposes — a practice enabled by the repeal of FCC broadband privacy rules in 2017. Your browsing history has commercial value, and your ISP knows it.
Even in incognito mode, none of this changes. Incognito prevents your browser from storing local cookies and history. It does nothing to prevent your ISP from logging your activity at the network level.
What Your ISP Can See When You Use a VPN
When you connect to a VPN, your ISP's visibility shrinks to a much smaller set of information:
- That you are using a VPN — your traffic flows to an unfamiliar IP address (the VPN server) rather than directly to websites. This pattern is recognizable. Your ISP knows you are using a VPN, but this reveals nothing about what you are doing through it.
- The VPN server's IP address — since all your traffic goes to one server, your ISP sees a single destination rather than dozens of individual websites. They may be able to identify which VPN provider operates that server.
- Connection timing — when you connected to the VPN, how long the session lasted, and when you disconnected.
- Data volume — how much data flowed between your device and the VPN server. They can see the amount, but not the content.
- The VPN protocol — in many cases, ISPs can identify which VPN protocol your connection uses (WireGuard, OpenVPN, etc.) based on traffic patterns. This does not reveal your activity.
What Your ISP Cannot See When You Use a VPN
This is the core of what a VPN protects when it comes to ISP surveillance:
- The websites you visit — your DNS queries now go through the VPN's encrypted resolver, not your ISP's servers. The domains you request are completely hidden.
- Your browsing history — the sequence of sites you visit, the pages you read, the searches you run — all of this is encrypted and invisible to your ISP.
- The content of your traffic — what you type, what you download, what you upload, what you watch. AES-256 encryption makes this data unreadable in transit.
- Search queries — your actual search terms are encrypted and never visible to your ISP when you are on a VPN.
- Which services you use — streaming, banking, gaming, communication apps — your ISP cannot see which services you are accessing through the VPN.
The practical summary: your ISP goes from having a detailed map of your online life to seeing a single encrypted pipe to a VPN server. The pipe exists. The contents are gone.
Your ISP Should Not Know Your Business
CyberFence encrypts every byte of your traffic with AES-256-GCM before it leaves your device, routes your DNS queries through our encrypted resolvers, and never stores logs of what you accessed. Your ISP sees nothing but a connection to our servers.
Start Free TrialWhat About DNS Leaks?
DNS leaks are the most common way that ISP visibility survives a VPN connection. Here is how they happen.
When you visit a website, your device first needs to resolve the domain name (like example.com) into an IP address. This resolution happens through a DNS query. Normally, those queries go to your ISP's DNS servers — which means your ISP logs every domain you attempt to visit.
A properly configured VPN routes your DNS queries through its own encrypted resolver, so your ISP never sees them. But if your VPN has a DNS leak — a misconfiguration that sends some DNS queries outside the encrypted tunnel — your ISP regains visibility into the domains you are looking up, even while you are "on" the VPN.
You can test for DNS leaks at dnsleaktest.com. If you see your ISP's name in the results while connected to a VPN, your VPN has a leak and your browsing is not fully protected.
CyberFence's Web Shield routes all DNS through our own encrypted resolvers and blocks known malicious domains at the DNS level before they even resolve. No leaks, no ISP visibility into your domain lookups, and active protection against DNS-based threats in one feature. Learn more about how DNS filtering works.
The ISP Data Selling Reality in 2026
Why does any of this matter for ordinary users who have nothing to hide?
Because "nothing to hide" misunderstands the threat. The issue is not that you are doing something wrong. The issue is that your browsing history is a commercial asset that your ISP is permitted to sell — and does sell — without your explicit consent.
Your browsing patterns reveal your health concerns (which medical sites you visit), your financial situation (which banking and lending sites you access), your political views (which news sources you read), your relationship status, your hobbies, and your purchase intentions. That data is sold to data brokers, advertising networks, and marketing platforms. It is aggregated with other data sources to build detailed profiles used to target you with advertising, influence your insurance rates, and make decisions about your creditworthiness.
A VPN does not prevent all data collection — there are things a VPN cannot protect against — but it does remove your ISP from the data equation entirely. What they cannot see, they cannot sell.
What About Incognito Mode?
This question comes up constantly, so it is worth answering directly: incognito mode and a VPN are completely different tools that protect against completely different things.
Incognito mode prevents your browser from storing cookies, local history, and form data on your device. It affects local storage only. Your ISP, your router, and any network monitor between you and the website you visit can see your traffic exactly as if incognito mode did not exist.
A VPN encrypts your traffic at the network level before it leaves your device. Your ISP, your router, and network monitors see only the encrypted tunnel. Your browser's local storage behavior is irrelevant to what a VPN does.
Using both together gives you both benefits: local privacy (no browser history stored) and network privacy (ISP cannot see your traffic). But if you can only choose one, the VPN provides far more meaningful protection against the threats that actually matter — surveillance, tracking, and data collection at the network level.
Does Your ISP Know You Are Using a VPN — and Does It Matter?
Yes, your ISP can tell you are connected to a VPN server. This is not a secret and it is not a problem for the vast majority of users.
Using a VPN is completely legal in the United States and most countries. Your ISP knowing you use a VPN reveals nothing about what you do on the VPN. They know you value your privacy — that is all the information they have.
In countries with heavy internet censorship or mandatory ISP data retention laws, some users use VPNs with obfuscation features that disguise VPN traffic to look like ordinary HTTPS traffic. This is not relevant for most US users but matters for travelers to restrictive jurisdictions.
Stop Your ISP From Profiling You
CyberFence uses AES-256-GCM encryption, encrypted DNS resolvers, and a zero-logs policy — so neither your ISP nor we have any record of your browsing activity. Available on all devices, starting at $7.99/month.
View PlansThe Bottom Line
Your ISP can see that you are using a VPN. That is all. The websites you visit, your search queries, the content of your traffic, and your browsing patterns are completely hidden from them behind AES-256 encryption. Your DNS queries route through the VPN's resolver, not your ISP's servers, so even the domains you look up are invisible to them.
Without a VPN, your ISP has a detailed map of your online life — one they are legally permitted to sell. With a VPN, they have an encrypted pipe and a session timestamp.
For the privacy that matters most — protecting your browsing from commercial surveillance and data brokering — a zero-logs VPN that routes your DNS through its own encrypted resolvers is the most effective tool available to ordinary users today.
Start CyberFence's Free Trial and your ISP will see nothing but an encrypted connection — starting on the first connection you make.