Your internet service provider handles every piece of data that travels between your device and the internet. Every search. Every website. Every app request. By default, they can see almost all of it — and in the United States, they're legally allowed to sell that data to advertisers without your explicit consent.
Most people assume that because websites now use HTTPS, their ISP can't see what they're doing. That's partially true, but only partially. HTTPS encrypts the content of your connection — but it doesn't hide which websites you visit, when you visit them, or how long you spend there.
A VPN changes that picture significantly. But it's worth being precise about what a VPN actually hides from your ISP — and what it doesn't.
What Your ISP Can See Without a VPN
Before explaining what a VPN hides, it helps to understand what your ISP actually collects by default.
DNS Queries
Every time you type a website address, your device sends a DNS request — essentially asking "what's the IP address for this website?" By default, those requests go through your ISP's DNS servers, which means your ISP gets a complete log of every domain you look up. This includes every website you visit, every app that phones home, and every service running on your device.
HTTPS does not protect DNS queries. Even with a fully encrypted connection to a website, the DNS lookup that preceded it is visible to your ISP in plain text unless you're using encrypted DNS — which most people aren't.
IP Addresses You Connect To
Even when HTTPS encrypts the content of your traffic, your ISP can still see the IP addresses you connect to. In many cases, a single IP address maps to a single website or service, which tells your ISP exactly what you're visiting. When multiple websites share an IP address (as is common with shared hosting), the Server Name Indication (SNI) field in the TLS handshake often reveals the specific domain anyway.
Traffic Volume and Timing
Your ISP can see exactly how much data you're sending and receiving, and when. Over time, traffic patterns can reveal a great deal about your behavior — when you're streaming video, when you're on video calls, when you're most active online. This metadata has significant commercial value even without the content of your communications.
Connection Metadata
Duration of connections, frequency of visits, and the sequence of sites you visit all tell a story. Data brokers and advertisers pay for this kind of behavioral profiling data, and in the United States, ISPs have been legally permitted to sell it since a 2017 Congressional rollback of FCC broadband privacy rules.
What a VPN Hides From Your ISP
When you connect to a VPN, your device creates an encrypted tunnel to a VPN server. All your internet traffic travels through that tunnel before reaching its destination. From your ISP's perspective, here's what changes:
The Websites You Visit
Your ISP can no longer see which websites or services you connect to. Instead of seeing "user connected to bank.com, then reddit.com, then their employer's portal," your ISP sees only that you connected to a VPN server IP address. The destinations are completely hidden.
Your DNS Queries
With a properly configured VPN, DNS queries are routed through the VPN's encrypted tunnel rather than your ISP's servers. This means your ISP can no longer log which domains you're looking up. CyberFence routes DNS through its own encrypted resolver with Web Shield DNS filtering, which simultaneously prevents your ISP from seeing your queries and blocks connections to malicious or ad-serving domains at the DNS level.
The Content of Your Traffic
Everything you send and receive — emails, form submissions, file uploads, API calls — travels through AES-256-GCM encryption inside the VPN tunnel. Your ISP receives only encrypted data that it cannot read or interpret.
Your Browsing Patterns and Timing
With a VPN active, your ISP sees a steady stream of encrypted traffic to a VPN server rather than distinct connection events to individual websites. The behavioral profiling that's possible with raw traffic data becomes significantly harder because the granular connection events are hidden.
CyberFence uses AES-256-GCM encryption and encrypted DNS to keep your traffic private from your internet provider — on every device you own.
See PlansWhat a VPN Does NOT Hide From Your ISP
Being honest about this matters. A VPN is a powerful privacy tool, but it has limits.
That You're Using a VPN
Your ISP can see that you're connected to a VPN server. They know the IP address of that server, and they can tell that your traffic is encrypted in a way consistent with VPN use. They just can't see what you're doing through it. In most cases this doesn't matter — using a VPN is entirely legal, and ISPs have no particular reason to care that you're using one.
The Volume of Your Traffic
Your ISP can still see how much data you're transferring. They can't see what it contains, but they can see that a lot of data is moving. This is relevant if your ISP uses traffic volume to throttle certain types of connections (like streaming), though it tells them nothing about the content.
Your Connection to the VPN Server Itself
Your ISP knows when you started using the VPN and when you stopped. They can see the IP address of the VPN server you're connected to. This is a minimal exposure — it tells them you use a VPN, not what you use it for.
Why This Matters in 2026
The FTC has taken increased enforcement action against data brokers that purchase and resell consumer browsing data. A 2024 FTC report found that major data brokers collect data from ISPs and resell it in forms that can identify individual users, their locations, and their behavioral patterns — even when that data was supposedly "anonymized."
A 2023 Forbes Advisor survey found that 40% of travelers had their security compromised while using public Wi-Fi. Much of that exposure comes from unencrypted DNS queries and unprotected traffic metadata — exactly the categories a VPN addresses.
For anyone working in healthcare, legal, financial services, or any field with client confidentiality obligations, ISP visibility into your browsing patterns is not a theoretical concern. It's a documented risk that professional responsibility rules and compliance frameworks increasingly require you to address.
What About HTTPS — Don't I Already Have Encryption?
This is the most common misconception worth addressing directly. HTTPS encrypts the content of your connection to a specific website — but it doesn't hide:
- Which website you're connecting to (your ISP sees the domain)
- Your DNS queries (which domains you're looking up)
- Connection timing and frequency
- Traffic volume to specific destinations
A VPN and HTTPS are complementary, not redundant. HTTPS protects the content between you and the website. A VPN protects your metadata and activity from your ISP and from anyone monitoring your network.
Does Your ISP Actually Use This Data?
Yes. AT&T, Verizon, and Comcast have all operated data programs that use browsing history and connection metadata for targeted advertising. AT&T's "Internet Preferences" program allowed the company to use customer browsing data for ad targeting unless customers paid a premium to opt out. Verizon was fined $1.35 million by the FCC in 2016 for inserting unique tracking codes into subscriber traffic without consent.
The situation is not hypothetical. ISPs collect this data because it has commercial value, and the current regulatory environment in the United States permits them to use it.
Choosing a VPN That Actually Protects You From ISP Tracking
Not all VPNs provide the same level of ISP protection. Three things specifically matter:
Zero-logs policy: Your VPN provider should not log your browsing activity. A VPN that logs your traffic and sells it to third parties is no better than your ISP doing the same thing. CyberFence maintains a verified zero-logs policy — we don't record what you browse, when you browse it, or how long you spend online.
Encrypted DNS: A VPN that routes your DNS queries through your ISP's DNS servers — even if it encrypts everything else — still exposes your browsing history at the DNS level. CyberFence routes all DNS through an encrypted resolver inside the VPN tunnel, with Web Shield DNS filtering that simultaneously blocks ads, trackers, and malicious domains.
US-operated infrastructure: For users in the United States, using a VPN operated by a company based in a foreign jurisdiction introduces a different set of privacy considerations. CyberFence is US-operated — our infrastructure, our team, and our legal accountability are all domestic. We're subject to the same laws you are, and we've built our privacy practices around US compliance frameworks including HIPAA, NIST, and CMMC.
CyberFence encrypts your entire connection including DNS, so your internet provider sees nothing useful. US-operated, zero logs, AES-256-GCM encryption on all 5 platforms.
Start Free TrialThe Bottom Line
Your ISP can see significantly more of your online activity than most people realize — even when you're on HTTPS websites. They see every domain you look up, every IP you connect to, the duration and timing of your connections, and the volume of data you transfer. In the United States, they're legally permitted to use and sell that data.
A VPN with proper DNS encryption hides all of that. Your ISP sees only that you're connected to a VPN server — nothing else. The websites you visit, the services you use, and your browsing patterns remain private.
What a VPN doesn't hide is the fact that you're using a VPN, and the total volume of your data. Neither of those matters for protecting your privacy from your ISP.
If you're serious about keeping your browsing history private — from your ISP, from data brokers, and from anyone monitoring your network — a VPN with encrypted DNS is the most effective tool available.