Like most people, you probably visit several websites and perform even more searches each day.
Would you change your browsing habits or take precautions if you knew that your ISP (Internet Service Provider) may see (some of) your online activity?
While the answer may depend on many different factors, the mere thought that you may not be the only person who can see your browsing history can be a bit disturbing, to say the least.
If you’re wondering whether your ISP can see what you do online and you need exact answers, this article is for you.
Let’s see what you should know to protect your privacy.
The Difference Between Searches, Visited Sites, and Browsing History
If you want to keep your online activity private, you must understand some basic concepts.
Let’s start with searches.
While you probably do most of your searches on Google, most sites will allow you to search their own content.
When you perform a search on Google (or any other website), you enter a query (a phrase or a keyword) in the search bar and Google will give you relevant search results.
This entire process occurs on the same domain which is google.com and you won’t navigate from this domain until you click on one of the search results.
You can see your exact search query after the domain name in the address bar:
In this case, your router will send the IP address of Google’s website to your ISP but then the actual search is performed on Google’s servers, so in most cases, it will be invisible to your ISP (more on this later).
What happens when you visit a website?
In contrast to searching, each time you enter a domain in your browser and visit a website, your router sends the IP address of that site to your ISP.
As you will see later, this fact will be highly important to understand what online activities your ISP can see.
What about browsing history?
By definition, your browsing history includes both the searches you performed and the websites you visited (among other things).
If you don’t use an incognito window, chances are good that your browser keeps a record of all your searches and sites you’ve visited.
This data is usually stored locally on your machine and in the cloud linked to your account. For instance, Google Chrome and Safari both store your history unless you use an incognito window.
- When you do a search on a website (such as Google), that is performed on the website’s own server, therefore, in most cases (if you’re connecting with HTTPS – more on this later), the actual search is not visible to your ISP.
- When you enter a domain name in the browser, the corresponding IP address is sent to your ISP.
- Most browsers will remember what sites you’ve visited and what search queries you’ve entered (that is your browsing history) unless you use an incognito window.
Now that we’ve discussed these important concepts, let’s cut to the chase and find out what exactly your ISP can and can’t see.
Can Your ISP See What Sites You Visit?
Each time you enter a domain name in your browser, a series of processes take place. The most important is that your request will go through your ISP which can indeed track your activity.
For a better understanding, here’s the breakdown of the process in a nutshell:
- You enter the domain name in the address bar of your browser.
- Your browser reaches out to a DNS (Domain Name System) server, which is often hosted by your ISP and gets back the actual IP address of the requested website.
- Now your device will perform another request through your ISP to get the necessary files from the remote server that hosts the site.
In reality, this process is more complicated and often involves other factors, such as caching and CDNs, however, there’s no need to dig into these to understand your ISP’s role in the process.
As a consequence, the answer is yes, your internet service provider can see what sites you visit (including subdomains), however, in most cases, it can’t see what pages you visit on those websites.
Most modern sites use the HTTPS protocol, which provides a secure connection between your web browser and the server that hosts the website you visit.
What it basically means is that the queries you make on that website are encrypted, therefore not visible to your ISP (more on this in the next section).
For instance, your ISP can see that you’ve just visited Twitter but they can’t see what you read or post as Twitter uses HTTPS protocol.
If a site does not use HTTPS encryption, your browsing data (everything you do and enter on that site) is exposed not only to your internet provider but potentially to anyone who has access to your network.
Even a curious neighbor could track your activity on sites that use an unsecured HTTP protocol if they have access to your wifi network (by performing a man-in-the-middle attack (MITM), for example).
To be honest, it’s much more likely that your neighbor is only stealing your wifi and not spying on you. Here’s how you can find out if that is the case.
Does Your ISP Keep Records of Sites You Visited?
Now that we’ve discussed that your ISP can see what websites you visit, the question arises: does it keep records of those sites?
This depends on your internet provider and the country you live in, however, in most cases the answer is most probably yes.
According to a Federal Trade Commission (FTC) report, in the US many internet service providers collect a significant amount of sensitive data, including browsing history, and cross-device tracking may be more common than you might think.
Can Your ISP See Your Search History?
While you may have already heard those opinions that say your ISP spies on you and tracks all your online activities, this is not entirely true.
As we’ve already discussed, when you enter a search query in Google, your router will send the IP address of google.com to your internet service provider so that your browser gets the necessary files to show you the page.
In this case, your ISP will see the IP address request and have the data that you’ve visited the website.
But what about the search query itself? Can your ISP see what you search on Google?
If your browser is connected to Google via HTTPS (which is what Google uses by default), your internet provider won’t be able to see your search history.
As a rule of thumb, if you use a search engine or do a search on a website that uses a secure connection (HTTPS), your ISP won’t be able to track your search queries because the communication between your browser and the site is encrypted, therefore invisible to your service provider.
Practically, everything that comes after the root domain name (after the slash) will be hidden from your ISP if the site uses a secure connection. Thus your internet service provider can’t really see what you search on those sites.
As you can see in the screenshot above, the search query comes after the slash and that means your ISP won’t see it as the content is encrypted. Keep in mind however that the website owner (in this example Google) will see the raw data.
How to Know If a Website Uses Encrypted Connection?
In most browsers, you will see a little padlock at the beginning of the address bar which means the site uses an SSL certificate and your connection is encrypted. If you click on the padlock, you’ll see that it says your connection is secure.
Also if you double-click on the URL in the address bar, you will see that the URL begins with “HTTPS” and not “HTTP”.
To sum up, if a website is secured with HTTPS, your ISP will only see the root domain but not your searches. However, your browser will still keep a record that is usually linked to your account. Fortunately, you can delete your browsing history pretty quickly.
Can Your ISP See What You Search If You Use an Incognito Window?
When you use your browser’s incognito window, the browser usually won’t save:
- your browsing activity (including your searches and visited sites)
- any information that you enter in website forms
At the same time, the browser warns explicitly you that your activity may still be visible to your ISP, as you can see in the screenshot above.
In fact, the main goal of using an incognito window is to protect your personal data from people who use the same computer or account as you.
Regarding your ISP, going incognito will do nothing new compared to “normal” browsing.
This means that your internet provider will still see what sites you visit and without a secure connection, it may actually see your search history as well.
So if privacy is important for you, be careful with private browsing because it may give you a false sense of security.
How to Hide Your Browsing History From Your Internet Service Provider
Use a VPN to Prevent Your ISP From Accessing Your Browsing Data
If you want to make sure that your internet activity is hidden from eavesdroppers, consider using a VPN (Virtual Private Network) service, such as NordVPN or ExpressVPN.
Simply put, when you use a VPN, your requests will be redirected through a remote VPN server, thus your own IP address will remain unrevealed.
During this process, your data travels in an encrypted tunnel (most VPNs use 256-bit encryption) and will be hidden from third parties, such as your ISP.
A VPN connection prevents your internet service provider from seeing your browsing history.
A VPN will help you improve your privacy and reduce your digital footprint substantially. At the same time, using a VPN also increases security when you connect to a public or unsecured wifi network.
A VPN can also be used to bypass geo-blocking and gain access to restricted content.
Of course, if your VPN provider logs your activity, it can have information about your internet history (similar to an ISP). This is why it’s so important to use a reliable VPN service that has a no-logs policy.
Tor Browser: a VPN Alternative
Using Tor is another way to prevent your online traffic from being monitored. The Tor browser is completely free and when you use the Tor networks, your request is redirected through several nodes. This highly improves privacy and anonymity.
Although Tor works fundamentally differently from VPNs, it can be used for similar purposes, such as hiding your IP and browsing activity from your internet service provider.
One major disadvantage of Tor is that it usually provides a much slower speed than a VPN.
Pro Tip: If you want to take privacy to the next level, use Tor with a VPN, however, to make this work you’ll need to do some configuration.
Change Your DNS Servers
Whether you use a VPN or a Tor browser (or neither of them), you may want to consider using a public DNS instead of your ISP’s default DNS server as this step can further improve your privacy.
DNS servers are responsible to translate the domain name you enter your browser into the corresponding IP address that is actually used to look up the site you request.
By default, you’re using your ISP’s DNS server, so every request goes through that server, and needless to say, this raises privacy concerns.
Although a correctly configured VPN solves this problem, I recommend that you use a reliable public DNS server (such as Cloudflare) to be on the safe side. This can not only improve security and privacy but you may also experience speed improvement. Here’s how you can change your device’s DNS server.
Does Your ISP Care What Sites You Visit?
What most ISPs care about is data. That often includes your browsing habits and may include other sensitive information as well. This is valuable data that they may share with third parties, such as ad companies. In most cases, it’s all about maximizing profit.
This is the main reason why many ISPs collect and store (and often share) information about your browsing history.
Also, in many countries, internet providers are required by law to log your online activity and keep records for a given period of time. If necessary, they can also forward these records to the government.
Putting It All Together
Improving online privacy is a legitimate goal. After all, who wants to give away their sensitive data to unknown entities free of charge?
As you can see, by default your ISP can potentially see all your visited websites (the root domain to be precise). It’s especially true if you also use its DNS servers.
This is because when you enter a URL in your browser, the request first goes to the ISP’s DNS server which resolves the domain name into an IP address. Then your browser uses this IP address to request the website through your internet provider.
However, when a site uses a secure connection, your ISP won’t see what you do on that website, including your searches.
In conclusion, your Google searches are not visible to your internet service provider.
If you want to hide your browsing history from your ISP, the easiest way is to either use a VPN or the Tor browser. Also, don’t forget to change your device’s default DNS server.