Can your ISP still see search history even if you are using a VPN?

[FI Fheonix]

Can your ISP still see search history even if you are using a VPN? I have a friend who would like to know.

[Hinjima]

14 minutes ago, FI Fheonix said:

Can your ISP still see search history even if you are using a VPN? I have a friend who would like to know.

your ISP can see your VPN's IP address. However, they can't see anything else. Everything you do online, including browsing habits, downloads, and viewed content, stays hidden when you use a good VPN.  Try to use a VPN that has a no log policy as well.

[Electronics Wizardy]

Your ISP probably can't see your search history if your not using a VPN either. Most sites are using HTTPS now, so all they see if the dns address there hitting, and the IPs that are being connected to. The ISP can't see the page content or the full url.

[wanderingfool2]

No, but for that matter neither can an ISP really; as a general rule when you are on a site that is using https (which pretty much is all of them these days) and the site uses the secure connection through-out (which pretty much makes up the majority of sites) the ISP really can't see too much aside from what IP addresses you are communicating with (at which point they could figure out a website if it's not some shared IP address for the service)

 

An issue with a lot of VPN stuff I think is that it oversells in what it's actually doing.  I personally wouldn't trust a VPN much more than I would trust an ISP.  As an example, many claim that they don't keep logs...but if any of them also say they host in Canada they are doing 1 of 2 things.  Breaking the law or they are keeping logs. (Unless the law changed again without me knowing)

 

Edit: To give a bit more information, when you use a VPN you are effectively encrypting your traffic and sending it to the VPN which then decrypts it and sends it on it's way...which is why an ISP wouldn't be able to see anything if you use a VPN.  With that said whatever the ISP would be able to see, your VPN can now see.  A VPN does have it's purposes though, if you were to be at lets say a coffee shop using their wifi a VPN can add an extra layer of protection (as while most do use secure connections not all...and there are other types of attacks against that kind of traffic).

[LAwLz]

No, and in general your ISP can't see your search history even if you don't use a VPN. 

 

Without a VPN, your ISP might be able to see that you visited Google, but they won't be able to see what you did on Google because that traffic is encrypted using HTTPS.

 

 

They could potentially be able to figure it out though because they could see that you visited Google, and then afterward visited let's say PornHub. In that case they could guess that you searched for some type of porn and then clicked a link, but not your exact search. With HTTPS (which almost all websites use these days), your ISP can only see which websites you visit, but not the exact page or what you do on the website. For example my ISP can see that I am browsing Linustechtips.com right now, but they can't see which thread I am viewing or what I am posting. They might not even be able to tell that I am posting at all. 

[Agall]

19 minutes ago, FI Fheonix said:

Can your ISP still see search history even if you are using a VPN? I have a friend who would like to know.

A VPN is practically speaking a proxy with encryption. So your ISP will only see the encrypted traffic going two+from you and your proxy, aka the VPN provider.

[Agall]

Just now, LAwLz said:

No, and in general your ISP can't see your search history even if you don't use a VPN. 

 

Without a VPN, your ISP might be able to see that you visited Google, but they won't be able to see what you did on Google because that traffic is encrypted using HTTPS.

 

 

They could potentially be able to figure it out though because they could see that you visited Google, and then afterward visited let's say PornHub. In that case they could guess that you searched for some type of porn and then clicked a link, but not your exact search. With HTTPS (which almost all websites use these days), your ISP can only see which websites you visit, but not the exact page or what you do on the website. For example my ISP can see that I am browsing Linustechtips.com right now, but they can't see which thread I am viewing or what I am posting. They might not even be able to tell that I am posting at all. 

This is assuming the certificate you're using is from the destination site and not a device in the middle. Something like DPI-SSL where you're handshaking the SSL certificate with a firewall device so that firewall device can read traffic. It appears like normal HTTPS traffic but you're technically using the firewall's provided SSL certificate so it can be a man in the middle.

[LAwLz]

7 hours ago, Agall said:

This is assuming the certificate you're using is from the destination site and not a device in the middle. Something like DPI-SSL where you're handshaking the SSL certificate with a firewall device so that firewall device can read traffic. It appears like normal HTTPS traffic but you're technically using the firewall's provided SSL certificate so it can be a man in the middle.

That's not a real risk in this scenario.

I seriously doubt OP's ISP has installed a wildcard cert on OP's devices, and unless they have done that, your browser will throw up a massive warning as soon as the MITM attempt happens because the certificate won't match.

 

For personal use, or when talking about ISPs, it is pretty safe to say that they can't MITM you. 

[wanderingfool2]

1 hour ago, LAwLz said:

For personal use, or when talking about ISPs, it is pretty safe to say that they can't MITM you. 

For the most part yea agree...I do remember back in the day pre-prism when many sites didn't have https everywhere; and one of the major US companies was injecting html code in (I can't quite remember if it was for warning of delinquent accounts or if they were replacing some of the ads with their own ads).  In theory on some non-https pages they might do that (but I do think that practice faded away).

 

I guess in theory as well they could also find out some extra information by being the MITM.  An example would be that Tinder didn't encrypt the images of profile pictures and based on the size of the next packet you could tell whether or not they swiped left or right...but generally it's impractical form of data collection.

 

To the OP, an example of why you would use a VPN in a coffee shop though is because of something like FireSheep (you can look it up for more detailed)  in short some websites weren't encrypting all the traffic so people could snoop on it and get your token cookie (but ISP's in general wouldn't do that); but like I said all using a VPN does is shift it from having to trust the ISP to having to trust a VPN.

[airborne spoon]

On 5/18/2023 at 2:54 PM, wanderingfool2 said:

No, but for that matter neither can an ISP really; as a general rule when you are on a site that is using https (which pretty much is all of them these days) and the site uses the secure connection through-out (which pretty much makes up the majority of sites) the ISP really can't see too much aside from what IP addresses you are communicating with (at which point they could figure out a website if it's not some shared IP address for the service)

 

An issue with a lot of VPN stuff I think is that it oversells in what it's actually doing.  I personally wouldn't trust a VPN much more than I would trust an ISP.  As an example, many claim that they don't keep logs...but if any of them also say they host in Canada they are doing 1 of 2 things.  Breaking the law or they are keeping logs. (Unless the law changed again without me knowing)

 

Edit: To give a bit more information, when you use a VPN you are effectively encrypting your traffic and sending it to the VPN which then decrypts it and sends it on it's way...which is why an ISP wouldn't be able to see anything if you use a VPN.  With that said whatever the ISP would be able to see, your VPN can now see.  A VPN does have it's purposes though, if you were to be at lets say a coffee shop using their wifi a VPN can add an extra layer of protection (as while most do use secure connections not all...and there are other types of attacks against that kind of traffic).

I have to disagree or at least in part. I got a cese and desist email from my ISP from downloading a torrent while connected to my VPN. The only way they could know what file I was downloading (it was listed in the email) is if they can see my traffic.

[cooky560]

15 minutes ago, airborne spoon said:

I have to disagree or at least in part. I got a cese and desist email from my ISP from downloading a torrent while connected to my VPN. The only way they could know what file I was downloading (it was listed in the email) is if they can see my traffic.

Perhaps someone reported you for connecting to the torrent, it's not impossible to envisage a bad actor collecting data by offering part of the torrent to you, and then collecting data on anyone who uses that peer.

[Lurick]

17 minutes ago, airborne spoon said:

I have to disagree or at least in part. I got a cese and desist email from my ISP from downloading a torrent while connected to my VPN. The only way they could know what file I was downloading (it was listed in the email) is if they can see my traffic.

VPN could have cut out and the torrent switched over to your regular connection if you didn't have a killswitch connected.

Depending on the provider they could also have done logging and forwarded the report they got to your ISP.

[wanderingfool2]

7 hours ago, airborne spoon said:

I have to disagree or at least in part. I got a cese and desist email from my ISP from downloading a torrent while connected to my VPN. The only way they could know what file I was downloading (it was listed in the email) is if they can see my traffic.

There can only be a few options that lead to that

 

1) You setup your VPN wrong, so you weren't using your VPN (if you were using a VPN, the data between you and the VPN would have been encrypted unless you seriously set it up wrong so the ISP couldn't see what you were doing)

 

2) Your torrent client leaked your true IP address (it happens), and the person you downloaded from was a company like RIAA etc who sent the notice to your ISP who would be required to send you the notice.  In that case it's not your ISP spying either.

 

3) Your VPN kept logs of the IP connections so when a case like (2) happens the VPN sends the notice to the ISP who then sends the notice to you.

 

4) You forgot to use the VPN/internet went down and your VPN didn't come online, at which point we are back to point number 2.

[dalekphalm]

7 minutes ago, wanderingfool2 said:

There can only be a few options that lead to that

 

1) You setup your VPN wrong, so you weren't using your VPN (if you were using a VPN, the data between you and the VPN would have been encrypted unless you seriously set it up wrong so the ISP couldn't see what you were doing)

 

2) Your torrent client leaked your true IP address (it happens), and the person you downloaded from was a company like RIAA etc who sent the notice to your ISP who would be required to send you the notice.  In that case it's not your ISP spying either.

 

3) Your VPN kept logs of the IP connections so when a case like (2) happens the VPN sends the notice to the ISP who then sends the notice to you.

 

4) You forgot to use the VPN/internet went down and your VPN didn't come online, at which point we are back to point number 2.

Yeah, I can't see any circumstance in which an ISP can see your VPN traffic if you've got it setup properly, and the VPN service isn't sketchy. It seems to me like their VPN probably didn't have the killswitch (or didn't have it enabled). Or the VPN company kept logs and were legally required to hand over the data.

[wanderingfool2]

7 hours ago, dalekphalm said:

Yeah, I can't see any circumstance in which an ISP can see your VPN traffic if you've got it setup properly, and the VPN service isn't sketchy. It seems to me like their VPN probably didn't have the killswitch (or didn't have it enabled). Or the VPN company kept logs and were legally required to hand over the data.

Well I mean in places like Canada, I believe we have a law in place which requires a VPN to keep the IP logs....so to add onto what was said it could even be that they were required to by law (depending where it's from)

[dalekphalm]

10 hours ago, wanderingfool2 said:

Well I mean in places like Canada, I believe we have a law in place which requires a VPN to keep the IP logs....so to add onto what was said it could even be that they were required to by law (depending where it's from)

Most countries would require the VPN provider to keep some log traffic - that's why VPN providers tend to operate out of countries with more lax laws.

 

But if they put a server in Canada, that server has to follow Canadian Law, of course.

[wanderingfool2]

23 hours ago, dalekphalm said:

Most countries would require the VPN provider to keep some log traffic - that's why VPN providers tend to operate out of countries with more lax laws.

 

But if they put a server in Canada, that server has to follow Canadian Law, of course.

Which is sort of where the problem exists, most "no log" VPN services still offer servers in Canada (as an example NordVPN).  NordVPN also states they operate out of countries that don't require logs.

 

Yet we have the copyright act section 41.26 which pretty much states that they must keep records; which essentially puts any VPN service in Canada as willfully breaking the law, which then you have to trust that a company like that is breaking the law or their claims of no logs is false.   At least the big names that I checked all have Canada as an exit point...which sort of creates that issue that legally all of them would be required to keep a log

[dalekphalm]

3 hours ago, wanderingfool2 said:

Which is sort of where the problem exists, most "no log" VPN services still offer servers in Canada (as an example NordVPN).  NordVPN also states they operate out of countries that don't require logs.

 

Yet we have the copyright act section 41.26 which pretty much states that they must keep records; which essentially puts any VPN service in Canada as willfully breaking the law, which then you have to trust that a company like that is breaking the law or their claims of no logs is false.   At least the big names that I checked all have Canada as an exit point...which sort of creates that issue that legally all of them would be required to keep a log

All true - but I'm one of those people who personally thinks VPN services like NordVPN are highly overrated (particularly on the security and privacy standpoint). Regular people tend to misunderstand how they work and how they "might" protect you.

 

In any case, if you're connecting to a server in Canada, expect that your traffic is probably being logged to some degree regardless of what the VPN service provider tells you.