How is it possible for ISP’s to know we are doing online? Isn’t HTTPS supposed encrypt content so it can’t be read?

In today’s age, the issue of privacy is constantly raised. People argue back and forth over how much control the government should be given. The fears of 24/7 surveillance and personal data being sold are prevalent everywhere, and almost always for good reason. Many people today turn to paying good money for VPN (Virtual Private Network) services to hide their internet traffic and location from their ISPs and the rest of the global network

A question might be raised here however. How and why can your internet service provider see what you’re doing. With HTTPS being touted as a safe and encrypted protocol, and even getting a padlock symbol next to it, why doesn’t it do its job then? The simple answer is that it is doing its job. Hiding you from your ISP was never part of its job criteria.

The ISP (Internet Service Provider) is your mailman. They need to get packages to where they need to go. HereBeAnswers, for example, is sending you a package containing this answer. You pay the mailman monthly for a rate at which they send packages from you and to you.

HTTPS encrypts the package’s contents, however the ISP’s responsibility is still to move the package from A to B, and therefore needs to know what these A and B are. Therefore, the postage address cannot be encrypted, and your ISP can track who you are exchanging packages with, be it HBA or YouTube or Netflix. So, your ISP can’t actually see what you are viewing on HBA, YouTube, or Netflix, but they can see which sites you are accessing.

How VPN services work is that they act as an intermediary between you and the website you are accessing. What your VPN on your local device does is that it encrypts your traffic and then sends it to a server of their own. At that point, their server decrypts the packages and sends them to the website. The website returns an unencrypted answer to the server, which then encrypts that content and sends it back to you.

With this in play, all your ISP can see is that something is going to some place, and something is being received from said place. Your ISP only sees your location and the VPN server’s location. The website thinks it is only communicating with the VPN server, and so you effectively appear as being present somewhere other than where you actually are.

Keep in mind of course, that your VPN can see everything in place of your ISP. Your VPN encrypts and decrypts everything so even though you’ve protected yourself from your ISP, you are putting your faith – and your data – in your VPN’s hands. For this reason it is highly recommended that you only use trusted VPN’s, which normally have a subscription fee.