When I first looked at using a VPN for privacy, it did cross my mind about my Internet Service Provider (ISP) being concerned. I was worried if they would take action against me for using a VPN.
Do ISPs care if you use a VPN? ISPs do care about their customers using VPNs as they can lose money from not being able to sell their customers browsing data to marketing companies. The VPN stops the ISP from being able to see the browsing activity of their customers as they only see the connection to the VPN servers and nothing else.
Let’s take a look in detail at what it means to the ISP when their customers use a VPN and the steps the ISP can take to make sure the VPN doesn’t work as effectively as it should.
1. Using a VPN makes ISPs lose income
Some ISPs do sell information about their customers browsing habits to marketing firms. Don’t worry, they can’t sell this data with details of their customers included, the data has to be sold by anonymising all the customer details first.
This can be good additional income for some ISPs but with their customer’s using VPNs, they have no data to sell, so no additional income.
ISPs lose the ability to see what websites their customers are visiting as they will only see their customer’s connections to the VPN service providers they are using.
The normal non-VPN connections which rely on using the ISPs DNS (Domain Name Service) service won’t be visible and the ISP will lose out on keeping logs of the browsing history of its customers. Without these logs the ISP has no data to sell.
The IPS’s DNS service is used to locate internet resources such as the websites being accessed by the ISPs customers. The DNS service is like a giant directory service, keeping a one to one mapping of resources on the internet like websites and their associated IP addresses.
The IP addresses are important as this is used to locate where the internet resources are by the internet routing from the ISP to the location where the websites are. Without these IP addresses it would be difficult to find internet resources and so DNS is vitally important.
Would the ISP care if you used a VPN and lost them income from selling your browsing data? No, I don’t think so, it’s a good source of income but keeping you as a customer is far more important. Anyway, many will try to make it more difficult to use your VPN instead by using tricks mentioned in the next point.
2. ISPs Block VPNs
ISPs could make it difficult for their customer to use VPN software by making it difficult for them by using a number of measures like blocking VPN IP addresses and blocking VPN ports (check out my list of VPNs that could get around ISP blocks here).
Blocking VPN IP addresses
The ISP can block the internet addresses (IP addresses) of the VPN service providers from being visible to the VPN software their customers use to connect with. When the VPN customer tries to start their VPN software, the VPN will not be able to connect to the VPN service provider and instead will return an error of not being able to connect.
To be able to block VPN service providers, the ISP will need to know which out of the millions of IP addresses available should be blocked and with many VPN service providers out there along with many VPN services they each provide from different countries and cities, it becomes difficult to keep an eye on all the IP addresses involved.
The VPN service providers themselves are working doubly hard to stay one step ahead of the ISPs by continually adding new IP addresses (they buy more on the open market), hoping this will be enough to keep their VPN software ahead of the ISPs and their VPN competitors.
Block VPN Ports
Another tactic the ISP could use is to block the ports associated with VPN traffic, so whilst it will be possible for the VPN customer to connect to their VPN service provider, they won’t be able to do anything more, as the VPN communications will be blocked from sending any information from the VPN customer’s computer to the VPN service provider.
Using a city as the analogy to try to describe IP addresses and ports, the IP address could be a location of the city in a country and the ports could be the different streets in the city. The city is split into eleven districts marked from one to eleven and each of the streets in the city is marked from one to one hundred.
Ninety fourth street in district eleven (11.94) allows anyone to get access to the park in the centre of the city without any checks. Now if ninety fourth street in district eleven was closed and blocked off, the people normally using this street would have to find an alternative and they find most people are going through Forty Three street in district four (4.43) to get to the park, so they decide to use this street to get to the park.
So in terms of using VPN software, the ISP knows the VPN software uses port 1194 (ninety fourth street in district eleven in the analogy) and decides to block this port on it’s firewall (a device used to control traffic coming and out of a network, like the ISPs network).
The VPN software will not be able to establish a VPN connection with it’s VPN service provider but if the VPN software is configured to use a different port, like a common port like port 443 (forty three street in district four), the VPN connection can be established.
Many VPN service providers provide configuration options to change the ports their VPN software uses, to outsmart any blocks the ISP may put in place and trying to work out whether VPN traffic is using normal ports is difficult, requiring deep packet inspection type tools to work out what is traversing common ports like port 443.
3. ISPs slow down VPNs
When VPNs created an encrypted tunnel from the VPN user’s computer to the VPN service provider, the size of this tunnel adds an additional ten percent approximately to the size of the data being sent down the VPN tunnel.
Whilst this may not seem much, too many users using VPNs could cause contention issues for other users with the same ISP and this could slow down their internet connections.
The ISP may elect to use bandwidth throttling on VPN traffic to reduce how much bandwidth is taken up, so other customers are not impacted.
ISPs have invested heavily in traffic shaping tools as more and more data is being sent across their networks, like videos, voice calling, as well as web browsing traffic all adding to the amount of bandwidth used.
By traffic shaping the ISPs can prioritise different types of internet traffic over others, so giving video calling more bandwidth and reducing bandwidth for VPN users, thereby slowing down their experience.
4. VPNs discharge ISPs of legal issues
By using a VPN, keeping a log of their customer’s web browsing habits are no longer the responsibility of the ISP, so anything done illegally by their customer, requires minimal or no involvement at all with the law enforcement agencies or legal firms.
As the ISP has no record of their customer’s web browsing history except for their connections to the VPN service they are using, so there’s nothing incriminating the ISP can provide to the law enforcement agencies or the legal firms (acting on behalf of the copyright holders for copyright infringement).
So there’s no need to get involved in the administration of providing corresponding customer names to IP addresses involved in any criminal or malicious activities to no need to write a series of letters to their customer’s to keep them abreast with what’s happening, all of which dramatically reduce the administrative burden on the ISP.
5. Some ISP locations ban VPNs
Most ISPs won’t have a problem with their customers using a VPN, but if you live in a country like China, Iran or North Korea where the internet is heavily regulated then using a VPN could cause problems.
China is well known for using it’s Great Firewall to use deep packet inspection to determine if VPN traffic is being sent and it showed some success in determining VPN traffic even when it was obfuscated with normal traffic.
Conclusion
ISPs in most countries won’t care if you use a VPN, even though they may lose out on making money from selling your anonymised data to marketing companies.
They may decide to make your VPN experience more challenging by block IP addresses your VPN software connects to as well as the VPN ports used to make communications. They may even use traffic shaping to limit how much bandwidth VPN traffic can use, thereby slowing it down.
Related Questions:
Can your Internet provider see your history with a VPN? No, they can’t see your history as long as your VPN doesn’t leak DNS and end up using the ISPs DNS service instead of the VPNs DNS service.
Does a VPN hide your browsing history from your ISP? Yes, a good VPN will ensure your ISP doesn’t see your browsing history as the DNS service of the VPN will be used instead of the ISP DNS service. The ISP DNS service will keep a record of your browsing history, so avoiding this using a VPN, protects your browsing history.
