What does my internet provider know about my online activities?

What does my internet service provider know about my online activites in these cases?

  1. plain server (www, ftp, whatever) connection and provider's DNS
  2. secured (e.g. TLS) server connection and provider's DNS
  3. plain server (www, ftp, whatever) connection and an non-provider non-logging DNS
  4. secured (e.g. TLS) server (www, ftp, whatever) connection and non-provider non-logging DNS

In case 4) does my provider know anything more about my online behaviour than "IP w.x.y.z was assigned to Foo Bar between connect-time and disconnect-time" (i.e. only the duration my router was connected)?

What traffic does need to go through the provider's infrastructure to make my connection work at all?


Solution 1:

For 1 and 3 they see everything you see.

For 2 and 4 they see that you requested the IP address for example.com and whatever DNS server you chose to use replied with 1.2.3.4. They then saw you connect to 1.2.3.4 but could not see what you requested from that IP nor what was given back to you.

EDIT: Caveat to the 2nd paragraph, if you have a root certificate installed in your machine that your ISP has access to the private key of (very common if you are in a cooperate environment and not hard to do) they could intercept the SSL connection and make a new SSL connection pretending to be the site and the only way you would know is if you checked the SSL certificate chain to see if the root CA for the certificate is the one you expected.

Your ISP can proxy your connection so even though you are not using their DNS they still get to see your DNS query pass through their system, the only way around this is to use a secure proxy that is outside of your ISP's control so the only thing your ISP sees is that you connected to the proxy but cant see where you connected to beyond that nor what was requested (as long as your DNS requests go through the proxy, many proxies don't do that by default).