The short answer is: yes, a VPN hides most of your browsing from your ISP, but not everything. What it conceals and what it does not depends on how the VPN works and how you use it.
What Your ISP Sees Without a VPN
Without a VPN, your ISP has a detailed view of your internet activity:
- Every domain you visit: Visible through DNS queries and connection records (even if the content is HTTPS-encrypted, the destination domain is visible)
- IP addresses you connect to: The destination servers of your connections
- Connection timing and duration: When you connected, how long you stayed
- Data volume: How much data you transferred
- Your real IP address: Always visible on your account
In countries with ISP data retention laws (US, UK, Australia, Germany until recently), ISPs log this information and can be compelled to share it with law enforcement or government agencies. In the US, ISPs were allowed to sell anonymized browsing history to advertisers since the FCC rule rollback in 2017.
What Your ISP Sees When You Use a VPN
With a reputable VPN connected:
- What they see: That you are connected to a VPN server (one IP address), when you connected, and how much data you transferred
- What they cannot see: Which specific websites or services you access, the content of your communications, or your activity inside the VPN tunnel
Your ISP sees a single, continuous encrypted connection to the VPN server. The destination of that connection (the VPN server) is visible, but what you do through that connection is not.
What Still Leaks With a VPN
DNS Leaks
If your VPN is not configured correctly, your device may send DNS queries outside the VPN tunnel to your ISP’s DNS servers. This reveals exactly which domains you are visiting, even though you are connected to the VPN.
A proper VPN routes all DNS queries through its own encrypted resolver. All VPNs that score 5/5 on leak protection in our database have verified DNS leak protection. ExpressVPN’s DNS handling has had documented issues; it scores 1/5 on leak protection for this reason.
How to check: Use a DNS leak test at dnsleaktest.com while connected to your VPN. If it shows your ISP’s DNS, you have a leak.
WebRTC Leaks
WebRTC is a browser API used for real-time communication (video calls, file sharing). Some browsers expose your real IP address through WebRTC even when connected to a VPN. This is a browser-level issue, not a VPN issue.
VPNs with WebRTC leak protection patch this at the system level. Alternatively, you can disable WebRTC in your browser settings.
IPv6 Leaks
If you have an IPv6 connection and your VPN only tunnels IPv4, your IPv6 traffic goes directly to your ISP without VPN protection. This reveals your real IPv6 address and the sites you visit.
Good VPNs disable IPv6 or tunnel it through the VPN. Check your VPN’s IPv6 handling in settings.
Traffic Volume Patterns
Even with a VPN, your ISP can see the volume of data you transfer and the timing of your connections. Sophisticated traffic analysis can sometimes infer activity from these patterns (e.g., identifying video streaming by traffic shape). This is a theoretical concern for most users but real for high-risk scenarios.
Does Your VPN Provider Know What You Browsed?
Your VPN provider is in the position your ISP would otherwise be in: they route your traffic and could see what you visit. A no-logs policy means they commit to not recording that information. The audit quality of that no-logs claim varies:
| VPN | Last Audit | Auditor | Score |
|---|---|---|---|
| NordVPN | Ongoing | PwC | 5/5 |
| ProtonVPN | 2024 | KPMG | 5/5 |
| Surfshark | 2021 | Cure53 | 5/5 |
| ExpressVPN | 2023 | Multiple | 3/5 |
| CyberGhost | 2012 | QSCert | 3/5 |
You are trusting your VPN provider to not keep logs. This is why provider selection and audit quality matter.
Practical Conclusions
For everyday privacy from ISP surveillance and advertising data collection, any reputable VPN works. Your ISP sees encrypted traffic to a VPN server and nothing more.
For higher-stakes privacy (government surveillance, legal sensitive activities), the choice of VPN provider, its jurisdiction, and the quality of its no-logs audit all become meaningfully important. ProtonVPN (Switzerland) and NordVPN (Panama) are the strongest choices for this profile.
Want to compare all VPNs side by side? Check our full VPN comparison table with scores across 18 criteria.
Our verdict: A VPN effectively hides your browsing destinations from your ISP. The main vulnerabilities are DNS leaks, WebRTC leaks, and IPv6 leaks, all of which a properly configured premium VPN addresses. What you browse stays hidden from your ISP; what your VPN provider might retain depends on their no-logs policy and audit credibility. For most users, NordVPN or Surfshark provide sufficient ISP privacy at reasonable cost.
FAQ
Can my ISP see my VPN traffic? They can see that you are connected to a VPN server. They cannot see what you do through that connection.
Does a VPN hide my browsing history from my router? Yes. Encrypted VPN traffic is unreadable to the router. Your router (and anyone with access to it, like your employer on a work network) cannot see your browsing destinations.
Can the government see what I browse with a VPN? Not directly from your ISP. They could request data from your VPN provider, which is why no-logs policy and VPN jurisdiction matter. With a no-logs VPN in Panama or Switzerland, there is no data to hand over.
Does a VPN hide my browsing from my employer? On a work network, yes, a VPN hides your browsing destinations from your employer’s network monitoring. However, if you are using a company-managed device with endpoint management software installed, the employer may monitor at the device level, which bypasses the VPN.
What the ISP still infers, and whether it matters
Encrypted tunnels leak shape even while hiding content: total volume, timing patterns, and the constancy of a VPN connection are all visible to the ISP. Could it infer “heavy evening video user” from volume alone? Yes. Does that matter? For billing and network management, it already did before the VPN; for the advertising and resale economy the tunnel exists to starve, shape without content is commercially near-worthless. The one fact your ISP keeps owning is that you use a VPN at all, which in every market this site covers is unremarkable and legal.
The completion habit: pair the tunnel with the provider’s DNS (so lookups ride inside) and the kill switch (so reconnection gaps don’t leak the browsing map in bursts). Those two settings close the loopholes this article’s question is really about.
Bottom line restated for the search query that brought you: yes, a properly configured VPN hides your browsing from your ISP, the residue is traffic shape and the fact of the tunnel itself, and the two settings above (provider DNS, kill switch) are what “properly configured” means.
Keep reading: What Can Your Employer See When You Use a VPN? and How to Check if Your VPN Is Leaking Your IP Address.