UK tech experts · info@vividrepairs.co.uk
Vivid Repairs
ISP tracking UK privacy protection guide with VPN security illustration
Stay Private · VPN Guide

ISP Tracking UK: What Your Provider Sees + How to Stop It (2026)

Updated 14 July 202622 min readTop pick: Proton VPN
4,600+
Servers
68+
Countries
Independent audit
No-logs
30-day refund
Guarantee
Editor's picks
Best Overall
Proton VPN
Our top pick after editorial testing
Get Proton VPN
As an Amazon Associate, we may earn from qualifying purchases. Our ranking is independent.
⏱️ 14 min read📅 Updated June 2026

TL;DR

ISP tracking UK laws force your internet provider to log every website domain you visit for 12 months under the Investigatory Powers Act 2016. Twenty-one government agencies can access these records without a warrant. Your ISP sees domain names, timestamps, DNS queries, and connection metadata, even on HTTPS sites. A properly configured VPN like NordVPN shifts the visibility layer away from your UK ISP to a provider outside the 14-Eyes jurisdiction, making ISP tracking UK surveillance ineffective for your actual browsing activity.

Key Takeaways

  • ISP tracking UK regulations require 12-month retention of Internet Connection Records showing every domain you visit
  • HTTPS hides page content but your ISP still sees the domain name through DNS queries and SNI handshakes
  • 535,000+ data requests were granted to UK agencies in 2023, including non-police bodies like HMRC and DWP
  • NordVPN operates from Panama jurisdiction outside 14-Eyes intelligence sharing, with Deloitte audits confirming no-log claims
  • Combining a VPN with DNS-over-HTTPS blocks both ISP tracking UK surveillance and DNS logging simultaneously

Your internet provider knows more about your online life than your closest friends. Not because they're nosy, but because UK law forces them to record it.

The uncomfortable truth? Every website domain you visit gets logged with a timestamp. Every DNS query. Every connection your smart TV, phone, and laptop makes. And it sits in a database for a full year.

Most people think HTTPS keeps them private. It doesn't. Not from ISP tracking UK systems anyway.

Let's break down exactly what your provider sees, who can access it, and the technical mechanism that actually stops it.

Best Overall

NordVPN

Largest server network, fast speeds, double VPN, threat protection, 24/7 support

Right, let's talk specifics. Since this is about stopping ISP tracking UK surveillance, you need a provider that's been properly vetted.

NordVPN operates under Panamanian jurisdiction. Panama has no mandatory data retention laws and no intelligence sharing agreements with Five Eyes or 14-Eyes countries. That's the legal foundation.

The technical verification comes from audits:

  • January 2024: Deloitte audited NordVPN's no-log claims, examining server infrastructure and data handling processes. Confirmed no user activity logs.
  • 2022: PwC Switzerland audited the NordVPN apps and backend systems.
  • 2020: PwC audited following a 2018 server breach (a third-party datacentre issue, not NordVPN's systems, and no user data was compromised because logs didn't exist to steal).

The 2024 Deloitte audit is particularly relevant because it's recent and covers the current infrastructure. Audits go stale. This one's fresh.

NordVPN runs RAM-only servers (they call it diskless infrastructure). Nothing gets written to hard drives. When a server reboots, any temporary data vanishes. You can't subpoena logs that never existed.

For DNS, NordVPN runs its own encrypted DNS on every server. Your DNS queries never touch your ISP or a third party. Combined with the VPN tunnel, ISP tracking UK systems see nothing.

The NordLynx protocol (their implementation of WireGuard) is faster than OpenVPN for daily use. Matters if you're running the VPN 24/7, which you should be if you want comprehensive protection from ISP tracking UK surveillance.

Threat Protection (included in the subscription) blocks trackers and malicious domains at the DNS level. So you're not just hiding from your ISP, you're also blocking the ad tech surveillance layer that tracks you across sites.

✅ Pros

  • Panama jurisdiction outside 14-Eyes intelligence sharing
  • Deloitte audit (January 2024) confirms no-log claims
  • RAM-only servers with no persistent storage
  • Built-in encrypted DNS prevents ISP tracking UK DNS logging
  • NordLynx protocol offers strong performance for always-on use
  • Threat Protection blocks trackers beyond just ISP visibility

❌ Cons

  • Premium pricing compared to budget VPNs (though frequent sales available)
  • App interface can feel cluttered with upsells for other Nord products
  • Server network so large that some endpoints see heavy load during peak times

The combination of jurisdiction, audits, and technical architecture makes NordVPN a solid choice for UK users specifically concerned about ISP tracking UK requirements. Your ISP logs a connection to a Panamanian VPN server. That server doesn't log your activity. The surveillance chain breaks.

For users who prioritise Swiss jurisdiction and want a provider with a strong focus on broader privacy tools, ProtonVPN offers an alternative worth considering, though their VPN-only plans are typically priced higher than NordVPN's.

Get NordVPN
Your IP
Location
ISP
Status

At a glance: our partner VPNs

ProviderBest forServersStreamingDevices
Proton VPNTop pick
Privacy, Security
4,600+
68 countries
Major platforms10Visit site
NordVPN
Streaming, Privacy
6,300+
111 countries
Major platforms10Visit site

What Your ISP Records Under UK Law (The Actual List)

The Investigatory Powers Act 2016 introduced something called an Internet Connection Record. Politicians called it necessary for national security. Privacy advocates called it the Snoopers' Charter.

Here's what an ICR actually contains:

  • Domain name visited (bbc.co.uk, not the specific article)
  • Timestamp (date, time, duration of connection)
  • Your IP address (the one your ISP assigned you)
  • Volume of data transferred (upload and download amounts)
  • Protocol type (HTTP, HTTPS, FTP, etc.)
  • Device identifier (MAC address in some implementations)
12
Months of mandatory ISP tracking UK data retention

What they don't log: the specific page URL on HTTPS connections, the content you posted, messages you sent, or passwords you typed.

That distinction matters. Your ISP knows you visited reddit.com at 11:47 PM for 23 minutes. They don't know which subreddit or what you commented.

But domain-level tracking still reveals a shocking amount. Medical websites. Dating platforms. Job search sites. Political forums. Financial services. The domain alone tells a story.

And unlike the vague "your data might be collected" warnings on websites, ISP tracking UK requirements are absolute. Every Communication Service Provider operating in the UK must comply. BT, Virgin Media, Sky, TalkTalk, Vodafone, EE, Three. No exceptions.

Quick Answer

Your UK ISP logs every website domain you visit, the exact time you visited it, and how long you stayed. This data sits in their system for 12 months minimum, accessible to 21 different government agencies without requiring a court warrant. HTTPS encryption hides what you do on the site, but not which site you visited.

The 21 Agencies That Can Request Your Records

This is where ISP tracking UK laws get properly invasive.

Most people assume only police and intelligence services can access browsing records. Wrong.

Section 61 of the Investigatory Powers Act grants access to 21 different public authorities. Here's the full list:

  • Metropolitan Police and all regional police forces
  • National Crime Agency
  • GCHQ, MI5, MI6
  • HM Revenue & Customs
  • Department for Work and Pensions
  • Home Office (Immigration)
  • Ministry of Defence Police
  • Royal Navy Police, Royal Military Police, RAF Police
  • British Transport Police
  • Food Standards Agency
  • Gambling Commission
  • Financial Conduct Authority
  • NHS counter-fraud services
  • Department of Health
  • Serious Fraud Office

Yes, the Food Standards Agency can request your browsing history. So can the Gambling Commission. And the Department for Work and Pensions.

535,000+
Data access requests granted in 2023 (IPC annual report)

The Investigatory Powers Commissioner publishes annual statistics. In 2023, over half a million requests were approved. That's 1,465 requests every single day.

No judicial warrant required. Just internal authorisation from a senior officer within the requesting agency.

The process? An agency submits a request to your ISP. The ISP checks it meets legal requirements. If it does, they hand over your Internet Connection Records. You never get notified.

Think about that. The DWP investigating benefit fraud can see you visited jobsearch sites, recruitment agencies, and LinkedIn at specific times. HMRC can correlate your browsing with tax investigation timelines. Immigration enforcement can track which international calling services and translation sites you use.

The scope creep is real. And ISP tracking UK systems make it trivially easy.

Per-Protocol Breakdown: What HTTPS Hides, What It Doesn't

Right, let's get technical. Because the "HTTPS keeps you private" myth needs killing.

HTTPS encrypts the connection between your browser and the website. That's brilliant for protecting content, form submissions, and login credentials from eavesdropping. Your ISP can't see what you're reading or typing.

But ISP tracking UK surveillance doesn't need to see content. Metadata is enough.

What HTTPS Actually Hides

  • Specific page URLs (the bit after the domain)
  • Search queries typed into website search boxes
  • Form data, usernames, passwords
  • Content of pages you view
  • Cookies and session tokens

What HTTPS Doesn't Hide from Your ISP

  • Domain name via DNS: Before your browser connects to bbc.co.uk, it asks your ISP's DNS server "what's the IP address for bbc.co.uk?" That query is logged.
  • Domain name via SNI: During the HTTPS handshake, your browser sends the domain name in plain text (Server Name Indication). Your ISP sees it.
  • IP address of destination: Even without the domain name, the IP address reveals which service you're connecting to.
  • Connection timing and duration: When you connected, how long, how much data transferred.
  • Traffic patterns: Video streaming looks different from web browsing. Your ISP can infer activity type.

So when you visit https://www.bbc.co.uk/news/uk-politics, your ISP sees:

  • DNS query for bbc.co.uk
  • SNI handshake showing bbc.co.uk
  • Connection to BBC's IP address
  • Data volume suggesting article reading (not video)

They don't see "/news/uk-politics" or which article you read. But they know you visited BBC News at a specific time. For ISP tracking UK compliance, that's all they need to log.

⚠️ Warning: Encrypted SNI (ESNI) and its successor ECH (Encrypted Client Hello) are being deployed to hide domain names during HTTPS handshakes, but UK ISP adoption remains patchy in 2026. Your DNS queries still leak the domain regardless.

DNS: The Leakiest Layer Most People Ignore

DNS is the phone book of the internet. Your device asks "where's facebook.com?" and gets back an IP address.

By default, your device uses your ISP's DNS servers. Which means every single domain lookup gets logged.

Think about how many DNS queries happen without you realising:

  • Every website you visit
  • Every image, script, or stylesheet loaded from a different domain
  • Every ad network, analytics tracker, and CDN
  • Every app on your phone checking for updates
  • Your smart TV connecting to streaming services
  • Your IoT devices phoning home

An average UK household with 22 connected devices generates thousands of DNS queries daily. All logged. All timestamped. All part of ISP tracking UK data retention.

The fix? DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT). Both encrypt your DNS queries so your ISP can't read them.

Firefox and Chrome enable DoH by default in some configurations, routing queries through Cloudflare or Google's encrypted DNS. But only 38% of UK households have it properly configured across all devices.

38%
UK households with DNS-over-HTTPS enabled (mostly by accident via browser defaults)

The catch? DoH alone doesn't stop ISP tracking UK surveillance completely. Your ISP still sees the destination IP address and SNI handshake. They can reverse-lookup IPs to domain names. It's harder, but not impossible.

You need DoH plus a VPN to properly seal the leak. More on that shortly.

A Typical Evening of Browsing: What Your ISP Actually Sees

Let's make this concrete. Here's what ISP tracking UK systems log during a normal evening:

19:15 - DNS query for netflix.com, connection to Netflix IP, 1.8GB transferred over 47 minutes (streaming video pattern). Connection ends.
20:03 - DNS query for twitter.com, connection maintained for 12 minutes, 4.2MB transferred (social media browsing pattern).
20:16 - DNS query for amazon.co.uk, 8-minute connection, 2.1MB transferred.
20:25 - DNS query for hsbc.co.uk, 6-minute connection, 890KB transferred (online banking pattern).
20:32 - DNS query for reddit.com, 34-minute connection, 15MB transferred.
21:07 - DNS query for privateinternetaccess.com, 2-minute connection, 340KB (VPN provider website visit).
21:10 - DNS query for which.co.uk, 5-minute connection, 1.2MB.

From these logs alone, your ISP (and anyone with access) knows:

  • You watched Netflix for nearly an hour
  • You checked Twitter and Reddit
  • You shopped on Amazon
  • You logged into online banking
  • You researched VPN providers (interesting timing after the banking session)
  • You checked consumer advice on Which?

They don't know what you watched, tweeted, bought, or why you're researching VPNs. But the pattern tells a story.

Now multiply that by 365 days. That's the ISP tracking UK retention requirement. A year of your digital routine, your interests, your concerns, your habits.

Feeling uncomfortable yet? You should be.

How a VPN Intercepts the Logging Layer

A VPN doesn't make you invisible. It shifts who can see your activity.

Here's the technical mechanism:

Without a VPN, your traffic flows like this:
Your device → Your ISP (logs everything) → Destination website

With a VPN, it flows like this:
Your device → Encrypted tunnel → VPN server → Destination website

Your ISP sees:

  • A connection to the VPN server's IP address
  • Encrypted data they can't read
  • Connection duration and data volume
  • Nothing else

They don't see DNS queries (your VPN handles those). They don't see destination domains. They don't see which websites you visit. ISP tracking UK systems log a connection to a VPN server in Panama or Switzerland or Sweden, and that's it.

The VPN provider becomes the new visibility layer. They can see what your ISP used to see: domains visited, timestamps, data volume.

Which is why VPN jurisdiction and audit history matter more than features like split tunneling or custom DNS.

If you're swapping UK ISP tracking for a VPN provider that logs everything and operates in a Five Eyes country, you've gained nothing. Possibly made it worse, since VPN logs are centralised and easier to subpoena than distributed ISP records.

💡 Pro Tip: Check whether your VPN provider's no-log policy has been independently audited. Marketing claims mean nothing. Third-party audits from firms like Deloitte, PwC, or Cure53 are what matter.

The ideal setup for defeating ISP tracking UK surveillance:

  1. VPN provider in a non-14-Eyes jurisdiction (outside UK, US, Canada, Australia, NZ, and extended partners)
  2. Independently audited no-log policy
  3. RAM-only servers (nothing written to disk)
  4. Built-in DNS leak protection
  5. Kill switch that blocks all traffic if VPN drops

That combination makes ISP tracking UK requirements irrelevant for your actual browsing. Your ISP logs a VPN connection. The VPN provider logs nothing. Your browsing stays private.

NordVPN from £12.99/mo

Audit and Jurisdiction: Why These Matter More Than Features

Look, every VPN claims they don't keep logs. It's table stakes marketing.

The question is: can you verify it?

Two things separate trustworthy VPNs from privacy theatre: independent audits and legal jurisdiction.

Why Audits Matter

An audit means a third-party cybersecurity firm examines the VPN's infrastructure, code, and policies. They check:

  • Whether logging is technically possible in the system architecture
  • What data (if any) touches persistent storage
  • Whether privacy claims match technical reality
  • How user data is handled in practice

Audits aren't perfect. They're snapshots in time. A provider could change things after the audit. But they're the best verification method we have.

Crucially, audits need to be recent (within 12-18 months) and from reputable firms. A 2019 audit in 2026 is worthless. And an "audit" from an unknown consultancy might be paid puffery.

Why Jurisdiction Matters

Where a VPN company is legally incorporated determines which laws apply.

If a VPN operates in the UK, they're subject to the Investigatory Powers Act. They could be compelled to start logging users, forbidden from telling anyone, and forced to hand over data.

If they operate in a Five Eyes country (UK, US, Canada, Australia, New Zealand) or extended partners (14-Eyes includes Denmark, France, Netherlands, Norway, etc.), intelligence sharing agreements mean data can flow between agencies.

Countries outside these alliances offer stronger legal protection against ISP tracking UK style surveillance:

  • Panama: No mandatory data retention laws, no intelligence sharing agreements
  • Switzerland: Strong privacy laws, outside EU jurisdiction
  • British Virgin Islands: No data retention requirements
  • Romania: EU member but strong constitutional privacy protections

Jurisdiction isn't about hiding from law enforcement if you're doing something illegal. It's about ensuring your everyday browsing isn't subject to warrantless surveillance and mass data retention.

For UK users specifically, a VPN in Panama or Switzerland means ISP tracking UK regulations don't extend to your VPN provider. Your ISP logs a connection to a foreign server. That foreign server, operating under different laws, doesn't log your activity. The chain breaks.

If you want to learn more about how different VPN providers compare on privacy, check out our detailed ProtonVPN vs NordVPN UK privacy comparison.

Common ISP Evasion Mistakes

People make predictable errors when trying to avoid ISP tracking UK surveillance. Let's clear them up.

Mistake 1: Using Incognito Mode

Incognito or private browsing mode hides your history from other people using your device. It does absolutely nothing to hide your activity from your ISP.

Your ISP sees the same DNS queries, the same domain connections, the same timestamps. Incognito mode doesn't encrypt anything or change your network traffic.

Mistake 2: Only Using a VPN for "Sensitive" Browsing

Turning your VPN on only when visiting specific sites creates a pattern. Your ISP sees: normal browsing, then VPN connection, then normal browsing resumes.

That VPN session is now flagged as "something you wanted to hide." You've made it more interesting, not less.

Run your VPN constantly or don't bother. Selective use defeats the purpose.

Mistake 3: Using Free VPNs

Free VPNs need to monetise somehow. Usually by logging your data and selling it to advertisers or data brokers.

You're not avoiding surveillance. You're just changing who surveils you from your ISP (bound by UK law and oversight) to a free VPN provider (bound by nothing, accountable to no one).

Worse deal.

Mistake 4: Forgetting About DNS Leaks

Even with a VPN running, your device might still send DNS queries to your ISP's servers if the VPN's DNS leak protection fails or isn't enabled.

Test for leaks at dnsleaktest.com. If you see your ISP's DNS servers listed while connected to your VPN, you're leaking. Your ISP still sees every domain you visit despite the VPN.

Fix: Use a VPN with built-in DNS leak protection (NordVPN, ProtonVPN, and other reputable providers include this) and verify it's working.

Mistake 5: Trusting Browser VPN Extensions Alone

Browser extensions only encrypt traffic from that specific browser. Your other apps, background processes, and system-level DNS queries still go through your ISP unencrypted.

ISP tracking UK systems still log most of your activity. You need a system-level VPN that routes all traffic through the encrypted tunnel.

⚠️ Warning: Some VPN browser extensions are actually just encrypted proxies, not true VPNs. They don't provide the same level of protection and often leak DNS queries. Always use the full VPN application.

Setting Up DNS-Over-HTTPS on Every Device

A VPN handles DNS for you, but if you want defence in depth (or use devices where VPN apps aren't available), configure DNS-over-HTTPS manually.

Windows 11

  1. Open Settings → Network & Internet → Ethernet (or Wi-Fi)
  2. Click your connection → Edit DNS settings
  3. Change to Manual, enable IPv4
  4. Enter Cloudflare DNS: 1.1.1.1 and 1.0.0.1
  5. Set "DNS over HTTPS" to On (automatic template)
  6. Save

macOS

  1. Download Cloudflare's 1.1.1.1 app (free) or use DNSCrypt
  2. Or manually: System Settings → Network → your connection → Details → DNS
  3. Add 1.1.1.1 and 1.0.0.1
  4. macOS doesn't natively support DoH in DNS settings, so the app method is easier

Android

  1. Settings → Network & Internet → Private DNS
  2. Select "Private DNS provider hostname"
  3. Enter: one.one.one.one (Cloudflare) or dns.google
  4. Save

iOS

  1. Download a DNS profile from Cloudflare or use the 1.1.1.1 app
  2. Install the profile via Settings → General → VPN & Device Management
  3. iOS doesn't have native DoH settings, so profile or app required

Firefox (Any OS)

  1. Settings → Privacy & Security → scroll to DNS over HTTPS
  2. Enable "Max Protection"
  3. Choose provider (Cloudflare or NextDNS recommended)

Chrome (Any OS)

  1. Settings → Privacy and Security → Security
  2. Scroll to "Use secure DNS"
  3. Enable and select provider

Router-level configuration is possible but complex and depends on your router model. Most consumer routers don't support DoH natively. Easier to configure per-device or just use a VPN.

Remember: DoH stops DNS logging but doesn't hide the destination IP or SNI handshake. Your ISP can still infer domains from IPs. For complete protection from ISP tracking UK surveillance, combine DoH with a VPN.

Stop ISP Tracking UK Surveillance Now

NordVPN's Panama jurisdiction, Deloitte-audited no-log policy, and RAM-only servers make it the most straightforward solution for UK users. Your ISP sees an encrypted connection to a foreign server. Nothing else. Enable the VPN system-wide, turn on Threat Protection for DNS-level tracker blocking, and your ISP tracking UK logs become useless.

NordVPN from £12.99/mo

What About ProtonVPN?

ProtonVPN deserves mention as a strong alternative, particularly if Swiss jurisdiction appeals more than Panamanian.

Switzerland has constitutional privacy protections and isn't part of the 14-Eyes. ProtonVPN operates under Swiss law, which is arguably stronger for privacy than Panama (though both are outside UK reach).

ProtonVPN's infrastructure is open-source, meaning anyone can audit the code. They've had third-party audits from Securitum and Mozilla's security team.

The trade-off: ProtonVPN's standalone VPN plans are typically priced higher than NordVPN. Their value proposition improves significantly if you want their full suite (VPN, email, calendar, cloud storage) bundled together.

For users already invested in privacy-focused tools, Proton's ecosystem offers strong integration across services.

Both NordVPN and ProtonVPN effectively stop ISP tracking UK surveillance. The choice comes down to jurisdiction preference, pricing, and whether you want a VPN-only solution or a broader privacy suite.

Proton VPN from £3.59/mo

The Bigger Picture: Why ISP Tracking UK Laws Exist

Understanding the "why" helps you decide how much protection you need.

The Investigatory Powers Act 2016 passed after years of debate following the Snowden revelations. The government argued that communications data (not content, just metadata) was essential for investigating serious crime and terrorism.

The official position is that ICRs are the modern equivalent of itemised phone bills, showing who you called but not what you said.

Privacy advocates counter that internet metadata is far more revealing than phone metadata. The websites you visit expose medical conditions, political views, religious beliefs, sexual orientation, financial problems, and personal relationships in ways phone numbers never could.

The Information Commissioner's Office acknowledges that internet connection records constitute personal data under UK GDPR, but the IPA creates a specific exemption for law enforcement and national security purposes.

Whether you think ISP tracking UK requirements are justified depends on where you sit on the security-versus-privacy spectrum. But regardless of your view, you have the legal right to use encryption and VPNs to protect your privacy.

Using a VPN isn't illegal. It's not suspicious. It's a legitimate privacy tool, and ISP tracking UK laws don't prohibit it.

What Happens If You Do Nothing

Let's be clear about the actual risk.

For most people, most of the time, ISP tracking UK logs sit unused in a database. You're not actively monitored. No one's watching your browsing in real-time.

The logs exist as a searchable archive. If you become subject to investigation (for any reason by any of the 21 agencies), those logs get pulled and analysed.

Scenarios where your ICRs might be accessed:

  • You're suspected of benefit fraud (DWP checks if your browsing suggests undeclared work)
  • You're under tax investigation (HMRC looks for evidence of hidden income or assets)
  • You're involved in a legal dispute (police check for evidence)
  • Immigration status review (Home Office examines your digital footprint)
  • You're connected to someone else under investigation (your logs get pulled as part of their case)

That last one is significant. You don't need to be suspected of anything. If you communicate with someone who is under investigation, your records can be accessed as part of building a case against them.

The data also sits there vulnerable to breaches. ISPs are targets for hackers. A breach of ISP tracking UK databases would expose browsing habits for millions of people.

And there's always scope creep. Today it's 21 agencies. Tomorrow it could be 30. The legal framework exists. Expanding access just requires amending the list.

If you're comfortable with that level of exposure, you don't need a VPN. If you're not, you do.

The Bottom Line on ISP Tracking UK Surveillance

Your internet provider logs every domain you visit. They keep those logs for 12 months. Twenty-one government agencies can access them without a warrant. HTTPS doesn't hide you. Incognito mode doesn't hide you.

A VPN from a provider outside UK jurisdiction, with audited no-log policies and RAM-only infrastructure, breaks the surveillance chain. Your ISP logs a connection to a VPN server. The VPN provider logs nothing. Your browsing stays private.

NordVPN's Panama jurisdiction, recent Deloitte audit, and technical architecture make it the straightforward choice for UK users specifically concerned about ISP tracking UK requirements. ProtonVPN offers a Swiss-jurisdiction alternative if that legal framework appeals more.

The choice isn't whether ISP tracking UK laws exist. They do. The choice is whether you want your browsing history sitting in a database accessible to two dozen agencies without judicial oversight.

If you don't, you know what to do.

Our Verdict
Proton VPN: Swiss-based, open source, Secure Core servers, free tier available, part of Proton ecosystem
Get Proton VPN

Frequently Asked Questions

An Internet Connection Record (ICR) is a log entry created by your ISP showing the domain name you visited (like bbc.co.uk), the timestamp of the connection, how long you stayed connected, and the volume of data transferred. Under the Investigatory Powers Act 2016, all UK ISPs must retain ICRs for 12 months. The record doesn't include the specific page URL on HTTPS sites or the content you viewed, but domain-level tracking still reveals which services and websites you use.

No, your ISP cannot see what you post, which profiles you view, or what you read on Facebook. Because Facebook uses HTTPS encryption, the content of your activity is hidden. However, ISP tracking UK systems log that you connected to facebook.com, when you connected, how long you stayed, and how much data you transferred. They can see you used Facebook, just not what you did there. DNS queries and SNI handshakes reveal the domain even though HTTPS encrypts the content.

UK ISPs must retain your Internet Connection Records for exactly 12 months under the Investigatory Powers Act 2016. After 12 months, the data can be deleted, though some ISPs may retain it longer for their own business purposes (like network management or billing disputes). The 12-month requirement applies to all Communication Service Providers operating in the UK, including BT, Virgin Media, Sky, TalkTalk, Vodafone, EE, and Three.

Twenty-one UK government agencies can request your Internet Connection Records without a judicial warrant and without notifying you. This includes police forces, intelligence services (GCHQ, MI5, MI6), HMRC, Department for Work and Pensions, Home Office immigration enforcement, and even bodies like the Food Standards Agency and Gambling Commission. They need internal authorisation from a senior officer, but no court approval. In 2023, over 535,000 such requests were granted according to the Investigatory Powers Commissioner's annual report.

HTTPS hides the content of your browsing (specific page URLs, form data, passwords, what you read) but doesn't hide which domain you visited. Your ISP sees the domain name through DNS queries and SNI handshakes during the HTTPS connection setup. They also see the destination IP address, connection timing, and data volume. For ISP tracking UK compliance, domain-level visibility is all they need. HTTPS protects you from content eavesdropping but not from metadata logging.

A VPN doesn't make you invisible, but it changes what your ISP can see. With a VPN running, your ISP sees only that you're connected to a VPN server's IP address and that encrypted data is flowing. They cannot see which websites you visit, your DNS queries, or your actual browsing activity. ISP tracking UK logs show a VPN connection, nothing more. The VPN provider can potentially see your activity, which is why choosing a provider with audited no-log policies and non-UK jurisdiction matters.

NordVPN's no-log claims have been independently audited multiple times, most recently by Deloitte in January 2024. The audit examined NordVPN's server infrastructure, data handling processes, and technical architecture to verify that no user activity logs are kept. NordVPN operates RAM-only servers where nothing is written to persistent storage, meaning logs can't exist even if someone wanted to create them. Additionally, NordVPN's Panama jurisdiction means they're not subject to ISP tracking UK style data retention laws or intelligence sharing agreements.

DNS-over-HTTPS (DoH) encrypts your DNS queries so your ISP can't see which domain names you're looking up. Normally, when you visit a website, your device asks your ISP's DNS server for the IP address in plain text. With DoH, that query is encrypted and sent to a DNS provider like Cloudflare or Google. Your ISP sees encrypted DNS traffic but can't read the domain names. DoH helps prevent ISP tracking UK DNS logging, but your ISP can still see destination IPs and SNI handshakes. For complete protection, combine DoH with a VPN.