Every source on the internet I could find, say that VPNs hide what I’m doing from my ISP. But the Electronics and E-Communications teacher in my High School claims the ISP can see everything I’m doing with an encrypted VPN. Is that true?
No, your ISP cannot see what you are doing through your VPN. The VPN’s servers encrypt traffic headed towards your computer, and your computer encrypts anything it sends back. Your ISP can only see the encrypted traffic because it does not have the decryption keys (only you and the server do), so any traffic going through a VPN is illegible to them.
However, VPNs can lose their connection every now and again, and if you do not have a kill switch of some sort that disallows any traffic that isn’t routed through your VPN, your ISP will be able to see the exposed data.
Your isp? No. Your vpn? Yes…has been shown when they give up your info to law enforcement
I don’t think that your teacher’s claim is valid, but that also doesn’t mean that VPNs are bulletproof.
At face value, VPNs hide the traffic from your primary ISP. Even if the VPN exit happens to use the same ISP, it cannot differentiate your traffic from the traffic of other users using the same VPN exit.
On the other hand, VPNs can log traffic and analytics, and give that info to law enforcement.
VPN also might not cover 100% of your traffic. DNS leak is most significant one maybe. DNS is used when you type “pornhub.com”, to get an IP address for “pornhub.com” before you actually connect to “pornhub.com”. If the VPN fails to protect this, then the ISP will know that you visited “pornhub.com” at X time for three minutes, but not the particulars, like what kind of video did you actually watch, or if you left a heartful comment.
VPNs also don’t typically protect you from traffic analysis. Instant messaging, video streaming, web browsing look very different in “traffic shape”, even if the content is completely encrypted. This can lead to building a profile on you, for example to see when you are home, when do you go to sleep and such, even while fully on VPN 24/7.
ISP can also deduce what primary VPN you use, like, ExpressVPN and so.
If it’s set up correctly with end to end encryption from you to the vpn, no, the ISP would not be able to tell what the traffic is.
No, that’s why it is encrypted.
But they can see what typ of communication you are performing. Basically it’s called DPI - deep packet inspection - and though your packets are encrypted, by the nature of them (size, amount of chunks moving close together, etc.) they can tell if you’re streaming video, browsing the web, voip…
That’s how in UAE they block most of the voip apps and many VPNs don’t work.
lol they are talking crap, the VPN tunnel is end to end encrypted, all they can see is encrypted traffic, and how much of it there is, now there are things such as IPv6 leaks which can let your ISP see what you are doing, but all decent VPN providers have mitigations for that, and often have kill switches you can enable that will kill the data stream the instant it detects the tunnel has broken.
All decent VPN providers also have their own DNS servers as part of the exit point so you aren’t using your local/ISP DNS server so they can’t even see what your queries are.
Don’t listen to them and just continue using your VPN.
N/B If this were also the case, businesses, government, and militaries wouldn’t allow people to use their devices off network if the VPN traffic could be read, it’d be a major security breach if true.
They can not see what you are doing but they can see that you are using a VPN 
They can see the sites you visit because of unencrypted DNS requests. DNS by default is unencrypted. Check out a service called cloudflared if you are that worried.
You are creating an encrypted tunnel between your device and whatever endpoint VPN server you’re coming out on. Your ISP cannot peer into that tunnel, or crack your encryption (without enormous effort).
Your ISP won’t be able to see what you’re doing with your VPN on, but they will be able to see that all your traffic is going to your VPN provider.
This doesn’t mean that your activity is hidden however, you’ve just moved who is able to see your traffic from your ISP to your VPN provider.
If you’re self-hosting a VPN, then your traffic is only obscured from your device, to the VPN server - the ISP of the location of the VPN server will be able to see all the traffic.
There is no way to truly obfuscate what you’re doing on the internet, someone will always be able to see the traffic, you’re only ever moving who that person is.
The best you can do is follow the Tor network approach of using so many hops and randomise them it becomes very difficult to track at the expense of speed.
As others have no, your ISP can’t see what you’re doing, all they’ll see is a ln IP address not associated with whatever website your accessing because the VPN is handling the traffic and sending your ISP the IP address of whatever server you select on the VPN.
Do be aware: VPN’s aren’t your only means of accessing the internet. There’s a lot of avenues you take to access the internet besides your VPN, there’s DNS resolution which your ISP can see, the operating system itself can still see what your local IP address is before it’s sent to the VPN (depending on the VPN), the browser you use can also be tracked via cookies, fingerprinting, HTTP E-Tags, web storage, and browser history sniffing. Then there’s whether you’re signed into services on the browser you’re using which can easily be tracked (doubly so for Chrome which they’ve lost a lawsuit for not notifying users about).
In short, don’t think of VPN’s as a silver bullet, rather they’re another you have in your utility belt of privacy.
Your ISP can’t see what you’re doing on your VPN, other than seeing you connected to an IP owned by a VPN.
Now, your government on the other hand could technically see what you’re doing at any time I’d they wanted to. If anyone remembers man-in-the-middle attacks that plagued Windows XP back in the day, governments can intercept data in the main trunks and follow that data back to your originating IP. There was a thing about the Canadian government considering implementing a couple years ago but was ultimately ‘shut down’ due to privacy. It was considered as a ‘war on terror’ but the costs of collecting and sorting through that data would be sky high as it’s hard to narrow focus down to a person of interest and would instead harness everything and need to be filtered from there.
If you don’t also move away from your ISPs default DNS provider and use an open one (or at least not your ISP’s one) then your ISP can see the root level domain you visit e.g. startpage.com but not what you actually searched for, downloaded, posted etc.
Most VPN’s these days include a DNS service that the VPN uses. Upto you if you trust both things going through one source. Depends on your levels of paranoia 
Depending on your VPN every once in a while one or another gets caught holding onto your data or selling it. This is why they advertise that they delete that or don’t store it to begin with. Your VPN could also be forced to allow other parties to watch your traffic. Windows itself tracks and sends a lot of data about you but that shouldn’t be identifiable… Your computer is also saving wild amounts of data in a lot of surprising ways, for example your location, that could be accessed if you fail to properly secure it. Your ISP is the least of your worries with a VPN on, to them it just looks like encrypted data. They could log the amount or even save it but without government help or access to your VPN at either end it’s unreadable. What your ISP does have is access to your traffic and if it’s all going to your VPN server that’s a route to track you. To be safe you should avoid threatening elected officials and keep your crimes at a petty level.
Unless your connecting to legacy http/telnet/ftp services your provider can maybe see:
- the domain you type, so they know reddit.com but not the page
- The destination ASN your traffic goes to. Oh, it’s going to a facebook ip or youtube ip. (only bigger places can be identified this way)
- some other basic traffic sources/destinations. (Eg: this person is doing UDP on a COD4 port, they’re playing COD)
Edit: 10 to 15 years ago we could tell exactly which picture on what page you just downloaded… or what video you are watching. You can thank letsencrypt.org for driving HTTPS adoption.
In addition to that it is worth pointing out that your ISP does see that all your traffic goes to a singular place (your VPN hop), and while it can’t sniff your packets, they CAN obviously infer you’re using a VPN. Especially if it’s a known VPN company like NordVPN, etc, and not a “self hosted” one like Wireguard on a rented vps or something more boutique
that’s something to bear in mind if you’re in one of those dark places that forbid the use of a VPN
Actually, your ISP can’t see data that doesn’t go through the VPN if that data is encrypted. What they can see is where that data is going, i.e. what IP address you’re communicating with.
Is it possible decryption keys are shared amongst massive conglomerates to better help each other and masking services?
Hence the importance of picking a good one.