You’re mostly right, if not completely right. VPN is encrypted with SSL so the ISPs only see that you exchanged information with a VPN, but not what is being exchanged.
You may consider that maybe the ISPs can also figure out who else connects to the VPN and maybe deduce some information that way, but they can’t know everyone who uses the VPN, only those on their ISP that use it. So you can exchange information with somebody in Antarctica and the ISP has no way of knowing if it’s somebody outside or inside their ISP.
Also, on the point of services that are not HTTPS, don’t confuse encrypted protocols with the SSL of the VPN. Your ISP will not see your unencrypted packets either if you tunnel it through your VPN. They can’t see your DNS or ping requests (assuming you are using an IP based proxy, not using a SOCKS proxy). But your VPN provider can see those unencrypted requests. So you’re choosing to trust the VPN provider with those opaque requests over your ISP.
And last, about DNS-over-HTTP, a reverse DNS is enough for your ISP to know what domain you’re connecting to in a lot of the cases, regardless if you hide the domain name resolution. Of course, sites using shared CDNs mitigate this, but not all do.
You’re mostly right, if not completely right. VPN is encrypted with SSL so the ISPs only see that you exchanged information with a VPN, but not what is being exchanged.
You may consider that maybe the ISPs can also figure out who else connects to the VPN and maybe deduce some information that way, but they can’t know everyone who uses the VPN, only those on their ISP that use it. So you can exchange information with somebody in Antarctica and the ISP has no way of knowing if it’s somebody outside or inside their ISP.
Also, on the point of services that are not HTTPS, don’t confuse encrypted protocols with the SSL of the VPN. Your ISP will not see your unencrypted packets either if you tunnel it through your VPN. They can’t see your DNS or ping requests (assuming you are using an IP based proxy, not using a SOCKS proxy). But your VPN provider can see those unencrypted requests. So you’re choosing to trust the VPN provider with those opaque requests over your ISP.
And last, about DNS-over-HTTP, a reverse DNS is enough for your ISP to know what domain you’re connecting to in a lot of the cases, regardless if you hide the domain name resolution. Of course, sites using shared CDNs mitigate this, but not all do.