That's a good question. +1

If you're using TLS, it would just look like an HTTPS connection. If you're not using TLS (ws:// vs wss://), they would be able to read what you're sending.

With normal HTTP/HTTPS, the ISP can see the full URLs of pages and resources being accessed, as well as the data contents if not encrypted with HTTPS. With websockets, the ISP only sees that a connection is made to the websocket server, not the specific resource or data being accessed. Websockets allow for two-way continuous communication between client and server, whereas HTTP is request-response based. This means with websockets, the ISP sees a long-lived connection rather than a series of requests and responses. Websockets traffic is typically encrypted with wss://. This prevents the ISP from seeing the data contents, similar to HTTPS encryption. However, the ISP could still see the domain name in the websocket connection. With HTTP/HTTPS, the ISP can potentially cache resources and pages, but websockets connections are not cacheable. If the websocket connection is not encrypted, the ISP could see the actual websocket messages being sent and received. With HTTP, the ISP would only see the request/response headers and body if not encrypted.

No clue but would like to know.