Your ISP is technically providing you your Internet service, so every bit of information you are sending and receiving on the Internet, they are handling all of this.
So to answer plainly: A lot.
What’s more, ISPs have the ability to infer substantial amounts of sensitive information from users’ unencrypted traffic. And depending on where you live in the world and the country’s regulations your ISP abides by, this could affect how much of your information your ISP gets to keep about you.
HTTP VS HTTPS
Firstly, let’s take a look at HTTP and HTTPS websites.
When you surf on HTTP sites, all the data passed between you and the website can be clearly seen in plaintext. On HTTPS websites (the ones with the green padlock), data is generally encrypted.
Although this is an improvement of privacy for web users because your ISP cannot see your URLs, it is not 100% fool-proof because your ISP can still see and monitor requests made to your Domain Name System (DNS).
A detailed analysis into a user’s DNS queries can still reveal much information as DNS-lookups can expose every webpage you visit. So even if your ISP cannot see what you are doing on a website, your ISP can still see that you are requesting all the domains you are requesting for.
As pointed out by Medium, this string of domains you visit can be very revealing in themselves. For instance:
[2015/03/09 18:34:44] abortionfacts.com
[2015/03/09 18:35:23] plannedparenthood.org
[2015/03/09 18:42:29] dcabortionfund.org
[2015/03/09 19:02:12] maps.google.com
A site with HTTPS can sometimes show browser warnings to users because not all parts of the website are entirely encrypted as well, such as sections with third-party advertising.
WHAT DOES YOUR ISP SEE WHEN YOU CONNECT WITH A VPN
In general, ISPs mostly collect metadata about you. Metadata is data giving information about other data, things like your IP addresses and port numbers. So, say if you were sending an email, while your ISP cannot see the content of the email, they are likely able to see whoever you are sending the email to.
The difference with surfing using a VPN is that because a VPN works to encrypt all the traffic travelling between your ISP and you, your ISP is unable to see what you are doing online. Instead of the unencrypted, plaintext that your usual traffic is in, connecting via VPN will make sure that your ISP cannot understand your Internet traffic because it will only look like a bunch of undecipherable encrypted data. Between the VPN server and the Internet, your Internet traffic cannot be traced back to you.
To know more about how a VPN can protect your browsing on the Internet, read about what exactly is a VPN and why you might need it.