Shack, help me settle an argument.
If you are on a secure site (https), and you download a file from it, can your ISP register the names of the files you are transferring, or does it really work like a sort of VPN where no one can see any of the traffic requests between you and the server?

An easy example is a secure banking site where you can download your account records as a PDF.

For background: at my company we deal with a lot of very sensitive information that is prone to industrial espionage. We have an https service we can use to download files from work into our laptops if our VPN keyfobs are lost. Some files you could download have the actual names of very confidential projects in the filename. Just wondering how truly secure that stuff is.