How to get maximum privacy from ISP without a vpn or proxy ?
from dating1999@lemmy.ca to privacy@lemmy.ml on 23 Jul 11:41
https://lemmy.ca/post/48462284
from dating1999@lemmy.ca to privacy@lemmy.ml on 23 Jul 11:41
https://lemmy.ca/post/48462284
My question is simple! How to get maximum (Possible) privacy from ISP in case someone can’t or don’t want to use a vpn ?
Fir example, In some case tor browser is enough for many but they still need from a privacy from isp on other activities on mobile.
threaded - newest
Switch DNS to a provider that supports DoH or DoT is about the only thing you can really do.
Without using a VPN or proxy, your ISP is going to be able to do DPI and know what connections you make. There really is no way around that.
Can't they still do DPI on VPN network to know what yoke re doing, ie watching netflix, pornhub and playing cod
What to you mean? If the packets are encrypted they can’t do DPI and get where the actual source is.
I think they might be able to guess that you’re watching a video based on the traffic patterns, but unlikely they can tell what site it’s coming from.
The only thing you gain from VPN is that the target server does not know your IP.
HTTPS is safe anyway and as such also the content of what you do.
The only other way you may leak information are DNS queries.
What to do about dns queries? In the privacyguides video i saw when we use a encrypted dns isp only see the ip address. So queries are hidden right ?
The queries are known to the DNS provider. Only thing is to use one you trust.
Couldn’t you run a DNS resolver that pings the authoritative servers directly? Yes initial requests will be slower
Who says the authoritative servers aren’t logging requests?
True but it seems to me that it’s an advantage to have your IP logged in this more decentralized way. most resolvers also cache the answers so it would be only logged the first time you visit a website.
without encrypted client hello (which isn’t really adopted) the hostname ist submitted in plaintext, unencrypted. so the ISP can totally see which websites you‘re going to, even it you use a secure dns server
That should only happen with SNI, no?
Not necessarily true. A VPN also prevents the ISP from collecting data on all of your connections. Currently ISPs (in the US at least) collect and sell what sites you visit even if they can’t see the data due to HTTPS. Additionally, some have implemented, but then removed due to backlash but may implement again some day, MitM attacks on HTTPS connections in order to insert ads. Using a trusted DNS server that they don’t also intercept can help avoid this, though. With a VPN the ISP won’t see any of this, only the connection to the VPN server and have no way to insert themselves as long as they don’t intercept the VPN connection itself before it’s established.
It does not answer the question but this application has been useful to me in the past.
invizible.net/en/
All that’s left is what ip’s you’re connecting to. Which is useless half the time, especially since most websites are behind cloudflare or some other anti-ddos proxy already.
Also, don’t use the web browser that came with your phone. Some manufacturers and isp’s might enjoy adding tracking into those. Some, like Apple, even got caught not encrypting amy of that.
Side note:
Even with https if you aren’t on TLS 1.3 the SNI (server name indicator) is not encrypted so the hostname you are trying to access would be visible to your ISP.
Forcing your browser to only use TLS1.3 would fix that but who knows how many sites it would break.
Oh, good catch! I have to say I don’t usually look at what specific tls version websites use. I’ll be paying attention to this for a bit
Orbot
With Portmaster on desktop, InviZible Pro on mobile, using an privacy Search engine (eg.Andisearch, Startpage, Mojeek, Metager, etc.), an ad and trackerblocker and common sense.
If you want the most privacy focused ISP, check out Cape. You can view the post I made about this company.
Am living in india and it seems cape have no service in india.