You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 4.09K Posts
- 103K Comments
- Modlog
If you want the most privacy focused ISP, check out Cape. You can view the post I made about this company.
deleted by creator
With Portmaster on desktop, InviZible Pro on mobile, using an privacy Search engine (eg.Andisearch, Startpage, Mojeek, Metager, etc.), an ad and trackerblocker and common sense.
Orbot
All that’s left is what ip’s you’re connecting to. Which is useless half the time, especially since most websites are behind cloudflare or some other anti-ddos proxy already.
Also, don’t use the web browser that came with your phone. Some manufacturers and isp’s might enjoy adding tracking into those. Some, like Apple, even got caught not encrypting amy of that.
Side note:
Even with https if you aren’t on TLS 1.3 the SNI (server name indicator) is not encrypted so the hostname you are trying to access would be visible to your ISP.
Forcing your browser to only use TLS1.3 would fix that but who knows how many sites it would break.
Oh, good catch! I have to say I don’t usually look at what specific tls version websites use. I’ll be paying attention to this for a bit
It does not answer the question but this application has been useful to me in the past.
https://invizible.net/en/
The only thing you gain from VPN is that the target server does not know your IP.
HTTPS is safe anyway and as such also the content of what you do.
The only other way you may leak information are DNS queries.
Not necessarily true. A VPN also prevents the ISP from collecting data on all of your connections. Currently ISPs (in the US at least) collect and sell what sites you visit even if they can’t see the data due to HTTPS. Additionally, some have implemented, but then removed due to backlash but may implement again some day, MitM attacks on HTTPS connections in order to insert ads. Using a trusted DNS server that they don’t also intercept can help avoid this, though. With a VPN the ISP won’t see any of this, only the connection to the VPN server and have no way to insert themselves as long as they don’t intercept the VPN connection itself before it’s established.
without encrypted client hello (which isn’t really adopted) the hostname ist submitted in plaintext, unencrypted. so the ISP can totally see which websites you‘re going to, even it you use a secure dns server
That should only happen with SNI, no?
deleted by creator
The queries are known to the DNS provider. Only thing is to use one you trust.
Couldn’t you run a DNS resolver that pings the authoritative servers directly? Yes initial requests will be slower
Who says the authoritative servers aren’t logging requests?
True but it seems to me that it’s an advantage to have your IP logged in this more decentralized way. most resolvers also cache the answers so it would be only logged the first time you visit a website.
Switch DNS to a provider that supports DoH or DoT is about the only thing you can really do.
Without using a VPN or proxy, your ISP is going to be able to do DPI and know what connections you make. There really is no way around that.
Can’t they still do DPI on VPN network to know what yoke re doing, ie watching netflix, pornhub and playing cod
I think they might be able to guess that you’re watching a video based on the traffic patterns, but unlikely they can tell what site it’s coming from.
What to you mean? If the packets are encrypted they can’t do DPI and get where the actual source is.