Hiding or Obscuring Data from ISPs

As you have given a list of information you would like to protect from your ISP, I will try to give you some hints:

  • browsing history:

    Your browser is normally not provided by your ISP, so if you consistently apply security patches, it should not be able to access it from your browser - I would not be as sure as what Chrome reveals to Google. But all your network traffic passes through its routers so they can log every plain HTTP request, and at least the IP destination and size of your HTTPS request and their responses.

    => if you want to hide the HTTPS sites that your browse, you should considere using a VPN or TOR: the ISP will only know that you use a VPN. This part is IMHO fully relevant regarding the new US congress vote. Simply you have to trust the VPN owner to not collect and sell back your data... (read: do not trust a free VPN to respect your privacy)

  • DNS requests:

    you normally use the DNS from your provider so they can log all of them. Even if you try to use a third party DNS server (but anyway that one will log your requests) the DNS request will pass in clear text through the ISP router, so it can also log them.

    => You could try to connect to a third party DNS server through IPSEC - and trust the DNS owner to not collect your data... Alternatively or in addition, you could setup a local DNS cache (common in Unix/Linux system) to limit the number of DNS requests and make their statistical usage harder

  • geo localization:

    of course your ISP knows where you are! As you have a contract with him he generally knows your address and your banking coordinates. Only some pre-paid mobile plans allow to by-pass this. As far as I am concerned, I would not worry too much about that point

  • communication data:

    the rule is simple: all unencrypted data can be logged by your ISP. It include plain HTTP requests and their responses, as long as SMTP, POP or IMAP unless you use them over SSL. I will not speak too much of other (older) protocol like NNTP, Telnet, or FTP which are now seldom used and SSH/SFTP is fully encrypted.

    => here your should prefere HTTPS over HTTP, and only use mail protocols over SSL. For the mail part, you should also know that the mail provider has full access to all your unencrypted mails either sent or received. For example if you use Gmail, Google knows everything of your mailbox.

TL/DR: Some simple rules can allow a minimal protection of you privacy:

  • use a mail provider that you can expect not to sell too much or your data - neither Gmail nor your provider since the US Congress vote
  • always use SSL version for TCP protocols like SMTP, POP or IMAP
  • prefere HTTPS over HTTP

Some additional rules allows for better privacy at a cost of more complex configuration:

  • setup a local DNS cache to limit the number or DNS requests
  • use a VPN or TOR for browsing - and choose a VPN provider that you can expect not to sell too much of your data
  • use encrypted mail if the recipient as given you his public key

Try considering options such as a VPN. When you connect your device to the VPN, ALL the traffic is first encrypted on your machine and the sent to the VPN server, so the ISP can only see VPN traffic and nothing else.

Suppose you buy VPN from XXXX company, and you use VPN all the time to connect to the web, in that case the ISP will only see that you are connected to XXXX company servers all the time using some sort of VPN connection. Due to this your ISP will not be able to see any DNS request or any website related data. But it can only track your location as you will have a contract for the connection to the ISP.

You can even prevent the ISP from knowing that you are on VPN all the time. You simply disguise your VPN traffic in the form of HTTP or HTTPS or any other protocol allowed by your VPN provider. Yes! some VPNs like IVPN allow you to do that.

Try not to consider options like TOR, while TOR is a wonderful thing for protecting your privacy, there are some nosey end-nodes that may intrude your privacy.

Moreover, try to have a VPN provider that DOES NOT log any of your activity. This way you will be totally annonymous.

Tags:

Privacy

Isp

Recent Posts