2017 May 26, 11:17am
1,784 views 21 comments
With a Congress that has demonstrated its lack of interest in protecting you from your ISP, and ISPs that have repeatedly demonstrated a "whatever-we-can-get-away-with" attitude toward customers' data privacy and integrity, it may be time to look into how to get your data out from under your ISP's prying eyes and grubby fingers intact. To do that, you'll need a VPN.
The scope of the problem (and of the solution)
Before you can fix this problem, you need to understand it. That means knowing what your ISP can (and cannot) detect (and modify) in your traffic. HTTPS traffic is already relatively secureâ€”or, at least, its content is. Your ISP can't actually read the encrypted traffic that goes between you and an HTTPS website (at least, they can't unless they convince you to install a MITM certificate, like Lenovo did to unsuspecting users of its consumer laptops in 2015). However, ISPs do know that you visited that website, when you visited it, how long you stayed there, and how much data went back and forth.
They know this a couple of ways. First, if your website uses Server Name Indication (SNI) to allow multiple HTTPS sites to be served from a single IP address, the hostname is sent in the clear so that the server knows which certificate to use for the connection. Second, and more importantly, your DNS traffic gives you away. Whether you're going to Amazon.com or BobsEmporiumOfDiscountFurryMemorabilia.com, your computer needs to resolve that domain name to an IP address. That's done in the clear, meaning it's easily intercepted (and even changeable in flight!) by your ISP (or any other MITM) whether you're actually using your ISP's DNS servers or not.
This is already enough to build a valuable profile on you for advertising purposes. Depending on your level of paranoia, it's also enough to build a profile on you for blackmail purposes or to completely compromise your Web traffic if you aren't incredibly careful and observant. Imagine an attacker has the use of a Certificate Authority to generate their own (valid!) certificates; with both that and DNS, they can easily redirect you to a server of their own choosing, which uses a certificate your browser trusts to set up an invisible proxy between you and the site you're trying to securely access. Even without the use of a rogue CA, control of your DNS makes it easier for an attacker to use punycode domain names and similar tricks to slide under your radar.
Beyond that, any unencrypted trafficâ€”including but not limited to HTTP (plain old port 80 Web traffic), much peer-to-peer traffic, and moreâ€”can be simply edited on-the-fly directly. Which, may I remind you, ISPs have repeatedly demonstrated themselves as perfectly willing to do.
You can't protect yourself from all potential attackers. Unfortunately, an awful lot of the critical infrastructure of your access to the Web is unencrypted and really cannot be secured. As a person with limited resources who can't afford to consider personal security more than a part-time job, you (and I) are unfortunately closer to Secret Squirrel than to James Bond. You can, however, move your vulnerable, unencrypted transmissions out of your ISP's reach. So that's what we'll aim to do here.
Full Article: https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/?comments=1
NOTE: Somewhat long read, technical and if you are not into this type of thing - nerdy and boring.
#VPN #Networks #Internet
VPN is a start, private ISP's is the endgame. Leave their decrepit asses where they belong. Install a short range antenna in your backyard, and start your own internet. Or repeal government regulation that shuts down anyone else's attempt to start an ISP.
Wouldn't it be simpler to use Tor?
Wouldn't it be simpler to use Tor?
TOR is not completely untraceable. If you know the start and end times someone is using the network, you can figure out what they were doing. I don't think the internet's inventor pictured a world where Comcast throttles our downloads, and Cox red-directs our tor traffic to generate bad responses using their DNS. And yes, I verified the last actually does happen when I had to switch DNS to google to get my relay working.
why all the hassle of setting up your own VPN?... I dont get it.
Free VPN (basic).https://addons.mozilla.org/en-US/firefox/addon/setupvpn/ It only works in firefox browser.
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Is this worth anything? Or just another DuckDuckGo?Verizon introduces privacy-focused search engine Verizon has launched privacy-focused search engine OneSearch, which does not track or store personal or search data -- or share it with advertisers. OneSearch displays contextual ads based on factors such as search keywords and IP address location, rather than cookies and browsing history.
You can get flagged pretty easily for using a Tor exit node.
I think it would be very naive to think that commercial VPNs would not sell data about you.
You are at the mercy of whoever controls the other end of that private channel.
Eric Holder saysYou are at the mercy of whoever controls the other end of that private channel.Not true, that's is precisely why Tor exists.A VPN doesn't really provide a private channel from anyone but your ISP now that https is used universally. The biggest benefit besides hiding traffic from your ISP is hiding your public IP from sites.
So sites don't see your IP, but Tor does. And whoever controls Tor does by definition. Exactly my point, no?