My question is simple! How to get maximum (Possible) privacy from ISP in case someone can’t or don’t want to use a vpn ?
Fir example, In some case tor browser is enough for many but they still need from a privacy from isp on other activities on mobile.
If you want the most privacy focused ISP, check out Cape. You can view the post I made about this company.
Am living in india and it seems cape have no service in india.
Switch DNS to a provider that supports DoH or DoT is about the only thing you can really do.
Without using a VPN or proxy, your ISP is going to be able to do DPI and know what connections you make. There really is no way around that.
Can’t they still do DPI on VPN network to know what yoke re doing, ie watching netflix, pornhub and playing cod
What to you mean? If the packets are encrypted they can’t do DPI and get where the actual source is.
I think they might be able to guess that you’re watching a video based on the traffic patterns, but unlikely they can tell what site it’s coming from.
- private, secure dns, so they don’t know the domains you’re visiting
- https everywhere, so they can’t see any of the data you’re sending or receiving
All that’s left is what ip’s you’re connecting to. Which is useless half the time, especially since most websites are behind cloudflare or some other anti-ddos proxy already.
Also, don’t use the web browser that came with your phone. Some manufacturers and isp’s might enjoy adding tracking into those. Some, like Apple, even got caught not encrypting amy of that.
Side note:
- https everywhere is pretty much the standard in modern web browsers
- an adblocker can still help a lot in blocking trackers
- a secure dns you can find in your browser settings
Even with https if you aren’t on TLS 1.3 the SNI (server name indicator) is not encrypted so the hostname you are trying to access would be visible to your ISP.
Forcing your browser to only use TLS1.3 would fix that but who knows how many sites it would break.
Oh, good catch! I have to say I don’t usually look at what specific tls version websites use. I’ll be paying attention to this for a bit
With Portmaster on desktop, InviZible Pro on mobile, using an privacy Search engine (eg.Andisearch, Startpage, Mojeek, Metager, etc.), an ad and trackerblocker and common sense.
The only thing you gain from VPN is that the target server does not know your IP.
HTTPS is safe anyway and as such also the content of what you do.
The only other way you may leak information are DNS queries.
without encrypted client hello (which isn’t really adopted) the hostname ist submitted in plaintext, unencrypted. so the ISP can totally see which websites you‘re going to, even it you use a secure dns server
That should only happen with SNI, no?
What to do about dns queries? In the privacyguides video i saw when we use a encrypted dns isp only see the ip address. So queries are hidden right ?
The queries are known to the DNS provider. Only thing is to use one you trust.
Couldn’t you run a DNS resolver that pings the authoritative servers directly? Yes initial requests will be slower
Who says the authoritative servers aren’t logging requests?
True but it seems to me that it’s an advantage to have your IP logged in this more decentralized way. most resolvers also cache the answers so it would be only logged the first time you visit a website.
Orbot
It does not answer the question but this application has been useful to me in the past.
InviZible Pro combines the strengths of Tor, DNSCrypt, and Purple I2P to provide a comprehensive solution for online privacy, security, and anonymity.
To start using InviZible Pro, all you need is any Android phone. Just run all three modules and enjoy safe and comfortable internet surfing. However, if you want to get full control over the application and your internet connection – no problem! Provided access to a large number of both simple and professional settings. You can flexibly configure InviZible Pro itself, as well as its modules – Tor, DNSCrypt, Purple I2P and Firewall to satisfy the most non-standard requirements.
InviZible Pro is an all-in-one application. After installation, you can remove all of your VPN applications and ad blockers. In most cases, InviZible Pro works better, more stable, faster than free VPNs. It does not contain ads, bloatware code and does not spy upon the users.
