Hacker News new | past | comments | ask | show | jobs | submit login

Sure, but still, which domains a person uses can say a lot about them. Not to mention ISPs have access to a wealth of other information about their customers including physical location (down to the address, they bill them)



Unless you have a friendly local ISP, I strongly suggest using a third-party DNS provider as well. OpenDNS is lovely for this, or piggy-backing on one that you know actually returns valid results (and doesn't sell the logs) is good.

If you're already a Google user, use theirs - they are still part of the surveillance-entertainment complex, but at least they don't lie about DNS.


An ISP can still see the sites you browse, even if you use HTTPS everywhere and don't use their DNS.

For shared HTTPS hosting (1 IP serving multiple domains), SNI (the domain) is sent in cleartext so the server can pick which configuration to use (SSL cert, etc). For sites that don't use SNI, they can still see you browsed there because without SNI, 1 IP = 1 domain.


You'll also need to use dnscurve. Setup an RPI as your local DNS resolver using dnscurve and have your router hand out your rpi as your lan's DNS resolver. None of this matters if you rent your router from your isp


I need a tutorial on setting up privacy protections against an ISP. Any recommendations?


No doubt, seems like there's a lot of opportunity to set up some clear-cut guides for dummies like me to protect ourselves. Kinda surprised there isn't a general guide from a VPN provider, would be a great opportunity to both upsell their services and promote whatever their staff (probably) care a great deal about (internet privacy).


> I strongly suggest using a third-party DNS provider as well.

I don't know the exact equipment and mechanisms used by ISPs today, but it's extremely likely that the surveillance works just based on sniffing every DNS packet, not just those sent to ISP resolvers.

Someone with a better knowledge of the current state of the art is invited to comment :)


But wouldn't your ISP have IPs that you connected to? Then it could do reverse DNS lookup and they have a domain. It's true that there can be multiple domains attached to single IP, but it does not change much.


Nit pick: Billing address and physical location can easily be different.

I'd expect the ISP to know where their wires go though. Unless they're wireless.


Even then, they probably know, albeit at lower precision.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: