Privacy@lemmy.mlbycertified_expert@lemmy.world
6 days

Protect myself from my ISP?

Noob here. This is probably the most repeated question, but I don’t know the technical terms to make the appropiate digging online, and thought of asking humans before slopping my way around.

I don’t trust my ISP or the government above it.

The ISP remotely manages the local network! So I installed a router of my own and my devices only to that one.

I would like to encrypt (?) anything that goes out of my own router, so my ISP doesn’t evesdrop what I’m doing even if they want to (I know I know… if they really wanted, they could just send friends to my house).

Using Linux, Android GOS, and Pihole. They live under a “picked-up-from-a-shelf” router; and that router under theirs.

(I cannot get a different ISP)

Thanks

18
    • eleitl@lemmy.zip
      2 days

      I also don’t trust my ISP nor my national government, which is why the bulk of my private Internet use goes over a fail-close VPN.

    • Anomaly@niwego.com
      6 days

      @certified_expert

      I don’t trust my ISP or the government above it.

      I think everyone here today doesn’t trust their ISP and government.

      Use a #VPN or #TOR,Your ISP will only know the destination point, all traffic will be encrypted through a #tunnel

      You said you installed a router. How did you configure the modem? In Full Bridge?

      Also start changing your #DNS, don’t use your ISP’s default ones

      • certified_expert@lemmy.world
        5 days

        My pihole serves dns. If not found, it goes directly to root tables (I forgot how they are called).

        The router, I just connected its WAN port to the ISP’s switch/router/AP. Within the LAN under my router I have DHCP sending everybody to do lookups to the pihole. I don’t know what full bridge is.

        The ISP’s modem/router/switch/AP, I cannot configure. It is a fucking “smart” brick remotely controlled.

        • Anomaly@niwego.com
          5 days

          @certified_expert
          so the modem that you have from your ISP it is not possible to configure it as, ONT,Bridge or Full Bridge . 🤔

          Since you are just starting out, I recommend you start by subscribing to a VPN, (don’t use the free ones)avoid tor for now, I use Mullvad which only allows 5 devices at the same time, but there are others, choose those that don’t keep logs.

    • ki9@lemmy.gf4.pwEnglish
      6 days

      VPN is the answer but keep in mind that you’re just moving the trust to the VPN (they can see your traffic).

      The web uses a request/response architecture. Your computer requests a cat pic from the server and the server sends a cat pic back. Your real IP address must be in the request… otherwise the response cannot be routed back to you. VPNs act like couriers making requests and receiving responses on your behalf. So:

      • The cat pic server sees traffic coming from the VPN provider and doesnt know who you are.
      • The ISP sees encrypted traffic to the VPN but doesn’t know what it is.
      • The VPN sees everything.

      Most web traffic is already encrypted with TLS but not the domain names and IPs (needed for routing).

      If you really want to be anonymous on the web, use tor, but it’s slow and many websites block tor exit nodes so you will have a degraded experience.

      • certified_expert@lemmy.world
        5 days

        If I use VPN, my isp will see that I send and receive gibblish to and from a single address (the vpn server), all over port 443, right?

        If I use TOR, what does my ISP see?

        • SitD@lemy.lol
          5 days
          1. yes
          2. the same, but probably to an even more unknown IP that is also changing frequently. the content itself should look equally random
    • scytale@piefed.zipEnglish
      6 days

      Other than a VPN, use a privacy respecting DoH provider on your router so all your devices use that instead of your ISP for DNS.

      • certified_expert@lemmy.world
        5 days

        My router’s DHCP service is pointing clients to the pihole for DNS. Should I run that on HTTPS too? Can the pi do that?

    • Auli@lemmy.caEnglish
      5 days

      I mean all they can really see nowadays is the sni. Only thing isnt encrypted anymore. And yes their is encrypted hello bit nobody seems to be using it.

      Sites are https so that is all encrypted set up DOH or DOT and your DNS is encrypted.

      • entropiclyclaude@lemmy.wtf
        5 days

        DoH is not as private as you think, that’s just how big tech positioned it.

        DoH encrypts DNS queries between your browser and the DNS resolver, it does not hide your browsing activity from the DoH provider itself.

        Google, cloudflare or any other 3rd party orgs still see your data.

        I have an open source firewall on gitlab if you wanna take a look. Blocks some IPs - I know it’s not much but fuck Palantir - I made it so their site won’t load.

        Blocks 50+ stalkerware apps as well as data broker trackers.

        I want to go back to it so you can wire in through my VPS and build it as a mobile app to block Gemini and Apple Intelligence from scraping your photos and texts and everything to train their models.

    • sic_semper_tyrannis@lemmy.todayEnglish
      6 days

      Once you put a VPN on your router, be sure to have a few servers setup so if one isn’t behaving right you can log into your router and quickly switch servers.

      • certified_expert@lemmy.world
        5 days

        How can I install a VPN client in a router? A simple soho device, like those tplink, dlink, asus… It doesn’t support openwrt.

    • Voxel@feddit.uk
      6 days

      A trustworthy VPN provider is your best solution here. Mullvad, IVPN, and ProtonVPN are common recommendations in the community. I would personally recommend against Windscribe; it is privacy-friendly but has had major bugs repeatedly in the past. If you want to go experimental, check out NymVPN and Obscura (Apple platforms only).

    • a4ng3l@lemmy.world
      6 days

      On top of client VPNs you might consider the possible other freebies from yr ISP such as router, WiFi access points and other network elements they provide you with. Set-op-boxes as well. All those equipments are absolutely ratting you as much as possible. Also any software including mobile apps they provide for support / billing / whatever.

      • certified_expert@lemmy.world
        5 days

        I think I am not understanding this comment. I’m saying I don’t trust the ISP. Why would I invade my house and phone with more of their gadgets?