Is it possible to completely hide one’s activity on the Internet from one’s ISP?
As the years go by, I’ve become increasingly annoyed (I choose that word intentionally) at the thought that there’s some “record” of my activity on the Internet somewhere, which was probably put together by my ISP. I “don’t have anything to hide” (other than perhaps the one or other ROM or movie that I download), but I also don’t want to randomly get fined or put in prison if, in a few years, our governments decide to retroactively criminalize certain activities (I’m thinking mostly about piracy).
I’m not tech savvy though. That’s not because I haven’t tried. I have. I spent countless hours reading about how one can keep one’s activity on the Internet “private”. To my knowledge, it isn’t actually possible. I mean, even if I didn’t use my real name anywhere, or didn’t have any social media accounts (thankfully, I don’t), just the fact that I have to use an ISP to surf the web means that at least they are “spying” on me.
So, I’m approaching all of you wonderful, tech savvy people (rather than ChatGPT or a search engine) to ask you if there’s something that I’m missing, and if there is a way (preferably a fool-proof one) to stop my ISP (or “anyone” for that matter) from collecting data on my activity on the Internet (particularly when I download ROMs or movies, which is the only “illegal” thing that I ever do).
I feel like this is the perfect application of a VPN. You also get the ability to gain access to regional streaming services like the BBC iPlayer and CBC in Canada.
A somewhat relevant stackexchange answer has a good summary:
If you're just wanting to download stuff, you can also think about getting a seedbox. That has other benefits which are outside the scope of this issue.
Thank you. This is helpful information. What VPNs would you personally recommend? Also, they’re all paid, right?
The trustworthy ones are paid. Not all paid ones are trustworthy, but none of the free ones are.
Do note that a VPN doesn't remove the need to trust someone to deliver your traffic. The only time this is helpful is if you trust the VPN more than you trust your ISP. In particular, if you're going to use one for illegal activities, you want it to be run from a place where the government you're worried about can't just order them to turn against you.
You should look at https://www.privacyguides.org/en/vpn/ for more info + recommendations. I can vouch for both Mullvad and Proton VPN (though recent actions from Proton's CEO may conflict with your political alignment.)
There is far more to the story than just a single tweet. The overwhelming majority of Proton's actions and Andy Yen's behavior point to a liberal bias, not being a Trump supporter. I've shared it once but nobody seemed to care, but please at least skim this to get a better idea: https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
The Andy Yen smear campaign is pretty much a textbook case of propaganda at work. It is kind of amazing. Over the course of a month, it become a given almost everywhere that this guy is a right wing tech bro douchebag. Almost everyone believes it, and there are lots of post on Reddit and some posts here about people abandoning Proton and finding replacement.
That medium link isn't the first thing I've read in it, but I think it is the best summary. If I had to summarize it, it would be that Proton and Andy Yen give money to organizations that directly support the things that people who are "cancelling" would support; things like free press, supporting women in tech, Ukraine (10% of profits!) and more! But because people (and I include myself, I believed it initially) lack the ability to follow through and read everything, they are taking actions that are likely diametrically opposed to the actions they actually want to take.
I would guess that this is a combination of two things: disinformation from sources that attempt to discredit donors that support rights and freedoms - ie. Russia or TrumpMusk or China - and the fact that "the left" often gets very caught up on policing itself and whether people are left enough.
The backlash here is like a perfect case study for why Trump is in power.
Not done reading it yet, but maybe its worth posting this as its own post if you want it seen and spark a discussion. Comments are more easily overlooked. Also the intial incident had its own post back in january as well.
Both Mullvad and Proton can be paid for in cash btw, if you don't want them to have any paymend record linked to your identity. Mullvad is based in Sweden, while Proton is based in Switzerland - both countries with decent privacy laws.
In theory you could also chain two different VPNs, but that's a bit more complex to set up than simply using one.
Also Tor is always an option if you want to hide your identity when you publicly express an opinion (e.g. text based communication on forums) but don't need high speed data transfer of large blobs (e.g. video streaming). Simply put, Tor is a distributed network that when used routes your connection via three nodes in different countries run by different people, adding one layer of encryption between each node. This way only the entry node knows you, and only the exit node knows who to connect to. Using Tor will slow you down considerably, but is useful if you want to circumvent censorship and maintain anonymity. (Services exclusively accessible via Tor is what you may have heard colloquially referred to as the 'darknet'.)
In theory it is also possible to combine Tor with VPNs, but you should really know what you're doing if you go down that path, as it's rather easy to mess up your setup and decrease your anonymity instead of increasing it. See this Tor Wiki page for more information on that approach.
Not the same, but Mullvad has multihop support so it does more of a tor-like routing with separate entrance and exit nodes.
Proton does as well. They call it secure core. You might experience reduced bandwidth if you use it, but your traffic is guaranteed to first be routed through one of their high security servers in Iceland, Switzerland or Sweden before being forwarded through one of their other servers in a different country.
As you said it's not exactly the same as chained VPNs. What this multi hop setup does protect against is one of their location being compromised, as traffic still runs through a second one. It still requires trust in the VPN operator as a whole though, since both hops are under their control in some way. If you chain different VPNs you actually gain the advantage of still having a secured connection even if one of the providers is compromised or acts maliciously.
Would recommend either, but cancelled with proton as leadership is very much not in line with my political views. Mullvad is also faster and I prefer it as it works really well for a bit more advanced users as well as having a good app.
Yeah, if you don't pay for it then you should really worry about how the provider is making a profit. VPNs are great for dodging your ISP while they LARP as the MPAA's foot soldiers but you are giving the VPN operator all of your traffic in order to do that.
I can't really give a recommendation, the service I use (Windscribe) has raised the price and their quirks (e.g. temp port forwarding) are annoying and have involved me actually writing software to automate around.
My only advice is pay attention to where the company is operated, look for no logging in their privacy policy, find if they have servers near your location, see if they offer port forwarding (a feature that's getting rarer but is vital for torrenting), and do they have support for wireguard.
One thing I like about Windscribe is that they have a free tier that suits me just fine. I only need a VPN once in a blue moon, so my usage falls well under their paid threshold.
CBC shoutout 👍👍
First, the bad news. There is no such thing as truly foolproof; security is hard as hell to get right, and edge cases can and will bite even the most seasoned of security professionals.
The good news is that you can get to 99% pretty easily.
Step 1: Get a VPN that has a proven no-logs policy. I used NordVPN.
Step 2: Set up an internet kill switch (Most VPNs have this option as part of their software), so that if you ever lose connection to the VPN, it kills any app you don't want communicating.
Step 3: Always use it.
Bonus Step: Set your regular DNS in your router to something other than your ISP's servers. I use 1.1.1.1 and 8.8.8.8. [edit] The other commenters are correct in that there are other, more private options available. I mention these two because they are easy to remember, and are still a step up from the ISP-provided ones, which you should never use, if possible.
Also, keep in mind that browser fingerprinting is incredibly effective. It is very easy for a website to know who you specifically are. Use LibreWolf or Tor. At the very least don't use Chrome, which is an advertiser's dream.
Using either Cloudflare or Google DNS sounds counter productive. If you want to leave as little of a trace behind, I’d explicitly stay away from those two.
Furthermore, DNS isn’t encrypted, so anybody can inspect the traffic as it passes by.
I was about to comment the same. Most VPN providers also provide a DNS, if you are already trusting them with your traffic it makes sense to me to also use their DNS.
If you even want to go as far as always using a VPN because it comes with plenty of downsides. Something I commented about elsewhere.
Thanks to DoH (DNS over HTTPS) it is possible to encrypt DNS queries now
Or (for the sake of completeness) with DoT (DNS over TLS). They are two different protocols that have been developed separately, both with the goal of encrypting DNS traffic, and both with their own advantages and disadvantages.
Furthermore there's DNSSEC to authenticate DNS queries.
That being said I'm not sure how DoT/DoH (or generally transport encryption of DNS queries) is relevant to Google and CloudFlare not being the DNS Servers of choice. The DNS Server you're talking to will always be able to read its content. It needs to to perform its intended task.
If you're using oblivious DoH (ODoH), that mostly shouldn't matter.
DNS over https is pretty common now afaik. I think it's on by default in chrome and Android so I'd assume it's also on for most OSes and browsers. It's often called secure DNS or private DNS in the settings. I'd choose Google or Cloudflare with secure DNS than an ISP's DNS if it's not encrypted.
I should have gone in to more detail- when you're using a VPN, you're using their encrypted DNS. My suggestions for CloudFlare and Google are for the home router in general, as the numbers are very easy to remember, and are a step up from the ISP provided ones.
For privacy get Mullvad, you can go full tinfoil and pay for it in cash. They have no accounts, just an ID. They know nothing, like John Snow.
It sucks for getting around geolocked content though.
If you want to get into other countries streaming content, NordVPN is by far the best.
As an analogy, internet is like sending a mail. You could write your message in a postcard, where everyone can read the back of it. Or if you use VPN or HTTPS it's like sending it in a sealed envelope where the post office still need to be able to read the destination otherwise they don't know where to send it to, but they can't see the contents.
VPN is like a package forwarder, where you send everything to them (still via your local post office) and they'll unwrap it and resend it from them. But that still means you'll have to trust the VPN's post office and all the distribution centers the mail goes through. On top of that, the VPN provider may also record your information. A good VPN would allow you to sign up with fake name and pay anonymously to ensure they don't know anything, but when you send data through VPN they'll need your real internet address to forward the reply back.
Even when using package forwarder, your local post office still see that you only send everything to just one recipient (unlike most people), and also they still get to weight your mail in both direction, which may infer additional information. (Most people write to request information, so outbound mails are usually small and response large. Why are you sending heavy outbound mails?)
One problem with commercial VPN is that it is often used for nefarious purpose, such as hacking, web scraping or simply watching streaming from unsupported countries, the address that the forwarder uses are often end up on a ban list. You might not be able to access some services that you could have without VPN. This is like some retailer blocking freight forwarder addresses when checking out (looking at you Framework).
Tor works similarly to multiple layers of package forwarder. In fact it's in the name - "the onion router". You wrap your message with several layers of envelopes (like layers of onion), each addressing the next package forwarder. Each forwarder unpeel one layer and send it to the next. However, it is likely possible that one or more of the package forwarder you choose is operated by the feds; which means while they don't immediately know who you are, they may have other sources of information or behavioral analysis to correlate with. Of course it is also possible to use both VPN and Tor at the same time, with VPN in front of or after Tor.
Also, note that services often lie about your access with a commercial VPN. While some will tell you that you aren't allowed to access it from your IP, others will say they are having temporary technical difficulties, or will work until some critical point and then start failing with unknown errors, or will simply just be loading forever.
On the other hand, there are other options for VPNs, depending on what you want. I do generally trust a (rather small, local) ISP I have a residential connection with, and generally don't trust airport/hotel/etc connections not to be creepy, so I have a VPN setup that lets me connect through that residential connection. Services all work, because I am simply connecting from my house. It helps that it is a fast fibre connection. This setup doesn't help if I actually don't want my connection looked at even by the local ISP, in which case I would use Mullvad, but it can be convenient for some things.
That's a good suggestion. I personally use Tailscale which is free for up to 100 devices. You can setup VPN exit node in your home, which they heavily suggest an Apple TV for some reason. (I use my home server, as I find mobile OS clients unreliable).
The speed depends on the connectivity magic ("NAT hole punching") that connections on both ends support. In the best case it could be almost as fast as your local connection.
Tailscale also integrated with Mullvad (which you have to buy though them, cannot bring your existing subs) which adds Mullvad locations to the app, and NextDNS (separate purchase, although it's really cheap) for DNS lookup.
To be clear, Tailscale does not comes with the "package forwarding center" (exit node). You're supposed to bring your own (which is simple to setup - a checkbox in the app and another in the web), or buy Mullvad through them.
Note that unlike privacy VPN, Tailscale is intended for corporate use so they do log the connectivity, but the actual communication is peer to peer in many cases (but not all!). Which means traffic does not go through them past the initial connection setup. Their account and billing is also quite not anonymous.
Man, thank you so much for the effort in putting this elaborate analogy together. This is absolutely genius. It actually helped me to understand these systems a lot better.
A bunch of people have touched on VPNs being the closest to what you are looking for. However, I'd also want to point out that they come with some downsides:
The annoyance you have with the idea of your provider having a record of your activities might outweigh these. But, I figured I'd put them on the table as well.
As a last note. The majority of traffic these days is encrypted through TLS (HTTPS) meaning that your provider can see that you visit certain urls but not the contents of that traffic. It still allows for profiling, but maybe not as detailed as you might think.
Just a few notes.
You can run your own VPN server for this purpose as long as you control a device outside your ISP's network. If you're worried about untrusted VPNs, just rent server space instead and run your own; it's not difficult. You can even run one through a friend's living abroad.
For HTTP traffic, even if your access to the remote endpoint is limited, you can also use a SSH tunnel (encrypted) and a proxy to route traffic through. SSH is versatile enough that you can run anything through it and basically every server is running it as long as you have general access to it.
In my experience some people here are wrong. Surprisingly, the reputation of server rental/colocation IP addresses is often worse than that VPN IP addresses. I suppose a device you control is more likely to be used for activities like scraping, scanning and spamming compared to having to use a second device and going through a shared, remote, potentially slower VPN. Some VPNs also block certain ports and activities that might denigrate their reputation (such as port 25/SMTP/e-mail).
Also, most VPN providers offer a vast amount of endpoints you can use, in various countries and ISPs. That means you can try them one by one until you find one that isn't blocked by the service you're trying to access.
Be mindful of ways your identity can leak even when using a VPN, like browser fingerprinting or DNS leaking.
Private VPN setups can be useful for a variety of purposes (- I have one as well), but anonymity is seldom the goal here, since you simply shift the issue from the ISP your client device uses to the ISP your Server uses. The anonymity properties are only fully realised if you run a VPN Server that a lot of different people use. Otherwise matching the traffic to you is way to easy.
If you have access to a location with a trusted ISP and just want to secure your connections from other (public) networks a private VPN server will of course do.
Right. The question is about preventing "my ISP" snooping though! Others have already explained there's always going to be an endpoint to any tunnel.
There's Apple's Private Relay if you happen to be an Apple user and can use Safari. It requires iCloud+ which costs $0.99/month for the cheapest plan. IIRC this mostly only applies to what you do in Safari, so if you're torrenting this is not for you.
The way it works is that when you try to visit a website, your request goes through 2 relays before going to the website you're trying to reach. The first relay knows who's making a request, but not where the request is going. The second relay knows where the request is going to, but not who the original requester is. In this way, your ISP will only know that you're making a network request to the first relay, but won't know the website you're trying to visit. Imagine this:
You: I want to go to tildes.net. Hey Relay1, I want to go to a website but I won't tell you where. The destination is written in a code that only Relay2 can decipher.
Relay1: okay, I know you are at IP address 123.456.789.1, and that you want to go somewhere, but I don't know where. Hey Relay2, I got a customer for you. Here's the note that shows where they want to go but I can't read it.
* At this point, your ISP can see you went to Relay1, but no other information except that, and since your request is out of your hands now, your ISP can't see the below activity.
Relay2: okay, so I can read the note and see that someone wants to go to tildes.net. I don't know who wrote it, just that someone did. I'll go to tildes.net and then give back what I see (encrypted) to Relay1 to pass to the customer. Going to the website now.
Tildes: oh it's my favorite user. They want to know what's on the front page. Okay, here's the information, encrypted so only the original sender can read it.
Relay2: I got a bunch of gibberish (that's what encrypted messages look like). I don't know what it says or who it's going to in the end. Here you go, Relay1.
Relay1: I got an encrypted message from Relay2. I I don't know what website gave them that message nor what the message says, but I know who's it going to.
You: I got an encrypted message back! I can decipher and read it.
Breaking up communication into multiple steps here increases privacy by having no third party know everything about what you want to do. If the two relays got together secretly to compare notes, then this doesn't increase your privacy at all. So it comes down to if you trust Apple. They built the system, they're always Relay1 at the moment, and they chose which companies can be Relay2.
So basically very similar to a multihop VPN setup, but restricted to a specific application's traffic.
Yes, but with simpler setup (a toggle in Settings) and some other important differences. Generally can't be used for dodging geographic restrictions since you can't set a country you want to be in. Relays endpoints used are cycled through so IP addresses can change frequently vs pretty static nature of VPNs (at least the ones I've used) per session. That cycling can improve privacy, although does nothing to help with fingerprinting so I hesitate to put any emphasis on that.
Dang. I can’t believe Apple offers this kind of service. Sounds like they take privacy serious after all. Thanks for sharing!
So there's multiple layers to this.
First, I would add that internet browisng by default now is much more secure than many people imagine. Almost all internet traffic is through SSL, and your browser will warn you if you go to a non-encrypted domain. With HTTPS, your ISP, or anyone on the network, or any man-in-the-middle, can only see where your requests are going, not the contents, which I imagine is most of what people are concerned about.
So, what if you do care about people knowing where you're browsing? A VPN could help. But I'd mention that it's mostly moving the issue. Now, the VPN will know everywhere you're browsing - to the ISP, you just really like talking to the VPN's server. So this can be a worthwhile tradeoff, IF you trust the VPN more than your ISP. That's an IF, not a certainty, though. IMO there's many VPNs that are more shady than your average ISP.
Many people are also concerned about ad-tracking. I would like to mention that a VPN offers little protection. Because you are using a consistent IP within sessions, and there's many other ways beyond IP address to identify a user, like browser fingerprints, it's pretty easy for the major ad-providers to figure out who you are on a VPN. It really doesn't offer any protection there at all.
Imo, for everyday folks, a VPN and a privacy focused browser should do like 99% of the trick for you. The VPN will see your traffic, so it's important to pick one that has a reputation for not keeping/handing over customer data. The browser should have robust settings for controlling what happens while you're online, on top of what's built into it. It's not really something you'll have to constantly tweak, but it's nice to have things to tweak if you decide to go further in obfuscating yourself.
Easy starting point - Mullvad VPN, Arkenfox browser, privacyguides as reference material. It depends a lot on what you're trying to avoid, what exactly will work best for you, but if your primary concern is keeping your ISP in the dark with your everyday usage, that should accomplish most (if not all) of that with very little time spent.
One helpful thing too, if you have accounts you do want to keep maintained and connected to things, is to grab multiple browsers and designate each for a single kind of activity. Like, one browser for Google, one for Netflix, that sort of thing, as if you had apps for them. Privacyguides has some writeups about different ways of organizing things depending on your use case/threat model. Developing a threat model is always helpful too, the site can walk you through that as well. It can be a real iceberg but with a threat model you can avoid stumbling through stuff that isn't actually relevant/beneficial.