ISP Snooping — 3
I am looking at ways to avoid ISP snooping.
My first step was monitoring my internet traffic using Wireshark. My goal was to establish a base line of understanding.
Sending myself some test emails revealed much about what an ISP can see. Mails are plain text. Using TLS for password handshakes hides that critical information but not the content.
I have several email addresses. All support webmail but with most I use an email client. Some of the addresses are used for privacy reasons. Because email is transferred in plain text, I do not want a privacy invasive ISP to snoop those exchanges. Solutions include source-side encryption and using a virtual private network (VPN). A VPN hides content only from the ISP.
Webmail encrypts content, but the ISP will know the destination IP address and URL. Limiting when to use webmail seems possible only with a VPN.
DNS leaking is a common way ISPs snoop on customers. While HTTPS encrypts web content, the same is not true for DNS. There are new protocols being developed to resolve the problem, but those efforts are not without controversy. An immediate solution seems to be a VPN.
Hiding RSS feeds from a snoopy ISP are much the same as web content. Using HTTPS hides content but not IP addresses.
Accessing my blog presents challenges. My goal is to hamper a snoopy ISP from building a profile about me. I need to limit how and when I access my blog. A VPN would help, but more importantly I need to control usage habits. Inadvertent access to the blog provides a snoopy ISP information.
I decided my first step was to use a VPN.
I don’t use a smart phone. Similar to a VPN, using a smart phone could provide a way to create a portable local access point on a different network that would avoid a snoopy ISP. Unfortunately the house is located in a cell phone dead zone. That is a small point because the cell phone option does not satisfy the goal of avoiding a snoopy ISP. The mobile carrier is an ISP. Considering the shady privacy reputation of smart phone providers, perhaps that is not a sane idea.
There are two VPN options. One option is using an existing VPN provider. There are VPN providers that are free in cost, but there are caveats. Free in cost often means untrustworthy. The only way to obtain decent VPN service is paying for the service, which makes sense.
The other option is leasing space for a virtual private server (VPS). With respect to only avoiding a snoopy ISP, leasing an online VPS and hosting my own VPN seems sane. A notable difference is the VPS likely is to be the same IP address. That foils a snoopy ISP but not other snoopy people. Regularly changing the IP address adds some sand in the gears so to speak.
There are many such providers. I decided to start with ProtonVPN because they offered a truly free method. Other providers offered “free” services by offering a refund period. I like the history and ideology behind the ProtonVPN design. If my testing proves satisfying then a paid account would remove most of the limitations and restrictions.