Privacy

0 readers

26 users here now

Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.

founded 1 year ago

MODERATORS

[email protected]

Your Internet Service Provider (ISP) can see all of the web sites you visit. (infosec.exchange)

submitted 6 days ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

Your Internet Service Provider (ISP) can see all of the web sites you visit.

Even if you visit a site that uses HTTPS, your ISP can see which site you visited (even if they cant see what specific data or web pages you went to).

Using Tor hides even which domains you visit. It's not a silver bullet (your ISP can see you went into the Tor network but cant see past that) but it can fit a specific threat model.

Using the operating system Tails - a version of Linux that pushes everything through Tor and doesnt save anything to your hard drive - can be a wonderful tool.

@[email protected] has written a comprehensive guide on what Tails is, how to use it and how not to use it.

Really great stuff and I can't wait to read the articles to come!

https://www.privacyguides.org/articles/2025/01/29/installing-and-using-tails/

#privacy #security #fightBack #LGBTQ #LGBTQIA #immigration #ice

top 5 comments

sorted by: hot top controversial new old

[–] uhmbah 7 points 6 days ago (1 children)

And..... VPN.

Although, this is not the first time I'm seeing Tails in a post. I better get up to speed.

[–] [email protected] 3 points 6 days ago* (last edited 6 days ago) (1 children)

Yeah, but this is just shifting the trust from your ISP to your VPN provider. Any reputable VPN will post third-party audits to show that they’re not keeping logs and are RAM-only servers. But even then, the VPN can 100% see what sites you’re visiting, and can link them back to you if they really want to.

Tor is more like cascaded VPN servers, where (unless the same group owns all three servers in the cascade) identifying who is accessing what is very difficult. Because the entry point (the first VPN server) sees you, and some encrypted traffic from the second node. The second node only sees encrypted traffic to and from the first and third servers. The exit point (third server) only sees the encrypted traffic from the second server, and who the traffic is going to. So unless you own at least the first and third hop (and perform a relatively complex timing attack, to match the traffic entering the network with the traffic exiting the network) then there’s no good way to tell what you specifically are accessing.

[–] uhmbah 1 points 6 days ago

Thanks for the explanation!

[–] [email protected] 2 points 6 days ago* (last edited 6 days ago)

DNS over HTTPS (DoH) and i2p might be work arounds.

[–] [email protected] 1 points 6 days ago

@[email protected] @[email protected] https://www.torproject.org/download/