The ISP in the middle riddle

Page 1 of 2 12 LastLast

  1. Posts : 668
    Win 10 pro
       #1

    The ISP in the middle riddle


    Dear Mystere,
    i move the discussion here if you don't mind
    because I think we were off topic...

    Mystere said:
    Your ISP can monitor everything you do on the internet.

    Actually, yes. Your ISP can still spy on you. There's something called a transparent proxy server that the ISP can put in between you and the internet, and those can decrypt your HTTPS sessions and record the info if they want. I'm not saying they do, but they can. The proxy server intercepts the HTTPS negotiation and acts as it's own HTTPS server.

    Here's an article about such proxies.
    How the NSA, and your boss, can intercept and break SSL | ZDNet
    Ok but are we talking about technical feasibility
    Is the ISP supposed to work like that? I think we are
    degenerating on the "thin foil hat" side here.
    Anyway thanks for the link and case closed for me
    and for the sake of the OP.

    Mystere said:
    Huh? What do you mean? I'm saying that not only is it technically feasible, commercial companies are selling proxy servers that do just that, and many many many companies use them, including ISP's. It's not tin foil, it's reality.

    This is a quote from the link:

    --If your company has set up the proxy correctly you won't know anything is off because they'll have arranged to have the proxy's internal SSL certificate registered on your machine as a valid certificate. If not, you'll receive a pop-up error message, which, if you click on to continue, will accept the "fake" digital certificate. In either case, you get a secure connection to the proxy, it gets a secure connection to the outside site -- and everything sent over the proxy can be read in plain text. Whoops. --

    What I understand is that someone has to put a fake certificate in my machine
    for this to work, otherwise i'll receive a pop-up error message that warns me
    that the identity of the site is not to be trusted.

    If what I understand is wrong i'd ask you, or someone with more expertise than me,
    to better explain to me in simple words ...
      My Computer


  2. Posts : 1,366
    Windows 10 Pro x64
       #2

    roy111 said:
    Is the ISP supposed to work like that?
    Of course they do. It's another potential revenue stream that was just made legal here in the US.

    You are getting worried about something minor. The only way to stay 100% private is to do away with all communication and connections. Just use your computer and the internet with some common sense and you'll be fine, following accepted good pactices and keeping your computer updated along with good AV software.
      My Computer


  3. Posts : 668
    Win 10 pro
    Thread Starter
       #3

    DeaconFrost said:
    Of course they do. It's another potential revenue stream that was just made legal here in the US.

    You are getting worried about something minor. The only way to stay 100% private is to do away with all communication and connections. Just use your computer and the internet with some common sense and you'll be fine, following accepted good pactices and keeping your computer updated along with good AV software.
    Hi, thanks for your replay,
    i'm more curious to understand how it is supposed to work, did you read the
    article in the link?
    The subject is if someone can somehow be in the middle beetween a PC and
    a secure connection with e.g. google (privacy is already gone here) so is
    all this https encripted connection and certificate authenticy just bullgarbage?
      My Computer


  4. Posts : 983
    Windows 7/64 Professional
       #4

    In my mind I try to keep it simple.

    1. If I'm online I'm susceptible to monitoring by who knows who or what.
    2. The only thing I can do in install security programs and be careful what I do online.
    3. Learn as much about security as I can.
    4. Their are some things I can't do anything about and still be online.
    5. Things worth stealing are not kept on my computers when that computer is online.
    6. Everything online has to go through my ISP and what they do with all that I have no control over.

    What is right or wrong has nothing to do with anything online.
    The only security I have concerning my ISP is; I do nothing worth monitoring.
    I understand that their can be 'A man in the middle' monitoring. Other than making sure the program is not on my systems, their is nothing I can do about it. So I don't worry about it.

    **All I do is keep my system neat and tidy and monitor my security that I have on my systems.
    I try to use my mouse and keyboard and brain wisely.

    Jack
      My Computers


  5. Posts : 5,201
    Windows 11 Home
       #5

    roy111 said:
    The subject is if someone can somehow be in the middle beetween a PC and
    a secure connection with e.g. google (privacy is already gone here) so is
    all this https encripted connection and certificate authenticy just bullgarbage?
    Note, that it is an old article and they are talking about SSL, most browser do not even support SSL anymore, TLS is a standard these days. So do not worry, if the connection is encrypted, it is encrypted.

    ISP can see, what domain you are visiting, but not the actual URL and other info. Lets say you visit youtube.com/someshadystuff ISP will see, that you are on youtube, but not the shady stuff. But if the whole domain is somewhat illegal, like howtobecomeaterrorist.com, encryption will not help you. :)

    For common browsing I use those (for sensitive browsing, I download TOR and remove it afterwards):

    1. Non-ISP DNS connected via dnscrypt, if the DNS requests are not encrypted, ISP can see them.
    2. Privacy search like StartPage or DucDuckGo, which is encrypted, SP shows images via proxy.
    3. HTTPS Everywhere addon, which makes sure TLS is enabled, if the webpages supports it.

    The best way is to use VPN, but note, that some leak, so make sure to pick the right one.

    That One Privacy Site | Simple VPN Comparison Chart

    VPN Testing
      My Computer


  6. Posts : 668
    Win 10 pro
    Thread Starter
       #6

    TairikuOkami said:
    Note, that it is an old article and they are talking about SSL, most browser do not even support SSL anymore, TLS is a standard these days. So do not worry, if the connection is encrypted, it is encrypted.

    ISP can see, what domain you are visiting, but not the actual URL and other info. Lets say you visit youtube.com/someshadystuff ISP will see, that you are on youtube, but not the shady stuff. But if the whole domain is somewhat illegal, like howtobecomeaterrorist.com, encryption will not help you. :)

    For common browsing I use those (for sensitive browsing, I download TOR and remove it afterwards):

    1. Non-ISP DNS connected via dnscrypt, if the DNS requests are not encrypted, ISP can see them.
    2. Privacy search like StartPage or DucDuckGo, which is encrypted, SP shows images via proxy.
    3. HTTPS Everywhere addon, which makes sure TLS is enabled, if the webpages supports it.

    The best way is to use VPN, but note, that some leak, so make sure to pick the right one.

    That One Privacy Site | Simple VPN Comparison Chart

    VPN Testing
    Thanks TairikuOkami,
    i find your explanation logical and coherent.
    I consider this solved.
      My Computer


  7. Posts : 668
    Win 10 pro
    Thread Starter
       #7

    Wrong reply sorry.

    TairikuOkami said:
    Note, that it is an old article and they are talking about SSL, most browser do not even support SSL anymore, TLS is a standard these days. So do not worry, if the connection is encrypted, it is encrypted.

    ISP can see, what domain you are visiting, but not the actual URL and other info. Lets say you visit youtube.com/someshadystuff ISP will see, that you are on youtube, but not the shady stuff. But if the whole domain is somewhat illegal, like howtobecomeaterrorist.com, encryption will not help you. :)

    For common browsing I use those (for sensitive browsing, I download TOR and remove it afterwards):

    1. Non-ISP DNS connected via dnscrypt, if the DNS requests are not encrypted, ISP can see them.
    2. Privacy search like StartPage or DucDuckGo, which is encrypted, SP shows images via proxy.
    3. HTTPS Everywhere addon, which makes sure TLS is enabled, if the webpages supports it.

    The best way is to use VPN, but note, that some leak, so make sure to pick the right one.

    That One Privacy Site | Simple VPN Comparison Chart

    VPN Testing
      My Computer


  8. Posts : 7,257
    Windows 10 Pro 64-bit
       #8

    Is Google DNS encrypted?
      My Computers


  9. Posts : 668
    Win 10 pro
    Thread Starter
       #9

    Althought I was not asking for advice on how to
    browse the web I thank you for your time

    Layback Bear said:
    In my mind I try to keep it simple.

    1. If I'm online I'm susceptible to monitoring by who knows who or what.
    2. The only thing I can do in install security programs and be careful what I do online.
    3. Learn as much about security as I can.
    4. Their are some things I can't do anything about and still be online.
    5. Things worth stealing are not kept on my computers when that computer is online.
    6. Everything online has to go through my ISP and what they do with all that I have no control over.

    What is right or wrong has nothing to do with anything online.
    The only security I have concerning my ISP is; I do nothing worth monitoring.
    I understand that their can be 'A man in the middle' monitoring. Other than making sure the program is not on my systems, their is nothing I can do about it. So I don't worry about it.

    **All I do is keep my system neat and tidy and monitor my security that I have on my systems.
    I try to use my mouse and keyboard and brain wisely.

    Jack
      My Computer


  10. Posts : 5,201
    Windows 11 Home
       #10

    swarfega said:
    Is Google DNS encrypted?
    You need to use use dnscrypt to encrypt dns request, no DNS service can do it for you.
    It still needs to be supported though, Google does since 2016. Google Groups

    DNSCrypt - Official Project Home Page

    Interesting fact, some ISP or MITM, hijack DNS queries, eventhough Google uses DNSSEC.

    recdnsfp by recdnsfp
    Last edited by TairikuOkami; 22 Apr 2017 at 13:20.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:05.
Find Us




Windows 10 Forums