Page 1 of 2 12 LastLast
  1.    18 Apr 2017 #1
    Join Date : Apr 2017
    Posts : 167
    OS

    The ISP in the middle riddle


    Dear Mystere,
    i move the discussion here if you don't mind
    because I think we were off topic...

    Quote Originally Posted by Mystere View Post
    Your ISP can monitor everything you do on the internet.

    Actually, yes. Your ISP can still spy on you. There's something called a transparent proxy server that the ISP can put in between you and the internet, and those can decrypt your HTTPS sessions and record the info if they want. I'm not saying they do, but they can. The proxy server intercepts the HTTPS negotiation and acts as it's own HTTPS server.

    Here's an article about such proxies.
    How the NSA, and your boss, can intercept and break SSL | ZDNet
    Ok but are we talking about technical feasibility
    Is the ISP supposed to work like that? I think we are
    degenerating on the "thin foil hat" side here.
    Anyway thanks for the link and case closed for me
    and for the sake of the OP.

    Quote Originally Posted by Mystere View Post
    Huh? What do you mean? I'm saying that not only is it technically feasible, commercial companies are selling proxy servers that do just that, and many many many companies use them, including ISP's. It's not tin foil, it's reality.

    This is a quote from the link:

    --If your company has set up the proxy correctly you won't know anything is off because they'll have arranged to have the proxy's internal SSL certificate registered on your machine as a valid certificate. If not, you'll receive a pop-up error message, which, if you click on to continue, will accept the "fake" digital certificate. In either case, you get a secure connection to the proxy, it gets a secure connection to the outside site -- and everything sent over the proxy can be read in plain text. Whoops. --

    What I understand is that someone has to put a fake certificate in my machine
    for this to work, otherwise i'll receive a pop-up error message that warns me
    that the identity of the site is not to be trusted.

    If what I understand is wrong i'd ask you, or someone with more expertise than me,
    to better explain to me in simple words ...
      My ComputerSystem Spec
  2.    18 Apr 2017 #2
    Join Date : Mar 2015
    Philadelphia
    Posts : 1,174
    Windows 10 Pro x64

    Quote Originally Posted by roy111 View Post
    Is the ISP supposed to work like that?
    Of course they do. It's another potential revenue stream that was just made legal here in the US.

    You are getting worried about something minor. The only way to stay 100% private is to do away with all communication and connections. Just use your computer and the internet with some common sense and you'll be fine, following accepted good pactices and keeping your computer updated along with good AV software.
      My ComputerSystem Spec
  3.    18 Apr 2017 #3
    Join Date : Apr 2017
    Posts : 167
    OS
    Thread Starter

    Quote Originally Posted by DeaconFrost View Post
    Of course they do. It's another potential revenue stream that was just made legal here in the US.

    You are getting worried about something minor. The only way to stay 100% private is to do away with all communication and connections. Just use your computer and the internet with some common sense and you'll be fine, following accepted good pactices and keeping your computer updated along with good AV software.
    Hi, thanks for your replay,
    i'm more curious to understand how it is supposed to work, did you read the
    article in the link?
    The subject is if someone can somehow be in the middle beetween a PC and
    a secure connection with e.g. google (privacy is already gone here) so is
    all this https encripted connection and certificate authenticy just bullshit?
      My ComputerSystem Spec
  4.    18 Apr 2017 #4
    Join Date : Oct 2013
    Nothern Ohio
    Posts : 494
    Windows 7/64 Professional

    In my mind I try to keep it simple.

    1. If I'm online I'm susceptible to monitoring by who knows who or what.
    2. The only thing I can do in install security programs and be careful what I do online.
    3. Learn as much about security as I can.
    4. Their are some things I can't do anything about and still be online.
    5. Things worth stealing are not kept on my computers when that computer is online.
    6. Everything online has to go through my ISP and what they do with all that I have no control over.

    What is right or wrong has nothing to do with anything online.
    The only security I have concerning my ISP is; I do nothing worth monitoring.
    I understand that their can be 'A man in the middle' monitoring. Other than making sure the program is not on my systems, their is nothing I can do about it. So I don't worry about it.

    **All I do is keep my system neat and tidy and monitor my security that I have on my systems.
    I try to use my mouse and keyboard and brain wisely.

    Jack
      My ComputerSystem Spec
  5.    18 Apr 2017 #5
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64

    Quote Originally Posted by roy111 View Post
    The subject is if someone can somehow be in the middle beetween a PC and
    a secure connection with e.g. google (privacy is already gone here) so is
    all this https encripted connection and certificate authenticy just bullshit?
    Note, that it is an old article and they are talking about SSL, most browser do not even support SSL anymore, TLS is a standard these days. So do not worry, if the connection is encrypted, it is encrypted.

    ISP can see, what domain you are visiting, but not the actual URL and other info. Lets say you visit youtube.com/someshadystuff ISP will see, that you are on youtube, but not the shady stuff. But if the whole domain is somewhat illegal, like howtobecomeaterrorist.com, encryption will not help you.

    For common browsing I use those (for sensitive browsing, I download TOR and remove it afterwards):

    1. Non-ISP DNS connected via dnscrypt, if the DNS requests are not encrypted, ISP can see them.
    2. Privacy search like StartPage or DucDuckGo, which is encrypted, SP shows images via proxy.
    3. HTTPS Everywhere addon, which makes sure TLS is enabled, if the webpages supports it.

    The best way is to use VPN, but note, that some leak, so make sure to pick the right one.

    That One Privacy Site | Simple VPN Comparison Chart

    VPN Testing
      My ComputerSystem Spec
  6.    22 Apr 2017 #6
    Join Date : Apr 2017
    Posts : 167
    OS
    Thread Starter

    Quote Originally Posted by TairikuOkami View Post
    Note, that it is an old article and they are talking about SSL, most browser do not even support SSL anymore, TLS is a standard these days. So do not worry, if the connection is encrypted, it is encrypted.

    ISP can see, what domain you are visiting, but not the actual URL and other info. Lets say you visit youtube.com/someshadystuff ISP will see, that you are on youtube, but not the shady stuff. But if the whole domain is somewhat illegal, like howtobecomeaterrorist.com, encryption will not help you.

    For common browsing I use those (for sensitive browsing, I download TOR and remove it afterwards):

    1. Non-ISP DNS connected via dnscrypt, if the DNS requests are not encrypted, ISP can see them.
    2. Privacy search like StartPage or DucDuckGo, which is encrypted, SP shows images via proxy.
    3. HTTPS Everywhere addon, which makes sure TLS is enabled, if the webpages supports it.

    The best way is to use VPN, but note, that some leak, so make sure to pick the right one.

    That One Privacy Site | Simple VPN Comparison Chart

    VPN Testing
    Thanks TairikuOkami,
    i find your explanation logical and coherent.
    I consider this solved.
      My ComputerSystem Spec
  7.    22 Apr 2017 #7
    Join Date : Apr 2017
    Posts : 167
    OS
    Thread Starter

    Wrong reply sorry.

    Quote Originally Posted by TairikuOkami View Post
    Note, that it is an old article and they are talking about SSL, most browser do not even support SSL anymore, TLS is a standard these days. So do not worry, if the connection is encrypted, it is encrypted.

    ISP can see, what domain you are visiting, but not the actual URL and other info. Lets say you visit youtube.com/someshadystuff ISP will see, that you are on youtube, but not the shady stuff. But if the whole domain is somewhat illegal, like howtobecomeaterrorist.com, encryption will not help you.

    For common browsing I use those (for sensitive browsing, I download TOR and remove it afterwards):

    1. Non-ISP DNS connected via dnscrypt, if the DNS requests are not encrypted, ISP can see them.
    2. Privacy search like StartPage or DucDuckGo, which is encrypted, SP shows images via proxy.
    3. HTTPS Everywhere addon, which makes sure TLS is enabled, if the webpages supports it.

    The best way is to use VPN, but note, that some leak, so make sure to pick the right one.

    That One Privacy Site | Simple VPN Comparison Chart

    VPN Testing
      My ComputerSystem Spec
  8.    22 Apr 2017 #8

    Is Google DNS encrypted?
      My ComputersSystem Spec
  9.    22 Apr 2017 #9
    Join Date : Apr 2017
    Posts : 167
    OS
    Thread Starter

    Althought I was not asking for advice on how to
    browse the web I thank you for your time

    Quote Originally Posted by Layback Bear View Post
    In my mind I try to keep it simple.

    1. If I'm online I'm susceptible to monitoring by who knows who or what.
    2. The only thing I can do in install security programs and be careful what I do online.
    3. Learn as much about security as I can.
    4. Their are some things I can't do anything about and still be online.
    5. Things worth stealing are not kept on my computers when that computer is online.
    6. Everything online has to go through my ISP and what they do with all that I have no control over.

    What is right or wrong has nothing to do with anything online.
    The only security I have concerning my ISP is; I do nothing worth monitoring.
    I understand that their can be 'A man in the middle' monitoring. Other than making sure the program is not on my systems, their is nothing I can do about it. So I don't worry about it.

    **All I do is keep my system neat and tidy and monitor my security that I have on my systems.
    I try to use my mouse and keyboard and brain wisely.

    Jack
      My ComputerSystem Spec
  10.    22 Apr 2017 #10
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64

    Quote Originally Posted by swarfega View Post
    Is Google DNS encrypted?
    You need to use use dnscrypt to encrypt dns request, no DNS service can do it for you.
    It still needs to be supported though, Google does since 2016. Google Groups

    DNSCrypt - Official Project Home Page

    Interesting fact, some ISP or MITM, hijack DNS queries, eventhough Google uses DNSSEC.

    recdnsfp by recdnsfp
    Last edited by TairikuOkami; 22 Apr 2017 at 13:20.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
The Riddle to Vanquishing the AOL Demon
Does anyone here know how uninstall AOL off of Win 10? It's not my machine, and I've never touched it with a 39 1/2 ft pole, but a friend of mine made the fatal mistake years ago. Now, they upgraded to Win 10, as opposed to a clean install, which...
Software and Apps
How do I get middle click via a three finger tap with my touchpad?
So I recently purchased a new laptop that has Windows 10 installed (Acer Aspire E5-573G) and I would like to change the way the touchpad taps work. Specifically, I would like a middle click from a three finger tap. It's an ELAN touchpad, if that...
Drivers and Hardware
Taskbar middle-click not working for Firefox
Hello everyone, I upgraded to Windows 10 a little while ago, and while it has mostly been smooth sailing I have encountered a small glitch. Middle-clicking on things in the taskbar normally opens a new instance on the corresponding...
Browsers and Email
Middle Click Not Working Since Upgrade
I recently upgraded to Windows 10 from Windows 7 on my Lenovo Thinkpad T400. Prior to the upgrade I was able to middle click to open links in a new tab, close tabs, and scroll however now when I middle click it instead brings me to "Trackpoint...
Performance & Maintenance
Taskbar on the bottom MIDDLE possible?
I just got an ultrawide monitor (34") and I thought it would be awesome. But so far I am not liking the fact that the taskbar is positioned at the bottom left (and right). This means a lot of mouse travel and neck turning. In theory, the way to...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:44.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums