-3

Id like to protect myself as good as possible from my ISP. I am aware of the fact that they could forward my requests to possible fake Websites containing malicious scripts or plug-in content.

Usually i am using an encrypted proxy so it would be hard for them to monitor what i am doing and then in the right moment forward me to a malicious site looking the same like the site i am trying to reach but containing malicious content.

Lately i have noticed that my connection if i am doing unencrypted stuff is getting very slow, as if the provider scrutinizes my connection by slowing it down to see what i am trying to do. Then he could present the fake content to me by forwarding me to a fake site. So in case of youtube or other streaming sites that require javascript this would be a perfect possibility impov for the ISP to forward me to its own servers containing their version of the site i am trying to reach containing malicious scripts.

Also on some sites the captchas seem to be impossible to solve if one is using either a proxy or has js disabled so those could be also a perfect possibility for the ISP to strike in orther to invade the privacy of their users.

Is there any way i could protect against such threads besides doing all my streaming inside a virtual machine or even better on a seperate pc?

Junior J. Garland
  • 677
  • 5
  • 15
  • 2
    HTTPS should protect you against most of the threats you've described (even more so than simply using plain HTTP over a proxy). Are you using HTTPS and if so who is the CA who signed the certificate of one of these "slow" sites? – thexacre Jun 04 '15 at 00:24
  • 1
    title does not match the question - how does using a VM help with what you are asking? – schroeder Jun 04 '15 at 02:23
  • @thexacre: yes i think https plus proxy would be a sufficiant protection. The second part of your answer i don't understand i will look into this when i find the time and update the thread here. – Junior J. Garland Jun 07 '15 at 21:10
  • @schroeder: youre right in that case a virtual box would not help if i have an internet connection on the host and sending DNS requests with it. – Junior J. Garland Jun 14 '15 at 01:03

1 Answers1

1

Connect to a VPN service, such as AirVPN, BolehVPN, iVPN or PIA. Use the stock OpenVPN client. Setup firewall rules to prevent non-VPN connections. Make sure that you're not using your ISP's DNS server(s). Install VirtualBox, and run a Linux VM, NATed to the host. All of its Internet activity will use the VPN running on the host.

Edit: End-to-end encryption is also crucial. However, root CAs can't be trusted, and so HTTPS alone is iffy.

Edit: I forgot an obvious step. You must have at least a NAT router/firewall. Many home routers have a basic firewall, but you may need to enable it.

mirimir
  • 726
  • 4
  • 11
  • A VPN only obscures your identity and encrypts just part of the route. The VPN provider, or any ISPs carrying your traffic beyond where the VPN terminates can still view and manipulate your traffic. TLS on the other hand ensures that no intermediate party can observe or manipulate your traffic, and also resolves the issue of DNS manipulation. I don't think your answer strongly addresses the threat of a hostile ISP. – thexacre Jun 04 '15 at 05:51
  • OP is asking about *his* ISP, not about ISPs generally. And yes, end-to-end encryption is also crucial. But HTTPS is not so great, because root CAs can't be trusted. – mirimir Jun 04 '15 at 07:00
  • Air VPN seems resonably priced...do you know who is running it? If i understand it correctly the DNS part of the connection is getting tunneled when using a VPN and so the ISP would be unable to perform DNS based attacks is that right? – Junior J. Garland Jun 09 '15 at 22:05