Misinformation

youtube.com/watch?v=BkYay4Fsu4E

Theoretically what information can an ISP get from you?

Pretty much any website that's relevant uses SSL so all the ISP would know is that you visited a site.

They would know that you visit 4chins, but not that you're using Sup Forums, Sup Forums or whatever, nor would they know what you post.

Are people over-hyping this?

Other urls found in this thread:

eff.org/https-everywhere
torproject.org
arstechnica.com/civis/viewtopic.php?f=10&t=1169444
dnscrypt.org/
opensecrets.org/orgs/summary.php?cycle=2016&type=P&id=D000033563
opensecrets.org/orgs/toprecips.php?id=D000000461&cycle=2016
twitter.com/SFWRedditImages

I've seen the lists they have. They would see you visited Sup Forums.

Sup Forums org
Sup Forums org/g/catalog
Sup Forums org/g/thread/10000

etc...

if you use https they will only see that you visited Sup Forums.org not Sup Forums.org/g

if you use tor, they won't see shit ;)

use HTTPS everywhere plugin

eff.org/https-everywhere

and Tor

torproject.org

If you aren't using your ISP's DNS wouldn't they just see the IP you are making requests to?

So in Sup Forums's case I think they would just see TCP requests to Cloudflare ??

everyone should be using google dns or other

EVERYTHING

They're literally the man in the middle, they can harvest any piece of data you send over the wires.

Please don't be that dumb. HTTPS only encrypts content you put in a form and transmit to a server. It does not encrypt the actual domain you are requesting. This is why DNSCrypt is so important.

So they can see entire URL addresses, but they can't see the password you use to login?

If you are using your ISP's DNS then yes they can. If you haven't changed your DNS in your router to use Google or OpenDNS you are using theirs for sure.

You don't know what you're talking about. A MitM attack lets someone get your traffic. If it's encrypted traffic, like HTTPS, they cannot see what is being sent through them.

so that google can sell your information instead of the ISPs! top kek

>only encrypts content you put in a form

are you really this retarded?

can't wait until isps are allowed to decrypt our traffic and require us to use their certifcates

>can't wait until isps are allowed to decrypt our traffic and require us to use their certifcates
Just install this software to use our isp!

How about every time you visit a website it sends the incorrect information to your isp. Is this possible?

for normies: everything after the first slash is part of the request to the site, not the dns, and is sent after the handshake. isp can see the domain as you request the ip of the domain, nothing more

Their privacy policy says they delete search quarries within 24 hours and it isn't connected to your google account.

Surely they wouldn't lie to us, r-right?

Except like 50% of the internet is still not using SSL, and that means they can read everything you're doing
Also except the Utah data center the NSA has decrypts literally all your SSL traffic and stores it as

wonder if the same applies if you go into your account settings and turn off google account search history

for fuck sakes dns isn't encrypted you fucking idiots.

not if you're connecting over ssl.

How do you know major ISPs don't have private keys for certificates registered in the major certificate programs like apple, microsoft, chromium, and mozilla? You don't. ISPs have a LOT of fucking money. You're not secure. They could even bribe smaller CAs registered in the certificate programs for the private keys.. What's to stop them from doing that at this point? Bad press doesn't mean shit to these companies.

No one said it was?

>Pretty much any website that's relevant uses SSL so all the ISP would know is that you visited a site.
The ISP can MITM your SSL connections.

>Get Wireshark on a laptop
>Open websites on Desktop
That is what they can see. All the sites you visit, the content of the sites, images, everything.
>But muh SSL
Heartbleed is still a problem.
>but I can use Tor
Which is being monitored by the three letter government agencies of the US, and many nodes are even run by them.
>But I can use a VPN
Something tells me that many companies will get a humongous amount of money to provide the government with access to their servers, if they don't already have.

Get a VPN outside the US, and even EU. Install the VPN, using OpenVPN on the router, not on the device itself.
For the extra paranoid, use SSH as a socks proxy.

The best thing about this is that someone on Reddit started a fundraiser to buy Congress's browsing history, raised $150.000 and got away with it lel

>tfw ywn motorboat that coalburner's titties

Do you have any evidence of ISP's ever doing this, and wouldn't this require single targeting? how would they pull that off and why?

>Heartbleed is still a problem.
You need to stop posting asap. Just stop. Heartbleed was a problem for SERVER security. If someone's still using outdated SSL on their server, their privkeys are likely of no use (not an important target)

I have no evidence of them doing it but they are uniquely positioned to do it because all your data will go through their network.

And it is within their capabilities.

>how to defeat
Elect non-republicans on house/senate, particularly democrats. Both mid-terms and presidential.

see

arstechnica.com/civis/viewtopic.php?f=10&t=1169444

>many companies will get a humongous amount of money to provide the government with access to their servers
The US government wouldn't pay to get access...they would just get the access.

At first glance I thought this could be explained as a simple DNS error. But he goes on to mention that it was just the certificate header that was changed. That's intentional. That's some fucked up shit right there. Clear evidence of a poorly done MITM attack conducted by suddenlink.

it's a better deal than the ISP since they can't necessarily put a name to the address

even in the ISP's case this isn't a sure thing for multi-member households

Now imagine how many routers out there are doing it correctly while you trust the little "s" at the end of https, going about your business as if nothing is wrong.
I would say, there should be a browser extension that goes an extra step and verifies the hash of a certificate against a number of global internet providers, but that's a temporary solution since it can be defeated easily.. It's only a matter of time before every ISP is successfully running MITM attacks.

why is everyone so worried our guy is going to veto

ipv6 will take care of that.

No. The Gov't would pay. That's the reason why ISP would want this data in the first place.

Look at the iPhone hack. FBI paid up to get into the phone. They all do.

Mfw the public interest towards Internet privacy is due to normies using social networks, clicking on every ad, and accepting every possible contract with third parties. Same with smartphones. Now they blame the government who is giving up their right to privacy - well it's not something they really cared about until now right?

People love to fear monger and be outraged about everything. especially privacy, all the while using Android and iOS on a device that defaults to a non-secure cellular connection without complaints in software (law enforcement uses this).

Really if you think about it though, this whole thing does sort of open a lot of doors for the data niggers and advertising companies out there unfortunately. There will be more private firms in metadata extrapolation. It'll all trickle down, after it's been used by one company, it can still be sold again to another. The data doesn't necessarily degrade in value, depending on how much of it can be purchased.

To sum up my post here: Nowadays, If you put your data through a network that you didn't build entirely YOURSELF.. it's no longer your data. Get over it. You don't have rights to privacy no matter what part of the world you're in. If you're connected to the internet, you're generating data. That data is worth money, and it's traveling through a network that you don't own.
>inb4 MY ENCRYPTION THOUGH
yes. you can encrypt data.. but that's not worth much now that we have parallel processors and exploits + backdoors are being found and used by security agencies on a near daily basis.

MITM + Heartbleed?

I don't know what you're asking here. Are you asking if it's possible to exploit a proxy server? Yes. If they're stupid enough to run deprecated software.

FBI paid an individual to do it. With ISP it will be "Give us access or say goodbye to your license."

An ISP has the horsepower and resources to act as a MITM attacker, spoofing the servers. Everything is routed through them. That was my point.

Yeah. They do. Who knows what private keys they have. Your browser nay not even complain.

Heartbleed has nothing to do with that.

You know that comment you typed, but then deleted and didn't post?

They know you typed it.

Can't see what's being sent but they can see who it's being sent to. For some people, that's enough information.

i actually want to start a DNS server on a old PC I have here, going to try to block advertising by DNS blocking. any sugestions on what else to do with the DNS server/software to use?

Well for starters, you don't have to host a full dns server.
dnscrypt.org/
Recommend running in your router, or as a service/daemon if you direct connect to your modem.

>Theoretically what information can an ISP get from you?
online activity, mobile app usage, financial information, medical information, your children’s information, your social security number, content of your emails, geolocation information, etc

user not shitting on your suggestion but that's no different than just using a third party DNS, who number one, I have no idea who they are or if I could trust them, the way things are, I rather trust google DNS than a user's DNS server who i don't know what he's going to do with my data.

Number 2 it would be a good learning experience and maybe my idiot brain will be able to learn something new.

Well you can still host your own dns using dnscrypt see server option.
You can then setup keys for yourself and connect while away from home using your home dns server that only accepts your keys.

>source: infowars
you have proven yourself to be politicly and technicly illiterate, there is nothing that anybody could do to you to harm you that you have not done to yourself already.

i entertain for you the train of thought:

every interaction that your computer has with the internet that is not over a VPN+secured DNS is most likely recorded by your ISP.

SSL secures the content but not the packaging.

every time you type a IP or URL into your address-bar without a secured DNS will most likely broadcast what you are looking for over the internet(since most browsers want to prefetch the site for you).

HTTPS does not protect from being "spyed" on it secures the integrity of the connection (no hijacking of the connection and authentic owner of the domain you connect to)

In effect this bill allows for domestic spying without warrant since the relevant data are publicly available and not protected by privacy laws. your web history allows for a complete profile like a finger print to complete a picture with all the rest of the data you leave behinde publicly on social media etc.

the important thing about dnscrypt is that it encrypts the requests to the server while most public and isp dns servers reply in plain text

Don't use those sites then. The only one I use without SSL is DeviantArt to upload my shitty art, and if my ISP wants to sell my info to someone, then they can go ahead and advertise my DeviantArt account, I don't care. Give me those sweet views NSA.

But honestly, I only recently noticed that DeviantArt isn't using SSL, what's up with that. Major website, 2017, what the hell.

>NSA has decrypts literally all your SSL traffic and stores it as
Joke's on them, I changed my browsing habits ages ago. I am the most boring person in the universe.

>Infowars

YES, google/facebook is shilling this because they want total monopoly over selling data, ISP competition in that realm would be destroyed.

Opensecrets shows facebook/alphabet inc donated to clinton & bernie, HMMM

Imagine being on this many layers of delusion that you would actually defend this. This is your brain on pol

opensecrets.org/orgs/summary.php?cycle=2016&type=P&id=D000033563

>I've seen the lists they have.
if you use http, that is correct. Using https, they can oly see
Sup Forums.org
Sup Forums.org
Sup Forums.org

etc...

^^^

>y-yea goy! just elect democrats whose campaigns are funded by ISPs for your internet privacy! having millions of muslims invited in to rape and murder everyone is way more preferable than having your isp "sell" your data like every other tech company already does.

>this is what republicans actually believe

Guess which candidate Comast MSNBC didn't donate or shill for?

opensecrets.org/orgs/toprecips.php?id=D000000461&cycle=2016

They are very literally the man in the middle. They get EVERYTHING.
If it's not encrypted they can actually read it too.

No use arguing with some of these people. It's fucking sad what's happened to this board. This place used to value privacy over anything else and now we have fags bending over backwards trying to justify this garbage because of partisan beliefs.

>This place used to value privacy over anything else
if you value muh privacy which you never had or ever will have no matter what bill they pass "over anything else" then you are a low IQ memelord who should kill himself before affecting anything else in the political or technological spheres.

Yes it's overhyped to fuck and back.

The privacy protections that were removed never actually existed. What the bill actually did was block a policy that was created last October and had not yet been put into effect

>The privacy protections that were removed never actually existed.
Yes it did, under the FTC consumer protection laws.

The law that was passed, was as a response to the AT&T vs FTC lawsuit that established that since internet service had been moved to common carrier service under the FCC, it was no longer protected by the FTC.

>What the bill actually did was block a policy that was created last October and had not yet been put into effect
It also gave the green light for ISPs that this behavior will not be persecuted.

took too long for this post i must say

not without js they wouldnt

who is the qt on the right?

she gets paid by alex jones to shill his water filters and fuck niggers on the side

That is Lea Ann Mcadoo. A wonderful Trump supporter against smelly liberals.

whats your username? i am interested uwu also fug deviantart, go to twitter