Securing internet connection with hostile ISP

Question

Please excuse the lack of details, you can understand why. I have a friend in a foreign country who is certain that he is a surveillance target of his local government. Other people he knows in his same category have already had their internet connections spied on, and seen contents of their emails leaked. He refuses to use his local ISP because the government runs it, so he uses another means of internet but which is very unreliable.
He really would like to use a landline ISP for it's stability, but knows he can't trust it. I thought of setting him up with a serious firewall (like pfSense) with a permanent VPN tunnel to a provider that is based outside of his country.
Given these considerations, would this be a safe solution? Or rather if the ISP is compromised, are all bets off?

user10216038 · Answer

An encrypted VPN out of country is the classic approach.
Set up correctly, all the ISP will see is that there is an encrypted tunnel to the VPN.
Common VPN errors include:

Failing to make sure that all of the DNS traffic moves through the
VPN
Failing to make sure the connection drops completely with no auto
reconnect in the event the VPN is disrupted.
Failing to select an appropriately reliable VPN

The stronger and potentially easier solution in many cases is to use Tor. Simply download the TBB (Tor Browser Bundle) and use that for internet traffic.
The ISP can see that Tor is being used, but that's all.
In either case, use a reliable email service.
All of these tools are to protect against outside monitoring and intrusion. None will protect against foolishness such as logging into an identifiable account attributable to your friend and posting or emailing content you don't want attributed.

Securing internet connection with hostile ISP

One Answer

Add your own answers!

Related Questions

Can a website track your browsing history on other websites?

How do I access a website on my phone without it being able to determine that it was accessed from the same phone and location?

Performance comparison between ed25519 vs AES

Gaming Mods Security Risks

How to protect open ports for Services/Programs needed for network connectivity?

What is the standard way, if any, to announce via e-mail that you have a public PGP key and what it is?

Help! My home PC has been infected by a virus! What do I do now?

Is it advisable to accept STUN server connections?

Recovering NTFS encrypted files from a USB drive on a different machine

Software update process (dependencies) in organization

Is running software in Docker an allowable way to bypass FIPS 140-2 issues?

Why did TLS 1.3 drop AES-CBC?

School manages Google accounts, what can they do or see?

How email sent with S/MIME are stored?

Are FaceID/passcode logins secure over public WiFi/hotspots?

Format for data & symmetric key exchange/storage

Is it OK to store the user’s plain-text password in a claim?

Visual Studio Issues in shellcode delivery

MSTG-ARCH-7: All security controls have a centralized implementation

Oauth2.0 | How to manage user session in Single Page application running in an iframe?

Ask a Question