AnswerBun.com

Securing internet connection with hostile ISP

Please excuse the lack of details, you can understand why. I have a friend in a foreign country who is certain that he is a surveillance target of his local government. Other people he knows in his same category have already had their internet connections spied on, and seen contents of their emails leaked. He refuses to use his local ISP because the government runs it, so he uses another means of internet but which is very unreliable.

He really would like to use a landline ISP for it’s stability, but knows he can’t trust it. I thought of setting him up with a serious firewall (like pfSense) with a permanent VPN tunnel to a provider that is based outside of his country.

Given these considerations, would this be a safe solution? Or rather if the ISP is compromised, are all bets off?

Information Security Asked by user242761 on December 29, 2020

1 Answers

One Answer

An encrypted VPN out of country is the classic approach.

Set up correctly, all the ISP will see is that there is an encrypted tunnel to the VPN.

Common VPN errors include:

  • Failing to make sure that all of the DNS traffic moves through the VPN
  • Failing to make sure the connection drops completely with no auto reconnect in the event the VPN is disrupted.
  • Failing to select an appropriately reliable VPN

The stronger and potentially easier solution in many cases is to use Tor. Simply download the TBB (Tor Browser Bundle) and use that for internet traffic.

The ISP can see that Tor is being used, but that's all.

In either case, use a reliable email service.

All of these tools are to protect against outside monitoring and intrusion. None will protect against foolishness such as logging into an identifiable account attributable to your friend and posting or emailing content you don't want attributed.

Answered by user10216038 on December 29, 2020

Add your own answers!

Related Questions

Nginx module security

1  Asked on November 21, 2021 by member2

 

Third party cookies – does secure, httponly matter?

1  Asked on November 21, 2021 by pang-ser-lark

 

Can input value escape a JSON object?

0  Asked on November 16, 2021

     

What is the Akamai Name Server I see for some big companies?

3  Asked on November 11, 2021 by hanan-n

     

What are ssh-keygen best practices?

4  Asked on November 11, 2021

     

How does openvpn work for only certain servers?

1  Asked on November 11, 2021 by relot

       

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved.