I changed the title from “Spying” to “Eavesdropping” because the article actually directly supports that it is “spying” on you, just not listening.
I changed the title from “Spying” to “Eavesdropping” because the article actually directly supports that it is “spying” on you, just not listening.
I live in a country where our ISPs are required by law to keep a record of our internet metadata. When ISPs have been subpoenaed in the past ths answer has often been “we don’t keep that data”.
So in that case we’re looking at a likelihood of 1 vs less than 1. So you’re wrong there.
Plus, I would love to hear your source on these probabilities you proclaim. Can you share how you know this?
You said “far more likely”, so one assumes you have the numbers.
There are definitely some VPN providers to worry about.
VPNs are a security tool but they don’t protect people as much as they think. They hide DNS traffic your ISP would have received, so that your ISP can’t tell everyone which cuckold or affair site you access (except you probably forgot to turn the VPN on one time or another so…)
Your ISP can still see IP addresses you connect to, they forward all your traffic. Good opsec is a nightmare. Ad blocking does more for less cost than getting a VPN will ever do (except for certain human rights circumstances but I’d wager they’re actually going to be careful).
My personal tip is use DNS over HTTPS/TLS where possible, and don’t use Cloudflare or Google. Ad an ad blocker and it’s far easier to setup and way more cost effective than VPN.
No they can’t. The ISP cannot see any traffic that goes to or from you while you are connected to the VPN, only that you are sending encrypted packets to/from the IP of the VPN itself. It’s the VPN that then sends your requests on to the site you want to see, and routes the reply from the site back to you.
DNS requests are a separate attack vector, but VPNs almost all offer a means of protecting those from scrutiny as well, and as you say, DNS over https/TLS is also resistant to snooping.
There are some more esoteric ways of spying on your traffic, but the likelihood of any of it being used against you is remote unless you are on the shitlist of a major corporation or government.
Ad blocking mitigates a different risk, which is that trackers on pages you visit will report your behavior to aggregators who sell that data. By all means, use an adblocker. Maybe two. But also be aware that some adblockers sell your data to advertisers (e.g., Adblock Plus: Ublock Origin appears to be less problematic). Or, if you’re a bit more technical, you can set up your network so that known data-collection output isn’t sent. There are even lists of known snoopware endpoints you can subscribe to so you can more easily block them. But the ingenuity of the data collectors is extreme, and it’s a continuing struggle.
Another potential source of leakage is your browser fingerprint (there are sites that’ll tell you how unique your profile is-- the answer is generally “enough to identify you.” There are extensions that can conceal that too.
Using a VPN will prevent your ISP from selling your IP logs to data brokers. It also obfuscates your IP to websites you visit to make their fingerprinting less precise. All your ISP can see is that you’re connecting to/from a VPN server through an encrypted tunnel and maybe some metadata like amount of data transferred.
Hard to compare value to free stuff like encrypted DNS and an ad blocker but a VPN definitely has protections you wouldn’t get otherwise.