Considering my threat model is just preventing my ISP to know which websites I am visiting and to prevent my government (India) from tracking me, do I need to use a VPN?

Currently, I am using a trusted VPN provider with a permanent kill switch and am never off of the VPN. Today, I was reading IVPN’s homepage and it says, “A VPN can be effective at encrypting your DNS requests so your ISP or mobile network provider cannot monitor or log the domains you visit.” But as far as I know, DNS over HTTPS does encrypt the DNS requests. Right?

I regularly clean my cookies, use hardened browsers, etc. So is a VPN really necessary for me? Or shall I just shift to using Quad9’s DoH or something?

Edit - I am using the router provided by the ISP and I cannot change it because I am behind CGNAT. I can use a separate device and install PfSense or OpenWRT or something on it and use that as a firewall. Any suggestions there?

  • kevincox
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    TL;DR If you don’t want your ISP to know the sites you visit you need some sort of proxy (which can be accomplished with a VPN).

    There is lots of metadata about your requests. With a proxy your ISP can only see traffic volume. The contents are encrypted and all go to the same IP address. With just volume information it is quite difficult (but not impossible) to determine what sites you are visiting.

    Without any sort of proxy the ISP can see a wide variety of additional info:

    1. Which addresses you are connecting to. Can narrow down (and frequently pinpoint) what sites you are visiting.
    2. Domain of most sites you visit (via SNI) (for sites not using encrypted SNI which is most of them).
    3. Full info about unencrypted connections (consider turning on HTTPS only mode in your browser to avoid this).
    4. DNS queries if you aren’t using DoH, DoT or similar.

    It sounds like you are aware but please remember that while this will be hidden from your ISP it will not be hidden from your VPN provider. You are essentially just shifting trust. Another advantage can be frequently changing your IP to make it harder for websites to track you. If you want to hide from everyone you will need a better solution such as Tor.