Securing internet connection with hostile ISP

Information Security Asked by user242761 on December 29, 2020

Please excuse the lack of details, you can understand why. I have a friend in a foreign country who is certain that he is a surveillance target of his local government. Other people he knows in his same category have already had their internet connections spied on, and seen contents of their emails leaked. He refuses to use his local ISP because the government runs it, so he uses another means of internet but which is very unreliable.

He really would like to use a landline ISP for it’s stability, but knows he can’t trust it. I thought of setting him up with a serious firewall (like pfSense) with a permanent VPN tunnel to a provider that is based outside of his country.

Given these considerations, would this be a safe solution? Or rather if the ISP is compromised, are all bets off?

One Answer

An encrypted VPN out of country is the classic approach.

Set up correctly, all the ISP will see is that there is an encrypted tunnel to the VPN.

Common VPN errors include:

  • Failing to make sure that all of the DNS traffic moves through the VPN
  • Failing to make sure the connection drops completely with no auto reconnect in the event the VPN is disrupted.
  • Failing to select an appropriately reliable VPN

The stronger and potentially easier solution in many cases is to use Tor. Simply download the TBB (Tor Browser Bundle) and use that for internet traffic.

The ISP can see that Tor is being used, but that's all.

In either case, use a reliable email service.

All of these tools are to protect against outside monitoring and intrusion. None will protect against foolishness such as logging into an identifiable account attributable to your friend and posting or emailing content you don't want attributed.

Answered by user10216038 on December 29, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP