VPN's ?.

[ColinJ]

Of course they can. The URL is the address they send you to. Anything in the URL is visible to all the hosts you pass through.

And even if that wasn't true, your privacy is only protected as long as you don't click any of the search results. As soon you click a link, again your internet provider know where you go.

Surely the only thing that the ISP knows is that you are connecting to 'A-VPN.com' and A-VPN.com are sending you 'some stuff'?

Obviously, you have to trust A-VPN.com to not tell anybody what you are up to!

 

[keithmac]

It's not privacy related really, Virgin Media have gone apesh1t on site blocking so looking for a way to circumvent their efforts!.

Speed will be an issue but I'll see how I get on.

Thanks for the recommendations!.

 

[jefmcg]

Surely the only thing that the ISP knows is that you are connecting to 'A-VPN.com' and A-VPN.com are sending you 'some stuff'?

Obviously, you have to trust A-VPN.com to not tell anybody what you are up to!

Yes. I was saying that just changing duckduckgo.com doesn't offer you much privacy.

Using a VPN certainly does.

 

[Ming the Merciless]

Of course they can. The URL is the address they send you to. Anything in the URL is visible to all the hosts you pass through.

And even if that wasn't true, your privacy is only protected as long as you don't click any of the search results. As soon you click a link, again your internet provider know where you go.

The only think that duckduckgo.com protects you from is (partially) Google.

Not over https it is not. The only thing they can see of your search is the host name if they look at the DNS lookup. You browser sends the request to the IP address returned by the DNS lookup not to an URL. Duckduckgo enforce SSL. SSL occurs in the TCP layer and happens before the HTTP exchange. The HTTP exchanges are over an encrypted TCP connection, a lower layer in the network stack.

 

[Tin Pot]

SSL is point to point, not end to end, but it does make confidential the content of your interactions with a website from your ISP.

Whether that website is protecting your privacy or not is a crap shoot...almost certainly they are piping all sorts of crap into you browser through advertising and cookies, let alone who the fark knows what happens on-mouse-over or if you click anything.

And that’s assuming whoever set up SSL is using appropriate version of TLS and valid certificates...which again is almost never...and invalidates all your assumptions about SSL providing confidentiality.

...Plus, of course, who you are can be determined by more than just your IP address.

Basically, just stay in your home with the power disconnected, rocking backwards and forwards, gently weeping and you *might* be okay.

 

[LeetleGreyCells]

IPVanish works well and doesn’t log anything you visit.

 

[jefmcg]

Not over https it is not. The only thing they can see of your search is the host name if they look at the DNS lookup.

You are right. I apologise Not sure how I didn't know that

Still, once you actually click on a search results, the privacy duckduckgo.com gives you is gone.

 

[Ming the Merciless]

Still, once you actually click on a search results, the privacy duckduckgo.com gives you is gone.

That is down to whether the site you visit from the search results also supports https. If they do then Duckduckgo will ensure the search result link is https. in this situation the only thing your provider knows is that you visited duckduckgo and then visited another site. It does not know what searches you did, nor what you are doing on another site.

https is even easier now, with groups like Letsencrypt providing free SSL certs and ways of automating renewal / revocation for web masters. SSL session caching in web servers such as NGINX also means the overhead of an encrypted connection is trivial as most of the overhead is the initial negotiation of the session keys, not the encryption using those keys. There is little in the way of any web master from employing encryption across all their sites, mostly it is inertia or they do not see the need as "they are not a banking site or something"

 

[Pale Rider]

Not over https it is not. The only thing they can see of your search is the host name if they look at the DNS lookup. You browser sends the request to the IP address returned by the DNS lookup not to an URL. Duckduckgo enforce SSL. SSL occurs in the TCP layer and happens before the HTTP exchange. The HTTP exchanges are over an encrypted TCP connection, a lower layer in the network stack.

An award for cramming a large number of impenetrable abbreviations into one post.

 

[KneesUp]

I use Virgin and I've not found anything blocked? I must be looking for the wrong stuff.

If you have sufficient processor, install Virtual Box and run Whonix. It consists of two virtual machines, one workstation and one TOR gateway. All connections are via TOR.

The other alternative is to install Tails on a USB stick and boot from that if you need to look at things Virgin want to block.

 

[Tin Pot]

An award for cramming a large number of impenetrable abbreviations into one post.

TLAs not abbreviations

Domain Name Service
Internet Protocol
Universal Resource Location
Transport Control Protocol
Secure Sockets Layer
HyperText Transfer Protocol

Any errors, I blame intellitext/autocorrect.

Oh and Three Letter Acronym.

 

[Tin Pot]

I use Virgin and I've not found anything blocked? I must be looking for the wrong stuff.

If you have sufficient processor, install Virtual Box and run Whonix. It consists of two virtual machines, one workstation and one TOR gateway. All connections are via TOR.

The other alternative is to install Tails on a USB stick and boot from that if you need to look at things Virgin want to block.

Virgin introduced a default block on erm non-mainstream sites, which you can opt out of, quite a while ago.

They also log all traffic, which you can’t opt out of.

 

[Andrew_P]

I use Virgin and I've not found anything blocked? I must be looking for the wrong stuff.

If you have sufficient processor, install Virtual Box and run Whonix. It consists of two virtual machines, one workstation and one TOR gateway. All connections are via TOR.

The other alternative is to install Tails on a USB stick and boot from that if you need to look at things Virgin want to block.

Same here on Virgin and no blocks.

I have used expressVPN which works fine for what I wanted it for which was different content on media streaming.

 

[ColinJ]

An award for cramming a large number of impenetrable abbreviations into one post.

Anyone who knows what HTTPS, DNS, IP, URL, SSL, TCP, HTTP stand for would be perfectly happy with that post.

And for those who don't know, I'm not sure that this would be much clearer ...

Not over HyperText Transfer Protocol (Secure) it is not. The only thing they can see of your search is the host name if they look at the Domain Name Service lookup. You browser sends the request to the Internet Protocol address returned by the Domain Name Service lookup not to a Universal Resource Location. Duckduckgo enforce Secure Sockets Layer. Secure Sockets Layer occurs in the Transport Control Protocol layer and happens before the HyperText Transfer Protocol exchange. The HyperText Transfer Protocol exchanges are over an encrypted Transport Control Protocol connection, a lower layer in the network stack.

 

[Profpointy]

Anyone who knows what HTTPS, DNS, IP, URL, SSL, TCP, HTTP stand for would be perfectly happy with that post.

And for those who don't know, I'm not sure that this would be much clearer ...

Not over HyperText Transfer Protocol (Secure) it is not. The only thing they can see of your search is the host name if they look at the Domain Name Service lookup. You browser sends the request to the Internet Protocol address returned by the Domain Name Service lookup not to a Universal Resource Location. Duckduckgo enforce Secure Sockets Layer. Secure Sockets Layer occurs in the Transport Control Protocol layer and happens before the HyperText Transfer Protocol exchange. The HyperText Transfer Protocol exchanges are over an encrypted Transport Control Protocol connection, a lower layer in the network stack.

Thanks - I was wondering what tri chloro phenol had to do with secure comms