What Can Your ISP See? - What Your ISP Knows About Your Internet Activities

แชร์
ฝัง
  • เผยแพร่เมื่อ 24 ธ.ค. 2024

ความคิดเห็น • 68

  • @Mbro-dq2do
    @Mbro-dq2do 6 หลายเดือนก่อน +3

    Amazing video dude! I love the simple straightforward explanations.

  • @m4a1mag
    @m4a1mag 6 หลายเดือนก่อน +6

    ur videos are crazy good i could watch em all day

  • @ren3059
    @ren3059 6 หลายเดือนก่อน +13

    Your channel is underrated and extremely helpful. I'm curious if using Quad9 DoH (DNS over HTTPS) or DoT (DNS over TLS) makes a difference compared to using a VPN?

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +2

      Secure DNS is helpful as it encrypts the queries so your ISP (or other snoopers) wouldn’t be able to see them on the wire. But the owner of the DNS server will so that’s the trade off

    • @Aksubs807
      @Aksubs807 6 หลายเดือนก่อน

      Sorry, but I don't know much, the DoH and DoT are used to encrypt DNS queries and responses right?. As these queries are encrypted, ISP can't see DNS query responses, but after my machine got the DNS response, now the ISP will know "Where" I'm going, cause now the ISP has to route the traffic to that destination server. Is this true???

    • @claussanta2341
      @claussanta2341 6 หลายเดือนก่อน +2

      Think of sending a package to someone. Works "kind of" the same. If the 📦 isn't see through ISP just sees the destination address etc.
      Make yourself a pihole and look up your DNS traffic. Interesting to see, really.

  • @CommsGuy
    @CommsGuy 6 หลายเดือนก่อน +5

    Watching your video made me start thinking that an ISP should be able to see your search terms as well (when you use any search engine) because those search words are part of the URL. I never thought about that before.....

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +5

      That part they actually can’t as the URL path after the domain isn’t available in plaintext. They’ll see the DNS query for the search engine and the TLS connection to it but that’s it

    • @CommsGuy
      @CommsGuy 6 หลายเดือนก่อน +1

      @@plaintextpackets Cool. I didn't realise the path wasn't plaintext. I've done a fair amount of wiresharking but never looked into the URL path. Thanks :)

  • @panzielonka4224
    @panzielonka4224 20 วันที่ผ่านมา +1

    Bro that's straight out knowlegde! You're awsome!

  • @shaunrowley7230
    @shaunrowley7230 6 หลายเดือนก่อน +4

    Thank you a very interesting video and agree about VPN's as from what I have read need to ensure that the VPN service you use does not log your where and what. Another source such as Network Chuck has suggested using Proxy Chains to hide your identity would this be detectable in wireshark?

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +4

      There are many vpn services that advertise they don’t log, but frankly I don’t trust that. TOR (a proxy chaining solution) is the closest thing to true privacy but the trade off is performance which is horrible

    • @TecraTube
      @TecraTube 6 หลายเดือนก่อน

      network chuck is a douche.

    • @OH2023-cj9if
      @OH2023-cj9if 6 หลายเดือนก่อน

      They all do, they have to by Law in the UK. If they don't then the Host does, by Law.
      That's why PIA removed UK servers.

    • @johnneisler6552
      @johnneisler6552 6 หลายเดือนก่อน +1

      Host your own vpn server on digital Ocean(any server hosting platform will do) make sure it is encrypted with aes 256 bit encryption. Openvpn is a good option

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +2

      This is possible, the cloud provider though can see what that VPN is accessing and knows your identity. But it is a stronger option

  • @xEndless11
    @xEndless11 6 หลายเดือนก่อน +2

    The data traffic can be read by the Device over which the traffic is routed, i.e. in this case the gateway. Even if you are using a secure HTTPS connection, the probability is very high that the Google inputs in the search as well as your access data to which pages can be seen as plain text in the recording.

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +4

      Wireshark records the data as its leaving to the network adapter so everything that will be encrypted by the application layer is already encrypted.

  • @m.k.9181
    @m.k.9181 5 วันที่ผ่านมา

    Will the ISP also be able to tell which device in my LAN is accessing which site or can they only see the router and which site it is requesting?

    • @plaintextpackets
      @plaintextpackets  4 วันที่ผ่านมา +1

      Good question, no they will just know someone in your network did but not the specific device

  • @aaronletchford
    @aaronletchford 6 หลายเดือนก่อน +3

    Would pi hole solve privacy, and stop the isp seeing your traffic

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +3

      Solves some, I will cover this in a video coming soon

    • @zadekeys2194
      @zadekeys2194 6 หลายเดือนก่อน

      No. :) That's what DNS over Https or TLS is for :)

    • @zadekeys2194
      @zadekeys2194 6 หลายเดือนก่อน +2

      Pi hole is just a local server, a middle man if you like. Requests still go to your ISP DNS, unless you configure your DNS to something like 9.9.9 .9or Ad-Guard DNS using secure DNS.

    • @Krahamus
      @Krahamus 21 วันที่ผ่านมา

      ​@@zadekeys2194pi-hole like add guard home is encrypted and has tls and https, just not pre-installed like in ad guard, even if they go tru isp dns they cant see anything because its already encrypted before going to isp dns server.

  • @TecraTube
    @TecraTube 6 หลายเดือนก่อน

    what of your VPN is your own wire guard server on a cloud server? running pfsense as firewall with VPN there as well as the your local machine running client

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +3

      You could do this, that secures the server from logging but the traffic itself can be sniffed by the cloud hosting provider

    • @pedrol71
      @pedrol71 6 หลายเดือนก่อน +1

      @@plaintextpackets and what if I deploy my own VPN Wireguard server on my own network, say on a Docker Container or on a Raspberry PI ?

  • @anonuser260
    @anonuser260 6 หลายเดือนก่อน +3

    Trust me or not, they can see your web browser screen if they need to, i have seen it on my own eyes, idc what anyone says. Intercepting packets is nothing compared to this.

    • @mathieucaron4957
      @mathieucaron4957 6 หลายเดือนก่อน

      They only "hack" criminals (or to spy) I guess... If they see your ip communicating with a terrorist, they would surely hack your pc/phone to get what they need. I don't know how they can do it, that would be interesting to learn 🤔

  • @collinhowell2064
    @collinhowell2064 6 หลายเดือนก่อน +2

    DNS over TLS? it would encrypt your traffic to DNS, most home routers can do it.

    • @AvacadoJuice-q9b
      @AvacadoJuice-q9b 6 หลายเดือนก่อน

      Is DoT better of DoH?

    • @njpme
      @njpme 6 หลายเดือนก่อน

      ​@@AvacadoJuice-q9bdoesn't really matter.

  • @James-k6z5e
    @James-k6z5e 6 หลายเดือนก่อน

    Why cant they inspect my device as this would solve my problem as the hackers would be caught but in Australia they are so useless that they lie to sell and investigations into fraud are not properly executed and they are enabling the hackers.

  • @thienviet3429
    @thienviet3429 6 หลายเดือนก่อน +2

    Can my isp see my full link? I mean my isp is able to see what I am doing from my link, don’t they? 9:08
    If not, then I don’t have any questions.

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +1

      They can see the domain but not the full path

    • @rediffusion7996
      @rediffusion7996 18 วันที่ผ่านมา +1

      Are you watching porn or what?

  • @DamjanDimitrioski
    @DamjanDimitrioski 6 หลายเดือนก่อน

    It knows I tried to connect with my router 1sec each hour, although my wan cable was disconnected and the router was powered off. Their diagnostic tools are poor :D.

  • @garylove2836
    @garylove2836 6 หลายเดือนก่อน

    You could always use elons musk starlink with a vpn concentrator and you don’t need isp.

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +2

      Starlink is an ISP

    • @garylove2836
      @garylove2836 6 หลายเดือนก่อน

      @@plaintextpackets but the vpn concentrator will encrypt the traffic so the isp can’t see.

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน

      @garylove2836 it’ll encrypt it between your home to the concentrator yes you’re right. From there the company who owns the concentrator or server it’s running on will be able to see

    • @garylove2836
      @garylove2836 6 หลายเดือนก่อน +1

      @@plaintextpackets oh I see.

  • @johnycache
    @johnycache 6 หลายเดือนก่อน +1

    Do you rate tailsOS?

  • @Mbro-dq2do
    @Mbro-dq2do 6 หลายเดือนก่อน +1

    thank you so much

  • @tyrojames9937
    @tyrojames9937 6 หลายเดือนก่อน

    YES!👍🏾

  • @PracticalPcGuide
    @PracticalPcGuide 6 หลายเดือนก่อน +1

    Very good video. easy to understand and follow.
    need another wireshark dns analysis tutorial using a program VPN vs vpn as a browser extension vs Tor browser.
    no dns showing while on tor..

  • @loreyoungtech
    @loreyoungtech 6 หลายเดือนก่อน +2

    This is helpful content thanks.

  • @Dexter101x
    @Dexter101x 6 หลายเดือนก่อน

    You used cloudflare's ip address in this video, lol

  • @dadadies
    @dadadies 6 หลายเดือนก่อน +1

    Are you censoring me or is youtube censoring me.

  • @mitchellsmith4601
    @mitchellsmith4601 6 หลายเดือนก่อน +14

    This guy is spreading FUD. All the popular websites use HTTPS, it’s only smaller websites without much traffic which don’t. Why? Because more than ten years ago, Google announced they would favor HTTPS websites over HTTP websites in their search results, which incentivized almost everyone to use HTTPS.

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +8

      So I actually cover that in the vid, and explicitly state that ‘what’ it is you’re doing is mostly obfuscated by HTTPS these days. I also cover in the next vid how most of those popular websites share data on your activities anyhow via various tracking methods.

    • @maxvideodrome4215
      @maxvideodrome4215 6 หลายเดือนก่อน +3

      I own an ISP - we don’t look at anything.

    • @cm98765432100
      @cm98765432100 6 หลายเดือนก่อน +2

      Even With https deep packet inspection can see what type of services your using. What website you are connecting to even after changing dns as the host header is unencrypted(for now).They just can’t see the content.

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +3

      Yeah you can tell a ton about a person just from looking at what they visit and when.

  • @claussanta2341
    @claussanta2341 6 หลายเดือนก่อน

    Resolve DNS locally and then proxy out.

    • @plaintextpackets
      @plaintextpackets  6 หลายเดือนก่อน +3

      Your local DNS server still needs to talk to one upstream

    • @titarch
      @titarch 6 หลายเดือนก่อน

      @@plaintextpackets Not if you setup a rDNS (reverse DNS) service. Instead of forwarding request the local dns (e.g. pihole) can use unbound (rDNS) to resolve dns directly from the corresponding authoritative servers. It takes longer but can be cached over time.