[Cryptography] escalating threats to privacy

Jerry Leichter leichter at lrw.com
Wed Mar 29 18:29:30 EDT 2017


>> allowing internet providers [...] to sell your browsing habits and
>> other personal information
> 
> Update:  S.J.Res 34 has now passed both houses of congress, and is
> expected to be signed into law....
> 
> 
> I'm wondering what the remedies might be:
> -- Negotiate with the ISP to pretty please not do that?
> -- Everybody use Tor for everything -- despite the inefficiencies?
> -- Is there anything we can do to make Tor more efficient?
> -- ????????
Tor is overkill for this particular application.  A decent VPN is sufficient:  What the ISP will see is that all your traffic - none of which it can read - goes to the VPN forwarder.  If the VPN forwarder has a nosy ISP on the far side, it would have to be able to correlate packets passing in and out of the forwarder.  Possible, but way beyond what these guys are currently planning on doing.

Yes, your VPN provider will know who you talk to.  But most of them exist by selling "we don't care who you talk to; we don't even log it."  You generally have no way to change ISP's but changing VPN's is easy.

You could also run your own VPN proxy out in the cloud.  The chance of anyone being able to correlate your encrypted data stream going into AWS with the immense volume of stuff flowing *out* of AWS is pretty low.  And except for someone at the scale of the NSA who wants to "collect everything", it's no longer a matter of adding some infrastructure and pulling in data from all your customers; it's now a bunch of individualized attacks which are highly unlikely to be economically worthwhile.

                                                        -- Jerry



More information about the cryptography mailing list