Hacker News new | ask | show | jobs
by alexander-litty 1851 days ago
People also expect their postcards to arrive untampered.

ISPs, Comcast in particular, inject ad-loading javascript into HTTP pages.

https://arstechnica.com/tech-policy/2014/09/why-comcasts-jav...

https://www.reddit.com/r/technology/comments/9b5ikd/
1 comments
ipaddr 1851 days ago
In fairness isn't that a result of your relationship with your isp? If you remain because of price or no other services available why wouldn't you use a vpn knowing your isp is a hostile actor and probably trying to deeply inspect packets, etc?
link
alexander-litty 1851 days ago
>isn't that a result of your relationship with your isp?

Any ISP is allowed to sniff and manipulate packets, so this isn't just about my ISP -- it's the server's ISP as well as any entities in-between.

Even if I did (assuming that I reasonably could!) change my ISP, that's changing only one of the potentially many hostile actors.

>why wouldn't you use a vpn

That would require me to trust the connection between the VPN and the server.

Plus, then I would need to buy a VPN subscription :) Just serve HTTPS!

link
ipaddr 1850 days ago
https gives your isp any domain name you visit. A vpn would hide that.

A vpn moves any legal situation into a country with different laws.

link
hutrdvnj 1851 days ago
Because if you use HTTP over VPN, then you really have to trust your VPN provider. Why should you do that?
link
ipaddr 1850 days ago
You can be your own vpn provider if thats a big concern.

Your isp knows you visited a certain domain with https. That's a concern.

link
hutrdvnj 1850 days ago
> You can be your own vpn provider if thats a big concern.

You just shift the trust around. Now I have to trust the hoster, e.g. OVH instead of my local ISP. Really the best thing you can do is end-to-end encryption, don't send plaintext over the internet.

> Your isp knows you visited a certain domain with https. That's a concern.

How about DNS over HTTPS?

link