I don't want my ISP to know that I use a VPN. How to do it?

Discussion in 'privacy technology' started by blaker, Dec 25, 2014.

  1. blaker

    blaker Registered Member

    Joined:
    Dec 21, 2014
    Posts:
    15
    First of all, hello to this great community!
    I have many questions, but I will start with this thread.

    I don't want my ISP to know that I am using a VPN.
    I have 2 ideas.

    First one is to create a wifi hotspot from my cable internet and then connect to it from another device. This device would be secure using VMs and chained VPNs etc. Now my question is how (in)secure is this? And what does the ISP see?

    What about plausible deniability? If I put a strong passphrase, will ISP know that the hotspot can only be accessed by having the passphrase? If yes, should I then make it a public hotspot so other people can connect to it as well and get lost in the crowd?

    How vulnerable is this to MITM attacks? And how vulnerable is my server? What OS to use for my server?

    My second idea is to get a strong wifi antenna and connect to other hot spots around the town.

    And if someone would scan a network could they somehow know my location, that it's always coming from my home? How precise is it? Considering that I'm in a big town and many hotspots and wifi users around.


    Any other suggestions?
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Welcome!

    I am just going to add a few thoughts because you have some reading to do in order to catch up on some of this. Your ISP will know if you connect to a vpn unless you hide that connection inside another one, such as connecting to TOR first. Your home network has to connect somehow first, and your ISP will always know how you initially connect.

    If you are located in a large city and can "see" many wifi hotspots from your home you could elect to use those. IF you do that you will definitely want a VPN in place so that no "bad guy" on the public wifi can see what you are doing, or mess with your computer from the public network. Again, some basic reading but you can quite easily connect to public wifi and exclude other devices on the network from interacting at all with your machine.

    You don't answer to me, but I am curious as to why you don't want your ISP to see you connecting to a VPN? All business accounts I have use them. TOR I would understand, but VPNs are commonly used. In fact our people are required to use VPNs on our laptops.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    As Palancar says, your ISP sees your traffic, so they'll see the VPN connection, unless you somehow obscure it. You could use stunnel (aka SSL, which AirVPN offers) or obfsproxy (which the Tor Project develops, and iVPN uses). You could even setup your own obfsproxy server on a VPS somewhere, and route your traffic through it and then through a nested chain of VPNs and/or Tor.

    But whatever you did, your ISP would still see some sort of high-volume connection. Even if you had a bunch of other traffic, such as streaming video or whatever, that high-volume connection would remain obvious. Even if it doesn't look like normal VPN traffic, it's obviously acting like a VPN.

    Palancar does have a point about business use. However, businesses typically roll their own VPNs, so commercial VPN services (which can be identified by domain name or IP address) don't look too businesslike. But you could get creative with the VPS approach, and register a plausible business domain name. Maybe even incorporate a partnership with friends. Now your VPN use does look like business. Anyone can style himself a consultant.
     
  4. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
  5. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I would just add that unless you have a fresh new ISP, then any old traffic before you used the VPN would tip them off that you're into that sort of stuff anyway. Assuming they even cared. VPNs are more popular these days, especially after the NSA hype, so depending on where you live is going to determine what level of attention you'd draw to yourself.
     
  6. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Change the port/protocol of VPN. Some ISP's block normal prots, and ports.. So changing this around can obscure the VPN.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    OP asked about hiding VPN use from the ISP. While changing ports may alleviate blockage, it won't prevent the ISP from seeing the connection.
     
  8. blaker

    blaker Registered Member

    Joined:
    Dec 21, 2014
    Posts:
    15
    All great answers, thank you! Especially mirimir's VPS business idea. But for now it's overkill for what I need.

    What about this strong wifi antenna?
    I read about it but I never used one so I don't know what kind of antenna is good enough in practise?
    Any model/specs suggestions for a wifi antenna for linux?
    In terms of n g p, dB, freq range, mbps, linux compatibility etc.

    And about security. Is it possible for someone to physically locate me when I am using this antenna?
    If yes - how precise the locating?
    And if yes - just three letter agencies who can use such technology or is it more available for skilled enthusiasts?
     
    Last edited: Jan 18, 2015
  9. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I'd say they could if they wanted, especially if it's out of your home/same location for weeks or months at a time. They'd first be aware of whatever hotspot you're connecting to, then walk/drive around to detect signal strength. At that level it's a deterrent that might take a day to zero in, then another few days to get warrants or start watching the neighborhood. Thing is, you wouldn't be aware of when this started happening. So again, an extra few weeks of work for them compared to a home connection.

    That's if you've already tipped someone off that you're suspicious, or if something links your internet activity to that hotspot. Just using a wifi antenna wouldn't raise too much suspicion.
     
  10. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Buy an air card with cash. Spoof your MAC address. It'll be quite expensive though for the bandwidth.
     
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I was also going to suggest prepaid mobile broadband. But it has to be clean from the beginning, using a pseudonym, and NEVER visiting sites you would regularly visit through your ISP, and ONLY use that MiFi for whatever you are wanting to be private communications. First set-up should be done far away from your home so that when you're ready to go, you connect directly to your VPN through the prepaid MiFi. Of course, your prepaid provider would see that you connect to VPN, but using a VPN with mobile broadband is very common. A lot of businesses do, as Mirimir said, roll their own VPN, but a lot of businesses also buy through commercial services in bulk at a reduced rate and can even be privately labeled.
     
  12. blaker

    blaker Registered Member

    Joined:
    Dec 21, 2014
    Posts:
    15
    I am not concerned about the goverment, it's about hackers. Say they know where I live. Could they somehow find out if I use a mobile broadband or an air card (anonymously bought)? Could they extract the SIM number somehow? Or hack the device? Or hack into my machine? (I mean can they do it remotely, without physical access to my home or spying through windows etc.)

    I would ofcourse use VMs, firewall and chained VPNs. And never browse anything that connects to my real life.

    Occasionally I need a free wifi to download/update the system. It's too expensive with other options. That's why I asked for suggestion on wifi antenna.
    I would like to use free wifi even more, for bigger throughput, but it can't visible outdoors. Is there a wifi antenna that can reach 1-2km but used indoors, pointed through a window?
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Look on Amazon. There are Yagi antennas, which have fair gain. Or you can go with a radio and a parabolic dish. With that, you can have stable wifi over Km, given line of sight, and even more with dishes on both ends. But dishes are hard to hide. There are also cantenna designs out there. They're also hard to hide, but less so than dishes.
     
  14. blaker

    blaker Registered Member

    Joined:
    Dec 21, 2014
    Posts:
    15
    I was just hoping somebody would answer my offtopic question because I need to understand how vulnerable I am.

    Anyway, I want to thank everybody for the help.
     
  15. bolehvpn

    bolehvpn Registered Member

    Joined:
    Oct 10, 2011
    Posts:
    81
    Location:
    Malaysia
    BolehVPN also offers the Cloak servers which uses packet obfuscation. It hides that it's OpenVPN but it can't hide that it's encrypted traffic :p
    Seems to get past the great fw tho.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    What method do you use? Is it an OpenVPN patch?

    Have you considered obfsproxy? The meek transport is very interesting:
    https://trac.torproject.org/projects/tor/wiki/doc/meek

    I don't see why meek wouldn't work for TCP-mode OpenVPN servers.
     
  17. bolehvpn

    bolehvpn Registered Member

    Joined:
    Oct 10, 2011
    Posts:
    81
    Location:
    Malaysia
    mimir: yup it's the xor patch by haggismn (which we openly disclose in our guides)

    We have tried obfsproxy but it didn't work that well and speeds were not that great either.

    Generally TCP mode is very poor for speeds hence we prefer the xor patch.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, I knew that, but forgot in the moment :oops:
    That's an issue, for sure. It's not a problem for Tor, but VPNs are much faster. I'm not too impressed with stunnel either :thumbd:
    Yes, I guess that it's TCP vs UDP. But how well is the xor patch working from China, etc?
     
  19. bolehvpn

    bolehvpn Registered Member

    Joined:
    Oct 10, 2011
    Posts:
    81
    Location:
    Malaysia
    It's ok at most times.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Thanks, good to know :thumb:
     
  21. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I like the high powered USB adapter approach for "basic users". This assumes that you can reach open access points from your location. You *must* spoof MAC and Machine Name, as these will show up in router logs. I have had good luck with:

    Alfa Long-Range Dual-Band AC1200 Wireless USB 3.0 Wi-Fi Adapter w/2x 5dBi Removable External Antennas

     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I've hit APs (hotspots) at several km range with a Ubiquiti Bullet M and a standard 2.4 GHz parabolic dish. I can also provide a targeted AP at such range. I've considered the idea of using it to feed a remote wifi meshnet to provide "anonymous" Internet access via Tor or whatever. But the dish is just totally obvious, and locating radio sources is trivial :oops: Anyway, see http://www.ubnt.com/airmax/bulletm/
     
  23. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    A cantenna facing a curtained window can do quite well. You can even use a small parabolic antenna for better gain. The curtain material should be light, enough to block outside visibility but not anything thick or heavy.

    I've also used wireless repeaters and 2.4ghz inline amplifiers. The repeaters are really nice because they make a local node of the distant hot spot. It's been a while since I've done any of this. Open access points were a lot easier to find 10 years ago. I had the longest range with a homemade cantenna in a satellite TV dish. 7 miles at times to hotspots that weren't trying to transmit great distances. Weather was a problem and changing weather conditions made long range links difficult and unstable.
     
    Last edited: Jan 22, 2015
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Thanks :)

    Yes, keeping the dish inside behind a curtain is discrete. But maybe your windows don't point in the right directions. And then there are curious guests ;)
     
  25. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    It's always best to have the antenna outdoors but that is not always possible in a small apartment in an urban environment. On the other hand, those are the environments that have the most hot spots so the chances of hitting one from a window are better.
     
Loading...