Considering my threat model is just preventing my ISP to know which websites I am visiting and to prevent my government (India) from tracking me, do I need to use a VPN?

Currently, I am using a trusted VPN provider with a permanent kill switch and am never off of the VPN. Today, I was reading IVPN’s homepage and it says, “A VPN can be effective at encrypting your DNS requests so your ISP or mobile network provider cannot monitor or log the domains you visit.” But as far as I know, DNS over HTTPS does encrypt the DNS requests. Right?

I regularly clean my cookies, use hardened browsers, etc. So is a VPN really necessary for me? Or shall I just shift to using Quad9’s DoH or something?

Edit - I am using the router provided by the ISP and I cannot change it because I am behind CGNAT. I can use a separate device and install PfSense or OpenWRT or something on it and use that as a firewall. Any suggestions there?

  • Rivalarrival@lemmy.today
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Without the VPN, your ISP knows you are making a DNS request, but they can’t see what domain you are resolving. A moment later, they see the IP that request resolved to, when you request that site. They can see how much encrypted traffic is going back and forth. When they see that the IP address hosts a porn site, and traffic analysis shows you’re starting and stopping video streams, they know you’re jerking off, but can’t figure out your specific fetish.

    With a VPN, your ISP only ever sees the VPN’s IP address. They know when you are sending and receiving traffic to/from that IP, but they don’t know the original source. With traffic analysis, they can probably figure out that you’re watching videos, but they probably can’t distinguish between YouTube and YouPorn.

  • JoeKrogan@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    They will see the IP of the site you are visiting if you do not have the VPN. Depending on the site it could be obvious which site it is, if it has a dedicated hosting for example

    • UnfortunateShort@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Also, looking at it from a different angle, a VPN hides your IP from service providers, which makes it harder for them to track you. In addition to that a proper VPN will also protect you when connecting to an insecure network, like scetchy public Wifi

  • br3ad@infosec.pub
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    How do you access banking apps/websites with always-on VPN and permanent kill switch?

    • nutbutter@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      My banking apps and netbanking work just fine regardless of which country I am connected to. UPI (unified payments interface) requires an Indian IP, though. But I can still do everything while connected to my VPN provider.

      • br3ad@infosec.pub
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        None of my banking apps work with VPN even with a spoofed Indian IP. UPI works without issue for me as well.

        • Sequence5666@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          11 months ago

          The good one like Mullvad does not have a server in India. Do you recommend something as good as Mullvad for accessing UPI and strem vid apps?

          • br3ad@infosec.pub
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            I haven’t used mullvad but I do use protonvpn. On my android phone icici banking app doesn’t work even while being whitelisted. Prime video needs to be whitelisted but functions. Didn’t find an issue with Netflix. Haven’t tested other platforms.