ISP

<hidden> anonymous
Created: 3 years and 1 month ago • Updated: 3 years and 1 month ago
After the Snowden exposure privacy should be in everyone's mind, however not being computer savvy it can be difficult. If I use DDG won't my ISP still monitor everything that I do.
And if I click on a link to a site, will my ISP now where I have gone.

Sorry it's such a basic question.

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


tagawa
Not a basic question at all! And asking it in public helps increase awareness.

DuckDuckGo uses HTTPS which is a secure connection, so when you go to duckduckgo.com you should see https:// in the URL bar and a padlock icon. This creates a secure tunnel between you and DuckDuckGo - the ISP cannot see what you're searching for. However once you click on a link and a new website opens, a new connection is made. This could be insecure (HTTP) or secure (HTTPS):

* HTTP: The ISP knows which pages you're visiting and could see the data you send and receive (as can anyone else on your local network, e.g. in an internet cafe).
* HTTPS: The ISP knows which domain you've visited but not the URL parameters, and not the contents of any data you send or receive.

A couple of caveats:

1. If your search parameters are in the URL (e.g. ?q=example) then your search query will be in your browser history, even with HTTPS. If you don't want this, go to DuckDuckGo's menu -> Advanced Settings -> Privacy and turn "Requests shown in url" off.
2. It's possible for the ISP to perform a "man in the middle" (MITM) attack and intercept your HTTPS secure connection. This is unlikely but not impossible - see this thread for a good explanation:
https://security.stackexchange.com/quest...

Hope that helps.
posted by tagawa Staff3 years and 1 month ago Link
anonymous
Actually with HTTPS the entire address is encrypted, so the ISP can't even see the domain.
posted by <hidden> • 3 years and 30 days ago Link
tagawa
I tested this with Wireshark and the hostname is visible in plaintext in the Client Hello packet of the TLS handshake, so I think the ISP would be able to see it.

There's a bit more discussion about this in this thread:
http://stackoverflow.com/questions/41431...
posted by tagawa Staff3 years and 30 days ago Link
tagawa
I know this is an old thread but I just wrote a blog post with more details and testing results in Wireshark: https://duck.co/blog/post/225/what-does-...
posted by tagawa Staff2 years and 4 months ago Link
anonymous
Thanks Tagawa.
How can you tell what sites are HTTP or HTTPS
posted by <hidden> • 3 years and 1 month ago Link
x.15a2
that depends on the browser that you are using, but most will display some kind of padlock icon in the address bar when a secure site is in use. Also, the URL will begin with HTTPS

https://duckduckgo.com/?t=palemoon&q=how...
posted by x.15a2 Community Leader3 years and 30 days ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 3 years and 30 days ago
anonymous
About the t parameter.
posted by <hidden> • 3 years and 30 days ago Link
spacebar
Yes. If you want to avoid that you can try Epic Browser.
posted by spacebar 3 years and 1 month ago Link
Tirifto
I'd just like to point out that tagawa provided a good explanation and that Epic Browser is not ethical, nor trustworthy.
posted by Tirifto 3 years and 1 month ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 3 years and 30 days ago
spacebar
What alternative browser would you recommend? The Thor network/browser seems like overkill to me. People just want to avoid being tracked by advertisers and their ISP.
posted by spacebar 3 years and 30 days ago Link
spacebar
Also what specifically is untrustworthy and/or unethical about it?
posted by spacebar 3 years and 30 days ago Link
JSmith123963
For one while surfing Duckduckgo it is using a https protocol which encrypts your connection while surfing duckduckgo. However, when you go to other sites and if it uses the http protocol, that means that the connection is not encrypted and your ISP and data miners may easily see what you have been doing. You can always use a VPN proxy such as Zenmate, or you can even use browsers such as epic browser or even TOR browser.
posted by JSmith123963 3 years and 30 days ago Link