If you want the most privacy focused ISP, check out Cape. You can view the post I made about this company.
this post was submitted on 23 Jul 2025
26 points (93.3% liked)
Privacy
40180 readers
482 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Am living in india and it seems cape have no service in india.
Switch DNS to a provider that supports DoH or DoT is about the only thing you can really do.
Without using a VPN or proxy, your ISP is going to be able to do DPI and know what connections you make. There really is no way around that.
Can't they still do DPI on VPN network to know what yoke re doing, ie watching netflix, pornhub and playing cod
What to you mean? If the packets are encrypted they can't do DPI and get where the actual source is.
I think they might be able to guess that you're watching a video based on the traffic patterns, but unlikely they can tell what site it's coming from.
- private, secure dns, so they don't know the domains you're visiting
- https everywhere, so they can't see any of the data you're sending or receiving
All that's left is what ip's you're connecting to. Which is useless half the time, especially since most websites are behind cloudflare or some other anti-ddos proxy already.
Also, don't use the web browser that came with your phone. Some manufacturers and isp's might enjoy adding tracking into those. Some, like Apple, even got caught not encrypting amy of that.
Side note:
- https everywhere is pretty much the standard in modern web browsers
- an adblocker can still help a lot in blocking trackers
- a secure dns you can find in your browser settings
Even with https if you aren't on TLS 1.3 the SNI (server name indicator) is not encrypted so the hostname you are trying to access would be visible to your ISP.
Forcing your browser to only use TLS1.3 would fix that but who knows how many sites it would break.
Oh, good catch! I have to say I don't usually look at what specific tls version websites use. I'll be paying attention to this for a bit
With Portmaster on desktop, InviZible Pro on mobile, using an privacy Search engine (eg.Andisearch, Startpage, Mojeek, Metager, etc.), an ad and trackerblocker and common sense.
The only thing you gain from VPN is that the target server does not know your IP.
HTTPS is safe anyway and as such also the content of what you do.
The only other way you may leak information are DNS queries.
without encrypted client hello (which isn’t really adopted) the hostname ist submitted in plaintext, unencrypted. so the ISP can totally see which websites you‘re going to, even it you use a secure dns server
That should only happen with SNI, no?
What to do about dns queries? In the privacyguides video i saw when we use a encrypted dns isp only see the ip address. So queries are hidden right ?
The queries are known to the DNS provider. Only thing is to use one you trust.
Couldn’t you run a DNS resolver that pings the authoritative servers directly? Yes initial requests will be slower
Who says the authoritative servers aren't logging requests?
True but it seems to me that it’s an advantage to have your IP logged in this more decentralized way. most resolvers also cache the answers so it would be only logged the first time you visit a website.
Orbot
It does not answer the question but this application has been useful to me in the past.
InviZible Pro combines the strengths of Tor, DNSCrypt, and Purple I2P to provide a comprehensive solution for online privacy, security, and anonymity.
To start using InviZible Pro, all you need is any Android phone. Just run all three modules and enjoy safe and comfortable internet surfing. However, if you want to get full control over the application and your internet connection – no problem! Provided access to a large number of both simple and professional settings. You can flexibly configure InviZible Pro itself, as well as its modules – Tor, DNSCrypt, Purple I2P and Firewall to satisfy the most non-standard requirements.
InviZible Pro is an all-in-one application. After installation, you can remove all of your VPN applications and ad blockers. In most cases, InviZible Pro works better, more stable, faster than free VPNs. It does not contain ads, bloatware code and does not spy upon the users.