Yup. An ISP could potentially gain some information based on the IPs you’re hitting and the number/frequency of packets sent and received, but that would take serious logging and analysis on their part. It’s much easier to collect data through DNS requests.
Deep packet inspection by definition requires the ability to see inside the packet, which if using HTTPS wouldn’t be possible for your ISP.
They can still see the destination IP, return IP, and port number, but that’s it. It would take a ton of storage to log all of that packet data though, and it’d be difficult to come up with a way not to double count it if it’s going through multiple hops on the ISP network.
Logging DNS requests on the DNS server would be a much easier way of collecting that data if they wanted it. I know cloudflare collects aggregate DNS query data through their public DNS server, and Google likely does too.
@just_browsing I was just bullshitting. Sure, they would need a proxy of sorts and a certificate to open your packages if you use HTTPS. I suppose the only thing that can help with carrier surveillance is a good VPN or TOR. But even then, the VPN provider is a problem in and of itself.
Yup. An ISP could potentially gain some information based on the IPs you’re hitting and the number/frequency of packets sent and received, but that would take serious logging and analysis on their part. It’s much easier to collect data through DNS requests.
@just_browsing
@cow DPI would probably be easier.
Deep packet inspection by definition requires the ability to see inside the packet, which if using HTTPS wouldn’t be possible for your ISP.
They can still see the destination IP, return IP, and port number, but that’s it. It would take a ton of storage to log all of that packet data though, and it’d be difficult to come up with a way not to double count it if it’s going through multiple hops on the ISP network.
Logging DNS requests on the DNS server would be a much easier way of collecting that data if they wanted it. I know cloudflare collects aggregate DNS query data through their public DNS server, and Google likely does too.
@just_browsing I was just bullshitting. Sure, they would need a proxy of sorts and a certificate to open your packages if you use HTTPS. I suppose the only thing that can help with carrier surveillance is a good VPN or TOR. But even then, the VPN provider is a problem in and of itself.