

Ask HN: Can ISP see what you're doing through a proxy server? - eriktrans

If I use an IP:Port proxy server to connect to the internet, I&#x27;m aware that the destination server (website) doesn&#x27;t exactly know it&#x27;s me, but can my ISP know what site I went to?<p>What would an ISP see if I connect to the internet through a proxy server I&#x27;ve set up on ec2 or something?<p>Lastly, if my ISP <i>can</i> actually see what I&#x27;m doing, is there a way to hide from them (e.g. does connecting through an HTTPS proxy hide what I do)?<p>Thanks!
======
lutusp
> If I use an IP:Port proxy server to connect to the internet, I'm aware that
> the destination server (website) doesn't exactly know it's me, but can my
> ISP know what site I went to?

Yes, of course. And if your proxy server pattern is in any way predictable,
and in particular if you ever visit a site where you need to sign in, then
they have everything -- who you are, and where you went.

Also, a proxy server doesn't undermine cookie tracking. The cookie scheme
doesn't care what your IP is, only that you have the right cookies, so this
undermines the goal of anonymity.

Also, if for the sake of argument you encrypt everything, and if later on the
police want to know what actually happened, they can try to force you to
unencrypt your communications (or grant permission for experts to do so). In a
recent landmark case, the police tried to make a child pornography suspect
provide a password to unencrypt what might have been incriminating files of
alleged child pornography. This effort ultimately failed (and the police
decrypted the drives by brute force), but it indicates the direction things
are going.

[http://www.wired.com/threatlevel/2013/08/feds-crack-
encrypte...](http://www.wired.com/threatlevel/2013/08/feds-crack-encrypted-
drives/)

> Lastly, if my ISP can actually see what I'm doing, is there a way to hide
> from them (e.g. does connecting through an HTTPS proxy hide what I do)?

There are intermediaries that scramble your transactions, encrypt them, so the
content cannot be monitored. Others randomly route your traffic in such a way
that it becomes very difficult to trace. Here's one example:

[https://www.torproject.org/](https://www.torproject.org/)

As to https, it's a suitable level of encryption for everyday matters, but
it's not unbreakable, so if there's anything that might come back to bite you,
don't rely on it.

~~~
eriktrans
Wonderful answer, thanks! I'm a bit weary of using Tor (it may be an
irrational fear, but I don't do anything that requires that level of
encryption).

But as far as proxies are concerned, would a VPN be better of than some of the
other methods (other than Tor)?

~~~
lutusp
> would a VPN be better of than some of the other methods (other than Tor)?

Yes, if competently encrypted. But that only addresses content, not routing.

