Always assume an ISP and any intermediate party can see traffic. I like the way this post outlines in simple terms what traffic would look like to an analyst. In terms of obfuscating oneself from an ISP, I would not recommend any form of centralized traffic in the first place. As this post makes clear, even if you're behind seven proxies there are ways to see a traffic's 'shape' on the wire.
To combat this, you can use compartmented, disposable and anonymous 3G sim cards for specific purposes. (One for dating sites, one for health records, etc). Slap them in the microwave after a browsing session. (You can get these for basically free in places like Thailand or India). Block all HTTP. Use something like
sudo ufw deny out to any port 80
Always assume your connection is tapped. Always assume there's somebody MITM'ing your traffic. (To prove this, download executables several times over time and diff the hashes. It's clear that MITM happens all the time).
Always use a hardware version of TOR. That way if a box is compromised, the naked IP can't be disclosed. The same goes for VPNs, See WebRTC vulns.
Use public Wifi as much as possible (behind a VPN of course). Use your friends phone for casual surfing. Minimize the reliance on one monolithic connection. Use 4G, or even WiMax if they have it in your area.
Share your connection with your neighbor and split the bill if you are so inclined...
"always" [assuming the worst case scenario] is more than a little onerous for the vast, vast majority of internet users. Isn't there a reasonable middle ground?
Also I don't follow how does one "prove" a MITM attack by downloading the same executable serveral times and getting different hashes?
Well, unless this is baked in, which it is not. It's the old privacy rich vs privacy poor debate. If I buy black curtains, I cast less of a (nude) silhouette than my neighbor for all to see, but the tradeoff is, I have to research black curtains on the internet, where there is no privacy, and so I have no choice but to build my own private Internet.
If the internet was private, no such measures need to be taken and I have perfect autonomy. Autonomy being a luxury since the digital space has effectively perfect memory.
This is why I'm against logs and data retention. It's very un-natural and it's why the human brain habitually flushes memories. Nature needs to renew itself and re-invent itself, and in some sense, forget itself (if you believe in a Gaia mind).
To combat this, you can use compartmented, disposable and anonymous 3G sim cards for specific purposes. (One for dating sites, one for health records, etc). Slap them in the microwave after a browsing session. (You can get these for basically free in places like Thailand or India). Block all HTTP. Use something like
Always assume your connection is tapped. Always assume there's somebody MITM'ing your traffic. (To prove this, download executables several times over time and diff the hashes. It's clear that MITM happens all the time).Always use a hardware version of TOR. That way if a box is compromised, the naked IP can't be disclosed. The same goes for VPNs, See WebRTC vulns.
Use public Wifi as much as possible (behind a VPN of course). Use your friends phone for casual surfing. Minimize the reliance on one monolithic connection. Use 4G, or even WiMax if they have it in your area.
Share your connection with your neighbor and split the bill if you are so inclined...