Hi,
I want to split answers into two categories, each for its own setup:
I want to know, what is/are the worst case scenario/s that the user/client can expect if ISP is fully compromised and what can user do about it.
Thanks
Basically they can see anything that’s not encrypted. So you’ll want HTTPS/VPN/Tor. There’s not really much difference if you use the ISP router other than it can see your device name/MAC address (which a lot of devices now will just send a blank name and randomized MAC by default).
What about DNS?
Router can act as an in between layer between user/client’s device/s and the network.
Yeah you can use encrypted DNS as well. It really doesn’t matter, you can see the router as outside infrastructure if you want. The encryption happens on your device so they still can’t really see anything. Same situation when you connect to public wifi, you don’t really need to worry about it.
I’m not a privacy/security expert, I want to know all the ways ISP/external network can use in order to achieve a breach.
They can become a MITM, as CloudFlare(just an exmaple), right? So the SSL isn’t very practical by its own here.
But I’m connecting with a wire, doesn’t it make any difference?
They can become a MITM, as CloudFlare(just an exmaple), right? So the SSL isn’t very practical by its own here.
No they can’t MITM you.
But I’m connecting with a wire, doesn’t it make any difference?
No doesn’t matter either way. Really all you need to worry about is if you’re using encryption.
OK, thanks a lot for helping me to sort things out.