PSA: How to protect yourself from your ISP

On my last post I suggested we should be legitimately suspicious of our ISPs. One of my friends[1] asked, “Any thoughts on which VPN service to use?”

If you’re not technical, VPN stands for “Virtual Private Network.” In brief, a VPN service encrypts all your traffic, including your domain name lookups[2]. Your encrypted request goes to the VPN server, and the VPN server decrypts it and forwards it to the end server. Your ISP can’t see any of it.

So I reached out to a couple security expert friends. They recommended StrongVPN ( or ExpressVPN ( They suggested that either would suffice; both offer basic security including DNS. ExpressVPN is probably a little easier to use, but StrongVPN probably has a slight edge in security.

First, beware VPNs that are too cheap to be believable. That’s a hint they are selling data about you to make up the difference. Second, pick a VPN provider that will offer a variety of protocols so you can avoid the ISPs continually upgrading their ability to snoop.

I prefer StrongVPN because Express has been caught before with weak ciphers – and they have that problem again now (just look at their web site in SSL Labs for example). Overall I find Strong to be more professional.

That said, any VPN is better than no VPN. It’s probably a good idea to have one; setting one up has been on my todo list forever. I’ll be setting it up this weekend. Let me know if you’re interested and I’ll share how it went.

[1] In some cases, “brother-in-law” counts as a “friend.”
[2] To oversimplify, every computer on the internet has a unique number identifying it, called the “Internet Protocol address,” or IP address for short, that looks something like this: “” When you type in a domain name in the address bar in your browser, such as “” or “” or even “,” that has to be translated into an IP address. The mapping from domain names to IP addresses is handled by something called a domain name server, or DNS for short. So loading a web page takes at least two steps: first, your computer calls a DNS and asks for the right IP address; then it calls that IP address to get the web page. All of which means that the company that runs your DNS server knows every website you visit – not what you do there, but that you’ve gone there. Not as big a security risk as the details, but consequential. If you want to actually understand all that, this YouTube video might help.

About dondo

Leave a Reply

Your email address will not be published. Required fields are marked *

Are you a spambot? *