Untrusted new ISP, any tips apart from VPN?

So our household has grown out of our wired ancient aDSL and we have now moved to a fiber connection. The problem is, the privacy policy isnt really clear. It isnt even a “privacy policy” per se - it is weirdly worded as “privacy notice” which seems to imply that there really isnt privacy apart from the usual ISP analytics running through their side of the internet to be sold for advertisement purposes.

What annoys me out is that the ONT they use at our end is Huawei which doesnt really inspire confidence when it comes to privacy and there really isnt an alternative apart from moving to another city. What creeps me out is that I couldnt remove the WiFi antenna at all. I cant see any screws so i dont think I can disassemble it. I cam see some exposed wires that I can potentially cut that goes to the antenna but that is it. I know it wont totally block out the wi-fi signal - it just weakens it significantly hoping that it will be functionally useless.

So, is there any more to do apart from “put the entire household under a VPN”?

Can I do better than having a pfSense router between me and the ISP provided optical network terminal (the fiber “modem”)?

Should I even cut the wires going to the WiFi antenna?

Any suggestions? Insights? Thanks guys.

1 Like

Some relevant results from a search of past topics:

I assume you already know the common defenses, like making sure you use HTTPS website addresses, routing your traffic through a virtual private network, and switching to a privacy-conscious domain name server. Advocacy is the best next step, to fight for your rights and the rights of others.

I suggest first taking your service provider to task. Call them and ask to see their privacy policy. Even though they should have a publicly-accessible privacy policy, perhaps theirs is in an obscure web page or long-forgotten document. If so, ask why that is. If they don’t have one or redirect you to their notice, ask why they aren’t formally committed to a policy and if that violates their jurisdiction’s laws.

If they still refuse to provide a policy, you can tattle on your provider. If you’re in any of these countries, you can make a complaint with your information comissioner in Australia¹, Canada, and United Kingdom. If you’re somewhere in the European Union, you can contact your national data protection authority thanks to GDPR. Meanwhile in the United States, you can file a complaint with your state or territory attorney general. And if I missed your country, you may have a government official in charge of consumer protection who can receive complaints.

For bigger impact, you can also take the issue to a consumer or privacy advocacy organization. They may have the power to apply further pressure on your service provider. Here are a few:

  1. Australia: There are many other officials and advocacy groups you can contact. The Australian Privacy Foundation has an entire guide on how to make a complaint.
1 Like

I don’t see the point of asking your ISP about a privacy policy. You should just assume the worst case scenario and do what you can to mitigate it.

I strongly recommend you get a OpenWRT router which you can configure to your liking. If you are not familiar with OpenWRT it is a open-source router OS that you flash common consumer routers with, giving you total control and freedom from your ISP issued router.

Since you have a ONT which I presume is a consumer fiber modem, you should see if you can access its admin web panel. If you can (try accessing the usual via HTTP or similar IP’s or check your default gateway IP) then you can disable its WiFi and make your OpenWRT router handle it instead. You might also be able to put the ONT in a “bridge mode” which will just forward any traffic from the ONT to your OpenWRT router, essentially making your ONT a “dumb” device.

If you do not have access to the ONT admin web panel you can still use OpenWRT to take care of the firewall and traffic. See this Router vs Switch vs Gateway article to figure out which one is for you.

OpenWRT supports a large variety of routers. You can check which ones are supported here. They also have a forum post about cheap routers and enthusiast routers. The difference between the two is that cheap routers usually only support up to 200 Mbit/s connections while enthusiast routers can go up to 1 Gbit/s but are generally more expensive. It all depends on the speed you get from your ISP and your needs.

As to what you can do once you have a OpenWRT router: You mentioned VPN which is a good idea, you could do a router-level VPN setup. You can also implement DNS over TLS or DNS over HTTPS, that way your ISP cannot see what domains you are connecting to. Another idea is to implement some kind of router level Ad blocking.

You are welcome to ask me questions but I recommend asking on the OpenWRT forum because it has a lot more activity and usually the question has been asked before, so use the search function or start a new thread.

1 Like