My question is simple! How to get maximum (Possible) privacy from ISP in case someone can’t or don’t want to use a vpn ?
Fir example, In some case tor browser is enough for many but they still need from a privacy from isp on other activities on mobile.
The only thing you gain from VPN is that the target server does not know your IP.
HTTPS is safe anyway and as such also the content of what you do.
The only other way you may leak information are DNS queries.
Not necessarily true. A VPN also prevents the ISP from collecting data on all of your connections. Currently ISPs (in the US at least) collect and sell what sites you visit even if they can’t see the data due to HTTPS. Additionally, some have implemented, but then removed due to backlash but may implement again some day, MitM attacks on HTTPS connections in order to insert ads. Using a trusted DNS server that they don’t also intercept can help avoid this, though. With a VPN the ISP won’t see any of this, only the connection to the VPN server and have no way to insert themselves as long as they don’t intercept the VPN connection itself before it’s established.
without encrypted client hello (which isn’t really adopted) the hostname ist submitted in plaintext, unencrypted. so the ISP can totally see which websites you‘re going to, even it you use a secure dns server
That should only happen with SNI, no?
What to do about dns queries? In the privacyguides video i saw when we use a encrypted dns isp only see the ip address. So queries are hidden right ?
The queries are known to the DNS provider. Only thing is to use one you trust.
Couldn’t you run a DNS resolver that pings the authoritative servers directly? Yes initial requests will be slower
Who says the authoritative servers aren’t logging requests?
True but it seems to me that it’s an advantage to have your IP logged in this more decentralized way. most resolvers also cache the answers so it would be only logged the first time you visit a website.