For some reason my current ISP gives me unreliable connection to some sites. Some of the symptoms are indefinite loading of some pages for some websites, inability to download some media extensions such as .swf, weird server response to port redirection, etc. I have to switch to my mobile phone ISP to know that there is something going on with my primary ISP.

The reason this is not so obvious at first is that there are no HTTP 404 response code or any error, it just loads indefinitely until the browser times out. I suspect there is a deliberate filtering/dropping of packets in the ISP side.

One day my son needs to open .swf flash file from his school's website for his assignment. At first I thought it was a problem on the server-side but I learned that some of his classmates were able to download the file (but majority wasn't able to). I switched to my mobile ISP and used tethering and voila it is indeed downloadable!

For a very long time I knew how Virtual Private Network (VPN) works but I reckon that these are only for people that are over-sensitive with their privacy, people who wants to cheat on their geographical location to use services that are only permitted to certain countries, or hackers that don't want to be traced. Now I have a reason to use VPN i.e. fix my internet access due to defective access rules set by ISPs. Now I don't have any opinion on internet censorship especially if it's reasonable however if ISPs are going to filter things they have to make sure that their administrators are competitive enough not to break things that are supposed to work!

For the uninitiated, when you browse a website your browser first request the correct IP address of that website through a DNS server. The DNS server will respond with the IP address of that website to your browser and the browser will subsequently request the page of the website via its IP address.

Having said this, there are several strategy an ISP can block access to websites. Examples are TCP/IP header/content filtering, IP blocking, DNS tampering, or proxy filtering. Now I'd like to test the degree of privacy a VPN provider gives if it not only encrypt the contents of the page I browse to protect against TCP/IP content filtering, it should also not leak my browser's DNS requests. It is only then I can be sure that my internet connection is tamper proof and private. Even if you're browsing a supposedly secure (HTTPS) website, your ISP still knows the website you just browsed and they can elect to block it. Even if you are using a VPN service some of it are known to leak DNS request.

I decided to use PIA which is available for Android, Windows, Mac, IOS, and as Chrome extension. It cost me about $3.33 a month if you pay annual and is about 8.75% of my monthly intenet cost. I haven't really checked for free services but this blog isn't about best VPN services.

I used Wireshark to inspect my DNS request TCP/IP packets when browsing https://dhilar.io without PIA VPN here are the results:

3	1.218071000	192.168.0.105	192.168.0.1	DNS	69	Standard query 0x4be4  A dhilar.io
4	1.223400000	192.168.0.1	192.168.0.105	DNS	85	Standard query response 0x4be4  A 172.104.100.101

As you can see, the packets contain the domain name you want to browse and correctly returned its public IP address, which is 172.104.100.101, even if the site is using HTTPS. Any ISP can block it if it wants to via DNS tampering, IP address blocking, proxy filtering, etc.

These are the packets sent and received when requesting DNS when PIA VPN is enabled using Hongkong as its region:

3	3.917570000	192.168.0.105	192.168.0.1	DNS	94	Standard query 0x960a  A https-hk.privateinternetaccess.com
4	3.921438000	192.168.0.1	192.168.0.105	DNS	158	Standard query response 0x960a  A 161.202.44.71 A 161.202.44.74 A 119.81.253.243 A 119.81.135.59

Here you can see that it is accessing the domain https-hk.privateinternetaccess.com instead of dhilar.io. So when VPN is enabled it's actually using the HK-based DNS to lookup the IP address of dhilar.io and all contents you request from it are all encrypted. No ISP can filter or block the things you browse or download since it cannot even sense the domain names you are trying to access. All it can see is that all request and response come and go through the HK-based region server/s. By the way, there are 36 VPN regions on my count for PIA.

All-in-all I was able to finally fix my internet access, load all web pages and download all types of files using this tool. As a bonus, I now have absolute privacy and peace of mind when browsing the internet.