There is NO privacy on the web...

[Lila Bednar]

Back in 2016, the FCC finally was able to impose new rules on internet service providers (ISPs) that required them to get a customer's permission before they could share that customer's private information (like a report on all the web sites they visited) with any other firm, entity, etc.  Good summary is here:  Old FCC Privacy Rules

But in the new administration's zeal to make everything about business able to do anything in the name of "repealing regulations", the new Republican-appointed FCC chairman drove through a repeal of those rules.  FCC Allows Sale of Personal Data

So whoever you get your internet through now has the perfect right to sell data about your browsing history to marketers and other companies, including information on customer location, as well as as financial or health status information, and what people shop and search for.

So realize that no matter who provides your internet access--whether on a mobile device or laptop or desktop--you and your information are "for sale", unless you're using a VPN or otherwise private, encrypted method of connection.  And even then, if you're purchasing something, the firm you're buying from has record of what you bought and those records may very well also be for sale, but that's a separate topic..... 

[The magic Pencil animations]

I believe that you title holds, no matter what.  The is NO privacy.

I am not an expert, but HTTPS requires an exchange between the server and the user device to set up the encryption.  Since this exchange goes over your provider's network, they can "capture the encryption and then "listen in" on whatever you do.

If you use a commercial VPN provider to (supposedly) obfuscate who and where you are, that provider can also "listen in" and sell anything they learn.

Hence, there is NO PRIVACY.

[The magic Pencil animations]

Sorry = YOUR title holds...

[bill ruggirello]

HTTPS would be useless if there were anything in the clear that would compromise it!

This is a simple explanation and there may be some details missing, but I think you will get the picture.

Encryption involves 4 keys, a public key and a private key for both the client and the server. The public key is used to encrypt the data, the private key is used to decrypt the data. The client has 2 keys, the server's public key and the client's private key. The server has 2 keys, the client's public key and the server's private key. The only thing that is sent in the clear are public keys and maybe only the client's but anybody can get a public key from anybody else and they are not necessarily the same.

The client starts by sending the server its public key. The server sends back its public key encrypted with the client's public key (but maybe not - it doesn't matter it is public). The communication continues with each party encrypting the data with the other's public key. ONLY the private key can decrypt the message and the private key never leaves the owner's computer.

The IP information is not encrypted, so anyone can determine WHO you are communicating with.

VPN encrypts the WHOLE packet and adds the IP of the VPN server. So anyone can tell where those packets are going but they cannot determine the final destination which is encrypted. Some VPN servers only have one IP address. Some have a range and some have random IPs, which makes it more difficult to determine that you are using a VPN (good for Chinese).

When the packets leave the VPN server to the final destination they are in the format you would have sent them (http or https) had you not used a VPN server except the return IP is the VPN server. Anyone looking at those packets have no idea what the originating (your) IP was. The packets is then returned thru the VPN server reversing the process.

VPN services all have differing policies on data retention, payment means etc. If you want total anonymity get a service that stores NO data except traffic volume. They all must do that to manager their systems. Any USA based services must comply with US law, and other country based services must comply with their laws. Therefore you need to do your homework to determine which service is based in the best country for anonymity. NOT USA.

Do not forget, if you do not pay with BitCoin, there will be a paper trail. Many services have that option.

Clear?