Use a VPN for everything.

... if you own and trust the VPN server and exit arrangements then this is true.

But it would have to be outside the UK to avoid the same fate, since you are in the UK, this makes it harder to trust the service provider and their security services not to find your "foreign" traffic very interesting and not subject to their laws protecting their own citizens' data.

A lot of "we don't keep logs" vpn providers were found to very much keep logs of all your traffic. Some of the people in the VPN business are the last ones you would want to see all your traffic.

Tor might work, or at least change the threat model, but it cannot be used as a high bandwidth proxy.

This is what I have done since the original snooper's charter came out. It is not perfect -- I am sure that GCHQ etc have got pretty good at correlation attacks -- but by encrypting _everything_ BT, Virgin Media etc. will just get a list containing exactly one IP and a month-long connection time.

Secondly, I really recommend Andrews & Arnolds [1] as an ISP if you can only get ADSL. I don't use them at home because I need the bandwidth afforded by cable -- for which there is one supplier in my town, Virgin (bah!) -- but AAISP supply my mother's home and are genuinely amazing. She had some issues due to BT and they let me raise an issue via IRC; the few times I have had to get in touch with them it's been an absolute pleasure; they disclose their support as "xkcd/806 compliant". Their owner also is a strong campaigner for digital privacy.

[1]

Thanks for mentioning AAISP, I will check them out.

I'm currently with a BT reseller and am thoroughly disappointed with the service so looking to move.

Do you have any recommendations for VPN providers?

This one's frequently suggested: https://mullvad.net/en/

You can pay by cash or cryptocurrencies, you don't need to provide them with your email address, headquartered in the EU, Mozilla's VPN is a partnership with them, open source clients with reproducible builds, WireGuard support.

Also, no logins, just a single string of numbers as your account number. So no one can go to mullvad and say "gimme the deets for criminal@gmail.com", which is nice.

Just to catch up, thank you, I used mullvad and been happy. Connecting to Germany or Netherlands is no problem for speed.

I personally have used two: cryptostorm and mullvad. Both were good, mullvad was better (and has regular independent audits: see, e.g. https://cure53.de/pentest-report_mullvad_2020_v2.pdf)

Also thank you! I went with Mullvad and it has been good!

+1 for Andrews & Arnolds.

Isn't this almost exactly the use-case for a VPN: one well-defined snooping adversary? If one _assumes_ that the VPN provider doesn't lie (or at the very least is independently audited) and has a server beyond your jurisdiction then isn't moving the root of trust away from your un-trustworthy ISP the right thing to do?

If you have the right skills, it's not hard to set up Squid or your choice of other proxy software in the EU (eg outside the UK), and direct your browsing traffic over it.

Latency from the UK to (say) Germany or the Netherlands isn't too bad either.