To VPN or not to VPN

not-a-rola

Hulk First they're like:

VPNs give nearly no security benefit, as over 95% of websites that people actually use already support HTTPS, which encrypts your connection.

But then:

When using a VPN, you send all of your internet traffic to a single server, and they can do whatever they want with it. You have to trust them fully not to do anything malicious.

🤡

Johnnyloans

not-a-rola

It is true that the vast majority of people would not benefit from a vpn. Basically 100% of VPN ads are lies. I've only used it for region blocks or to vpn into my home lab.

An explanation of the quotes:
1) Your traffic is inherently encrypted, encrypting it again won't help for MITM attacks. Your data will reach it's destination privately.
2) The crux of my first sentence.
Do you think there's a difference between me using google apps in Amsterdam or Berlin? Is one inherently going to stop data collection on me?
No, VPN just makes it look like your traffic originated from a different location. I will still send out metadata to the app/service I'm using, they see that I stop scrolling on a cool car video in their app, etc

Yes, there are minor, regional laws but I haven't heard of a privacy utopia to reside.

It only takes a few data points to identify someone or narrow it down to a few. Just knowing 5 apps on your phone is probably enough. Vanadium has a unique fingerprint even if you browse anonymously.

Johnnyloans

not-a-rola

Sorry, I shouldn't have used rhetorical questions in my earlier reply, it's rude of me.

vtek The vast majority are owned by a very small number of massively unethical companies.

These few companies are everywhere: ads, analytics, B2B services.

See here about healthcare providers using Facebook services.
https://discuss.grapheneos.org/d/33657-google-play-storeservices-sandboxing-is-unclear-in-usage-guide/32

what about ISP's injecting data

Only possible if the site is not https (the lock incon by the URL) or somehow installed a root CA on your device. Theres a big warning in the web browsee about the site being unsafe if it's http or something wrong with their certificate.

Oh ya forgot VPNs are good for public trackers. It's insane so many trackers feel like they are the ones with ownership over copyrighted work they didnt make by renaming scene releases to know if anyone "stole" it from them to upload elsewhere.

privacy ... blending in

You can't really have an anonymous set of data.
https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds

All it takes is for 1 of the few companies to implement something like that Facebook funny business I mentioned, now they have a list of everyone from that ip address. People could be identified from a sea of millions anyway.

DohnJoe

not-a-rola

I am sorry I naively can't see the point you are trying to make.
It seems to me that both of the sentences you quoted are against VPN in general (?)

vtek

Winston i'll never understand the "vpn's are useless/dumb besides for a small minority" crowd

The vast majority are owned by a very small number of massively unethical companies. See also...

Johnnyloans Basically 100% of VPN ads are lies.

That is 99.9% true. There exceedingly few VPN's that can be trusted IMO; Azire (just announced a 3rd party audit today, BTW), Mullvad and IVPN are 3 i'm more familiar with. Of those, only Azire and Mullvad physically own their servers (Azire, all - Mullvad, only those in Sweden).

It is true that the vast majority of people would not benefit from a vpn.

Fingerprinting aside, what about ISP's injecting data (ads, etc.) in your stream? Do they not still do this?

I think there's other benefits to a VPN also, such as shifting the point of attack to another IP. They are also essentially required for torrenting and, as you mentioned, defeating geo-fencing. I think there's still some benefit regarding the privacy/anti-FP aspect also, depending on browser configuration (blending in). So you get some benefits at very little cost, possibly less if you run your own server.

The DARK side of VPNs

It turns out that an overwhelming number of VPNs are actively harvesting and selling your data, capturing passwords / credentials / movements from your web activities, and doing all sorts of awful things.

not-a-rola

Johnnyloans I mostly use VPN to obfuscate my traffic and block local actors from snooping into it. Local authorities won't find out my networking whereabouts. Being able to melt with the crown is an additional perk.

Winston

Chipper he makes some good points in the video and its good to be mindful of these things no doubt, but dont let it add burden to your life....he has a bone to pick and he is making a point; recognize it for what it is and do with it what you will.
An excellent compromise for most people is (providers listed are just examples): bitwarden for pw manager, ente auth for 2fa provider, proton suite.

Chipper

Winston perhaps you meant something different if so disregard, with that said, avoiding burden is precisely not what one should do, we as people grow in response to difficulty or shrink in its absence, this applies psychologically and biologically as in hormetic stressors, we see this pattern in many systems micro and macro, muscles grow from training, we develop tolerance to poison's when exposed to incrementally larger amounts, our brains form more connections between neurons from learning, children develop self confidence and resilience through incrementally larger challenges which they are allowed to solve themselves.. Etc etc, and the reverse is true.... I really hope that we are not at a stage where a simple reminder of good security practise is perceived by people as to burdensome to bother with.
You may mean well by your suggestion but in doing so you are advocating for managed decline.

Winston

Chipper im not suggesting people do nothing and become slobs.... Most people would be doing a lot to up their security and privacy while it being a manageable load. Its common knowledge if its too difficult or labor intensive then people dont do it; what i suggested is a very manageable setup. Your post of only choosing one service from proton is overkill imo and my point was that if you separate your 2fa, pw manager, and proton suite that is a good setup for most... Not sure where you got the idea im promoting weakness, its a rational compromise that is a great step and setup for almost all.

treenutz68

Apparently there is some evidence pointing to using a VPN making you subject to more scrutiny, especially by the US government:

https://www.wired.com/story/using-a-vpn-may-subject-you-to-nsa-spying/

Chipper

treenutz68 I personally use an always on VPN on all my systems and traffic solely for its e2e encryption, that I infact have nothing to hide makes it somewhat humorous to me that I may attract increased scrutiny. Any group or individual that believes it is reasonable behaviour to monitor a persons private data deserves to have there time and money wasted.

The-Man

Chipper

I side with the use of a VPN, I have three separate providers accounts and also heavily use Tor.
Depending on what mood I am in, I pick a provider, pick a server and away I go
I have nothing to hide, a well used phrase, but I have somethings I wish to withhold!

not-a-rola

DohnJoe First, they say there is no point for VPN as 95% of the web traffic is end-to-end encrypted anyway. Then they implore a VPN service provider can do smth bad with the traffic - despite it's being encrypted. I see it as a deliberate logical fallacy.

DohnJoe

not-a-rola Then they implore a VPN service provider can do smth bad with the traffic

Oh, I think I got your point :)

I think they are not referring to change network traffic on the fly for encrypted connections (even if they can see the whole tls handshake), I think they were generally speaking how it is possible to mangle the traffic.

Encryption starts only after tcp, they still have a lot of metadata to use against you (or to sell), plus a lot of protocols that are not encrypted, like dns, icmp, tcp, ip, and so on.

They could poison your DNSs (even DoH or DoT) if you do not esplicitly set something different, and starting from that they could try some MITM and/or inject some traffic.

There is a whole set of technically possible attacks, with/without encryption.

I think the general info they were using is the same "You must trust your VPN provider" we usually give in this forum, just in other terms.

That said, I can see how it might seem to be just another excuse they thrown to justify their hate on the matter.
Personally, I would say they are not wrong, even if I personally use Mullvad 24h to satisfy my peace of mind :)

Chipper

Winston You may not be proposing people become slobs but you did seem to assume it would be burdensome offering a compromise.

You also felt the need to cast aspersions on the authors motivation without any elaboration or evidence.

Given no one had mentioned considering this burdensome and i having watched much of the authors content having never found any reason to question their agenda or motivation for producing the content, your comment seems misplaced unless you find it burdensome and rather than just saying that you offered it as advice?

Winston

Chipper "ok bro". I was offering another viewpoint to potentially offer some aid, you dont have to take it. The Hated One dislikes proton and has a bone to pick with them, he essentially says this himself in interviews ive heard of him etc., that was my point with that. Switching providers/services due to an opinion from someone else, when everything works fine, imo, would be considered some extra burden for most ppl...if thats not you, great! I disagreed with the conclusion you had recently drawn from a video you shared and just wanted to add my 2¢ to offer you another perspective to chew on. All good.

fuyuka

It is extremely useful for protecting your network from apps or websites that transmit marketing data based on your IP address, or when your region attempts to censor content.
In particular, these restrictions are very severe in East Asia, and a VPN effectively mitigates them.

Other than that, it is only useful if you cannot trust your ISP.
A VPN routes your data through a data center server instead of your contracted ISP, while communication between your computer and the VPN is still handled by your contracted ISP.

A most of the privacy benefits touted by VPNs can be achieved more effectively by controlling your browser’s permissions and settings than by using a VPN. In fact, I still believe the marketing hype is excessive at this point. Mullvad is no exception.

IVPN is the only provider that has honestly addressed the misconceptions surrounding a VPN.

N1b

Do you trust your VPN more than your ISP?
Do you believe "security through obscurity" is not enough?
Do you want to give AI and data brokers a hard time to monetize your habits?
Do you believe that governments placed you under general suspicion anyway, no matter how much you open up?

If you answer yes to any of these questions, I'd say go with a reputable VPN (particularly Mullvad with their DAITA feature turned on). It's not a silver bullet, but probably a good corner stone in your threat model.

ToucanSam

I'm already using Tailscale full-time so it's trivial to buy the Mullvad add-on and select an exit node. Might as well launder your traffic.

presumesocial

Reading the replies in this topic is making me cry.
How is it possible that so many of you think ISP hides your IP just like a VPN does?
And why isn't the moderators censoring and banning everyone everyone who is spreading that misinformation?
The moderators seem conveniently selective about when they want to censor and ban people for what they claim is misinformation.
I'm very disappointed.
Where are all the people who have learned the basics of online privacy? I thought I would find them in the grapheneOS community.

But here is the truth:
VPN does hide the IP address you receive from your ISP. Your ISP does not hide it.
It's not enough to use a VPN to have anonymity. But if you don't hide your IP, then nothing else you do will matter.
Hiding your IP is one of many things necessary for anonymity. You can't skip this part.

de0u

presumesocial why isn't the moderators censoring and banning everyone everyone who is spreading that misinformation?
The moderators seem conveniently selective about when they want to censor and ban people for what they claim is misinformation.

The moderators ban users very rarely, typically after multiple warnings. The moderators rarely delete messages (more often they edit them, or post clarifications). They don't censor, because they are not a government.

presumesocial I'm very disappointed.

If the level of disappointment is sufficiently high it might make sense to explore other online forums that might better meet one's goals.

de0u

presumesocial Here is the truth: VPN does hide the IP address you receive from your ISP. Your ISP does not hide it.

What if some shady VPNs sell browsing history and some well-behaved IPSs don't? Is there a single worldwide "truth"?

« Previous Page Next Page »