You probably don't need a VPN (www.spacebar.news)
from corbin@infosec.pub to technology@lemmy.ml on 01 Jan 2024 19:23
https://infosec.pub/post/6674165

#technology

threaded - newest

DerisionConsulting@lemmy.ca on 01 Jan 2024 19:49 next collapse

The article is correct that most VPN ads are full of lies, but that doesn’t mean that people don’t still need them.

sugar_in_your_tea@sh.itjust.works on 01 Jan 2024 19:59 next collapse

Exactly.

Yes, it hides your IP, but that’s not all that important if you have a competent ISP or firewall on your router in terms of security (it’s more important for privacy). Yes, it (usually) encrypts your traffic, but so does pretty much every website, and adding a second layer doesn’t meaningfully improve things.

VPNs are important for privacy, that’s it. They change where your traffic appears to come from so people (attackers and servers alike) can’t tell where you’re accessing it from. That’s it, and that’s a pretty important thing, especially in this day and age with swatting and whatnot.

solidgrue@lemmy.world on 01 Jan 2024 21:27 collapse

I happen to agree, but want to add that the thesis is “most people don’t need a VPN,” which is arguably true. Most people simply aren’t that interesting, and aren’t at risk of being individualky targeted by a motivated adversary or hostile nation state. As long as they’re using HTTPS while doing so, most people no more at risk shopping online, reading email, doing Social Media, or conducting banking at a Starbucks than they are in their own living room. That threat picture looks like DNS profiling, MAC address harvesting, maybe browser user agent fingerprinting, or DHCP device fingerprinting. Just run-of-the-mill data harvesting, and usually only for market research. Most apps rely on TLS or SSL which is generally secure, but leak info at the lower level utility protocols like DNS and DHCP. If you didn’t disable DNS over HTTPS (DoH) on your device and otherwise follow reasonable online hygiene, your data and gour identity is likely secure¹.

Now: be a journalist, activist, organizer, politician even of local school board stature, dissident, expat or artist/performer of any notoriety, and congratulations! You have a complicated threat picture! Proceed to Go, retain a trustworthy IT firm, and work with them to furnish and maintain a private OpenVPN or Wireguard service on your behalf at a public VPS, also being sure to do your diligence and ask for a copy of their certificate of insurance from their cyber insurance underwriters.

Anyway, unless a person has a technical reason to access private resources, or has a more-than-mundane threat picture in their life, a VPN is just a waste of overhead.

– ¹ Not you, T-Mobile user.

[deleted] on 01 Jan 2024 20:01 next collapse

.

can@sh.itjust.works on 01 Jan 2024 20:57 collapse

Depending on your local laws it might not be an issue at all.

azimir@lemmy.ml on 01 Jan 2024 20:49 next collapse

VPNs are not the security panacea that marketers would have you think they are. Using a VPN does provide some obfuscation as to your origin, but it does change your trust model. The VPN service provider may tunnel your traffic through your ISP to hide data from the ISP, but now it’s visible to the VPN service provider instead.

There are plenty of use cases for a VPN, but just like any other technology or service, you need to know what it actually does so you know what it actually achieves or doesn’t achieve.

DeadNinja@lemmy.world on 01 Jan 2024 23:45 next collapse

Whenever I hear this argument

“Most people are not interesting enough to profile, so they don’t need this XYZ privacy tool…”

I always have this ready as a counter argument

"Only a stupid person would not care about pickpockets just because his wallet does not have much cash - a pickpocket will not ask you how much cash you have before picking your wallet, and even if your wallet turns up to be empty, the pickpocket is not going to be a gentleman and return that to you.

Tracking/profiling for Ads on the internet happen en masse; you are just one of a million data points that build a profile - it doesn’t care whether you as an individual are interesting or not".

wagoner@infosec.pub on 03 Jan 2024 12:11 collapse

Also, most “interesting” people were once not interesting at all. It’s naive to think that data gathered on us in the past cannot be used in the future.

nyakojiru@lemmy.dbzer0.com on 02 Jan 2024 17:02 next collapse

The big issue right now is that VPN services servers IP are getting massively banned from multiple platforms. There should something new araise to help on this.

mozz@mander.xyz on 01 Jan 2024 20:18 next collapse

Tor Browser is both free, and a hell of a lot more secure.

jet@hackertalks.com on 03 Jan 2024 11:32 collapse

Tor browser is not free. The cost is externalized. It is run by people who see value in the community.

If you use mullvad, or safing spn, your paying directly to support the network without externalized costs. Both are good options.

If you have the means, and ability, I highly recommend donating to run a Tor node or running one yourself.

donate.torproject.org

mozz@mander.xyz on 06 Jan 2024 19:00 collapse

Makes sense. I don’t use Tor for much of anything, just have an awareness of it, but I do donate money to lemmy.world and SDF for pretty much exactly this reason.

cmnybo@discuss.tchncs.de on 01 Jan 2024 22:15 collapse

A good use for a VPN is getting around CGNAT, however what most VPN providers have is useless for that because they don’t allow client to client or inbound connections.