this post was submitted on 01 Jan 2024
83 points (100.0% liked)

Technology

37603 readers
538 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
83
You probably don't need a VPN (www.spacebar.news)
submitted 8 months ago by corbin@infosec.pub to c/technology@beehaw.org
69 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Midnight@slrpnk.net 44 points 8 months ago (8 children)

Another reason to use a VPN is that ISPs have every motive to sell your browsing data and they do. Unlike many other groups tracking you, your ISP inherently has your meatspace name, address, and payment information making their data easily collatable and very valuable.

If you use the default DNS on their provided router they can even tell if someone purchased an XBox, Playstation, or any other smart device just from update and telemetry lookups.

As the article says, by using a VPN youre using someone else's ISP making that info worthless.

If your threat model includes preventing ad networks from gathering data, a VPN absolutely is a tool to prevent that. Do you have to pay for a service? Probably not if you're technical enough; a VM in a data center is probably sufficient.

[–] derbis@beehaw.org 34 points 8 months ago* (last edited 8 months ago) (1 children)

Yep. BIG deficiency in this article. I don't use a VPN because of shadowy "hackers" who sit in front of their keyboards with a pistol and a balaclava. I use it because ISPs and governments have demonstrated they can't be trusted.

How about this?

I live in the United States, where I already have no digital privacy, and tunneling my internet traffic through a VPN owned and operated in another country won't meaningfully improve my privacy or safety

Uh, what? If someone wants my traffic logs in the US, now they have to go through Mullvad, which has a track record of not providing or collecting it.

They don't even know who I am, much less have all the data that my ISP has about me. So selling it would be pretty useless

Oh last edit: turns out this is the guy who was trying to well ackshually us into thinking Chrome nerfing ad blockers is not a big deal.

[–] mateomaui@reddthat.com 8 points 8 months ago* (last edited 8 months ago)

Yeah, part of it reads like he was paid to do it, just without including obvious marketing links so he can claim in the article that he wasn’t. Ending the article with valid use cases seems like preventing anyone saying he left out valid reasons, but after a wall of text that could make less savvy users do a “TL;DR: VPN not needed” before they got to that part. I’d respect it more if he led off with the same short description of valid uses, especially considering the article title, then pivoted to where it could be irrelevant.

[–] smeg 13 points 8 months ago (1 children)

ISPs have every motive to sell your browsing data and they do

That sounds very illegal under the GDPR

[–] scrubbles@poptalk.scrubbles.tech 11 points 8 months ago (1 children)

Oh, if us in America were as privacy minded as the EU. People here gladly hand over every bit of data about themselves either to feel safer or just to save 10 cents on groceries.

[–] smeg 1 points 8 months ago

People do that everywhere, the only difference is the laws that cover what can be done with that data

[–] beefcat@beehaw.org 10 points 8 months ago* (last edited 8 months ago) (1 children)

Do you have to pay for a service? Probably not if you're technical enough; a VM in a data center is probably sufficient.

Where are you getting free VM hosting?

also, i feel like most of your argument is rendered moot with encrypted dns solutions like DoH.

[–] Midnight@slrpnk.net 1 points 8 months ago (1 children)

Where are you getting free VM hosting?

The comment was in reference to VPN services. Sadly, given theres no right to privacy, you must pay to not be tracked.

i feel like most of your argument is rendered moot with encrypted dns solutions like DoH.

You misunderstand. Large ISPs run their own DNS servers which are preconfigured into the devices they sell. They are the intended recipient and you'd just be encrypting it in transit to their servers.

[–] beefcat@beehaw.org 3 points 8 months ago* (last edited 8 months ago)

i don’t think many ISPs even offer encrypted DNS, i’m talking about using a third party dns. you can set up a standard dns endpoint that uses DoH upstream to the server of your choice. cloudflared makes this really easy if you are happy using their dns, and you can even have it sit upstream of something like pihole, giving your whole home network dns tracking protection and ad blocking without the overhead of a VPN.

[–] corsicanguppy@lemmy.ca 9 points 8 months ago (1 children)

VM in a data center is probably sufficient.

Um, those aren't cost-free.

[–] IcyPenguin@beehaw.org 2 points 8 months ago

Oracle Cloud has a free tier and this video shows you how to set up your own VPN there. I wouldn't really recommend this as a free VPN solution though. If you need something that's free, go with Proton VPN's free tier, Proton is pretty trustworthy and they are very upfront about their business model...

[–] sonori@beehaw.org 7 points 8 months ago (1 children)

You could also just set your DNS to one of the many free DNSSEC providers. That’s even more secure because there are fewer middle men who can track you. After all, while your ISP may not be able to see that DNS traffic, if you arn’t using DNSSEC anyway then your VPN and their upstream provider can.

Besides, nearly all tracking nowadays uses third party browser fingerprinting, which a VPN does nothing about. Practically, a VPN is far more security theater than actual security.

Also, isn’t it funny that sending all your data though a second nation where it no longer legally counts as Amarican internet traffic became really well advertised right after a major scandal came out where the NSA was illegally monitoring American traffic, and more protections were put in place to keep them from doing it again?

You don’t even need the VPN company to be in on it, a group like the NSA can pretty easily compromise a “no logs” VPN’s technical infrastructure or that of their upstream provider, and they’re even got people who feel like they have something to hide to self select for it to cut down on the amount of boring traffic in the first place.

[–] starkzarn@infosec.pub 7 points 8 months ago (1 children)

This is absolutely not what DNSSEC is. DNSSEC provides authenticity of the response, not privacy. You're describing a means of encrypted name resolution, like dns-over-tls, dns-over-https, etc.

[–] sonori@beehaw.org 2 points 8 months ago (1 children)

Right, I had just responded off the top of my head and got the name wrong. Point still stands.

[–] starkzarn@infosec.pub 1 points 8 months ago (1 children)

Potentially, but precision is important, especially if you're going to make sweeping claims about a topic, acting as an authority.

[–] sonori@beehaw.org 1 points 8 months ago

I mean it was just mixing up two similar names, the point remains the same.

[–] HeartyBeast@kbin.social 2 points 8 months ago

Thank goodness we absolutely know for certain that no VPN would ever sell your browsing data.

[–] gaael@beehaw.org 1 points 8 months ago

meatspace name I laughed reading this, it has a strong SMBC vibe :)