-40
submitted 10 months ago by corbin@infosec.pub to c/technology@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] DerisionConsulting@lemmy.ca 27 points 10 months ago

The article is correct that most VPN ads are full of lies, but that doesn't mean that people don't still need them.

[-] sugar_in_your_tea@sh.itjust.works 13 points 10 months ago

Exactly.

Yes, it hides your IP, but that's not all that important if you have a competent ISP or firewall on your router in terms of security (it's more important for privacy). Yes, it (usually) encrypts your traffic, but so does pretty much every website, and adding a second layer doesn't meaningfully improve things.

VPNs are important for privacy, that's it. They change where your traffic appears to come from so people (attackers and servers alike) can't tell where you're accessing it from. That's it, and that's a pretty important thing, especially in this day and age with swatting and whatnot.

[-] solidgrue@lemmy.world 4 points 10 months ago

I happen to agree, but want to add that the thesis is "most people don't need a VPN," which is arguably true. Most people simply aren't that interesting, and aren't at risk of being individualky targeted by a motivated adversary or hostile nation state. As long as they're using HTTPS while doing so, most people no more at risk shopping online, reading email, doing Social Media, or conducting banking at a Starbucks than they are in their own living room. That threat picture looks like DNS profiling, MAC address harvesting, maybe browser user agent fingerprinting, or DHCP device fingerprinting. Just run-of-the-mill data harvesting, and usually only for market research. Most apps rely on TLS or SSL which is generally secure, but leak info at the lower level utility protocols like DNS and DHCP. If you didn't disable DNS over HTTPS (DoH) on your device and otherwise follow reasonable online hygiene, your data and gour identity is likely secure¹.

Now: be a journalist, activist, organizer, politician even of local school board stature, dissident, expat or artist/performer of any notoriety, and congratulations! You have a complicated threat picture! Proceed to Go, retain a trustworthy IT firm, and work with them to furnish and maintain a private OpenVPN or Wireguard service on your behalf at a public VPS, also being sure to do your diligence and ask for a copy of their certificate of insurance from their cyber insurance underwriters.

Anyway, unless a person has a technical reason to access private resources, or has a more-than-mundane threat picture in their life, a VPN is just a waste of overhead.

-- ¹ Not you, T-Mobile user.

this post was submitted on 01 Jan 2024
-40 points (23.0% liked)

Technology

34878 readers
48 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS