@Cameron
Agreed that most people in the developed world do not need a VPN. There are no restrictions or censorships in place to actually warrant it.
Brooke said:
@Cameron
Agreed that most people in the developed world do not need a VPN. There are no restrictions or censorships in place to actually warrant it.
Or if your internet is provided by someone else (parents, college, your landlord, etc.) and you have concerns about accessing content directly and it being logged somewhere. I have a friends whose dad used to check the router logs etc. Controlling as fuck of course.
@Nash
Controlling? Surely you meant parenting. You know, what parents are supposed to do.
Freddie said:
@Nash
Controlling? Surely you meant parenting. You know, what parents are supposed to do.
My friend was in their early 20s, but still living at home. It’s not parenting to check your router logs to make sure your adult children aren’t on dating sites or watching things you don’t approve of.
It’s obviously different from me occasionally checking my 8 year old’s history on their iPad.
Roux said:
@Sparrow
If I use a VPN can people steal my session cookies or save me from man in the middle attacks
Since everything is HTTPS nowadays it’s all encrypted even without a VPN. If someone is trying to man in the middle attack you the browser is going to bring up a large warning saying “Stop what you are doing. I do not trust this website”.
Brooke said:
@Cameron
Agreed that most people in the developed world do not need a VPN. There are no restrictions or censorships in place to actually warrant it.
Unless you live in a bumfuck state and don’t want to have to do bullshit age verification to watch porn lol
Brooke said:
@Cameron
Agreed that most people in the developed world do not need a VPN. There are no restrictions or censorships in place to actually warrant it.
Sure there are, there are plenty of examples. Gambling restrictions are a common one, geo-locked content on streaming sites, blocking of torrent sites, etc.
Brooke said:
@Cameron
Agreed that most people in the developed world do not need a VPN. There are no restrictions or censorships in place to actually warrant it.
unfortunately this is becoming increasingly untrue as our government has basically turned USA into 50 individual countries who can do whatever they want, and the ones with a more right wing christofascist government are already putting draconian age verification laws in place so that porn sites have to literally ask you to upload a picture of your ID to use them. for that, VPN is mandatory. I’m way over 18 and i’d rather cut my dick off than let a porn site store my driver’s license in one of their databases.
@Sparrow
I would argue it still isn’t a bad idea because it enables privacy. No one on the public network can know what sites you’re visiting and when. On top of that, it protects you when sites fuck up and don’t have encryption on a connection.
On top of THAT, not all sites define their CSP very well, or at all. If they have a piece of media that uses an HTTP connection, that’s absolutely an attack vector that can be exploited. Using a VPN to obfuscate what sites you’re accessing ensures that, even if a bad actor on public WiFi knows of a(n) XSS vulnerability for the site you’re on, they won’t know nor be able to take advantage of it.
@Lex
To be clear, I never said it was a bad idea to use one. I actually pay for a VPN and use it on occasion. However, all the ads for services like Nord and so on are ridiculously misleading.
Sparrow said:
@Lex
To be clear, I never said it was a bad idea to use one. I actually pay for a VPN and use it on occasion. However, all the ads for services like Nord and so on are ridiculously misleading.
I pay for a VPN as well as host my own private one, each has different purposes. I’m absolutely in a small niche of users though, especially small since I’m the type of person who has actually given a presentation on VPNs at an InfoSec meeting (not a conference, just a regional DEFCON chapter). For most people I would just recommend using cellular data rather than a public hotspot these days.
Sparrow said:
@Lex
To be clear, I never said it was a bad idea to use one. I actually pay for a VPN and use it on occasion. However, all the ads for services like Nord and so on are ridiculously misleading.
Oh absolutely agreed, and I wasn’t trying to correct you, but someone who isn’t well versed in this topic might take that information and conclude “So it’s pointless to use one”, which isn’t true, it’s just less useful than it used to be
Sparrow said:
@Lex
To be clear, I never said it was a bad idea to use one. I actually pay for a VPN and use it on occasion. However, all the ads for services like Nord and so on are ridiculously misleading.
Yeah the only ones worth using are Proton and Mullvad. I think maybe PIA bevause they have a history of not handing over data.
@Tenzin
IIRC the thing with PIA isn’t just that they don’t hand it over, but they never generate that data in the first place which means there’s quite literally nothing they even could hand over
@Lex
Re: Privacy, your ISP won’t know anymore, but some other company will, all the VPN does is shift the trust to someone else.
Who do you trust more? The ISP who has a large number of regulations and policies which they are required to follow to even operate or exist? Or the potentially sketchy 3rd party VPN provider who operates in another country, outside your local laws and legal jurisdiction.
It’s a question only the user can answer but certainly something they should be considering.
@Clayton
ISPs in my country (the US) are absolutely allowed to not only capture data, but also sell it.
Meanwhile, a VPN that says they don’t log would be committing fraud, a crime, if they did log.
So you’ve got the analysis mostly backwards, at least if you’re talking about the US.
@Sonny
Highly dependent on your country then.
@Lex
If you access a non-encrypted resource though, a VPN only encrypts it up to the VPN endpoint. Between there and the destination server it’s still being transmitted in the clear. So their marketing is still misleading.
If the owner of the cafe whose WiFi you’re using is spying on you, you can punch them right in the face and refuse to go there anymore. What are you going to do if it’s the VPN provider themselves, their ISP, the destination website’s ISP, or any of the dozens of companies you’ve never heard of who handle the traffic in between that are analysing or modifying your unencrypted traffic? You’re still vulnerable to the same attacks, the VPN just offers a false sense of security. How many cafe owners do you know are committing XSS attacks on their customers?
@Dru
The point is that if a public network is compromised, it protects you there. It’s much more likely for there to be a malicious actor on public WiFi than between ISPs networks.
Having security at the entrance to a building won’t protect you if someone enters through a second story window, but bad actors are much more likely to try the entrance to a building than a second story window
@Lex
Yeah, but “possibly more secure if you don’t trust the public WiFi operator” isn’t what VPN providers are marketing, is the point.
It’s like selling a car that comes with seatbelts advertised as keeping you safe. Except they neglect to tell you that the seatbelt only works in parking lots where most accidents occur.