I feel as though most Tildes users probably already know this, but I think it's still a useful piece of information to spread. Especially with how pervasive VPNs are becoming in online content....
I feel as though most Tildes users probably already know this, but I think it's still a useful piece of information to spread. Especially with how pervasive VPNs are becoming in online content. Most people simply do not need one and I'm increasingly troubled by how many people are making the mistake I made years ago of getting a VPN for things that don't need a VPN or won't be solved by having one.
Both of these things are very true, and the point-by-point fact check in the video is good, but I think it's a bit of a shame that the "privacy for its own sake" angle is played down and somewhat...
Most people simply do not need one and I'm increasingly troubled by how many people are making the mistake I made years ago of getting a VPN for things that don't need a VPN or won't be solved by having one.
Both of these things are very true, and the point-by-point fact check in the video is good, but I think it's a bit of a shame that the "privacy for its own sake" angle is played down and somewhat mocked.
You don't need to be a pirate assassin to think it's none of your ISPs business (nor that of every hotspot you connect to, many of which grab identifying data at connection time) which sites you're visiting.
This is a very good point, but I feel as though a lot of people are going to look at VPNs as the one-stop solution to a problem they think they have, instead of one piece of a bigger solution to a...
This is a very good point, but I feel as though a lot of people are going to look at VPNs as the one-stop solution to a problem they think they have, instead of one piece of a bigger solution to a problem we collectively have. Having a VPN doesn't necessarily block your ISP or other 3d parties from tracking you unless you take extra steps, steps people who get NordVPN from a podcast referral might just not know to take. What we need is a change in the conversation around digital rights and our policies regarding them, and I feel as though people getting a VPN is going to give them an easy "out". After all why bother with the systemic issues if you just push the button to be safe, right?
I'm particularly annoyed by some ExpressVPN spots I've been hearing lately in my mainstream (read: non-technical) podcasts. They open by invoking the threat of corporate data breaches, and...
I'm particularly annoyed by some ExpressVPN spots I've been hearing lately in my mainstream (read: non-technical) podcasts. They open by invoking the threat of corporate data breaches, and conclude by saying "protect your data privacy with ExpressVPN" or something to that effect. It's deliberately misleading; a VPN will do nothing to protect data held by a company about you from getting breached.
I disagree with your statement that "most people simply do not need" a VPN. In the post-Snowden internet era, when ISPs and governments are collaborating to surveil on the public at large, it behooves everyone to send all their data through an encrypted tunnel, regardless of the content of that data or perceived need for secrecy. The important part, however, is partnering with a trustworthy VPN provider that doesn't have its own ulterior plans.
I don't know what ExpressVPN's plans are specifically, but their obfuscatory marketing has really soured them for me as a company. Consumers in the market for a VPN would do well to understand why they want one, and search for providers based on their technical merits, transparency, and track record.
Like you said you need the VPN to be trustworthy. Why? Because whatever the danger with your ISP is, is shifted over to your VPN provider, who may have a lot more reasons to have ulterior motives....
Like you said you need the VPN to be trustworthy. Why? Because whatever the danger with your ISP is, is shifted over to your VPN provider, who may have a lot more reasons to have ulterior motives.
VPNs are not a technical security measure beyond local WiFi and ISP. They protect you on a legal level, so they're most useful for doing illegal things; whether that's downloading Joker.2019.1080p.bdrip.mp4 or looking at Hong Kong news in China is irrelevant, the point is they're legal threats. They rely on an artifact of the world's legal systems to effectively shield you: jurisdiction. They're hosted in a different country than you; usually a different country than whoever may care about what you're doing. And it's not like Interpol gets involved unless you're doing some seriously sinister shit, so your VPN protects you there.
I didn't learn anything, but it was a reminder that I had been deceived by people shilling for VPNs. I use school and work WiFi and was considering using Mullvad for a bit of extra protection....
I didn't learn anything, but it was a reminder that I had been deceived by people shilling for VPNs. I use school and work WiFi and was considering using Mullvad for a bit of extra protection. When Tom mentioned https it all came back and felt like I got hit with a stick.
I'll return to the proposition that there are personal threat models which do justify VPN use, and not simply for illegal activity, region-blocking circumvention, or MYOB-level privacy...
I'll return to the proposition that there are personal threat models which do justify VPN use, and not simply for illegal activity, region-blocking circumvention, or MYOB-level privacy consciousness.
Hotel Wi-Fi security remains a horror in 2019. Despite massive breaches in major international lodging chains, there's little consistent incentive to harden network security on these systems. I've gone on my own little white-hat safaris to see just how bad it is, and found routers with decade-old unpatched vulnerabilities. It's trivially easy to MITM that stuff, and that's not even discussing the hotels' own proxy ad-injection, DNS blocking, and domain snooping.
Private VPN remains cheaper than personal cellular data connections, and there are legitimate use cases where you might not want to expose your traffic to your ISP.
All that being said, a roll-your-own self-hosted VPN is probably adequate for people who aren't trying to hide their activity from nation-state surveillance and censorship.
But - as the video mentions - so what? Even if I'm getting MITM'd, even though I'm not using any kind of encrypted DNS or encrypted SNI, why do I care that the rest of the hotel knows that...
It's trivially easy to MITM that stuff
But - as the video mentions - so what? Even if I'm getting MITM'd, even though I'm not using any kind of encrypted DNS or encrypted SNI, why do I care that the rest of the hotel knows that "someone is browsing Twitter"?
I've been trialling Firefox's Private Network which, from what I can gather, is just Cloudflare's WARP rebranded, and it's been great. I've used Mullvad in the past but my problem with it is...
I've been trialling Firefox's Private Network which, from what I can gather, is just Cloudflare's WARP rebranded, and it's been great. I've used Mullvad in the past but my problem with it is similar to what he laid out in the video: it's full of people doing ostensibly terrible things. With Mullvad on, some sites would never let me complete captchas, some sites would flat out block me from accessing them, and some would give me messages about abuse coming from my IP instead of serving their site to me. Not only was this frustrating, but I ultimately hated that my money was going towards a company that was effectively enabling the worst parts of the internet to do terrible things.
The same people that praise Mullvad for being the paragon of privacy lambaste Cloudflare for the opposite, which actually works well for me because I've realized that I'd rather be on a service that doesn't have those people on it. Firefox has earned my trust so far, and if they endorse Cloudflare, then it's good enough for me. Thus far, with Firefox's Private Network on, I haven't run into any of the issues I ran into with Mullvad. My experience has been much smoother, to the point that I forget that it's even enabled.
I realize it's not ideal for everyone (it operates at the browser level, rather than the system level), but for me my main concern is not letting my ISP track my browsing history and sell it (I'm in the US). Even when limited to just the domain names by HTTPS, that still feels invasive to me.
Yeah the privacy aspect is pretty huge. My government tracks every website I visit, how long I visit, and how often (plus similarly for calls and texts) [1]. Law enforcement has warrantless access...
Yeah the privacy aspect is pretty huge. My government tracks every website I visit, how long I visit, and how often (plus similarly for calls and texts) [1]. Law enforcement has warrantless access to this data. It's not clear who else has access to this data.
I don't see much choice outside of tor or vpn+dnscrypt [2].
[1] Technically, telecom record this metadata for several years and must make it easily accessible.
[2] Yes, these push surveillance into unknown third parties. But in either case the data can be untied from my real identity because they are international, associated with a large volume of users, and vpn can be bought with bitcoin.
I feel as though most Tildes users probably already know this, but I think it's still a useful piece of information to spread. Especially with how pervasive VPNs are becoming in online content. Most people simply do not need one and I'm increasingly troubled by how many people are making the mistake I made years ago of getting a VPN for things that don't need a VPN or won't be solved by having one.
Both of these things are very true, and the point-by-point fact check in the video is good, but I think it's a bit of a shame that the "privacy for its own sake" angle is played down and somewhat mocked.
You don't need to be a pirate assassin to think it's none of your ISPs business (nor that of every hotspot you connect to, many of which grab identifying data at connection time) which sites you're visiting.
This is a very good point, but I feel as though a lot of people are going to look at VPNs as the one-stop solution to a problem they think they have, instead of one piece of a bigger solution to a problem we collectively have. Having a VPN doesn't necessarily block your ISP or other 3d parties from tracking you unless you take extra steps, steps people who get NordVPN from a podcast referral might just not know to take. What we need is a change in the conversation around digital rights and our policies regarding them, and I feel as though people getting a VPN is going to give them an easy "out". After all why bother with the systemic issues if you just push the button to be safe, right?
I'm particularly annoyed by some ExpressVPN spots I've been hearing lately in my mainstream (read: non-technical) podcasts. They open by invoking the threat of corporate data breaches, and conclude by saying "protect your data privacy with ExpressVPN" or something to that effect. It's deliberately misleading; a VPN will do nothing to protect data held by a company about you from getting breached.
I disagree with your statement that "most people simply do not need" a VPN. In the post-Snowden internet era, when ISPs and governments are collaborating to surveil on the public at large, it behooves everyone to send all their data through an encrypted tunnel, regardless of the content of that data or perceived need for secrecy. The important part, however, is partnering with a trustworthy VPN provider that doesn't have its own ulterior plans.
I don't know what ExpressVPN's plans are specifically, but their obfuscatory marketing has really soured them for me as a company. Consumers in the market for a VPN would do well to understand why they want one, and search for providers based on their technical merits, transparency, and track record.
Like you said you need the VPN to be trustworthy. Why? Because whatever the danger with your ISP is, is shifted over to your VPN provider, who may have a lot more reasons to have ulterior motives.
VPNs are not a technical security measure beyond local WiFi and ISP. They protect you on a legal level, so they're most useful for doing illegal things; whether that's downloading Joker.2019.1080p.bdrip.mp4 or looking at Hong Kong news in China is irrelevant, the point is they're legal threats. They rely on an artifact of the world's legal systems to effectively shield you: jurisdiction. They're hosted in a different country than you; usually a different country than whoever may care about what you're doing. And it's not like Interpol gets involved unless you're doing some seriously sinister shit, so your VPN protects you there.
I didn't learn anything, but it was a reminder that I had been deceived by people shilling for VPNs. I use school and work WiFi and was considering using Mullvad for a bit of extra protection. When Tom mentioned https it all came back and felt like I got hit with a stick.
I'll return to the proposition that there are personal threat models which do justify VPN use, and not simply for illegal activity, region-blocking circumvention, or MYOB-level privacy consciousness.
Hotel Wi-Fi security remains a horror in 2019. Despite massive breaches in major international lodging chains, there's little consistent incentive to harden network security on these systems. I've gone on my own little white-hat safaris to see just how bad it is, and found routers with decade-old unpatched vulnerabilities. It's trivially easy to MITM that stuff, and that's not even discussing the hotels' own proxy ad-injection, DNS blocking, and domain snooping.
Private VPN remains cheaper than personal cellular data connections, and there are legitimate use cases where you might not want to expose your traffic to your ISP.
All that being said, a roll-your-own self-hosted VPN is probably adequate for people who aren't trying to hide their activity from nation-state surveillance and censorship.
But - as the video mentions - so what? Even if I'm getting MITM'd, even though I'm not using any kind of encrypted DNS or encrypted SNI, why do I care that the rest of the hotel knows that "someone is browsing Twitter"?
I've been trialling Firefox's Private Network which, from what I can gather, is just Cloudflare's WARP rebranded, and it's been great. I've used Mullvad in the past but my problem with it is similar to what he laid out in the video: it's full of people doing ostensibly terrible things. With Mullvad on, some sites would never let me complete captchas, some sites would flat out block me from accessing them, and some would give me messages about abuse coming from my IP instead of serving their site to me. Not only was this frustrating, but I ultimately hated that my money was going towards a company that was effectively enabling the worst parts of the internet to do terrible things.
The same people that praise Mullvad for being the paragon of privacy lambaste Cloudflare for the opposite, which actually works well for me because I've realized that I'd rather be on a service that doesn't have those people on it. Firefox has earned my trust so far, and if they endorse Cloudflare, then it's good enough for me. Thus far, with Firefox's Private Network on, I haven't run into any of the issues I ran into with Mullvad. My experience has been much smoother, to the point that I forget that it's even enabled.
I realize it's not ideal for everyone (it operates at the browser level, rather than the system level), but for me my main concern is not letting my ISP track my browsing history and sell it (I'm in the US). Even when limited to just the domain names by HTTPS, that still feels invasive to me.
Yeah the privacy aspect is pretty huge. My government tracks every website I visit, how long I visit, and how often (plus similarly for calls and texts) [1]. Law enforcement has warrantless access to this data. It's not clear who else has access to this data.
I don't see much choice outside of tor or vpn+dnscrypt [2].
[1] Technically, telecom record this metadata for several years and must make it easily accessible.
[2] Yes, these push surveillance into unknown third parties. But in either case the data can be untied from my real identity because they are international, associated with a large volume of users, and vpn can be bought with bitcoin.