this post was submitted on 27 Dec 2024
61 points (95.5% liked)

Privacy

32506 readers
1213 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been using one but I'm not sure what benefits I'm getting from it. I feel like the only thing happening is I'm adding a little bit of latency to all my requests for no reason.

top 44 comments
sorted by: hot top controversial new old
[–] DoucheBagMcSwag@lemmy.dbzer0.com 1 points 12 hours ago

Yar har fiddle dee dee......

[–] phase@lemmy.8th.world 3 points 16 hours ago

A safe access to my home infra/lab.

From my experience, the latency can be neglected in comparison of the latency of the connection of a mobile.

When the VPN has connexion issues, all the apps on my phone are waiting. Some reach timeout. But they recover all at once, without DNS issues, when the VPN comes back up.

When I move from network to network, from private wifi to public wifi, from country to country, ... I am know I can try hotspots without checking if it's from a malevolent entity (private hacker, stupide enterprises (who log for whatever reason that I go on website they don'tlike (pro-abortion, gaming, ...), or anything else). If the VPN is up, I can. If it is down, I can't but there's no risk for me, just momentary annoyance.

[–] Opisek@lemmy.world 3 points 18 hours ago

Other comment have gone way more in-depth, but there's also a difference between using commercial VPNs and ones you set up yourself. I have a few private VPNs set up on servers I physically own in different countries and that offers different protections than just using NordVPN.

[–] Andromxda@lemmy.dbzer0.com 37 points 1 day ago (2 children)

Pros:

  • Websites can't see your real IP and thus can't figure out your real location that easily
    • You might also be able to blend in with other users who use the same VPN server
  • Your ISP can't see what you're websites you're connecting to
  • Your Network operator (e.g. a coffee shop offering public wifi) and you're ISP can't see your unencrypted connections (e.g. HTTP, Telnet)
  • You can bypass regional censorship or other forms of content unavailability

Cons:

  • Your VPN provider can see everything you're connecting to (but not the content if you use HTTPS, which thankfully has become very common), so you need to be able to trust them
  • A good and trustworthy VPN usually costs money
  • Slightly slower connection and higher latency

Things to look out for when choosing a VPN provider:

  • No-log policy
  • Regular security audits
  • Open source client applications
  • Private/anonymous payment options (crypto currency)
    • Monero is the best option if you want to stay fully anonymous
  • Minimal information required for signing up, ideally none (some providers don't even require an email address, they just give you a random generated Account ID)
[–] AFC1886VCC@reddthat.com 12 points 1 day ago (3 children)

Mullvad is the gold standard for VPNs in my book

[–] Chulk@lemmy.ml 3 points 15 hours ago

The fact that they allow you to order a physical voucher with a product key, and that product key serves as your only authentication makes it especially anonymous. I love it.

[–] Andromxda@lemmy.dbzer0.com 1 points 13 hours ago

It matches all the criteria I outlined. IVPN too btw: https://www.ivpn.net/

They're also on Mastodon, which is also a plus in my opinion (not really significant though) @ivpn@mastodon.social

[–] Valmond@lemmy.world 2 points 16 hours ago (1 children)
[–] Andromxda@lemmy.dbzer0.com 1 points 13 hours ago

Yeah. Proton, Mullvad and IVPN are the three best providers out there. That's also why they're recommended by privacy/security enthusiasts: https://www.privacyguides.org/en/vpn/?h=vpn#recommended-providers

[–] Scolding7300@lemmy.world 2 points 1 day ago (2 children)

In the cons there's also an increase of the attack surface since you'll be using a program to run the VPN

On the pros, some offer DNS blocking

[–] Andromxda@lemmy.dbzer0.com 1 points 13 hours ago

WireGuard is now even part of the Linux kernel. The protocol and the reference implementation are fully open source, you can just download a WG profile from your provider and you won't even have to use their application.

On the pros, some offer DNS blocking

You can also set that up without a VPN, or independently of your VPN. The standard WireGuard client doesn't interfere with your DNS setup.

[–] desktop_user@lemmy.blahaj.zone -2 points 1 day ago (1 children)

Wireguard and openvpn both have open source clients.

[–] Scolding7300@lemmy.world 1 points 11 hours ago

That may make it more secure than other clients, but the surface is still larger. Any time you add an executable

[–] 3aqn5k6ryk@lemmy.world 62 points 1 day ago (2 children)

Most people in the US use it to avoid getting letter from their ISP from downloading illegal content.

Some people use to access other country content.

Some people use it to avoid ISP snooping their browsing habits

[–] abrahambelch@programming.dev 3 points 1 day ago (3 children)

Genuine question: How can an ISP detect that someone is downloading illegal material if the actual content is encrypted using SSL/TLS? Is it all approximated based on the domains/IPs and the amount of data that is sent? If they can't tell with a 100% certainty, can it be used as proof when trialed in court?

[–] cmeerw@programming.dev 9 points 20 hours ago (1 children)

Isn't that mainly just torrent trackers that publish your IP address and then the ISP gets a request for who was using that particular IP address. I don't think an ISP would itself be interested in detecting whether their customers download illegal content - there is no business case for them to do that.

[–] abrahambelch@programming.dev 1 points 13 hours ago

Ahh that makes sense - thanks!

I'm not an expert but I'm guessing unencrypted DNS requests and potentially monitoring IPs of different torrents. DNS requests would show what websites a user is going to, and then you can always see peer IPs when connected to a torrent.

[–] Tyfud@lemmy.world 1 points 1 day ago

The links themselves are not encrypted, only the data packets

[–] stembolts@programming.dev 38 points 1 day ago* (last edited 1 day ago) (1 children)

A few ways I've used it.

Odd, a site seems to be non-functional. (Enable VPN). Site begins to work. Oh, my ISP was fucking with me.

A site is stuttering. (Enable VPN). Magically works. Oh, my ISP was fucking with me.

The most annoying, my family's Internet over the holidays was blocking my laptop from updating Ubuntu, enabled VPN, udpate went just fine.

In general, it stops ISPs from dictating if they approve or disapprove of your behavior. Hide what you're doing and all traffic is just anonymous bits and bobs.

As it fucking should be by law.. but in the US the conservative party continually repeals the law that enforces non-interference. So for now, we need VPNs.

[–] neon_nova@lemmy.dbzer0.com 3 points 1 day ago

I don’t think it’s the isp intentionally fucking with you and it’s probably more incompetence on their side.

My isp will occasionally have this issue and then after a few month everything is OK.

i enjoy not getting threatening letters from my ISP about downloading shit.

[–] Darkassassin07@lemmy.ca 5 points 1 day ago

I've never felt the need to use a VPN at home. I'm not really trying to hide from my own ISP, nor obfuscate where my connections come from.

I do host my own VPN from my home network though. This allows me to access my self-hosted services without exposing them directly to the internet, as well as keeps my mobile devices behind my pihole dns servers so they always receive dns adblocking and access to private dns records (self-hosted stuff). This also keeps mobile traffic a bit more secure from snooping, particularly on public/corporate wifi networks.

It hides details on your traffic from your ISP, that's about it.

Your ISP can really only see the domain names you visit, as HTTPS encrypts the other info like the path and actual content.

[–] 0x0@programming.dev 10 points 1 day ago (1 children)

You should consider your threat model first before using something without being unsure of the benefits.

[–] TranquilTurbulence@lemmy.zip 5 points 1 day ago* (last edited 1 day ago)

If you’ve never thought about threat models, here are some questions to get you started.

  1. List the assets that require protection. (Like credit card info)
  2. Who might want to gain access to those assets? (e.g. Hackers)
  3. How can you mitigate the risks? (Updates)

You may have a lot to say, so write things down to clarify your thoughts. Once your threat model document is complete, it will be easier for you to figure it which tools you really need, and which ones are only nice to have.

[–] maidenthailand@lemmy.world 9 points 1 day ago

I'm not smart enough to explain the privacy benefits, but what I can say is that a vpn is so useful for getting access to region-locked websites. People usually mention that you'll get access to exclusive Netflix content, but if you're the sort to use a vpn at all, you're probably not the sort to use Netflix anyway. With a vpn, I can use Tubi despite living outside the US, and novel-translation sites that refuse traffic from my country don't even give those 'verify you're a human' prompts.

Also, I can switch locations to a place with better upload/download speeds, so things that would before take at least 5 minutes get done in seconds.

[–] thirteene@lemmy.world 3 points 1 day ago (1 children)

Eli5 VPN: https://dnsleaktest.com/ Visit this site unsecured and it will display your general geographic location (county/region). Connect to your VPN and try again incognito and under most circumstances it will display the VPN location instead.

Example scenario: you are in Canada and connect to Netflix and are incredibly disappointed with the Canadian selection. You connect toa VPN from New York a few miles away and you get access to the full United States catalogue. (Netflix is fighting this)

Example 2: you setup your smart vacuum on your home network and being concerned about security, you disabled access outside your home. You can connect to a personal VPN you configure to "spoof" being inside the house while on vacation to modify your vacuum settings.

Vpns are also commonly used as "public transit" for users to obfuscate their identity.

Benefit: When you make a request against a website, they often put trackers on you including your operating system, browser application, and store data like your geographic location. Advertisers are tracking your history, sites are using cookies to charge more with dynamic pricing when you revisit, data brokers are selling that data. There have been use cased where whistle blowers are identified off that purchased data from known journalist meetings. There's a lot of reasons to have a VPN, but never use a free one. Adding an extra jump to your VPN location is definitely adding latency, if you don't need one, it's just extra weight.

[–] Boomkop3@reddthat.com 1 points 1 day ago

Tried it, it's a couple of belgiums off, but not bad

[–] BlackEco@lemmy.blackeco.com 8 points 1 day ago

I find this Tom Scott video (YouTube) to be pretty good at explaining why you would want a VPN and why most marketing arguments are BS.

[–] AnnaFrankfurter@lemmy.ml 6 points 1 day ago (1 children)

If you don't use VPN all your traffic will flow through ISP. That doesn't mean ISP can see your passwords or anything. They can only see which website you're connecting to given that you are using unencrypted DNS if you are using encrypted DNS with TLS Hello they can only see IP. The claims that VPN protects you from hackers in public WiFi is dead since all websites switched to HTTPS and HSTS.

By using VPN all of these details now won't be visible to your ISP but they will be visible to VPN provider.

If you live in a place where LEA can't kick down your door and arrest you for visiting website it deems illegal then using VPN doesn't give you anything.

Of course even a lot of first world country have strict laws against piracy in that case VPN is good but if you aren't pirating and live in a free country I'd suggest don't bother with VPN unless you have other reasons.Another reason could be to access geo restricted content on Netflix and stuff

Another thing to keep in mind, if you are committing/suspected of any crime then LEA will definitely go through your search history, they can get this through your device if you've cleaned that up but use google account then they can ask google, or go to ISP and ask this, obviously if you're in this category then there are better solutions like Tor I2P

There are other extreme examples where a cheap ad friendly VPN with no registration comes in handy. If you want to create a zero knowledge email. Most email provider will block you if you are trying to create account with ProtonVPN or from Tor, but if your route your traffic through Tor and then to an ad friendly VPN they mostly allow it cuz they think you're a dumb dumb. Note - it is generally not recommended to use VPN over Tor.

[–] mmattq@lemmy.dbzer0.com 1 points 1 day ago (1 children)

Why is it not recommended to use a VPN over Tor? Doesn't that mean the ISP can't see you are connected to Tor?

[–] AnnaFrankfurter@lemmy.ml 2 points 1 day ago (1 children)

No VPN over Tor means you first connect to Tor and then to VPN. This is highly discouraged because if someone can tie the VPN to you then they can bypass Tor entirely and get what websites you were visiting.

What you are suggesting is Tor over VPN, here you'll first connect to VPN and then to Tor, this is less risky but still not recommended as using Tor is not illegal in most countries (remember US Navy built it initially and they and many other spy agencies still use it) also there are other better ways to achieve hiding from ISP. bridges were designed specifically for that.

[–] mmattq@lemmy.dbzer0.com 2 points 1 day ago (1 children)

Ok, so the ISP can see that I'm connected to the Tor network? Using Tor over VPN just adds one more layer of privacy, right? Tor isn't illegal here; what I'm trying to achieve is anonymity on the internet.

[–] naeap@sopuli.xyz 3 points 1 day ago

You're losing anonymity, when you log into your VPN through TOR

TOR gives you anonymity, but if you connect through TOR to your VPN, which you probably registered with some of your data (or maybe your real IP), all the hops through TOR are useless, because your VPN connection is associated with you.

It really depends on who you want to hide from.
If it's your ISP, then connecting over VPN to TOR could make sense, when your ISP is restrictive regarding TOR. But that's pretty much the only usecase I can come up with at the moment

[–] Dungrad@feddit.org 6 points 1 day ago (1 children)
[–] SomeAmateur@sh.itjust.works 5 points 1 day ago* (last edited 1 day ago)

you joke but even the FBI encourages vpn use

[–] pe1uca@lemmy.pe1uca.dev 4 points 1 day ago

Just for privacy reasons?
I can decouple the traffic fingerprinting of some sites, like amazon, youtube, reddit, etc.
And because I have a squid proxy router through the vpn set up via a couple of docker containers, I have a firefox container to always send the traffic over the proxy which allows me to easily search for stuff outside and inside the vpn.

Aside from that I also use the proxy to send requests in scripts over the vpn so my real IP doesn't get rate limited.
And what VPNs are actually for: looking for geo-blocked content.

[–] Noble_bacon@lemmy.ml 3 points 1 day ago (1 children)

A VPN is something that, was created to let you remotelly access another network.

Say for example that you want to connect to your LAN from a coffee shop. That's why they were created in the first place.

Now, they were popularized as something else.

The benefits of the nowadays VPNs are mainly privacy and piracy related.

The reasons most people use a VPN are essentially:

  • Hide your traffic from your ISP. (By doing so, you are allowing your VPN provider to see everything you do while connected. Just like your ISP would, if you weren't)

  • Hide your real IP behing one of your VPN's server. (Usefull for torrenting and keeping anonymity)

  • Bypass geolocation restrictions. (e.g Watching U.S Netflix from Europe)

Do note that, if ypu are going to route your traffic through a VPN, you are giving your provider access to your online activities.

Choose your provider wisely!

Choose a VPN with a strict no logs policy, RAM only servers and strong privacy policies. (Open Source if you can).

Reputable names in the VPN world are Mullvad and Proton VPN.

Avoid the traps of budget VPN or highly advertised ones!

[–] ShortN0te@lemmy.ml -1 points 1 day ago (1 children)

The benefits of the nowadays VPNs are mainly privacy and piracy related.

Piracy is actually not the reason to use a VPN, pirates use a VPN to be anonyme and not to pirate content.

Similar as you would not say a hammer is a tool that can be used to hit something and not a hammer is used by construction wormers and burglars.

[–] Noble_bacon@lemmy.ml 2 points 1 day ago (1 children)

Agree to disagree.

It is a main reason to use a VPN, that's for sure.

It is not the only one, but any pirate in countries like Germany that does not use a VPN is cooked.

[–] ShortN0te@lemmy.ml 1 points 1 day ago

But other solutions work also. And all of those provide anonymity and are not a VPN. For example I2P, TOR and Seedboxes in other countries may even be paid anonymously.

Pirates use anonymity in order to avoid being detected, and those tools provide anonymity.

[–] R3D4CT3D@midwest.social 1 points 1 day ago

i don’t want ppl to know my business, is what i tell most ppl to keep it short and sweet, haha