• mateomaui@reddthat.com
    link
    fedilink
    English
    arrow-up
    79
    ·
    11 months ago

    Spends most of article telling you why they probably aren’t necessary.

    Ends with 4 examples why they’re useful, which are the main reasons they’re used to begin with.

    • Gamma@beehaw.org
      link
      fedilink
      English
      arrow-up
      47
      ·
      edit-2
      11 months ago

      I feel like the opening sentences explained the reasoning behind the article sufficiently, even when there are plenty of valid use cases for them. This was mostly a response to manipulative marketing tactics:

      Virtual Private Networks, or VPNs, are popular services for (supposedly) increasing your security and privacy on the internet. They are often marketed as all-encompassing security tools, and something that you absolutely need to keep hackers at bay. However, many of the selling points for VPNs are exaggerated or just outright false.

      They’re not the only ones pointing this out, either. Tom Scott released a video on the topic a few years ago to explain his thoughts VPN sponsorships

      • mateomaui@reddthat.com
        link
        fedilink
        English
        arrow-up
        16
        ·
        edit-2
        11 months ago

        Your comment in no way negates my observation. If the clickbait title of the article was “You probably don’t need a VPN to avoid market tracking” or something similar, you’d have a point.

        • Gamma@beehaw.org
          link
          fedilink
          English
          arrow-up
          23
          ·
          11 months ago

          I was simply adding information your comment had left out, it wasn’t negating information at all. So congrats on getting the point, not everyone is trying to argue 🎉

          • mateomaui@reddthat.com
            link
            fedilink
            English
            arrow-up
            3
            ·
            11 months ago

            You may want to reconsider your phrasing then if you don’t want it to appear to be argumentative.

            • ConstableJelly@beehaw.org
              link
              fedilink
              arrow-up
              25
              ·
              11 months ago

              Neutral party here, I read it naturally as a supplement to your comment, not an opposition. I don’t detect an argumentative tone personally.

              • mateomaui@reddthat.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                11 months ago

                You’re welcome to your opinion but these phrases

                I feel like the opening sentences explained the reasoning behind the article sufficiently,

                They’re not the only ones pointing this out, either.

                are oppositional in tone.

      • Em Adespoton@lemmy.ca
        link
        fedilink
        arrow-up
        8
        ·
        11 months ago

        …and since then, Tom Scott took a NordVPN sponsorship. And possibly SurfShark too?

        He found that it was actually useful while in countries with questionable Internet access.

        Personally, I just host my own VPN, so no matter where I am, all my traffic exits from my home ISP. I figure they’re at least accountable to the same laws I am.

        • _MusicJunkie@beehaw.org
          link
          fedilink
          arrow-up
          11
          ·
          edit-2
          11 months ago

          But that’s the thing. When that Video was made, almost all of the advertising was focused on the same BS the article is disagreeing with.

          I remember lots of NordVPN ads by uninformed nontechnical creators just reading the provided script. Saying that Balaklava wearing hackers will steal your credit card data just by being in the same cafe as you, and only an expensive VPN subscription can protect you from that. Or that only using a VPN will protect you from malware.

          This sort of advertising is what Tom Scott critizied back then. IIRC he even said that there are real use cases, but that you shouldn’t believe the fearmongering. Same as the article.

          The fearmongering advertising was the problem, not advertising the service itself.

      • Otter@lemmy.ca
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        Yep, articles have different audiences.

        Sure one group might understand why a tool exists and use it effectively, but there are also companies over-selling their capabilities and people are using it for things it doesn’t help with.

        This article is for them, simple as that

      • helenslunch@feddit.nl
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        Tom Scott released a video on the topic a few years ago to explain why he never took a VPN sponsorship

        The opening scene of that video is from a VPN sponsorship he did.

        • rallatsc@slrpnk.net
          link
          fedilink
          arrow-up
          4
          ·
          11 months ago

          This is inaccurate, read the pinned comment on the video where he points out that the opening scene is entirely made up and isn’t about a real person.

            • rallatsc@slrpnk.net
              link
              fedilink
              arrow-up
              4
              ·
              11 months ago

              The opening scene is a parody of his typical videos (which are typically about places/people) transitioning into a VPN ad segment. The fact that it isn’t about a real person means that it is not in fact from one of his real videos. If you watch the opening scene and read the pinned comment on the video my reply might make more sense.

              • helenslunch@feddit.nl
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                11 months ago

                The opening scene is a parody of his typical videos

                So he typically advertises for VPNs? I don’t understand.

                If you watch the opening scene and read the pinned comment on the video my reply might make more sense.

                I did both of those things. Neither his comment or yours make sense because the opening scene is obviously not about any person, it’s about a VPN.

                • rallatsc@slrpnk.net
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  11 months ago

                  So he typically advertises for VPNs? I don’t understand.

                  He “typically” discusses interesting places/people. In the first 5 or so seconds of the video he discusses a fictitious person and how they “weren’t protected from viruses, but you could be with a VPN”. So he transitions from his typical video style to a VPN ad to then highlight all of the things wrong with VPN ads.

    • corbin@infosec.pubOP
      link
      fedilink
      arrow-up
      7
      ·
      11 months ago

      I don’t know if those useful features are the main reasons VPNs are used, though. There’s evidence they are used often for bypassing blocked sites (like VPN downloads jumping in Russia recently), most of the other advertised privacy and security benefits are questionable. Most of them don’t advertise torrenting/piracy because that’s a legal gray area.

      • mateomaui@reddthat.com
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        11 months ago

        My VPN advertises protected torrenting as a feature. Many do.

        And it’s pretty nondebatable that VPNs are advertised for getting around regional blocking for Netflix etc, or generally getting around censorship like in China.

        • Em Adespoton@lemmy.ca
          link
          fedilink
          arrow-up
          4
          ·
          11 months ago

          Ironically, almost all the exit VPNs are owned by either China or Israel. With a few exceptions.

          • mateomaui@reddthat.com
            link
            fedilink
            English
            arrow-up
            4
            ·
            11 months ago

            citation needed

            My VPN is headquartered in California, and actively removed their presence from Hong Kong once their security policy matched China’s, and removed themselves from Russia since that country was opposed to the zero logs policy.

  • floofloof@lemmy.ca
    link
    fedilink
    English
    arrow-up
    60
    ·
    11 months ago

    The title should be “You should understand what a VPN is for, before using one.”

  • Midnight@slrpnk.net
    link
    fedilink
    arrow-up
    44
    ·
    11 months ago

    Another reason to use a VPN is that ISPs have every motive to sell your browsing data and they do. Unlike many other groups tracking you, your ISP inherently has your meatspace name, address, and payment information making their data easily collatable and very valuable.

    If you use the default DNS on their provided router they can even tell if someone purchased an XBox, Playstation, or any other smart device just from update and telemetry lookups.

    As the article says, by using a VPN youre using someone else’s ISP making that info worthless.

    If your threat model includes preventing ad networks from gathering data, a VPN absolutely is a tool to prevent that. Do you have to pay for a service? Probably not if you’re technical enough; a VM in a data center is probably sufficient.

    • derbis@beehaw.org
      link
      fedilink
      arrow-up
      34
      ·
      edit-2
      11 months ago

      Yep. BIG deficiency in this article. I don’t use a VPN because of shadowy “hackers” who sit in front of their keyboards with a pistol and a balaclava. I use it because ISPs and governments have demonstrated they can’t be trusted.

      How about this?

      I live in the United States, where I already have no digital privacy, and tunneling my internet traffic through a VPN owned and operated in another country won’t meaningfully improve my privacy or safety

      Uh, what? If someone wants my traffic logs in the US, now they have to go through Mullvad, which has a track record of not providing or collecting it.

      They don’t even know who I am, much less have all the data that my ISP has about me. So selling it would be pretty useless

      Oh last edit: turns out this is the guy who was trying to well ackshually us into thinking Chrome nerfing ad blockers is not a big deal.

      • mateomaui@reddthat.com
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        11 months ago

        Yeah, part of it reads like he was paid to do it, just without including obvious marketing links so he can claim in the article that he wasn’t. Ending the article with valid use cases seems like preventing anyone saying he left out valid reasons, but after a wall of text that could make less savvy users do a “TL;DR: VPN not needed” before they got to that part. I’d respect it more if he led off with the same short description of valid uses, especially considering the article title, then pivoted to where it could be irrelevant.

    • smeg@feddit.uk
      link
      fedilink
      English
      arrow-up
      13
      ·
      11 months ago

      ISPs have every motive to sell your browsing data and they do

      That sounds very illegal under the GDPR

      • Scrubbles@poptalk.scrubbles.tech
        link
        fedilink
        English
        arrow-up
        11
        ·
        11 months ago

        Oh, if us in America were as privacy minded as the EU. People here gladly hand over every bit of data about themselves either to feel safer or just to save 10 cents on groceries.

        • smeg@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          People do that everywhere, the only difference is the laws that cover what can be done with that data

    • beefcat@beehaw.org
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      11 months ago

      Do you have to pay for a service? Probably not if you’re technical enough; a VM in a data center is probably sufficient.

      Where are you getting free VM hosting?

      also, i feel like most of your argument is rendered moot with encrypted dns solutions like DoH.

      • Midnight@slrpnk.net
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        Where are you getting free VM hosting?

        The comment was in reference to VPN services. Sadly, given theres no right to privacy, you must pay to not be tracked.

        i feel like most of your argument is rendered moot with encrypted dns solutions like DoH.

        You misunderstand. Large ISPs run their own DNS servers which are preconfigured into the devices they sell. They are the intended recipient and you’d just be encrypting it in transit to their servers.

        • beefcat@beehaw.org
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          11 months ago

          i don’t think many ISPs even offer encrypted DNS, i’m talking about using a third party dns. you can set up a standard dns endpoint that uses DoH upstream to the server of your choice. cloudflared makes this really easy if you are happy using their dns, and you can even have it sit upstream of something like pihole, giving your whole home network dns tracking protection and ad blocking without the overhead of a VPN.

      • IcyPenguin@beehaw.org
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        Oracle Cloud has a free tier and this video shows you how to set up your own VPN there. I wouldn’t really recommend this as a free VPN solution though. If you need something that’s free, go with Proton VPN’s free tier, Proton is pretty trustworthy and they are very upfront about their business model…

    • Sonori@beehaw.org
      link
      fedilink
      arrow-up
      7
      ·
      11 months ago

      You could also just set your DNS to one of the many free DNSSEC providers. That’s even more secure because there are fewer middle men who can track you. After all, while your ISP may not be able to see that DNS traffic, if you arn’t using DNSSEC anyway then your VPN and their upstream provider can.

      Besides, nearly all tracking nowadays uses third party browser fingerprinting, which a VPN does nothing about. Practically, a VPN is far more security theater than actual security.

      Also, isn’t it funny that sending all your data though a second nation where it no longer legally counts as Amarican internet traffic became really well advertised right after a major scandal came out where the NSA was illegally monitoring American traffic, and more protections were put in place to keep them from doing it again?

      You don’t even need the VPN company to be in on it, a group like the NSA can pretty easily compromise a “no logs” VPN’s technical infrastructure or that of their upstream provider, and they’re even got people who feel like they have something to hide to self select for it to cut down on the amount of boring traffic in the first place.

      • StarkZarn@infosec.pub
        link
        fedilink
        English
        arrow-up
        7
        ·
        11 months ago

        This is absolutely not what DNSSEC is. DNSSEC provides authenticity of the response, not privacy. You’re describing a means of encrypted name resolution, like dns-over-tls, dns-over-https, etc.

        • Sonori@beehaw.org
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          Right, I had just responded off the top of my head and got the name wrong. Point still stands.

          • StarkZarn@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            Potentially, but precision is important, especially if you’re going to make sweeping claims about a topic, acting as an authority.

  • 0xtero@beehaw.org
    link
    fedilink
    arrow-up
    26
    ·
    11 months ago

    Well, that article was a hot mess.

    I appreciate the authors effort and they are correct about lack of “what is VPN” articles that are not written by VPN-vendors in marketing purpose. But I’m not sure if this was it.

    Writing an article meant to “debunk” misconceptions and getting two core concepts, Security and Privacy mixed up right from the start wasn’t very good.

    A lot of time was spent on explaining HTTPS and how it somehow magically makes you and your data secure on the Internet and it completely missed to mention who the potential threat actors thwarted by HTTPS are?

    Could have probably used a chapter on how actual threats (both security and privacy) work and how don’t have much to do with the level of encryption your TCP/IP connection happens to encapsulate.

    The last chapter with the first 3 bullets was pretty good though. That could have just been the whole article and it would have been alright.

    Oh well. Attempt was made.

  • ericjmorey@beehaw.org
    link
    fedilink
    English
    arrow-up
    21
    ·
    11 months ago

    When to use a VPN

    VPNs are not magical fixes for privacy and security on the internet. However, there are some specific situations where they are useful tools.

    Network blocks and internet censorship. VPNs can help you access sites and services that are restricted by your local network or government. That’s why downloads of VPN apps in Russia skyrocketed in 2022, after the country’s invasion of Ukraine and more services became blocked. The same trend happened in Virginia and other U.S. states after they passed laws requiring photo identification for adult websites.

    Piracy. Internet service providers can sometimes detect when you are pirating movies, TV shows, music, or other media and send you angry letters. You can avoid that entirely by using a VPN when you download or torrent copyrighted material. Do what you want 'cause a pirate is free… but use a VPN.

    Region-locked content. This is a popular selling point for VPN companies that is actually true: VPNs can help you access online content that is officially restricted to a certain region. Switching your VPN server to a different country can change what movies and shows are available through Netflix, and UK-based VPN servers are frequently used to access BBC iPlayer content in other countries. However, this is not always reliable, as service providers will usually detect VPN servers after a while and block them.

    Accessing your home network. Setting up a VPN server at home is one way to access devices on your home network (such as self-hosted security cameras, media servers, and remote desktop) without opening up more of your network to the rest of the internet.

    There are other more niche use cases for VPNs, but those are the most popular ones that aren’t completely made up.

  • helenslunch@feddit.nl
    link
    fedilink
    arrow-up
    20
    ·
    11 months ago

    Gonna have to disagree here. The article’s main point seems to be “privacy is impossible” because there are other ways to track you that it assumes you’re not accounting for:

    It’s true that your IP address is your main identifier on the internet. However, there are many other identifiers that are used for tracking your activity across the internet. Most advertising networks, including Google Ads, primarily use cross-site cookies (eventually to be replaced by the Privacy Sandbox) to keep track of you across the web. Google uses an advertising ID for the same purpose on Android devices, and Apple has a similar ID for iPhone and iPad devices. VPNs do not change any of those identifiers.

    There are also other browser features that can be used for tracking you across the web, such as the User Agent and HTML5 element, in a process called fingerprinting. Web browsers have been reigning in this behavior over the past few years.

    These are all true but there are also ways to circumvent (to some degree) all of those other tracking methods and doing so in conjunction with a VPN will give you a more private and secure browsing experience.

  • kbal@fedia.io
    link
    fedilink
    arrow-up
    10
    ·
    11 months ago

    I’m not quite paranoid enough to believe that all of these anti-VPN articles are propaganda sponsored by people who want to make mass surveillance easier, but when it’s from someone whose other recent posts include one titled “Youtube ads aren’t actually that bad” and two explaining why Google’s Manifest V3 is great, I’m at least going to suspect it as a possibility.

    • conciselyverbose@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      11 months ago

      It’s definitely possible they’re sincere.

      It’s not at all possible that I’m going to care about or respect anything they have to say about privacy or security.

  • Greenpepper@beehaw.org
    link
    fedilink
    arrow-up
    10
    ·
    11 months ago

    Another good use for VPN is to counter dynamic pricing. My wife visited a website some time ago to request the price for a ticket. When she visited the website a second time the price had increased considerably. However when visiting the price with VPN it was the original price again. It saved her a lot of money.

  • IcyPenguin@beehaw.org
    link
    fedilink
    arrow-up
    2
    ·
    10 months ago

    IVPN created an awesome website called doineedavpn.com where they honestly and objectively answer that question. It’s one of the reasons why I like IVPN as a VPN provider, they are honest and don’t hide anything from their customers. Also their apps are open source and they support anonymous signup.