this post was submitted on 16 Mar 2024
757 points (98.5% liked)
Technology
59298 readers
5120 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There's a certain argument that it might be preferable from a privacy standpoint if people used VPNs in general, though it sure isn't ideal from a performance standpoint.
It also costs money. For many people, every monthly fee makes a difference.
I am not associated with Mullvad VPN in any capacity and I have nothing to disclose, lol.
Mullvad VPN doesn't even offer a renewing subscription, that I know of, and I'm almost entirely certain that they used to and have since stopped doing so on principle. Their VPN service costs a little less than $5/month (USD) if you get their card off Amazon that's good for a year, and that is literally a physical card sent through the mail—the kind you have to scratch off on the back to get to the number underneath, in other words—and so at least AFAIK, there's no possible way for whichever unique card you happen to end up with, to ever be traced directly to that specific transaction on Amazon, even if you pay for it using your credit/debit card, and directly associate that purchase with your bank account in so doing. It's even better than that if you pay them by means far less traceable to begin with, of course, and they make those options available as well. In fact, they prefer doing it that way as opposed to credit/debit card purchases, even of physical cards through Amazon, IIRC. At least AFAIK, they don't even accept any form of payment directly traceable to a bank account on their own website, for every obvious reason.
They actually do not keep logs like they claim not to, at least according to the one time they were ever affected by a search warrant, at which point it was discovered by law enforcement that said warrant in its entirety described information that did not exist because it never had.
One thing I really like about (using) it, and I have no idea what other VPNs would also do something like this, if any: it sets up a SOCKS5 proxy for you internally, and you can use that anywhere that supports that, wherever you may need/want a killswitch properly—meaning to make said application unable to resolve hostnames in the event of your connection to the VPN being interrupted for some reason. I'm also pretty sure you can use their DNS-over-HTTPS no matter what, even if you don't already use their VPN service. Anyway, especially if you already do, though, I always figure it's never a bad idea to just use the same provider everywhere you can: use their encrypted DNS wherever possible, in addition to using the proxy provided by their VPN wherever possible, in addition to using their VPN anyway. I do that, and I also enable the setting (under Wireguard) to use multi-hop, which, albeit at the expense of some latency, even more thoroughly conceals my real external IP address from the ostensibly innocuous honeypots for people who are not lunatics of Google, Amazon, Microsoft, Meta, or whatever company doing business on that level of dystopia. It's simply a technical matter that doing all of that will make nearly everything—excluding any/all abject OPSEC failure, browser fingerprinting, EXIF metadata, etc., which should go without saying—way more difficult to trace back to your real world identity than it otherwise would be. It has to be. I didn't say "impossible" because I know better, and again, it's never gonna protect anyone from themselves because it can't. It's good enough to be able to use the internet and also sleep, though, at least for me.
It's just so many consecutive layers of obfuscation contrary to the best interest of the boogeyman, especially for the price, that if I didn't have immediate access to $60 in order to buy another year's worth of Mullvad VPN, or immediate access to Mullvad VPN, I would literally beg and/or borrow, figuratively steal, or otherwise aquire.
Something something high seas something jellyfin
Wireguard is super fast compared to OpenVPN
Yeah wireguard is really nice, but it drains my battery pretty quick on Android.
It shouldn't?
I have wireguard on my phone 24/7 with no discernable battery difference
I had that with VPN unlimited, but now I use Nord VPN which is a lot less heavy on the battery.
A lot of my traffic goes to CDNs, and all of it is encrypted over https. Why should I pay for a vpn?
The TLS handshake will generally -- through there are some ways to avoid this, and people are banging on it -- expose hostnames in the clear. So even if the IP address that you're talking to serves multiple virtual hosts, your ISP is likely to know who it is that you're talking to.
https://en.wikipedia.org/wiki/Server_Name_Indication
Even if your browser is using DNS-over-HTTP, which it may or may not be doing, most software doesn't, so outside of your browser, DNS is generally visible.
Some protocols still are not encrypted; I was looking at MUDs the other day, and few of them support encrypted connections. The networks that I'm most worried about are random WiFi access points, and VPNs solve that well.
The network provider can still see which addresses and ports someone is connecting to and to where the traffic goes, and how much traffic is sent.
Some network providers blacklist material -- as is the case in OP's article. For example, one of my first experiences on the Threadiverse was kbin sending me to a random discussion on policy that Ada (the lemmy.blahaj.zone admin) was having with some gay user who lived somewhere in the Middle East. Lemmy.blahaj.zone had been blocked in that country -- the country presumably didn't like something related to the server having LGBT content. The Threadiverse is semi-resillient to that -- they could still connect to a federated server and see comments. But it meant that images on lemmy.blahaj.zone were blocked in that country.
For another contemporary example, Russia has cracked down on politics online. Can't block access to content without killing off VPNs, and they went after those too.
For people who maintain a long-running IP address, it's possible to cross-correlate logs from various services. So, okay, let's say that a given IP address has been logged downloading BitTorrent content. That same IP address is linked to, at various times, use of an app where a particular unique phone ID has shown up, or maybe that a user has logged into some account service on, which is linked to personal information. Even a party who is not someone's ISP can cross-correlate logs using the IP. A VPN doesn't absolutely avoid that, but it makes it harder.
Without a VPN, anyone can get at least a rough geographical location of a user by geolocating their IP address. IPv4 scarcity has made this harder than it once was, reduced geography/address correlation, but I expect that IPv6 will make it easier.
People don't need to write their network software securely. Your cool multiplayer network game may-or-may not be encrypted and may-or-may-not be resillient to modified network traffic. If there are buffer overflows in how Quake or whatever handles network traffic, I'd rather not let the network provider be an attack vector. This has been exploited before, and while a typical ISP probably isn't generally a real risk, I'd trust random WiFi networks a lot less. A VPN will get cleartext traffic off their network.
Probably more, but that's some off-the-cuff.
My isp uses cg-nat, and many others do too, so source ip is hidden from most except for my isp, which I have a contract agreement with.
As someone that manages networks and security, you know what piques my interest? When I see hosts using vpn. I look up the host using the service, the service in use, and see what other interesting things are happening.
oh yes, routing all traffic into limited number of bottlenecks is excellent for privacy 🤣
You've got a lot more options by way of selecting a VPN provider than an ISP. Your ISP options are those who have physical infrastructure at your location. You can get VPN service from anyone.
You have to trust your VPN provider to about the degree that you do your ISP in a VPN-less environment, true enough, but VPN providers are in a more-competitive market. It's a lot easier to switch away from a VPN provider that you don't like.
For example, I would trust an EFF-provided VPN service to a pretty considerable extent; I already trust the EFF on a lot of privacy matters.
I mean, it is?