Using a VPN service for Privacy? Don't.

Forums › Off topic › Using a VPN service for Privacy? Don't.

michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#259814 23-Oct-2019 12:46

Interesting read: https://gist.github.com/joepie91/5a9909939e6ce7d09e29

I have been saying it for years now - a VPN service actually doesn't offer you any privacy advantages especially here in NZ.

Unless if you're connecting to the internet via a insecure WiFi network or are needing to break past restrictions on a network - there is no need to VPN all your traffic.

1 | 2

2297 posts

Uber Geek

Trusted

#2342448 23-Oct-2019 13:22

Fully agree with the post.

The one reason I paid a one-off fee for a cheap "lifetime" VPN service is to drop out particular connections in various countries. It's all done via a firewall and I only route particular source clients to specific destination address(es) over it. No way I'm sending it all.

The idea of sending all your traffic to some random muppet who knows how to run OpenVPN is insane, but VPNs have done an amazing job of marketing to people that this is something they need.

When people spend money on something, they'll defend and even promote that decision (see the second paragraph of this post* for a prime example), and so many people have bought them that it's almost self-fulfilling now.

*Yes, this is the correct link.

nathan

5686 posts

Uber Geek

Trusted

Microsoft

#2342452 23-Oct-2019 13:28

Sweeping generalizations are sweeping

I’m sure freedom fighters in China love to use VPNs to protect their privacy and hide from the CCPs surveillance tentacles

Not all VPN providers are created equally, and big name ones who spend lots on marketing, take months and months to acknowledge a security vulnerability, provide no proof they don’t log, and choose to locate their businesses in offshore tax havens, are probably not the best choice.

populism, the most important and misunderstood movement of our time

ShinyChrome

SNNAAAAAAKKKKEEEEE
1083 posts

Uber Geek

Trusted

Subscriber

#2342466 23-Oct-2019 14:10

I think it is more to the point that you should place no faith in VPNs as a silver bullet for online privacy as is Tor etc

As is said many times, it depends on your personal threat model. Nobody is after me (well that I know of....) so using a VPN for my personal traffic is largely pointless; the people interested in my traffic (ads, targeted marketing etc) are willingly to throw more resources into identifying and analysing it than I am willing to use hiding it, because at the end of the day, it isn't a clear and present threat to my personal safety.

I feel like the general majority also fit in that category, thus the questioned worth of VPN services for the masses. Which is why they spend money marketing to people's paranoia.

Now if you were the aforementioned Chinese freedom fighters, you DEFINITELY have a clear and present threat to your safety as that Government has made clear. In which case a robust VPN along with other security measures is probably in your best interests. Which I would suspect won't be any of the big off-the-shelf names, but roll-your-own.

Hmmm....

chevrolux

4609 posts

Uber Geek

Trusted

#2342473 23-Oct-2019 14:27

I've never understood the need for a 'VPN service'. The only reason to use one in NZ is for nefarious purposes - hell I know I have used the free options every now and again when logging in to a portal I didn't want to see my IP address haha.

These days with things like the Unifi USG it's very easy to set up a VPN server at home, and with our world leading UFB networks would probably perform better than these "VPNaaS" providers.

Edit:

connecting to the internet via a insecure WiFi network

Is this a realistic issue these days though? Assuming the WiFi network is set up well (yes realise plenty of them aren't), there should be guest isolation so others can't just simply snoop traffic anymore. And even if there isn't isolation, all the "important" sites are HTTPS anyway so no way to decrypt that without doing a MITM attack and trigger all the browsers errors. So that just leaves HTTP captive portal pages that want your credit card to connect to the network - of which normal rules apply of don't enter important stuff in to non-HTTPS pages.

dfnt

1202 posts

Uber Geek

Lifetime subscriber

#2342494 23-Oct-2019 15:33

Only thing I use VPN's for is 1) To get around geolocation on some sites, although this is becoming less necessary these days (especially on Crunchyroll) and 2) When I'm on a guest wifi, but I VPN to my home network as opposed to external provider

Rikkitic

Awrrr
12940 posts

Uber Geek

Lifetime subscriber

#2342508 23-Oct-2019 16:06

I have Windscribe because I was able to get a good deal on a lifetime subscription. I find it useful for specific purposes, such as verifying issues with my DNS proxy and quickly bypassing geoblocks when checking new sites. I use the browser extension only, so I can quickly switch it on and off. I never use it more than briefly. It is a handy tool, not a way of life.

I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney

Tinkerisk

1198 posts

Uber Geek

#2342511 23-Oct-2019 16:09

Intended or not, the headline is misleading and should say "VPN services" or "commercial VPN".

- ISP1: OneBox FTTH modem, 1/.5G, full DS, VLAN7, VoIP + ipTV streaming flat
- ISP2: LTE USB modem + GL-AR750S, 100/40M data plan (wireless fallback)
- NET: OPNsense CI329, C2960X-48TS, ES-16-XG, 3 GWN7630, 2 Ellipse UPS
- SVR: 9i3C246 32G/24T, 2 H2 16G/500G, N2 4G/4T | remote DS720+ 10G/14T
- USR: DeskMini 9i5, NUC 8i7HVK, Aspire E5, EliteBook 840, Galaxy Tab, 4K TV
- IoT (EU868): openHAB, CCU3, Vantage ISS 6327, LoRaWAN 4 GWs/15 Nodes
- 3D: 2 Ender-3/Pro, 4 Ultimaker 2E+/3/3+/S5, MPCNC, EleksLaser-A3 Pro
- ipPBX: GO-Box, 2 GRP2613, SPA112 (for Fax & W-48, a 1948 Siemens phone)

ech3lon

317 posts

Ultimate Geek

Subscriber

#2342517 23-Oct-2019 16:27

Especially if they can't even keep their certificate secure...

https://arstechnica.com/information-technology/2019/10/hackers-steal-secret-crypto-keys-for-nordvpn-heres-what-we-know-so-far/

Compromised master secrets, like those stolen from NordVPN, can be used to decrypt the window between key renegotiations and impersonate their service to others... I don't care what was leaked as much as the access that would have been required to reach it. We don't know what happened, what further access was gained, or what abuse may have occurred. There are many possibilities once you have access to these types of master secrets and root server access.

biggal

467 posts

Ultimate Geek

#2342531 23-Oct-2019 17:09

was reading some where that some of the VPN are owned by shell companies of the chinese government

and i would never use one if you have to download software to use it

also all internet traffic is logged in some way

halper86

276 posts

Ultimate Geek

#2342533 23-Oct-2019 17:22

ShinyChrome:

Hmmm....

Another one !

halper86

276 posts

Ultimate Geek

#2342540 23-Oct-2019 17:33

The only reason I would use a VPN is to bypass certain blocks. I'd never use online banking on them though! If i was desperate i would just use my own data

marpada

337 posts

Ultimate Geek

#2342663 23-Oct-2019 20:57

The link is mostly right but not quite. If you want to do some illegal activity in the internet, yeah, a VPN probably won't be enough. If you just want to engage in legal activities privately do use a VPN. TLS is not enough as your ISP/employer/flatmate can still find a lot about your internet usage habits.

Geektastic

14850 posts

Uber Geek

Trusted

Lifetime subscriber

#2342711 23-Oct-2019 22:12

I think I'd prefer encrypted voice comms.

michaelmurfy

/dev/null
9634 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2346131 30-Oct-2019 01:24

Great video:

Notes from this video:
1) Your ISP here in NZ doesn't give a damn about what domains you hit. They also don't sell your DNS logs if they even log this at all.
2) Yes, your ISP does log things such as your IP address assigned to your account, authentication requests, traffic transferred etc. But this is for them, and used to support you.

The biggest factor of privacy leaks inside a network is using a third party DNS service - examples like Google DNS and OpenDNS as examples do log traffic. Others like Cloudflare DNS, Quad9 state they don't and are committed on privacy but to be perfectly honest I trust my ISP more than any of these providers. We've got it pretty good in NZ.

Edit: Thought I'd mention I do have a NordVPN subscription I use rather rarely. I'd still NEVER do anything like Internet Banking or anything sensitive over it.

BTR

1522 posts

Uber Geek

#2346171 30-Oct-2019 09:44

I watched Tom Scotts video last night, he makes some really good content that is unique and very interesting. His VPN video is very tongue and cheek and was very funny.

1 | 2