Using a VPN service for Privacy? Don't.

Forums › Off topic › Using a VPN service for Privacy? Don't.

michaelmurfy

meow
13197 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#259814 23-Oct-2019 12:46

Interesting read: https://gist.github.com/joepie91/5a9909939e6ce7d09e29

I have been saying it for years now - a VPN service actually doesn't offer you any privacy advantages especially here in NZ.

Unless if you're connecting to the internet via a insecure WiFi network or are needing to break past restrictions on a network - there is no need to VPN all your traffic.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

1 | 2

2539 posts

Uber Geek

Trusted

#2342448 23-Oct-2019 13:22

Fully agree with the post.

The one reason I paid a one-off fee for a cheap "lifetime" VPN service is to drop out particular connections in various countries. It's all done via a firewall and I only route particular source clients to specific destination address(es) over it. No way I'm sending it all.

The idea of sending all your traffic to some random muppet who knows how to run OpenVPN is insane, but VPNs have done an amazing job of marketing to people that this is something they need.

When people spend money on something, they'll defend and even promote that decision (see the second paragraph of this post* for a prime example), and so many people have bought them that it's almost self-fulfilling now.

*Yes, this is the correct link.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

nathan

5695 posts

Uber Geek
Inactive user

#2342452 23-Oct-2019 13:28

Sweeping generalizations are sweeping

I’m sure freedom fighters in China love to use VPNs to protect their privacy and hide from the CCPs surveillance tentacles

Not all VPN providers are created equally, and big name ones who spend lots on marketing, take months and months to acknowledge a security vulnerability, provide no proof they don’t log, and choose to locate their businesses in offshore tax havens, are probably not the best choice.

ShinyChrome

1564 posts

Uber Geek

ID Verified

Trusted

#2342466 23-Oct-2019 14:10

I think it is more to the point that you should place no faith in VPNs as a silver bullet for online privacy as is Tor etc

As is said many times, it depends on your personal threat model. Nobody is after me (well that I know of....) so using a VPN for my personal traffic is largely pointless; the people interested in my traffic (ads, targeted marketing etc) are willingly to throw more resources into identifying and analysing it than I am willing to use hiding it, because at the end of the day, it isn't a clear and present threat to my personal safety.

I feel like the general majority also fit in that category, thus the questioned worth of VPN services for the masses. Which is why they spend money marketing to people's paranoia.

Now if you were the aforementioned Chinese freedom fighters, you DEFINITELY have a clear and present threat to your safety as that Government has made clear. In which case a robust VPN along with other security measures is probably in your best interests. Which I would suspect won't be any of the big off-the-shelf names, but roll-your-own.

Hmmm....

chevrolux

4962 posts

Uber Geek
Inactive user

#2342473 23-Oct-2019 14:27

I've never understood the need for a 'VPN service'. The only reason to use one in NZ is for nefarious purposes - hell I know I have used the free options every now and again when logging in to a portal I didn't want to see my IP address haha.

These days with things like the Unifi USG it's very easy to set up a VPN server at home, and with our world leading UFB networks would probably perform better than these "VPNaaS" providers.

Edit:

connecting to the internet via a insecure WiFi network

Is this a realistic issue these days though? Assuming the WiFi network is set up well (yes realise plenty of them aren't), there should be guest isolation so others can't just simply snoop traffic anymore. And even if there isn't isolation, all the "important" sites are HTTPS anyway so no way to decrypt that without doing a MITM attack and trigger all the browsers errors. So that just leaves HTTP captive portal pages that want your credit card to connect to the network - of which normal rules apply of don't enter important stuff in to non-HTTPS pages.

dfnt

1504 posts

Uber Geek

Lifetime subscriber

#2342494 23-Oct-2019 15:33

Only thing I use VPN's for is 1) To get around geolocation on some sites, although this is becoming less necessary these days (especially on Crunchyroll) and 2) When I'm on a guest wifi, but I VPN to my home network as opposed to external provider

Rikkitic

Awrrr
18587 posts

Uber Geek

Lifetime subscriber

#2342508 23-Oct-2019 16:06

I have Windscribe because I was able to get a good deal on a lifetime subscription. I find it useful for specific purposes, such as verifying issues with my DNS proxy and quickly bypassing geoblocks when checking new sites. I use the browser extension only, so I can quickly switch it on and off. I never use it more than briefly. It is a handy tool, not a way of life.

Plesse igmore amd axxept applogies in adbance fir anu typos

Tinkerisk

4159 posts

Uber Geek

#2342511 23-Oct-2019 16:09

Intended or not, the headline is misleading and should say "VPN services" or "commercial VPN".

- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT: thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D: two 3D printers, 3D scanner, CNC router, laser cutter

ech3lon

368 posts

Ultimate Geek

Subscriber

#2342517 23-Oct-2019 16:27

Especially if they can't even keep their certificate secure...

https://arstechnica.com/information-technology/2019/10/hackers-steal-secret-crypto-keys-for-nordvpn-heres-what-we-know-so-far/

Compromised master secrets, like those stolen from NordVPN, can be used to decrypt the window between key renegotiations and impersonate their service to others... I don't care what was leaked as much as the access that would have been required to reach it. We don't know what happened, what further access was gained, or what abuse may have occurred. There are many possibilities once you have access to these types of master secrets and root server access.

bigalow

562 posts

Ultimate Geek

#2342531 23-Oct-2019 17:09

was reading some where that some of the VPN are owned by shell companies of the chinese government

and i would never use one if you have to download software to use it

also all internet traffic is logged in some way

halper86

543 posts

Ultimate Geek

ID Verified

#2342533 23-Oct-2019 17:22

ShinyChrome:

Hmmm....

Another one !

halper86

543 posts

Ultimate Geek

ID Verified

#2342540 23-Oct-2019 17:33

The only reason I would use a VPN is to bypass certain blocks. I'd never use online banking on them though! If i was desperate i would just use my own data

marpada

471 posts

Ultimate Geek

#2342663 23-Oct-2019 20:57

The link is mostly right but not quite. If you want to do some illegal activity in the internet, yeah, a VPN probably won't be enough. If you just want to engage in legal activities privately do use a VPN. TLS is not enough as your ISP/employer/flatmate can still find a lot about your internet usage habits.

Geektastic

17927 posts

Uber Geek

Trusted

Lifetime subscriber

#2342711 23-Oct-2019 22:12

I think I'd prefer encrypted voice comms.

michaelmurfy

meow
13197 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2346131 30-Oct-2019 01:24

Great video:

Notes from this video:
1) Your ISP here in NZ doesn't give a damn about what domains you hit. They also don't sell your DNS logs if they even log this at all.
2) Yes, your ISP does log things such as your IP address assigned to your account, authentication requests, traffic transferred etc. But this is for them, and used to support you.

The biggest factor of privacy leaks inside a network is using a third party DNS service - examples like Google DNS and OpenDNS as examples do log traffic. Others like Cloudflare DNS, Quad9 state they don't and are committed on privacy but to be perfectly honest I trust my ISP more than any of these providers. We've got it pretty good in NZ.

Edit: Thought I'd mention I do have a NordVPN subscription I use rather rarely. I'd still NEVER do anything like Internet Banking or anything sensitive over it.

BTR

1527 posts

Uber Geek

#2346171 30-Oct-2019 09:44

I watched Tom Scotts video last night, he makes some really good content that is unique and very interesting. His VPN video is very tongue and cheek and was very funny.

1 | 2