You trust SuperNeatVPN headquartered in $unregulatedCountry more than your own ISP? It’s all TLS now anyways.
“I run a VPN because Joe Rogan says I need to in order to be secure”
Man, do you know how much of a pain in the ass it is when people run VPNs on their BYOD or work device (hey I don’t manage it, I’m just the MSP), have an established history of popping up all around the world, and then eagerly click the phishing links?
You trust SuperNeatVPN headquartered in $unregulatedCountry more than your own ISP?
if SuperNeat hasn’t been caught with their hand in the cookie jar, at least a little bit. it really depends on what and who. If you’re worried about being called up on anti-regime charges when it becomes illegal, it would be at least prudent to try not to post that from an IP in a country where the regime doesn’t have search and seizure rights. At this point, Google/Apple/Verizon/Comcast have been asked to comply with handing over people doing X things. It wouldn’t take a whole lot to at least obfuscate that a little. You’d still have to be careful through, even Proton is turning over activists.
Our IT department is so incompetent that… let’s just say I have made it a point to leave a paper trail in my inbox of me highlighting issues and complaining because I can’t rule out a full investigation.
Last year we had a “technical all hands” which basically means IT have fucked up to the point that engineering/platform are now responsible for untangling the mess from first principles. And we actually were allowed to look at the logs and were seeing “attacks” from all over Western Europe. I suspect IT would still be trying to call the FBI for help if one of our PSEs hadn’t sighed and said “how much of our staff are running VPNs?”. And then we had to explain what those are… to the people who actually manage the VPN we use to remote in.
STILL not sure if I am more horrified that they didn’t understand that VPNs exist or that they had just not noticed that much mystery traffic until that day.
And why would you trust your own ISP more than reputable VPNs?
Sure, this statement is very valid for (free) VPNs which are not reputable, and act as data mines instead of providing true privacy; but your statement reads very much like we do not need VPNs at all.
ISPs know what sites you are visiting and when, and they are ready to comply with the government. Also, we have acts like Online Safety Act (UK), which incentivizes more data collection. Combine that with age verification on every site, and you are basically giving away your browsing history.
I agree that a VPN alone is not going to protect you, and you need to authenticate less into websites, and clear your cookies after every browser session (basically good OpSec). However, I also think that reputable providers like Mullvad and Proton are a must.
And why would you trust your own ISP more than reputable VPNs?
Define “reputable VPN”? There is little to no meaningful third party auditing and mostly all we have to go on is if they are on the record for having “cooperated with law enforcement”
The point is you need to actually understand what you are trusting who with. You want to watch AEW for cheap? Cool, whatever. You want to masturbate to porn without providing your ID? Maybe think about who is more likely to get a call from what orgs. And if you are doing something truly sensitive? That is when you need to learn a WHOLE lot more about what privacy and personal security actually are.
The point is that people just say “linus rogan had a promo code and this solves all my problems”.
Tor exit nodes are vulnerable to various levels of attacks.
But it also doesn’t change the underlying problem. If you put ALL of your traffic through Tor? Cool. You have accomplished nothing (other than flagging yourself because of what exit nodes you are accessing from) because your cookies and even behavior are still being correlated.
Like… it doesn’t take much to question why FightThePower_6969 looks at both /r/antifa101 AND /r/denver, for example. Ooh, and they also look at /r/warhammer40k and have a cookie from this website listing bus schedules and…
I do agree that tor is an amazing (if problematic) tool and it is generally the gold standard for when you need to obfuscate traffic in a way that doesn’t involve giving mullivad your credit card number. But people still need to understand what traffic they are putting into each different port. And even realize that there are some truly nasty tracking methods out there that can do nasty stuff with even OS level DNS caching between browsers.
“I need a vpn”
Why?
“Privacy”
You trust SuperNeatVPN headquartered in $unregulatedCountry more than your own ISP? It’s all TLS now anyways.
“I run a VPN because Joe Rogan says I need to in order to be secure”
Man, do you know how much of a pain in the ass it is when people run VPNs on their BYOD or work device (hey I don’t manage it, I’m just the MSP), have an established history of popping up all around the world, and then eagerly click the phishing links?
if SuperNeat hasn’t been caught with their hand in the cookie jar, at least a little bit. it really depends on what and who. If you’re worried about being called up on anti-regime charges when it becomes illegal, it would be at least prudent to try not to post that from an IP in a country where the regime doesn’t have search and seizure rights. At this point, Google/Apple/Verizon/Comcast have been asked to comply with handing over people doing X things. It wouldn’t take a whole lot to at least obfuscate that a little. You’d still have to be careful through, even Proton is turning over activists.
You guys are using SuperNeatVPN? Would you recommend it? I am using SuperShadyVPN and looking to switch.
Heh.
Our IT department is so incompetent that… let’s just say I have made it a point to leave a paper trail in my inbox of me highlighting issues and complaining because I can’t rule out a full investigation.
Last year we had a “technical all hands” which basically means IT have fucked up to the point that engineering/platform are now responsible for untangling the mess from first principles. And we actually were allowed to look at the logs and were seeing “attacks” from all over Western Europe. I suspect IT would still be trying to call the FBI for help if one of our PSEs hadn’t sighed and said “how much of our staff are running VPNs?”. And then we had to explain what those are… to the people who actually manage the VPN we use to remote in.
STILL not sure if I am more horrified that they didn’t understand that VPNs exist or that they had just not noticed that much mystery traffic until that day.
And why would you trust your own ISP more than reputable VPNs?
Sure, this statement is very valid for (free) VPNs which are not reputable, and act as data mines instead of providing true privacy; but your statement reads very much like we do not need VPNs at all.
ISPs know what sites you are visiting and when, and they are ready to comply with the government. Also, we have acts like Online Safety Act (UK), which incentivizes more data collection. Combine that with age verification on every site, and you are basically giving away your browsing history.
I agree that a VPN alone is not going to protect you, and you need to authenticate less into websites, and clear your cookies after every browser session (basically good OpSec). However, I also think that reputable providers like Mullvad and Proton are a must.
The point is that people just say “linus rogan had a promo code and this solves all my problems”.
and your name. address, credit card number. You’re 100% right, just wanted to make sure this isn’t skipped over.
Librewolf is my goto browser + vpn + ublock. If they get through that it’s my fault imo
https://gist.github.com/joepie91/5a9909939e6ce7d09e29
EDIT: If you do absolutely need privacy, then use Tor.
Tor exit nodes are vulnerable to various levels of attacks.
But it also doesn’t change the underlying problem. If you put ALL of your traffic through Tor? Cool. You have accomplished nothing (other than flagging yourself because of what exit nodes you are accessing from) because your cookies and even behavior are still being correlated.
Like… it doesn’t take much to question why FightThePower_6969 looks at both /r/antifa101 AND /r/denver, for example. Ooh, and they also look at /r/warhammer40k and have a cookie from this website listing bus schedules and…
I do agree that tor is an amazing (if problematic) tool and it is generally the gold standard for when you need to obfuscate traffic in a way that doesn’t involve giving mullivad your credit card number. But people still need to understand what traffic they are putting into each different port. And even realize that there are some truly nasty tracking methods out there that can do nasty stuff with even OS level DNS caching between browsers.
You don’t have to give mullvad your credit card number though.