What is he talking about, public WiFi can easily poison and monitor your DNS requests (most people don’t know or use encrypted DNS), and there’s still tons of non-https traffic leaks all over the place that are plain text. Even if encrypted, there’s still deep packet inspection. VPNs can mitigate DPI techniques and shift the trust from an easily snoopable public WiFi to the VPN’s more trustworthy exit servers.
This guy really needs to elaborate on what he’s trying to say when the cyber security field very much disagrees with this stance. I’m not a huge fan of Proton, but they aren’t doing anything wrong here. You should use it for public Wi-Fi.
Dpi only works if they install a cert on your phone. Else they can’t crack it (in real time) or you would receive HTTPS errors
most people don’t know or use encrypted DNS
But a cybersecurity expert does. That’s the point. If you know those things, VPNs become obsolete, for most people. So why not teach people about it, instead of promoting VPNs?
And can you really trust an extremely profit focused company, that is built on user data, more than your local Café? If you’re in China, sure, use a VPN, they’re the lesser evil. But most spots don’t have the resources or expertise to analyze and sell or otherwise misuse your logs. VPN companies not only do, most rely on it.
If you’re a highly targeted person, it’s another story, but in that case your only hope is Tor or a new identity.
So why not teach people about it, instead of promoting VPNs?
Ok then, in the meantime the rest of us will use a fucking VPN? I don’t know what “encrypted DNS” means, and I’m 99% you’re going to respond with either “whaaaaat you don’t know something that 99.999% of other people also don’t know? Clearly you are too dumb for the internet” or else “oh sure I’d be glad to explain that! It’s real simple, see when you have a Rosendin gembal, it befrazzles the gesticulators of your brangles (link to a Wikipedia article on brangles). So you just have to re-delineate the scanditrons to break the tensor lines in your scintrins! You can code a fairly simple app from scratch to do it, and there’s a FOSS program someone made to help you identify the cabangs in your computer’s lenticles: (link to a github page that is literally just a transcription of an eldritch god screaming in binary)”
VPNs are extremely user friendly and they are happy to explain in layman’s terms exactly what they do and how they work. If there’s a better way, it’s locked behind years of techie knowledge.
Proton is a non profit.
But Proton Bad? I don’t understand. The armchair security nerds on Lemmy want me to hate something.
I agree here. It’s clear that some people here really want me to be outraged at SOMEONE, but dont seem to really understand who or why.
I’m not even an expert in this stuff, but with a tool I found online I demonstrated that it was easy to snoop people’s passwords on my school’s wifi networks back in the day. It took minutes.
That must’ve been quite a while ago
I mean, yes, I’m in my 40s, but it’s just as effective today.
I’m sorry, but I don’t believe it is. Nearly all traffic is TLS. When this is attacked, you’d get TLS error. Am I missing something?
Yup. You can grab any unencrypted data passed between the user’s browser and a server literally out of thin air when they’re connected to an open access point. You sit happily at the Starbucks with your laptop, sniffing them WiFi packets and grabbing things off of them.
Oh and you have no idea what the myriad of apps you’re using are connecting to and whether that endpoint is encrypted. Do not underestimate the ability of firms to produce software at the absolute lowest cost with corners and walls missing.
If I was someone who was to make money off of scamming people, one thing I’d have tried to do is to rig portable sniffers at public locations with large foot traffic and open WiFi like train stations, airports, etc. Throw em around then filter for interesting stuff. Oh here’s some personal info. Oh there’s a session token for some app. Let me see what else I can get from that app for that person.
I don’t know how effective VPNs are over a public WiFi network, but I do know it stopped Spectrum from sending me “you are downloading copyrighted material, stop it” emails once I started using one. Fuck Spectrum, I don’t have them anymore, but that seems like a good enough reason to keep using one in certain circumstances.
On public WiFi I just vpn into my home network. The issue with public WiFi is that it can be sniffed by anyone in range since there is generally no encryption.
Although pretty much everything we do is over tls these days, and DoH helps protect against even dns sniffing. There’s still at least some risk to working in the clear over a public WiFi network. At least in information gathering, what bank you use, etc.
But, there’s no real benefit in using a paid vpn over one you own unless you’re downloading illegal content, want to watch another Netflix region, or are in a country with heavy Internet monitoring/filtering.
All ISPs are legally obligated to forward that shit to you. The alerts are not from spectrum, they’re just relaying the information.
Right now, copyright owners do not have legal permission to find out who you are directly without a court order. They would only seek that information if they were planning to file a lawsuit.
Media companies know, from the Napster incident, that such actions can backfire stupendously. It’s rare that they even bother anymore. I can go into detail on why, but I’ll leave it out for brevity.
So they send the notice to your ISP, who is legally obligated to match the information on the notice to the subscriber and forward the notice to you.
For many, this goes to an ISP provided mailbox, which most people ignore the existence of it. Clearly spectrum operates differently.
The notices are from copyright holders who have no idea who you are, and can’t determine that information unless they intend to sue you. So those can be, for the most part, ignored.
It’s not your ISPs fault that you got those. They couldn’t give a shit less about what you do on their service, or what you download. They just want you to pay your bill every month and keep the gravy train rolling.
I’m saying fuck Spectrum for other reasons. Either way, there’s less of a trail.
Fair enough. I haven’t used spectrum, so I have no opinion. I’m not in the right country to subscribe to their service, so there’s that.
Have a good day.
Spectrum is a total shit ISP that does shady shit constantly, while being owned by a massive corporation run by a Trump supporter and unfortunately is the only option people have in a lot of places in the U.S.
Anyway, good talk. You have a good day too!
When I first saw this I thought it was funny. The fact that so many people are falling for it has only made it even funnier.
FWIW, Haley Welch might seem dumb as bricks, but she also seems quite sweet - doing charity stuff, keeping her other friend from “that” vid for the ride, etc. As far as people becoming famous for bullshit reasons goes, she seems to be handling it well.
I feel bad for her, honestly. She was open about her sexuality and she’s conventionally attractive, so now she has all these leering old men on TV slobbering all over her.
Bill Maher practically tried to talk her into bed on his show with his creepy shit about mentoring her.
Oof. What is up with these creepy, sweaty dudes on talkshows? I know they somewhat reflect the general populace, but to pull shit like this on air is just boggling.
I didn’t know who she was, so I just assumed it was true and that she was just another celebrity sponsored by a VPN company.
She’s handling fame better than Chappel Roan.
You think she’s not handling fame well because she’s setting clear boundaries, and reminding fans that she’s not their friend just because she’s famous?
Don’t hire that contractor lol
Thank goodness someone explained that to me. I was startong to wonder if she was some sort of technology expert, or something.
Can someone share proton’s response? I don’t have a xitter account
Nobody has a Xitter account.
I have a vpn for… reasons… 🏴☠️⚓️🏴☠️
I have VPN so I can look at porn.
Dude!
why?
Texas ig
So I’m confused networking stuff has never been my strong suit, is this saying you can still be fucked on public WiFi even if you connect through a VPN?
There are some attacks you are vulnerable to on public WiFi that a VPN can help with.
More generally, whoever is transporting your data knows who you are talking to. If you don’t use a VPN, your ISP and whoever owns the router know what websites you are visiting (although they don’t know the specific content). If you use a VPN, your ISP and router know you are using that VPN, but not what websites you are visiting. Now your VPN knows what websites you are visiting, but they still don’t know what the content is.
I hope that helps.
What about DoH/DoT which comes enabled by default in some browsers I believe? This should “hide” your activity from isp/router as well, shouldn’t it?
Yes and no.
Modern HTTPS connections send the URL you are connecting to in the initial hello, so the remote webserver knows what security certificate to use when you connect. A lot of web servers host multiple sites, especially for smaller webpages, and so it doesn’t assume that since you connected to that specific webserver, that you’re connecting to the site that the webserver is hosting, even if it’s only hosting a single site.
This can leak the data to anyone sniffing the traffic.
You can also determine some traffic by IP address, this is for larger web services like Facebook, youtube and other sites of similar size. They load balance groups of IPs for their traffic, all are serving the same data. So if you connect to an IP that’s owned by Facebook, for example, then your actions can be easily derived.
Since the connection is still secured by TLS, the content can’t be deciphered, but the location you are going to absolutely can.
It really depends on a lot of factors.
Ok, thank you and all the others for explanation.
No, the context is that for many years, shady commercial VPNs would sponsor YouTubers and the scripts they were given were full of lies and half truths about the dangers of public WiFi, with the implication being that if you purchase their VPN service they will “protect you”. But the problems these VPN companies were claiming to solve have already been solved by HTTPS and it’s perfectly fine to use public WiFi without a VPN. They are using scare tactics to sell you a product.
What this poster is saying is that they’re disappointed to see this same fear mongering misinformation from Proton, who have an otherwise good reputation for being consumer friendly.
Exactly. Using a VPN can improve your anonymity, provided you trust your VPN operator more than the infrastructure you’re using. But many VPN vendors claim a VPN is essential to provide security, which isn’t true in the slightest, and Proton shouldn’t be stooping to that level. There are plenty of good reasons to use a VPN that don’t involve illegal activities, but it’s hardly essential for the average person.
Yes. X.509 means https is worthless protection from APTs
I don’t understand why everyone assumes using a VPN means paying for a third party. I have Wireguard deployed in my NAS and I always have that VPN connection active on my phone to be able to access my LAN deployed services remotely, Jellyfin for example.
deleted by creator
Most VPNs sell themselves on encrypting your traffic to an endpoint that either is in a different locale to get around region locks or to put it out of the grasp of the RIAA so they can’t send your ISP copyright notices.
While remote access to a local network is a good use case for a self-hosted VPN it’s totally unrelated to the use case for commercial VPNs
For the use case of encrypting your traffic while using a public WiFi, both commercial VPNs and self-hosted ones provide the same functionality.
Yes that’s true. But also that’s the wink and nudge marketing claim that VPN marketers make while everyone knows the real reason you are using a VPN.
With HTTPS, DNS-over-HTTPS, and most endpoint firewalls dropping non-gateway traffic, the risk is a lot less than the VPN ad reads want you to believe
