”protect”? i think you mean ”redirect to google instead of your isp or carrier so we can farm your activity even outside of google apps and services for advertising”

bite me, google

@nano idk, maybe they’re just looking after you and want you to to be safe from hackers. I know I sleep better at night knowing google knows where I am and will send the military rushing to my aid if I need help

@laptopkitten using a vpn doesn’t do shit to prevent your stuff getting broken into or stolen

dear anyone who uses a vpn for ”privacy” or ”security” purposes:

if you’re worried about your isp seeing your activity, why aren’t you worried about your vpn provider seeing your activity?

i mean, either way, the only thing they can see is what ip addresses you connect to

as long as you’re using tls/ssl (https), neither your isp or vpn provider can see exactly what pages you connect to or what information you send/receive to that server, just the ip address of the server itself. all the data is already encrypted, vpn or no vpn

and, no, browsing on an ”insecure” public coffee shop access point doesn’t open you up to getting your passwords stolen by the shady guy in the corner. the same encryption principles apply. the only ”insecure” part of the network is that the access point isn’t password protected, meaning anyone can connect

it sickens me how vpn companies bribe people into lying about reality for a sponsorship deal. legitimately stop believing their lies about ”encrypted tunnels” and ”insecure networks”. the only actual thing a vpn does is change your ip address to make you appear like you’re connecting from your vpn’s data center, since you technically are. it does nothing else. all of the security you need is baked into your computer and web browser

@nano the only good thing a VPN does is make it so your ISP doesn't nuke you for pirating a 20 year old nintendo game, because yes, nintendo did ding my ISP for that and threaten to turn off our internet lmfao

@nano Really? Even with military grade encryption?

(I as being sarcastic lol)

@laptopkitten ”military grade encryption” more like an industry standard that almost literally everything uses lol

@EeveeEuphoria gross

@nano yeah DMCAs suck

@nano I really like Tom Scott's video on that, "This Video is Sponsored By:⬛⬛⬛⬛ VPN" https://farside.link/invidious/watch?v=WVDQEoe6ZWY

so what IS a good usage of a vpn?

well, if you have a legitimate reason for hiding your ip address from the servers you connect to, that’s one reason. but remember, ip addresses are purposefully and inherently *not* private information. they call it a ”public ip” for a reason. every single server you connect to gets your ip, they NEED your ip to send you the data you requested. it’s like sending a letter, asking for a response, but not providing a return address

another reason is to access geolocked content, but most of the time streaming services like netflix block all connections from known vpn-owned ip addresses, so this doesn’t even always work

a more niche but also very legitimate use of a vpn is setting one up for yourself so you can connect to your home server without exposing it to the internet for anyone to find and penetrate

but if you’re using it to protect your activity from your isp, or to prevent getting hacked or something, you are either a sucker or a shill, sorry

@nano 🤦‍♀️ ok so... No just no, that's not how vpns work it's not "masking or making it look like" it's rerouting your traffic. The best way I can describe it is, imagine being followed by a private eye to every store you visit. Sure they can't see what you bought but that destination ip that's the store... They can tell what it sells and who runs it. A VPN is as if the private eye is forced to stop when you get on the highway (VPN) Beyond that they can't follow you. And VPNs dump their logs.

@SirSoy ”make you appear like you’re connecting from your vpn’s data center, since you technically are”

get some fucking eyes before you reply to me in a condescending way you piece of shit. fuck off permanently

@nano don’t forget censorship

here in russia, most of the services in the outer internet are either banned by roskomnadzor (the media watchdog) or 1002/403 you if you have a russian ip

@nano It made sense in the early 2000s when most public wifi was open (no encryption, anyone on the same AP could see all your traffic) and the majority of web traffic other than banks was HTTP, not HTTPS.

This was back in the days of "upside-down-ternet" where if you arp spoofed or otherwise became a MITM you could prank people by rotating all of the images in their web browsing sessions to be upside down.

Tunneling your otherwise cleartext, unauthenticated traffic out from the sketchy, trivially sniffable public network and having it exit from your home DSL link or a trusted datacenter (where the odds of someone messing with it were a lot lower) made good sense.

In 2023 when basically everything is (should be) TLS? All marketing BS.

@azonenberg honestly if you’re connecting to anything that isn’t a static webpage without tls, you should probably just stop doing that

@halva i already mentioned geolocking

@nano ah, reading comprehension 💀

@nano also if you pirate and for some reason need to prevent scary emails from being sent a vpn is great, thats why i use one. remember though, they’re just scary emails, they don’t actually do anything.

@kira some isps are evil and threaten to cut service but this is rare so i didnt bother mentioning it

@nano ...or you happen to live in a place where:

a) your ISP censors your internet access, and/or
b) your government forces you to install their root certificate to make HTTPS connections work (rendering them insecure), and/or
c) you can be arrested for just saying shit online (cops contact service you used -> they tell cops their IP -> cops contact ISP -> ISP tells them who used this address at the time -> you go to jail).

ISPs are definitely not trustworthy the world over.

@andOlga a) already mentioned geolocking, theyre very similar
b) i did not know this was a thing before
c) cops can contact your vpn provider. despite vpn companies promising that theyve been audited and dont keep logs, they almost 100% of the time do because they do not care

@nano While it's true that they *can* contact your VPN provider it is an extra hop for them to make and a lot of the time they won't bother, they'll just think: oh well this post isn't from our jurisdiction even though it was made in "our" language/on "our" social network/etc.

If your VPN provider is being contacted by an authoritarian country that has *nothing to do with their service whatsoever* there's also no real reason for them to cooperate.

@andOlga in that case, valid

@nano @andOlga if the vpn was based out of a different country its possible this wouldnt be an issue, but treaties, and your govt could just block the vpn

@kira @nano Oh they do block plenty of vpns lol, but new ones just keep popping up (including ones that use difficult-to-detect protocols). They're not the ones that advertise on youtube though, your expresses and nords, those are worthless.

@andOlga @nano its a pretty good rule that if you heard about it from an ad it’s not worth your time. that goes for a lot more than just vpns too.

@kira @andOlga if they have the deep pockets to advertise like that, they probably make filthy money

@nano Not quite. Passwordless wifi is not encrypted. Anyone can sniff the traffic. This is fine if it's encrypted at the protocol layer. But not everything is.

@kharos if youre using something that involves sensitive data without tls/ssl, you just shouldnt be doing that at all, ever, period, even at home

@nano It's usually not up to you but whoever runs the website you're using.

@kharos if they dont use tls/ssl on a website handling data then they are a bad sysop and you should avoid their service or use something like httpseverywhere

@nano ....wait does every pixel phone do this? like by default? what the Big Fuck

@chrisisgr8 no it is an option

@nano a VPN disconnects your real life identity from your activity.

If you don't use a VPN, the ISP knows both your identity and sees your activity. Sure, they can't see into your TLS but they can see the IP addresses you connect to and can drive the website from the TLS negotiation, and build a profile of you tied to your real identity. That's valuable information for people who want to sell you stuff.

...

@incogg let me flip that around for you

"If you use a VPN, the VPN knows both your identity and sees your activity. Sure, they can't see into your TLS but they can see the IP addresses you connect to and can drive the website from the TLS negotiation, and build a profile of you tied to your real identity. That's valuable information for people who want to sell you stuff."

only had to remove one word and replace another and its still true

@nano when you use a VPN, the VPN provider can (under some assumptions) build a profile on you in the same way, but the good VPN providers cannot tie it to your real identity. That makes it far less valuable to those who seek to learn about your activity.

Of course you can blow all that out of the water by logging in to the same services that already know your identity and track you around with 3rd party cookies etc. That's why a VPN is only part of a good privacy diet.

@incogg yet again, who's to say your isp will be good and not sell your data just like a supposed "good vpn" wont? it goes both ways. in either scenario, a company that knows exactly who you are is handling your internet traffic

@charlotte @incogg likely also your billing address if you used a credit or debit card lol

@nano @incogg they also know the IP you accessed the service from so they do know what city or region you are currently in

@charlotte @nano the good VPN providers separate the payment from the VPN service itself. For example Mulvad sell you a token which gets verified by the VPN server itself, isn't logged so they can't tie it back to you.

And if you need more protection than that, buy the token with crypto.

Ed: Or buy the token from a 3rd party seller

@incogg @nano yes. A good one does. But as an outsider you really can’t tell that a VPN service is good or not until the police comes knocking at the vpn’s door

@charlotte @nano that's true. If you're threat model is running away from the police, you probably need other measures in addition to a VPN or instead of a VPN - to mitigate the risk of the VPN provider not meeting their promises.

For example, you might want to use Tor, and in order not to stick out as a Tor user for your ISP - wrap a VPN around it.

If all you want is maintain a private identity that regular people cannot tie to your real life one, just using a VPN for your alter can work.

@nano the only reason I use a vpn is to torrent stuff, and I use an explicitly torrent-friendly vpn service to do so.

@kira @nano depends on the ISP, some actually will boot you or reduce your service tier after too many incidents

@nano you can use a trusted VPN (mullvad or proton) if you dont trust your ISP with your data

@error420 did you read ANYTHING i said? isps DONT GET your data, thats what https prevents. all they know is what ips you connect to