Slashdot Mirror
Will VPNs Protect Your Privacy? It's Complicated
From a CNET report: A VPN redirects your internet traffic, disguising where your computer, phone or other device is when it makes contact with websites. It also encrypts information you send across the internet, making it unreadable to anyone who intercepts your traffic. That includes your internet service provider. Ha! Problem solved -- right? Well, sort of. The big catch is, now the VPN has your internet traffic and browsing history, instead of your ISP. What's to stop the VPN from selling your information to the highest bidder? Of course, there are reputable VPN services out there, but it's incumbent on you the user to "do your homework," Ajay Arora, CEO of cybersecurity company Vera said. In addition to making sure the VPN will actually keep your data private, you'll want to make sure there's nothing shady in the terms and conditions. Shady how? Well, in 2015, a group of security-minded coders discovered that free VPN service Hola was selling its users' bandwidth to the paying customers of its Luminati service. That meant some random person could have been using your internet connection to do something illegal. So, shady like that. "I would recommend you do some cursory level research in terms of reputation [and] how long they've been around," Arora said, "And when you sign up, read the fine print." From a report on Wired: Christian Haschek, an Austria-based security researcher, wrote a script that analyzed 443 open proxies, which route web traffic through an alternate, often pseudo-anonymous, computer network. The script tested the proxies to see if they modified site content or allowed users to browse sites while using encryption. According to Haschek's research, just 21 percent of the tested proxies weren't "shady." Haschek found that the other 79 percent of surveyed proxy services forbid secure, HTTPS traffic.
You are aware March has got 31 days, not 30?
Best be moving our means of communication to telepathy.
With ISPs, you can't really choose who gives you the pipe to your home or school. You may have a telco, and a cable company, if that.
With VPNs, if one is found to be selling data, you can switch in a heartbeat.
Then, there are the privacy policies. A VPN having a privacy policy of not handing your traffic over will get in a lot more trouble if they sell that data than an ISP that has a privacy policy of "if it goes through our fiber, we can do what we please with it."
VPNs are not perfect... but they do help significantly. It is sad that things have come down to this, as it makes police work a lot harder once the bad guys "go dark", but people are tired of having their data sold, or advertising IDs added to non-encrypted traffic.
Just spin up your own VPN server on one of the cloud providers? The cost of a low resource machine is negligible, even better, you can spin up a new machine (with a new external facing IP) each time you need to use it.
do use EU services, do not use American services, because ultimately they will do what Gov tells them to do.
What does a VPN have to do with web proxies? I'm so confused by this website.
Sure, a VPN proxy could monitor my traffic as much as my ISP can. Using https they might see where I'm going, but not the contents. The thing is, I can easily switch VPNs if I don't like the service, whereas in the US, I don't have that choice so much with my ISP, short of physically moving to another location. If I'm lucky, I might live in an area with two viable choices. In my current case, I can choose between Verizon and Comcast, which is like being asked to choose between gonorrhea and syphilis.*
And now thanks to the f*ckwit Republicans in control of Congress, my ISP can now sell everything it knows about me to anyone they like, without any recourse on my part, short of using some sort of proxy. At least with VPN proxies, there's no real barrier to entry, save for bandwidth capacity, and I can choose from any number of options, that I'm going to now have to start looking at.
*Apologies to gonorrhea and syphilis for comparing them to the likes of Verizon and Comcast.
So he analyzed free proxies and some were shady? Is it a revelation that there are shady things on the internet?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
n/t
If you don't use a VPN, your data is vulnerable to your ISP. If you do use a VPN, your data is vulnerable to your VPN provider *and* to *their* ISP.
Maybe they've got a better (in terms of privacy) ISP than you do. But be aware that that is also a concern.
Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
What if I set up my own VPN using Streisand? Would I then have oversight and control over how my info was used?
I'm asking for a friend.
You want a VPN service that totally respects and protects your privacy? Find the one that charges the most money and use them, because everything is about money now, and selling your paying customers like so much chattel to the highest bidders, so how can you trust anyone anymore? I don't even trust companies to live up to their printed agreements, because they know they can't be effectively sued by individuals.
Stop using the Internet for everything you can, and encourage others to do the same. When nobody is making any money from internet-related businesses anymore, it'll either die off or things will change. Money seems to be the only thing these bastards care about, so that's the only weapon you really have against them.
What's to stop the VPN from selling your information to the highest bidder? The fact that my VPN of choice, Mullvad, collects no information.
You click "create account," they give you an account number, and that's the end. They don't ask for your name, address, phone number, or anything. I pay via Bitcoin, so they don't even have my credit card info.
> A VPN having a privacy policy of not handing your traffic over will get in a lot more trouble if they sell that data
I'm not so sure. Has ANY VPN provider EVER been busted for that, or anything like it? Can and do the owners of the VPN services hide their identity? It seems to me the big ISPs are very slightly more accountable - they are regulated and we all know exactly who they are.
Many VPN services have a no log policy. Always review the policies of a VPN when you join. Here is a fairly good list to start from: I'm rather fond of VPN services in Sweden and Italy myself. https://torrentfreak.com/anony...
"Imagination is more important than knowledge" - Einstein
with putting my own VPN server on EC2 or OVH? Yes, it is expensive, but privacy has a price. You just consider it cost of internet.
Or you buy a router and colocation service in Bulgaria or Romania, and create your own VPN service.
I do have a VPN connection to my parents place in EU. They are paying $20 dollars for 50/50Mbps. I am paying $40 for 5Mbps in US.
It is insane. The US ISPs are overcharging and then selling your data, and all they can get about you.
Captcha: clinch
And hence this is why Tor was created.
VPN's may only protect you from your own ISP, but what about the biggest spyware organisations, such as Google/Facebook?
They all rely on browser fingerprinting more than anything else these days, and subtly transmitting information back in an encoded form, including mouse movement patterns to learn about the individual.
Cookies/HTML5 storage are so last decade, as I've seen a growing number of companies (Cyberfend / iovation / iesnare / "cformanalytics", browser.id (navigator.io), etc) provide services specialising in tracking and individually identifying users - even surprisingly across devices, somehow.
As far as I can tell, only Mozilla is attempting to reduce/fight this with their browser, especially as they recently removed the Battery status API, added disconnect.me to blacklist known trackers in v43, Font fingerprinting, etc.
Sure, you can use addons like adblockplus, noscript, decentraleyes, etc to some degree, but many times they break websites as more and more sites are utilising javascript exclusively for a website to function, including third-party scripts, such as GoogleTagManager, etc.
Just recently discovered that the popular London travel website TfL also contains a third-party tracker, without which their journey planner doesn't work, thus the website doesn't work with Firefox's disconnect.me privacy list.
ThatOnePrivacyGuy on /r/privacy manages That One Privacy Site, including a handy VPN section. Unlike the vast majority of VPN provider reviews you'll find in web searches, this one encourages community discussion and appears to be impartial. Next time I need a new VPN provider, I expect I'll be turning to that site.
As a disreputable A.C., I'm already restricted to a handful beautiful posts per day with my non-shared IP address!
There are none.
"Log policies" are about as meaningless as "uptime guarantees" and "we do backups". How, exactly, do you verify this?
Chances are, you'll be fine. But only a fool is going to be shocked when the shit hits the fan with some random VPN provider.
Using a self setup vpn in a data server that does not gather you data is what I am doing. Its not that I care that the government gets it, its I don't need Comcast, Verizon, Tmobile or other service provider that I am SURE will sell my browser data. I do quite a bit of research on our products, and even at work they use comcast! I do not know if management realizes the trove of data that comes from this. Maybe someday they will wake up.
I also use my server for transferring large files to my customers using opencloud. Do not want dropbox getting access to things they have no business seeing. But sales uses Dropbox on a regular basis. Sigh...
Am I just getting old and err.. paranoid?
Everyone knows you have to go behind seven proxies.
It's worth the price of admission just to give me ISP the middle finger. You're won't profit from pilfering all my data. Sure, others do, but I as an informed consumer opt in to those services, knowingly.
I've installed Opera browser on my computers which has a free VPN provided by SurfEasy which is a Canadian company they own.
Privacy Policy includes "no logs"
https://www.surfeasy.com/priva...
https://www.opera.com/privacy
This should give good protection from my local ISP. Hopefully I will be able to trust SurfEasy and Opera to adhere to their policy.
(BTW, the browser seems much faster than Chrome or Firefox on my old MacBook.)
I don't read your sig. Why are you reading mine?
How about dnscrypt?
What? The fire plan thing? That's kind of a joke. The fact that DC is destroying America? I see evidence of that every day.
Is to generate fuckloads of traffic from several VMs. Enjoy harvesting my data.
So use a VPN to connect to another VPN provider. And another. And so on. It's VPNs (or turtles) all the way down.
Or, there's Tor.
See subject & for the best hosts file APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have in the IP stack in FASTER kernelmode!
APK
P.S. - Safe h0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
Protecting your privacy is a VPN's reason for existence. If they operate in contradiction to that, they're involved in fraud. An ISP can be honest and tell you in the fine print that they're going to monetize your traffic however they can. If a VPN tells you in the fine print that they're going to sell you out, they're engaged in a deceptive business practice and will lose all their business and die as soon as this is found out.
I've been running an openvpn link from my home to our colo for years. I also have it set up on all my devices so I can use it while traveling. Some of our DFly devs also use it when they are traveling. Here's my cumulative wisdom on the matter:
Generally speaking it works quite well. I use a medium-numbered port but I also have a server running on port 443 because the many weird networks one runs through when traveling often block most parts, but usually leave the https port open.
* Use UDP for the transport when running openvpn over a broadband link. This provides the most consistent experience.
* Use TCP for the transport for connections from mobile devices. This provides the most consistent experience. There are several reasons for this not the least of which being that the telco infrastructure seems to devalue UDP by a lot verses other traffic. TCP is also a lot easier to run on the server-side if you potentially have many devices connecting in, because you can run one server instance.
* Configure a smaller mss, I use 1300, so the encapsulation doesn't get fragmented by the transport. This is very important.
* Configure a relatively frequent keepalive in openvpn over a WAN link (I use 1sec/10sec), but a less frequent one over mobile (I use 20sec/120sec). This is particularly important on mobile because cell tower switches can cause long disruptions. You don't want to drop the VPN link in such circumstances if you can help it. DO NOT DISABLE THE KEEPALIVE. Always have an openvpn keepalive setup, particularly over TCP, because the TCP connection backoff can prevent your sessions from recovering or cause them to take a long time to recover if one or the other direction is not actively sending data (such as with most web connections, downloads, streaming, etc).
I personally like 'OpenVPN Connect' on IOS (which I use to connect to our project colo). And of course I run openvpn on all the DragonFly boxes including my laptop.
--
Reliability of the VPN depends entirely on the path between your location and the VPN server. The packet must travel this path in addition to the path from the VPN server to the nominal destination, and even in the best of circumstances it will double the chances of something going wrong.
I've had a number outages at home where my cable link is still operational but the cable company's path to the VPN server is having problems. Also, recovery times are longer because not only does the dead network have to revive, but the openvpn setup has to reconnect and renegotiate.
--
Commercial services are going to be hit or miss. VPN'ing your broadband link might be problematic and you have no real visibility into what the commercial service is doing with your data. That said, they are probably going to be a lot better than trusting your data to the telco and wifi hot-spots you connect from when you are mobile.
Netflix and other video streaming providers will often block-out commercial VPN IPs from the service. Generally speaking, using a commercial service for high-bandwidth connections is really hit-or-miss. You are using their bandwidth as well as your own.
When using a VPN, you are bypassing any special deals your broadband provider has made with the likes of YouTube, Netflix, etc. Remember that if the cell bandwidth is supposed to be free, because it won't be over the VPN.
--
In terms of security, its a mixed bag. The VPN will secure your traffic from your immediately ISP/Telco (aka Comcast, AT&T), and that's actually very important. However, you are not anonymous and once your traffic reaches the egress point its up for grabs by any network it flows through and, in particular, the target web page or whatever might be doing its own data collection.
But the telco data collection is MUCH more valuable to third parties than target data collection, and the VPN link at least protects you from that.
The VPN will not do a whole lot for your internal network security. If someone bre
Me? :)
I'm going to go back to the good old days.....head over to the public library for an anonymous connection
ThinkPenguin.com has got a mini VPN wireless router device that makes it idiot-proof to connect any device to a privacy friendly VPN provider just by connecting the wireless VPN router to your network, connecting a power cable, and selecting the VPN access point. It's available preconfigured and activated with VPN service so it transparently passes all your traffic through the VPN automatically just by connecting to it. The device itself also solves DNS leak issues so your not reliant on the VPN provider to do that properly for you. The question to ask is where are these companies setting up VPN service? I say that because all the English speaking countries with one exception have laws on the books that put liability on the provider to log or censor traffic. If they say they aren't logging they are blocking certain types of traffic or most likely lying about the fact that they log. The Bahamas is the only English speaking country that doesn't require censorship or otherwise demand data retention / logs be kept. Canada, US, UK, and similar countries have put liability, logging, and/or censorship onto the VPN provider. ThinkPenguin's only serving traffic through servers in the Bahamas explicitly because of these problems. More VPN servers in more countries is not necessarily a good thing except for the non-English speaking countries which do not have any data retention, logging, or censorship requirements.
I'm amazed ISPs don't have acceptable use language against using VPNs, under some BS guise of claiming they can negatively affect the network. Regardless, next up will be legislation saying that using a VPN robs ISPs of potential revenue and so are no longer legal. Oh, and the children. Somethingsomethingsomething VPN's and children.
Bark less. Wag more.
Does the VPN provider offer anonymous payment via bitcoin?
There are many questions to ask and answer, like do they keep records, etc. Ultimately what I have experienced is that if they do all those things right, then they usually allow anonymous payment too.
Remember, nothing is free. If you're not paying in money, you're probably paying with your privacy.
Catatonic
next up will be legislation saying that using a VPN robs ISPs of potential revenue and so are no longer legal.
I don't think so...that would be economic suicide for all companies based in the US.
Then you encapsulate the traffic in a HTTPS layer.
This is so stupid. Does anyone really think this even matters? The vast majority of people use cookies, other tech so they know who we all are, our credit cards, etc. Google/bing/duck duck go, etc... all keep track of the searches. How you search, what you search. What you buy.
As Scott McNealy said years ago - you have no privacy. Get over it.
But above all,all the VPN service is illegal in north-North Korea."Unless the government approves"...man,the government has not approved anything.
http://www.williamlong.info/archives/4859.html
I'm amazed ISPs don't have acceptable use language against using VPNs, under some BS guise of claiming they can negatively affect the network. Regardless, next up will be legislation saying that using a VPN robs ISPs of potential revenue and so are no longer legal. Oh, and the children. Somethingsomethingsomething VPN's and children.
VPNs are necessary for remote workers, so there'd be a hell to pay if they tried this.
Of course, it'd give municipal ISP projects a tremendous boost.
Intellectually hollowed society has less future. This is kaliyuga under filtration- Trust deficit