Comment

Comment on Your Phone Isn’t Eavesdropping on You to Show You Ads (It’s Worse Than That)

joshcodes@programming.dev ⁨11⁩ ⁨months⁩ ago

There are definitely some VPN providers to worry about.

VPNs are a security tool but they don’t protect people as much as they think. They hide DNS traffic your ISP would have received, so that your ISP can’t tell everyone which cuckold or affair site you access (except you probably forgot to turn the VPN on one time or another so…)

Your ISP can still see IP addresses you connect to, they forward all your traffic. Good opsec is a nightmare. Ad blocking does more for less cost than getting a VPN will ever do (except for certain human rights circumstances but I’d wager they’re actually going to be careful).

My personal tip is use DNS over HTTPS/TLS where possible, and don’t use Cloudflare or Google. Ad an ad blocker and it’s far easier to setup and way more cost effective than VPN.

source

Sort:hotnew top

Excrubulent@slrpnk.net ⁨10⁩ ⁨months⁩ ago
You said “far more likely” and it turns out you don’t have the numbers and you were just making that up? Wow, I never could’ve predicted that.

source
- joshcodes@programming.dev ⁨10⁩ ⁨months⁩ ago
  I am not OP, I just decided to reply.
  
  source
futatorius@lemm.ee ⁨10⁩ ⁨months⁩ ago

Your ISP can still see IP addresses you connect to, they forward all your traffic.

No they can’t. The ISP cannot see any traffic that goes to or from you while you are connected to the VPN, only that you are sending encrypted packets to/from the IP of the VPN itself. It’s the VPN that then sends your requests on to the site you want to see, and routes the reply from the site back to you.

DNS requests are a separate attack vector, but VPNs almost all offer a means of protecting those from scrutiny as well, and as you say, DNS over https/TLS is also resistant to snooping.

There are some more esoteric ways of spying on your traffic, but the likelihood of any being used against you is remote unless you are on the shitlist of a major corporation or government.

Ad blocking does more for less cost than getting a VPN will ever do

Ad blocking mitigates a different risk, which is that trackers on pages you visit will report your behavior to aggregators who sell that data. By all means, use an adblocker. Maybe two. But also be aware that some adblockers sell your data to advertisers (e.g., Adblock Plus: Ublock Origin appears to be less problematic). Or, if you’re a bit more technical, you can set up your network so that known data-collection output isn’t sent. There are even lists of known snoopware endpoints you can subscribe to so you can more easily block them. But the ingenuity of the data collectors is extreme, and it’s a continuing struggle.

Another potential source of leakage is your browser profile (there are sites that’ll tell you how unique your profile is-- the answer is generally “enough to identify you.” There are extensions that can conceal that too.

source
- joshcodes@programming.dev ⁨10⁩ ⁨months⁩ ago
  Yep sorry, I said a dumb thing.
  
  My point is probably more to do with the marketing around VPNs than anything else. As you very nicely put, there are a thousand ways to track someone without having their IP address. VPNs don’t cover all bases but the marketing teams talk about them like they do.
  
  Amazon can still sell your info to data brokers without having your home ip address: they have your email, name, delivery address and search history as a start.
  
  source
sinceasdf@lemmy.world ⁨11⁩ ⁨months⁩ ago
Using a VPN will prevent your ISP from selling your IP logs to data brokers. It also obfuscates your IP to websites you visit to make their fingerprinting less precise. All your ISP can see is that you’re connecting to/from a VPN server through an encrypted tunnel and maybe some metadata like amount of data transferred.

Hard to compare value to free stuff like encrypted DNS and an ad blocker but a VPN definitely has protections you wouldn’t get otherwise.

source