Comment

Comment on Firefox 149 adds built-in free VPN with 50GB monthly data

<- View Parent

PseudorandomNoise@lemmy.dbzer0.com ⁨2⁩ ⁨days⁩ ago

How long before that data gets sold?

source

Sort:hotnew top

vane@lemmy.world ⁨2⁩ ⁨days⁩ ago
-1 year

source
santa@sh.itjust.works ⁨2⁩ ⁨days⁩ ago
[deleted]
source
- Pogogunner@sopuli.xyz ⁨2⁩ ⁨days⁩ ago
  The data is indeed encrypted, but both you and the VPN provider have the keys - that’s why they advertise no-logs policies, because they have access to the data you send, such as which website you’re attempting to visit.
  
  source
  - victorz@lemmy.world ⁨2⁩ ⁨days⁩ ago
    Can a VPN provider do man in the middle attacks if they wanted to? Like sniff my /api/login calls and get my password? My gut tells me yes but I don’t know enough to be sure, I feel.
    
    source
    RaisinCrazyFool@kopitalk.net ⁨2⁩ ⁨days⁩ ago
    Generally not. Anything with authentication would be using HTTPS encryption. So there will be two layers of encryption: the VPN encryption and the web site’s HTTPS encryption. The VPN provider can’t replace the HTTPS encryption because your browser would identify it as being encrypted with the wrong certificate and it would block the connection.
    
    Although…given that they control the browser, too, I suppose they could code it to remove those safeguards, but that would not go unnoticed for long.
    
    When you use a VPN, it basically replaces your ISP as the intermediary who can snoop all your traffic, so the real question is who do you trust more: your ISP or Mozilla?
    
    source
    -> View More Comments
    GenosseFlosse@feddit.org ⁨2⁩ ⁨days⁩ ago
    We had a proxy server at work that would route all internet traffic and scan for viruses, blocked urls or other traffic patterns, depending on your network rules. It did work on https and SSL traffic, because you had to accept the cert from the proxy server in your browser. So your traffic was encrypted between proxy and webserver, and proxy and your computer, but unencrypted on the proxy server itself. It would be similar with a VPN. Plus, if you control the browser you could just ship the required certs with the update…
    
    source
    -> View More Comments
    Kissaki@feddit.org ⁨2⁩ ⁨days⁩ ago
    When you connect to a secure https site, then no. When you connect to unsecured http, then yes.
    
    source
    nymnympseudonym@piefed.social ⁨2⁩ ⁨days⁩ ago
    If you have to install any closed-source software to use the VPN, the answer is oh hell yes, they can install a root cert. If they are clever they can remove it when you disconnect, so it will not be noticed by most people.
    
    Even if they require no proprietary install, by definition the VPN knows every IP address you connect to. Even if you use DoH. Even if you use Quad9 DNS. The VPN knows you visited midwestsluts.com
    
    If you want privacy, either spin up your own selfhost OpenVPN, or use the Tor nodes myself and volunteers like pay to make free for you to use. Tor node operators can’t tell what site you are visiting (if they run an exit node they can see the site – but don’t know your IP; if they run a Guard/proxy node they can see your IP, but can’t tell anything about what sites you visit or what data you get)
    
    source
    -> View More Comments