Wouldn’t even mind the option to let someone else use my connection a bit for a free VPN tbh, that is just like running a TOR node. What I dislike is the dishonesty side of it. Be open and honest then it’s all good.
Comment on Are ISPs responsible for bots having residential IPs or is this a user problem?
Mordikan@kbin.earth 3 weeks ago
I worked as a network analyst for a provider for several years and during that time I'd say ~90% of the issue stemmed from sketchy apps/services that the user loaded from their end.
A lot of "free" VPN services will basically allow bad actors (the paid tier) to use your connection. A lot of IoT devices are also just openly available on the Internet to route through.
From the ISP perspective, we managed the roads, not your car. There is a push to blame the ISP as it's their network, but realistically how are they meant to provide security (in the context that is being asked) to any device that gets plugged into that network? We even had business customers demand we add clauses to contracts where we would accept responsibility for any malware they sent between sites over an MPLS setup.
In the end, a lot of people seem to want this impossible scenario of the ISP managing security for them but also not inspecting their traffic.
Korhaka@sopuli.xyz 2 weeks ago
KairuByte@lemmy.dbzer0.com 2 weeks ago
<.< Let me just throw two scenarios at you real quick to show you why that’s a problem:
That third party can easily just use your connection to view and download CSAM and all external monitoring would suggest that activity was coming from within your network. Because it is.
That third party has full network access to anything your PC does (or at least that nic) which includes anything in your local network. Insecure IoT, other PCs, etc.
Korhaka@sopuli.xyz 2 weeks ago
First scenario is no different to running a TOR exit node. The second is why it needs to be built securely, which can be done though probably isn’t in these cases.
waldfee@feddit.org 2 weeks ago
Mordikan@kbin.earth 2 weeks ago It would be like running TOR, but not a relay, it would be like an exit node.
That should be enough to warn anyone away from using them.
Korhaka@sopuli.xyz 2 weeks ago
Running an exit node is perfectly legal though. There would be no evidence you have done anything wrong very quickly.
Mordikan@kbin.earth 2 weeks ago You can just look at the testimonies from others who have run exit nodes. The cost of your "free" VPN is that law enforcement will constantly be in contact and investigating you because your network/machine is being used to download CSAM.
There is no "oh don't worry, A.B.C.D is just a tor node, we can give it a pass". Every time that happens, it has to be treated with a full investigation.
IphtashuFitz@lemmy.world 2 weeks ago
I worked in IT at a university about 15 years ago. As part of a research project I helped set up a Tor exit node. Within a few hours of it taking on traffic I was contacted by the universities IT security team. They were seeing all sorts of malicious traffic originating from that system and wanted to know what was going on. They had the system shut down immediately.
@Mordikan @Maroon A lot of people _don't know what their ISP does_. Many seem to think that the ISP is selling them the entire internet as a product, and so from that logic why shouldn't the ISP be liable for whatever mayhem they get into online?
Source: worked for a little while as dial-up ISP support.