Wireguard is super fast
Comment on Pornhub shuts down in Texas... and predictably, VPNs benefit
tal@lemmy.today 7 months ago
There’s a certain argument that it might be preferable from a privacy standpoint if people used VPNs in general, though it sure isn’t ideal from a performance standpoint.
lemmylem@lemm.ee 7 months ago
Dempf@lemmy.zip 7 months ago
Yeah wireguard is really nice, but it drains my battery pretty quick on Android.
Lem453@lemmy.ca 7 months ago
It shouldn’t?
I have wireguard on my phone 24/7 with no discernable battery difference
Pringles@lemm.ee 7 months ago
I had that with VPN unlimited, but now I use Nord VPN which is a lot less heavy on the battery.
14th_cylon@lemm.ee 7 months ago
oh yes, routing all traffic into limited number of bottlenecks is excellent for privacy 🤣
tal@lemmy.today 7 months ago
You’ve got a lot more options by way of selecting a VPN provider than an ISP. Your ISP options are those who have physical infrastructure at your location.
CucumberFetish@lemm.ee 7 months ago
I mean, it is?
Brkdncr@lemmy.world 7 months ago
A lot of my traffic goes to CDNs, and all of it is encrypted over https. Why should I pay for a vpn?
tal@lemmy.today 7 months ago
encrypted over https
The TLS handshake will generally – through there are some ways to avoid this, and people are banging on it – expose hostnames in the clear.
en.wikipedia.org/wiki/Server_Name_Indication
Even if your browser is using DNS-over-HTTP, most software doesn’t, so outside of your browser, DNS is generally visible.
Some protocols still are not encrypted; I was looking at MUDs the other day, and few of them support encrypted connections. The networks that I’m most worried about are random WiFi access points.
The network provider can still see which addresses and ports someone is connecting to and to where the traffic goes, and how much traffic is sent.
Some network providers blacklist material – as is the case here. For example, one of my first experiences on the Threadiverse was kbin sending me to a random discussion on policy that Ada (the lemmy.blahaj.zone admin) was having with some gay user who lived somewhere in the Middle East. Lemmy.blahaj.zone had been blocked in that country – the country presumably didn’t like something related to the server having LGBT content. The Threadiverse is semi-resillient to that – they could still connect to a federated server and see comments. But it meant that images on lemmy.blahaj.zone were blocked in that country.
For another contemporary example, Russia has cracked down on politics online. Can’t block access to content without killing off VPNs, and they went after those too.
For people who maintain a long-running IP address, it’s possible to cross-correlate logs from various services. So, okay, let’s say that a given IP address has been logged downloading BitTorrent content. That same IP address is linked to, at various times, use of an app where a particular unique phone ID has shown up, or maybe that a user has logged into some account service on, which is linked to personal information. Even a party who is not someone’s ISP can cross-correlate logs using the IP. A VPN doesn’t absolutely avoid that, but it makes it harder.
Without an VPN, anyone can get at least a rough geographical location of a user by geolocating their IP address.
Probably more, but that’s some off-the-cuff.
Brkdncr@lemmy.world 7 months ago
My isp uses cg-nat, and many others do too, so source ip is hidden from most except for my isp, which I have a contract agreement with.
As someone that manages networks and security, you know what piques my interest? When I see hosts using vpn. I look up the host using the service, the service in use, and see what other interesting things are happening.
laxe@lemmy.world 7 months ago
It also costs money. For many people, every monthly fee makes a difference.
SundryTornAsunder@discuss.tchncs.de 7 months ago
I am not affiliated with Mullvad VPN in any capacity and I have nothing to disclose, lol.
Mullvad VPN does not even offer a renewing subscription, that I know of, and I’m almost entirely certain that they used to. Their VPN service costs less than $5/month (USD) if you get their card off Amazon that’s good for a year, and that is literally a physical card sent through the mail—the kind you have to scratch off on the back to get to the number underneath, in other words—and so at least AFAIK, there’s no possible way for whichever unique card you happen to end up getting sent in the mail, to be traced directly to that specific transaction on Amazon, even if you paid for it using your credit/debit card, and directly associated that purchase with your bank account in so doing. It’s even better than that if you pay them by means far less traceable to begin with, of course, and they have those options as well. In fact, they prefer doing it that way as opposed to credit card purchases, even of physical cards through Amazon, IIRC. At least AFAIK, they don’t even accept any form of payment directly traceable to a bank account on their own website, for every obvious reason.
One thing I really like about (using) it, and I have no idea what other VPNs would also do something like this, if any: it sets up a SOCKS5 proxy for you internally, and you can use that anywhere you need a killswitch properly, meaning to make said application physically unable to resolve hostnames in the event of your connection to the VPN being interrupted for some reason. I’m also pretty sure you can use their DNS-over-HTTPS no matter what, even if you don’t alruady use their VPN service. Anyway, especially if you already do, though, I always figure it’s never a bad to use just use the same provider everywhere you can: using their encrypted DNS wherever possible, in addition to using their proxy wherever possible, in addition to using their VPN anyway. I do that, and I also use multi-hop, which hides my enjoyment of innocuous websites everyone else also uses even further. It’s simply a technical matter that doing all of that will make damned near everything—excluding, of course, abject OPSEC failure, browser fingerprinting, etc.—way more difficult to trace than it otherwise would be. It has to be. I didn’t say “impossible” because I never would, and again, it’s never gonna protect anyone from themselves because it can’t. It’s still just so many consecutive layers of obfuscation contrary to the best interest of the boogeyman, especially for the price, that if I didn’t have immediate access to $60 in order to buy another year’s worth of Mullvad VPN, or immediate access to Mullvad VPN, I would literally beg and borrow, figuratively steal, and otherwise aquire.
FlavoredButtHair@lemmy.world 7 months ago
wanderingmagus@lemmy.world 7 months ago
Something something high seas something jellyfin