You disable the VPN, they show “unprotected”, come on, I’m not really unprotected, why such a dramatic word, I just disabled the thing a little, I’m “disconnected” but it doesn’t mean I’m actually unprotected, the same way it doesn’t mean I’m actually protected if I’m using a VPN.
But VPN is not a privacy service.
It sure is. You get privacy from your ISP, or the network operator of what you’re connected to. Thats why people famously use them for things like piracy. If VPNs weren’t private, privacy wouldn’t exist.
Not necessarily. For example if your browser is fingerprinting you towards the webpage, a VPN will be useless when it comes to privacy.
Yes necessarily. What a VPN does to protect your traffic flows from your ISP or network operator is not affected by browser fingerprinting. On the contrary, this is something VPNs explicitly help with. Since web traffic is almost always encrypted, the types of limited traffic analysis they can normally do, they wouldn’t be able to do if all your traffic is going through a VPN. (Snooping on your DNS queries, looking at your TLS SNI, analyzing packet sizes and such)
Additionally, not all traffic you’re trying to protect with a VPN even uses a web browser.
I keep seeing this but I don’t understand. Does it not improve your privacy with respect to your ISP?
If your ISP tracks you, then yes; the VPN “tunnels” past the ISP. But keep in mind that the VPN provider can also sell your browsing history. And the ones suitable to work around DRM laws, usually don’t have strict data protection laws.
The issue is, that a lot of VPN providers sell their service as a privacy service, with loads of superficial bullshit or false promises.
“If” heh
I wouldn’t trust any ISP to not be tracking users
Laws.
Au contraire:
The whole point of VPN is privacy.
youe internet connection is already encrypted if you are using https
You are right to push back on that guys comment, but I want to offer some more insight on this for you.
Https doesn’t necessarily encrypt your entire connection. While the traffic to that site is encrypted not everything is. I really wish more people were aware of DNScrypt. Which is a method for encrypting your DNS connection.
These things all have their uses.
HTTPS: Encrypts traffic to and from a given websites servers.
DNScrypt: Encrypts DNS queries between your device and the recursive resolver, so your ISP can no longer see those DNS lookups. However, the ISP can still see the IP addresses you connect to.
VPN: Routes your traffic through ANOTHER server adding a layer between your IP and the destination.
The guy you replied to said VPNs encrypt your internet connection. Some VPNs do use end to end encryption, but that’s not like a thing VPNs invented. Not sure why people think it is. VPNs can be unencrypted too. The main use case of a VPN is to act like you’re on another network. This is useful for torrenting to hide your IP, or for pretending to be in a different location. Also VPNs that are encrypted (which most are these days) only encrypt the connection from your computer to the actual VPN server. So if you aren’t using HTTPS then anything after the VPN server is unencrypted.
If the ONLY use case you have is encryption HTTPS + DNScrypt is all you need.
One note though is VPNs can actually protect against man in the middle attacks on public wifi. Where someone tricks you into connecting to their fake wifi pineapple and then shows you common sites as if they’re real, but typically this is not a threat on home wifi or a cellular network. Not a reasonable one anyway. At that point your dealing with state level actors and a VPN aint gonna do shit anyway.
DNScrypt can be subbed for DNS over TLS or DNS over HTTPS. Some browsers even have a DNS over HTTPS option in their settings. This is easier than setting DNScrypt up yourself, but you are also kind of relying on the browser to do a good job in this case. Plus any lookups outside the browser like for other apps or system updates are then not encrypted and would go to whatever the DNS is for your full system.
Even without DNScrypt or one of the alternatives one of the best things you can do is to simply manually choose a different DNS provider. Most ISPs will send you to their DNS provider and can see everything. You can manually select a different one. There are lots of options, Mullvad, Quad9, Cloudflare, Adguard Public DNS, etc. Some will even block ads for you. It’s super easy to do you just go into network settings and put in the IP to your chosen provider. You can look them up online to find a good one.
Virtual Private Network?
Virtual wire from your PC to the provider. Nothing more, nothing less. And btw, the encryption of the “wire” doesn’t protect against online tracking (and https is already encrypted).
also wrong. It’s a virtual wire, that is significantly harder to be tapped, because signals on it are scrambled.
But DNS is not, and even HTTPS is leaking info via the SNI
That’s what i meant, the encrypted traffic doesn’t help privacy.
that’s just outright bullshit.
it already helps that most of the data in HTTPS traffic is encrypted, otherwise your network provider would see freely what user account do you use, to post what content, on what subforums.
encrypting all traffic on the wire helps additionally to hide what websites you visit (DNS and SNI in HTTPS) and what kind of other web services you use. your local ISP will only see an opaque stream of data to a single VPN company.