To VPN or NOT?

  • Release Candidate 6
    Guest:
    We are at a “proposed final” true release candidate with nothing known remaining to be changed or fixed. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Announcing “BootAble” – GRC's New Boot-Testing Freeware
    Please see the BootAble page at GRC for the whole story.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)


CredulousDane

Well-known member
Sep 26, 2020
58
6
Hello!

I know the use of VPN is promoted on the podcast but is it really that important? - since almost all websites have HTTPS.

I mean, who would gain anything from breaking into my network - those who do that would probably rather make some money on ransomware.

I don't use public Wi-Fi. I rarely visit sketchy websites.

Chrome is set to 'Clear cookies and site data when you quit Chrome' and I use uBlock Origin, Privacy Badger and PhishProtect Beta.

In Firefox I also use Malwarebytes Browser Guard but it sometimes breaks the functionality of a site so I only use that in FF.
That is because I use Chrome for all my bookmarks and 'search engine' shortcuts, so mainly sites I already know whereas FF is new places and searches.

So, what is your take on using VPN? Maybe you've had this discussion a thousand times before...

I just think that this year with the development of Wireguard, everybody is trying to sell a privacy/vpn solution and I can't figure out if it's overkill.

Thanks.
 
  • Like
Reactions: JulioHM
That's true. Most users don't really bother.

Arguably, aside from being paranoid about privacy, corporate security is the real use case. No company that's worth their penny would open themselves to the public internet, so employees using a VPN to access business resources remotely makes perfect sense.

In the long run, profiling user habits with DNS history will continue even with DoH, because ISPs will eventually roll out their own.

On a side note, clearing cookies and using extensions like uBlock, PB, and others, do not really help your privacy that much. They ramp up your security by reducing the attack surface against malicious code coming from the web, but large corporations (the likes of Google, Facebook and Amazon) can still track you in any number of ways. They do not rely on cookies and browser metadata alone.

As for Wireguard, it will make things much easier for sysadmins and corporate VPNs but, overall, I don't see much of anything changing for the average home user.
 
On a side note, clearing cookies and using extensions like uBlock, PB, and others, do not really help your privacy that much. They ramp up your security by reducing the attack surface against malicious code coming from the web, but large corporations (the likes of Google, Facebook and Amazon) can still track you in any number of ways. They do not rely on cookies and browser metadata alone.

As for Wireguard, it will make things much easier for sysadmins and corporate VPNs but, overall, I don't see much of anything changing for the average home user.

Thanks for your words.

I never really though about what you point out, that these browser extensions is merely for reducing the attack surface, it makes sense described like that.

And that the large corporations do not rely on what I'm erasing. With that in mind I see a point of using a VPN.
 
If you ask 20 people you'll get 50 answers. For me, I use a VPN all the time. If I'm at home, it's none of Comcast's business what I'm going to. I've also experienced times when they appear to be throttling a large ISO download, etc. if I'm not on the VPN, and it appears to go faster if I'm on the VPN and they cannot see what I'm doing. The VPN causes its own reduction in speed though. If I'm out and about, if I'm on my cell modem, then it's none of Verizon's business what I'm going to, although running the VPN over time does use up the data quota with some overhead. If I'm on public wifi, I definitely don't want anyone in the room or their ISP snooping on what I'm doing. So, for me at least, it's VPN always on. DO NOT use a random free VPN. Use a well run well vetted one and PAY for it. A poor VPN can actually compromise your privacy and security and can actually maliciously invade your privacy. I like TorGuard and @Steve and @leolaporte recommend Express VPN which is also a sponsor of the podcast.

Ron
 
  • Like
Reactions: CredulousDane
I've never used a VPN, ever. I'm not saying they're not useful, and if I used my phone for data at all (public WiFi) I might worry about it more. There seem to be so few services that aren't HTTPS any more, that it seems hardly worth the effort to run a VPN. My ISP doesn't seem to bother much with my usage that I've ever noticed, but maybe I am just lucky, I am on a smallish ISP. I do use DoH and direct it to Quad9 so I don't think my ISP gets much from my DNS activities, but as I haven't yet implemented that for the entire network (i.e. it's nodal, not network wide) there is still plenty of traffic that is using Quad9 in the clear via the settings on my router. And of course all my connections to specific IP addresses are going to be visible to my ISP. Maybe I'm not paranoid enough, but I have yet to see a downside to doing things the way I do.
 
  • Like
Reactions: CredulousDane
I use a VPN almost all the time.

Without a VPN at home, your ISP can see the websites you visit. Not the full text of every page, but the website names and, of course, their IP addresses.

Without a VPN at a coffee shop, the same goes for other coffee customers, the techies that setup the Wi-Fi and the ISP there too.

The purpose of a VPN is not to keep bad guys out of your network.

When you use a VPN, you also typically use DNS servers from the VPN company, so more privacy there. That said, configuring Firefox or Chrome to use encrypted DNS (DoH/DoT) takes precedence over both OS level DNS and VPN provided DNS.

Your trust in HTTPS is mis-placed. To illustrate this, see https://www.ssllabs.com/ssltest/ There are many many aspects to a secure website. It is not a simple binary on/off thing. That is a fiction techies sell to the general public.

Your trust in your ability to know a safe website from an unsafe one is also mis-placed. No one can tell. Sites get hacked all the time.
 
Thanks everyone for your responses.

It's clear that I thought of VPN as a tool to keep bad guys out of my network and not so much that it is a tool for better privacy, whether it's tracking by companies, an ISP lurking somewhere or the HTTPS padlock being there just for looks.

VPN does now sound like a cheap way to become more secure online and when writing this I'm testing the swedish Mullvad that Steve mentioned once or twice.
 
Mullvad is an excellent choice, at last in terms of being trustworthy. Their mobile apps for Wireguard are very new, for many years they used an open source OpenVPN app on iOS/Android. I have used their Windows software, the only annoying thing was that it did not report anything about server loads. If you want speed, then you can look for a non-busy server. If you want to be a small tree in a big forest, you look for a busy server to connect to. Can't do this with Mullvad (at least as of a few months ago). Their reporting system for problems on Windows was great. And, they take cash, if you don't mind mailing it halfway around the world.
 
Mullvad is an excellent choice, at last in terms of being trustworthy. Their mobile apps for Wireguard are very new, for many years they used an open source OpenVPN app on iOS/Android. I have used their Windows software, the only annoying thing was that it did not report anything about server loads. If you want speed, then you can look for a non-busy server. If you want to be a small tree in a big forest, you look for a busy server to connect to. Can't do this with Mullvad (at least as of a few months ago). Their reporting system for problems on Windows was great. And, they take cash, if you don't mind mailing it halfway around the world.

It's working very well. I've set it to connect to Wireguard and have found a server that gives me max. speed when testing on Speedtest.net. But no, it doesn't state server load or how many connections at the moment.

As for paying, I don't mind paying with creditcard but I see they offer many ways of payment and some with discount. So with bitcoin there is a discount. Don't use that much though.
 
with bitcoin there is a discount. Don't use that much though.
I was a Bitcoin mid-early adopter... they were easy enough to earn/generate (aka mine) in a pool back then, and fees were reasonable. These days, as BTC has gotten more expensive and as they're less commonly being "mined" (as per the plan) I think you'll find that bitcoin processing fees have gotten "out of control". You could pay $3+ in fees for a $5 payment... not worth even considering.
 
I was a Bitcoin mid-early adopter... they were easy enough to earn/generate (aka mine) in a pool back then, and fees were reasonable. These days, as BTC has gotten more expensive and as they're less commonly being "mined" (as per the plan) I think you'll find that bitcoin processing fees have gotten "out of control". You could pay $3+ in fees for a $5 payment... not worth even considering.

Okay, no, definitely not worth it then. Thanks!
 
I think the main argument for always on VPN is just lack of tracking from the ISP side of where you go. Remember that DNS is pretty transparent right now unless you use one of the encrypted DNS methods and even beyond that you are still connecting to well known IPs to browse the sites. Remember what we all learned from Snowdon about “meta data”. As a practical example, I just bought a new MacBook but I was connected to my VPN. Order was held up and I also got a call from the CC company to verify it was me. I’m sure part of that was that the IP I used to connect was a known VPN exit node but a part of it was probably their systems couldn’t get the typical meta data it would otherwise.

I actually have a dilemma cause I would stay connected to my VPN all the time but when I’m at home I want to use my own home network since I have pfSense with ad blocking and secure dns. I also don’t want my default internet connection to be over VPN from my home network.

I just got myself a two year black friday deal for NordVPN and been using their wireguard implementation. Super impressed. Phone will get 405Mbps down and 170Mbps up which isn’t much different than non VPN, seems the upload takes more of a hit than down. Very impressed
 
Last edited:
I think the main argument for always on VPN is just lack of tracking from the ISP side of where you go. Remember that DNS is pretty transparent right now unless you use one of the encrypted DNS methods and even beyond that you are still connecting to well known IPs to browse the sites. Remember what we all learned from Snowdon about “meta data”. As a practical example, I just bought a new MacBook but I was connected to my VPN. Order was held up and I also got a call from the CC company to verify it was me. I’m sure part of that was that the IP I used to connect was a known VPN exit node but a part of it was probably their systems couldn’t get the typical meta data it would otherwise.

I actually have a dilemma cause I would stay connected to my VPN all the time but when I’m at home I want to use my own home network since I have pfSense with ad blocking and secure dns. I also don’t want my default internet connection to be over VPN from my home network.

I just got myself a two year black friday deal for NordVPN and been using their wireguard implementation. Super impressed. Phone will get 405Mbps down and 170Mbps up which isn’t much different than non VPN, seems the upload takes more of a hit than down. Very impressed

I like the thought of no one being able to track my activity but I do wonder how my ISP would gain from having that information...

With or without VPN, I sometimes see ads on facebook regarding TV shows I've searched for on TVmaze. And that is with the search done on PC and facebook used on Android. I'm thinking either a coincidence (if it's a new show being promoted) or times where I've been connected to the same VPN server on both devices.

Sounds good with NordVPN. Maybe an offer to look at within the next 9 hours or so...

Haven't spend much time looking into 5-, 9- or 14 eyes when looking at VPN providers, not sure if it's important or not?
 
I like the thought of no one being able to track my activity but I do wonder how my ISP would gain from having that information...
The ISP sells the information on your activity to advertisers and others who might be compiling databases of information on you. This information can be used to draw many interesting conclusions. For example, if many people go to my sales site followed by a competitor (or vice versa), I might be able to price my goods more competetively.
 
So here are a few questions for you:

1) Do you trust your ISP?
2) Do you trust the intermediary ISP's?
3) Do you know everyone who connects to and from your ISP's network?
If the answer to any of theses is Yes then feel free to NOT use a VPN....if so reminder do NOT use WebRTC! Even within a VPN tunnel it is possible to track your originating IP within a VPN tunnel.

The VPN acts as a protected information tunnel that your ISP, anyone connected to your ISP and keeps the damned prying eyes out.

E
 
The ISP sells the information on your activity to advertisers and others who might be compiling databases of information on you. This information can be used to draw many interesting conclusions. For example, if many people go to my sales site followed by a competitor (or vice versa), I might be able to price my goods more competetively.
...but only if you purchase the information from the entity selling it and parse it correctly, or if it was correctly pre-parsed for you.
 
  • Like
Reactions: Barry Wallis