VPN Question

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Ralph

Well-known member
Sep 24, 2020
235
100
After looking around I thought this to be the best place for a question I have. I am running a Synology RT6600 behind my cable modem. I have a few devices on the Synology to isolate them from the internet, but have recently come up with a question maybe someone can answer. When I connect to the internet (wifi) is there any difference security wise whether I connect through the cable modem direct or go through the Synology. My thinking was connecting to the Synology gave a little extra protection being that it filters packets and has a number of protections from malicious things built in. Recently I got to wondering if using the Synology for all my internet activities would somehow expose the isolated devices. I always use a VPN on my laptop but never installed it on the Synology.

Would it be advisable to install the Synology's VPN then use the cable modem for my internet activities with the the VPN I've been using? Networking is not my strong point so any ideas would be appreciated.
 
Why do you think you need to use the VPN? What are you "hiding" from? If it's your ISP, then using your ISP's modem without a VPN is obviously not providing you any protection. Remember that a VPN is just relocating your weakest point from your ISP to your VPN provider. Based on that, you may not need a VPN at all, depending on your concerns. Personally I've never used a VPN, because I don't care that my ISP knows where I go and what I do. I don't use the ISP's DNS though, I use Quad9 for that. Most of the sites I visit provide HTTPS so all my ISP ever sees is the IP addresses I go to. I also have DoH enabled so I don't think my ISP is even seeing my DNS lookups.
 
Conversely, I'm always on a VPN because I don't think it's any of Comcast's business what I'm doing online. Also, they're infamous for adding extra HTML into people's web pages either overtly or secretly as well as throttling data streams they don't like. They also love to gather up all the non encrypted data and sell information to third parties.

May your bits be stable and your interfaces be fast. :cool: Ron
 
adding extra HTML into people's web pages
They can't do this over HTTPS, and I can't imagine very many sites one would go to are not secure these days.

I spend more effort on an ad free (or at least ad reduced) browsing experience, so I really don't care if my ISP tries to help advertisers know me. Since most ads I ever do see are for women's products, I feel pretty certain I am evading the advertisers attempts to know me (a male) very well.
 
I spend more effort on an ad free (or at least ad reduced) browsing experience
Since most ads I ever do see are for women's products
Interesting. Maybe you have women or girls in your house looking at more products than you. Maybe there are more women or girls on network head end where you are.

My habits mean I see little or no ads unless they're integrated into the web page. Since I'm on a public IP via VPN, they only get aggregate data from that. I never allow cookies or javascript or sound unless the site is trusted. I don't allow cross site cookies. I'm running NoScript per @Steve s recommendation years ago or equivalent settings in Brave, as well as uBlock Origin and uBlock Origin Extra (in Brave) and privacy badger. I almost never log into Google. I don't allow popups. The browser is set in strict mode to not allow tracking and fingerprinting. If I really don't want to be tracked or profiled, I use a private browsing window inside the VPN.

Every so often, I get a site complaining that I'm blocking ads, a notice which I ignore. I don't actually have an ad blocker running, but it must look like it. I HAVE noticed that if I look up lots of a certain topic on YouTube, say "cargo trailers" or whatever, even on a VPN, then later when I just bring up YouTube I get lots of those suggestions. Also, I have location and push notifications turned off in the browser. Google always tries to tell where I am, usually by GeoIP, sometimes by my past searches presumably tagged by IP since I'm not logged in. I've had a few problems recently with a VPN exit point in NY and Google thinks I'm in the Netherlands and shows the page in Dutch. That's loads of fun trying to figure out how to reset the page to English when I cannot read the menus.

May your bits be stable and your interfaces be fast. :cool: Ron
 
  • Like
Reactions: SeanBZA
My use of VPN is not for hiding or doing anything illegal. To the contrary, it is for keeping someone from getting hold of some files I transfer either to the cloud or between my own machines. True, HTTPS does encrypt transmission to websites, but VPN provides an additional layer of protection. I periodically transfer backups of my Bitwarden vault and PasswordSafe databases, and although they too are encrypted it would be a major problem if they were to somehow be exposed. I would hate to have to go and change all my passwords, not to mention other tidbits of information in those vaults. As anyone who listens to Security Now knows, hackers can be quite capable. Yes, I am probably using overkill in keeping some of my data safe, but I would rather be too safe than not safe enough.

If I am using VPN to help protect some of my data, why not use it for everything? I already have the VPN so I use it. I admit that it may be overkill but I would rather be too safe (if there is such a thing) than be questionably safe. It's a matter of personal preference. Sure, it takes time, slows things down some, and adds some complexity- but I don't mind that. Odds are in favor that nothing I do will ever get hacked, However, I have learned quite a bit playing with this stuff, and even if it is never actually needed it was worth learning about it.
 
overkill in keeping some of my data safe
There's probably nothing wrong with overkill and paranoia, except that it's not free (in this case you're paying probably at least $60/year more than you really need to.) If you've got the money to burn, than by all means burn away.

There is one other thing to consider. Let's say you were being attacked and didn't know it. Let's say your attacker manages to find a way to interfere with your link to the VPN such that it appears it's the problem. You contact the VPN provider for support, and they can't figure it out or fix it (in a reasonable time frame, and they, logically, assume the problem is on your end.) Now how do you proceed? My 99% bet is that you go without the VPN, thus giving the attacker exactly what they wanted. My point is that you've also over complicated things, adding n more points of failure.... most of which you have no control over if you run into any issue. Additionally, ALL of the major VPN exit points are quite likely under DIRECT monitoring by all the worlds well funded TLAs (NSA for example.) It really does cause one to scratch one's head about what value there is in wrapping all your traffic in a "pick me for further investigation" wrapper... no?
 
True, HTTPS does encrypt transmission to websites, but VPN provides an additional layer of protection. I periodically transfer backups of my Bitwarden vault and PasswordSafe databases,
Not necessarily. If your VPN is between your machine and the location where you store that data, yes the VPN may help. If you are just using a VPN to hide your location, the data pops out into the internet at some other point ( which you can't control), and is still visible from there to it's final destination.

A VPN really only provides additional protection if it is point to point.
 
Hiding my location is not of concern. Some very good points were brought up including one that pops up periodically on Security Now about complicating things too much. Interesting since I do occasionally get pop-ups saying an IP address was blocked for some security reason. I've checked a number of those IPs and with rare exception they have not been reported as malicious.

In today's age where almost everything is ones and zeroes, the answers to many questions seem to be 0.5. Hopefully the file copies on my NAS bumps that to 0.6 in my favor :)
 
Good example of when you really need a VPN is where I work - visiting hospital locations. For hard to explain reason typicall connection offered to me is unencrypted, no password needed to connect wireless... Without VPN my data would be exposed to anyone connected, worse - would be trivial for people interested in HC related data to park in the lot, connect and spy on anything they can reach...
 
Without VPN my data would be exposed to anyone connected
It's 202x, I can't think of any service of value that is not using HTTPS by this time. If they haven't bothered to secure their content/site, then either you shouldn't be using it, or the content is so general/generic it wouldn't be harmful to be exposed. The worst that should be exposed would be your DNS queries, and that too is easily securable on any serious platform (using DoH if nothing else.)
 
  • Like
Reactions: PHXdNelson
Yes, pretty much everything is HTTPS. At work they use many layers of security, VPN being just one. In their case it is justified and a bit of a pain logging in, but understandable. I never connect to wifi away from home, so that eliminates a potential security problem. Perhaps I am being overly cautious- I suppose that is possible.
 
My use of VPN is not for hiding or doing anything illegal.
Why do we feel bad, needing to justify the use of vpn? There is nothing wrong with vpns (at least for now, don't doubt they will try to regulate them). There is plenty of info suggesting on the very least data harvesting, if not outright spying.

A vpn won't hide what you do, just allow you to tunnel to another location. There are enough ways to id your system, so you won't be lurking in the shadows if they want to find you.
 
I have no problem with anyone wanting to use a VPN. Where I do have a problem is the "belief in false gods" that ensues. VPNs are not magic, nor even especially protective. As @a viewer says, all you're doing is shifting the location of the data's potential exposure.
 
I have no problem with anyone wanting to use a VPN. Where I do have a problem is the "belief in false gods" that ensues. VPNs are not magic, nor even especially protective. As @a viewer says, all you're doing is shifting the location of the data's potential exposure.
It brings an interesting question to mind. If you are vpning (is there such a verb?) to another country, are you liable to their laws also? Not sure there is international law for the internet. There is for several other areas that involve multiple countries though (sea, marriage, diplomats, etc).
 
My use of VPN started by using a free version of Proton VPN. After a while I moved to a paid version as a way to support their efforts. I've done similar things with other software I found useful and subscribed to those as well, including a few donations for free software. I believe we should give support if we can, even for free stuff if we find it useful.

Back to the VPN, I've never used it to watch TV shows unavailable in the U.S., but an interesting question about some legalities. Although I never looked into that I haven't seen anything about it either. I guess regulators are busy with other things for time being.