1 |
On Sun, Aug 7, 2022 at 11:36 AM Michael <confabulate@××××××××.com> wrote: |
2 |
> |
3 |
> The best a well configured VPN tunnel can offer is a secure connection between |
4 |
> client and VPN server, which is handy if you are out and about using untrusted |
5 |
> and insecure WiFi hotspots. |
6 |
> |
7 |
> The only other reason for using a VPN service is to present a different |
8 |
> geolocation for the purpose of overcoming country-specific website |
9 |
> restrictions. |
10 |
|
11 |
I think ONLY is a bit strong here. A VPN effectively makes it |
12 |
impossible for your ISP to know who you're talking to, and it obscures |
13 |
your IP from hosts you are connecting to. |
14 |
|
15 |
Sure, there are ways to defeat this, but most of them are only |
16 |
applicable for state-level actors, and the methods available to |
17 |
ordinary companies can only identify at best a unique browser profile, |
18 |
which only lets them correlate traffic with those they share info with |
19 |
to the degree that you use a single browser profile across those |
20 |
platforms. For non-web traffic there are generally fewer attacks |
21 |
available. Many of the attacks that are often cited like DNS-based |
22 |
attacks are not that difficult to prevent (eg by ensuring your DNS |
23 |
traffic goes out over the VPN). |
24 |
|
25 |
If there are sites you browse using a different browser profile |
26 |
(ideally on a VM/etc), and you never use that browser profile for |
27 |
ecommerce or activity associated with your normal social media |
28 |
accounts, then it is unlikely that those sites will actually be able |
29 |
to identify you. |
30 |
|
31 |
Really the biggest pain with the VPNs is the number of websites that |
32 |
actively try to block connections from them or flood you with |
33 |
CAPTCHAs. Many more mainstream social media sites/etc also |
34 |
effectively require association with a mobile phone number, or trigger |
35 |
this behavior if they don't like your IP address. Obviously VPNs can |
36 |
be abused to attack hosts or evade bans and generally cause trouble, |
37 |
which is a frustration for those who simply don't want companies to |
38 |
know who you are. |
39 |
|
40 |
Bottom line is that just because the NSA can track your connections |
41 |
doesn't mean that every random webserver on the planet can do so. The |
42 |
few government agencies that are likely to be that well-connected are |
43 |
also very interested in keeping the extent of their capabilities |
44 |
hidden from each other, and so when they intercept your data they're |
45 |
going to guard it even more carefully than you would. A solution |
46 |
doesn't need to be able to defeat the NSA to be useful. |
47 |
|
48 |
-- |
49 |
Rich |