Gentoo Archives: gentoo-user

From: Rich Freeman <rich0@g.o>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] About to have fiber internet and need VPN info
Date: Sun, 07 Aug 2022 18:28:01
Message-Id: CAGfcS_kK=iuM37O4sqTfmNjHx4JViJ_LtcjYY6U57ziECKdt4A@mail.gmail.com
In Reply to: Re: [gentoo-user] About to have fiber internet and need VPN info by Michael
1 On Sun, Aug 7, 2022 at 11:36 AM Michael <confabulate@××××××××.com> wrote:
2 >
3 > The best a well configured VPN tunnel can offer is a secure connection between
4 > client and VPN server, which is handy if you are out and about using untrusted
5 > and insecure WiFi hotspots.
6 >
7 > The only other reason for using a VPN service is to present a different
8 > geolocation for the purpose of overcoming country-specific website
9 > restrictions.
10
11 I think ONLY is a bit strong here. A VPN effectively makes it
12 impossible for your ISP to know who you're talking to, and it obscures
13 your IP from hosts you are connecting to.
14
15 Sure, there are ways to defeat this, but most of them are only
16 applicable for state-level actors, and the methods available to
17 ordinary companies can only identify at best a unique browser profile,
18 which only lets them correlate traffic with those they share info with
19 to the degree that you use a single browser profile across those
20 platforms. For non-web traffic there are generally fewer attacks
21 available. Many of the attacks that are often cited like DNS-based
22 attacks are not that difficult to prevent (eg by ensuring your DNS
23 traffic goes out over the VPN).
24
25 If there are sites you browse using a different browser profile
26 (ideally on a VM/etc), and you never use that browser profile for
27 ecommerce or activity associated with your normal social media
28 accounts, then it is unlikely that those sites will actually be able
29 to identify you.
30
31 Really the biggest pain with the VPNs is the number of websites that
32 actively try to block connections from them or flood you with
33 CAPTCHAs. Many more mainstream social media sites/etc also
34 effectively require association with a mobile phone number, or trigger
35 this behavior if they don't like your IP address. Obviously VPNs can
36 be abused to attack hosts or evade bans and generally cause trouble,
37 which is a frustration for those who simply don't want companies to
38 know who you are.
39
40 Bottom line is that just because the NSA can track your connections
41 doesn't mean that every random webserver on the planet can do so. The
42 few government agencies that are likely to be that well-connected are
43 also very interested in keeping the extent of their capabilities
44 hidden from each other, and so when they intercept your data they're
45 going to guard it even more carefully than you would. A solution
46 doesn't need to be able to defeat the NSA to be useful.
47
48 --
49 Rich

Replies

Subject Author
Re: [gentoo-user] About to have fiber internet and need VPN info Michael <confabulate@××××××××.com>