Is It Time to Stop Paying For a VPN? (bdnews24.com) 113
"I'm done with paying for a virtual private network," writes the New York Times' lead consumer technology writer. [Alternate URLs here and here.]
The reality is that web security has improved so much in the last few years that VPN services, which charge monthly subscription fees that cost as much as Netflix, offer superfluous protection for most people concerned about privacy, some security researchers said.
Many of the most popular VPN services are now also less trustworthy than in the past because they have been bought by larger companies with shady track records. That's a deal-breaker when it comes to using a VPN service, which intercepts our internet traffic. If you can't trust a product that claims to protect your privacy, what good is it? "Trusting these people is really critical," Matthew Green, a computer scientist who studies encryption, said about VPN providers. "There's no good way to know what they're doing with your data, which they have huge amounts of control over...."
As a mainstream privacy tool, it's no longer an ideal solution. This sent me down a rabbit hole of seeking alternatives to paying for a VPN. I ended up using some web tools to create my own private network [on the cloud] for free, which wasn't easy... Not only is it free to use, but I no longer have to worry about trust because the operator of the technology is me.
"But I also learned that many casual users may not even need a VPN anymore," the article concludes. (Unless you're living in an authoritarian country and trying to reach information beyond its firewall.) One cybersecurity firm tells the Times that journalists with sensitive contacts or business executives carrying trade secrets might also still benefit from a VPN. But (according to the firm) the rest of us can just try two-factor authentication and keeping all of our software up-to-date. (And if you'd rather not use a public wifi network — use your phone as a mobile hot spot.)
The article also notes that 95% of the top 1,000 websites are now already encrypted with HTTPS, according to W3Techs.
It also points out that one VPN company accused of developing malware nonetheless spent close to a billion dollars to buy at least four other VPN services — and then also bought several VPN review sites, which then give top ratings to VPN services it owns...
Many of the most popular VPN services are now also less trustworthy than in the past because they have been bought by larger companies with shady track records. That's a deal-breaker when it comes to using a VPN service, which intercepts our internet traffic. If you can't trust a product that claims to protect your privacy, what good is it? "Trusting these people is really critical," Matthew Green, a computer scientist who studies encryption, said about VPN providers. "There's no good way to know what they're doing with your data, which they have huge amounts of control over...."
As a mainstream privacy tool, it's no longer an ideal solution. This sent me down a rabbit hole of seeking alternatives to paying for a VPN. I ended up using some web tools to create my own private network [on the cloud] for free, which wasn't easy... Not only is it free to use, but I no longer have to worry about trust because the operator of the technology is me.
"But I also learned that many casual users may not even need a VPN anymore," the article concludes. (Unless you're living in an authoritarian country and trying to reach information beyond its firewall.) One cybersecurity firm tells the Times that journalists with sensitive contacts or business executives carrying trade secrets might also still benefit from a VPN. But (according to the firm) the rest of us can just try two-factor authentication and keeping all of our software up-to-date. (And if you'd rather not use a public wifi network — use your phone as a mobile hot spot.)
The article also notes that 95% of the top 1,000 websites are now already encrypted with HTTPS, according to W3Techs.
It also points out that one VPN company accused of developing malware nonetheless spent close to a billion dollars to buy at least four other VPN services — and then also bought several VPN review sites, which then give top ratings to VPN services it owns...
Well yea (Score:3, Insightful)
I don't want to pay for shit either, but sometimes you just have to. Or is someone going to provide the electrons to carry my data for free?
Re: (Score:3)
Ponder long and hard what the V means.
Re: (Score:3)
Re: (Score:2)
Right.
That it is only a virtual network means that it isn't a physical network. It is not something that carries your electrons.
The electrons that carry your data go over your real network.
Surely it costs something; some work is being done.
If you do have a VPN, or you don't have a VPN, either way you have to pay some party other than the VPN for the service of carrying your electrons to and from the network.
Re: (Score:2)
Re: (Score:2)
but being a little pedantic
I calibrated my pedanticism to the same scale as "provide the electrons to...."
Re: (Score:2)
Re: (Score:3)
I think is more of an issue of these public VPN's. The public ones really don't offer too much security benefit besides masking your original network and location.
The useful use for VPN's are the ones used to say connect you Home PC to your work network, or two different organizations intranets together.
The public VPN may encrypt the data that is leaving your PC but who knows what is done to it in the Public VPN network, and the routing after it leaves the network will be unencrypted. But being most moder
Re: (Score:2)
I don't want to pay for shit either, but sometimes you just have to. Or is someone going to provide the electrons to carry my data for free?
FP rush? Still doesn't deserve the censor mods.
I think you should have clarified the costs. I'm guessing wildly, but my guess would be the costs of gateway servers?
If so, how about speculating on peer-to-peer alternatives? I could provide you with a gateway in my region if you provide me with a gateway in yours? Perhaps P2P VPNs would have no need of such commercial providers?
Oh, wait. What if my peer wants to use my gateway for something illegitimate? Maybe what they pay for is liability insurance, not ele
Probably time to stop using a VPN (Score:4, Insightful)
They're easily detected and not really that secure when you have a crooked operator, or are under secret government gag orders.
Re: (Score:3)
I have never paid or used any third party VPN. I use a bunch of VPNs although but not for the purpose of anonymity or similar for the reasons you stated.
For the ones really wishing to hide their tracks for whatever reason, just chain publicly available sock proxies together.
For other purposes, TFA has a point, if you connect through https, shh or any other encrypted protocol like it has become the standard nowadays, there isn't much point into using a commercial VPN that can then spy on you just as easily a
Re:Probably time to stop using a VPN (Score:5, Insightful)
Re:Probably time to stop using a VPN (Score:4, Insightful)
You like the author miss the point of most VPN's, it is about disguising your location (for getting around geo fencing) and for the benefits of downloading torrents etc where the MIAA Nazi's would have to hop through additional hoops that they are not willing to do to find your location. I don't care if my VPN spies on me, They aren't my ISP and don't have the power to disconnect me from the internet.
^this. VPNs are primarily an anti content-cartel enforcement tool. And they work very well for this purpose.
Re: (Score:1)
would have to hop through additional hoops
I really thought this was most of the point of a VPN besides evading geofences. If someone wants to track you down they now have to subpoena the VPN provider and then my ISP. The extra legwork may not be worth it especially if you're looking at an extra 5-10 hours of lawyer time in getting through the VPN provider.
Re: (Score:2)
Re: (Score:2)
Re: Probably time to stop using a VPN (Score:1)
The obvious one is so the government or your ISP canâ(TM)t easily spy on you or avoid some other MITM or an agreed upon redirection or a DNS attack they will employ to get ad revenue. It also makes it harder for remote sites to geolocate me.
A proper VPN provider at least aggregates all traffic so itâ(TM)s harder to pick âoemeâ out of the bunch.
I also use VPN on all my mobile devices so I can easily connect to things on open WiFi without worrying about MITM attacks.
The NYT writer is clear
Re: (Score:2)
There is also a use case for "the site I want to talk to only does unencrypted traffic and I don't want it to be that visible while it's on my ISP's network". It's not a huge case because it's still going to be unencrypted between the VPN and the site, but if you suspect your ISP of injecting ads into unencrypted web pages, for example, it might be worthwhile. However, now that such plaintext-only sites are rarer, it's not as useful.
Nobody uses a VPN for security (Score:5, Insightful)
Re:Nobody uses a VPN for security (Score:5, Insightful)
That's also what I thought when I read the summary.
At first, when I saw the headline, I thought "are companies doing away with geo-restrictions? No way!", and then the summary told me the author has no idea why people uses VPN.
The main purpose of using VPN is, as its name suggested, you are forming a private network, e.g. connecting to your company's VPN for work. Another one is to fake your location as the VPN vendor's, no matter where you actually are, i.e. to get around geo-restrictions of likes of Netflix.
Who ever thought that using VPN gives you any additional security?
Re: Nobody uses a VPN for security (Score:3)
I generally agree, but if you're surfing on an open WiFi network, or a hotel connection, you're kinda exposed. OTOH, now that my phone's hotspot typically gives me better performance than hotel WiFi, I have less of this use case to mess with, exposing myself only to my wireless carrier.
'HEY WIRELESS CARRIER! (opens raincoat) GET A LOAD OF THIS! SUCK IT, BECAUSE YOU SUCK!!!'
Re: Nobody uses a VPN for security (Score:4, Insightful)
I generally agree, but if you're surfing on an open WiFi network, or a hotel connection, you're kinda exposed.
No, not particularly. If you're still sending unencrypted traffic at this point, you're doing it wrong. (Okay, so DNS is unencrypted. Whoop-dee-effing-do.)
VPNs serve many purposes, but privacy isn't really one of them. You're either on a network with a lot of people, in which case privacy comes from nobody knowing which of the many clients is yours, or you're on a network that you control, in which case privacy comes from you controlling it. Using a VPN just means that instead of your ISP knowing where you've been, your VPN provider knows where you've been, and that's probably riskier, frankly, because you're a big fish in a small pool instead of a small fish in a big pool.
Re: (Score:2)
I generally agree, but if you're surfing on an open WiFi network, or a hotel connection, you're kinda exposed. OTOH, now that my phone's hotspot typically gives me better performance than hotel WiFi, I have less of this use case to mess with, exposing myself only to my wireless carrier.
'HEY WIRELESS CARRIER! (opens raincoat) GET A LOAD OF THIS! SUCK IT, BECAUSE YOU SUCK!!!'
Only if you are using plain HTTP. You have a decent amount of security if your WIFI traffic is over HTTP/SSL.
Re: (Score:2)
CC vs IP: Depends on sevices (Score:3)
I suspect a lot of content services now geoblock on the bases of the cc used to pey ver the service
Valve does indeed do it this way:
- you can only pre-order a Steamdeck for a country for which you have paid something in the past.
(e.g.: I live in Switzerland which despite being in Europe is not an EU member. Thus I can't pre-order a Steamdeck.
I would need to switch my profile address to somewhere in the EU, then register an appropriate cc from the same country, buy something from steam with that credit card, and then I should be able to pre-order a Steamdeck for that address).
An an aditionalø advantage (from the consent providers pov) is that they don't have to play wack-a-mole with vpn detection services.
Netflix still plays the whac
Re: (Score:3)
Avoiding geo-blocks is a nice bonus for me, not the primary reason to use a VPN.
The issue is my ISP knows all my details. Name, address, phone number. The VPN provider I use (Mullvad) does not know any of that, all they have is a randomly generated number and some anonymous payments (they accept mailed in cash and BTC).
My ISP also enforces private blocking by media companies, while my VPN provider does not.
Re: (Score:1)
Also, Mullvad isn't that great to avoid geoblocking. According to their own FAQ they don't really try hard to evade it.
For example, when I tried Mullvad in 2020, the BBC Iplayer and the Danish TV mediaplayer both
noticed that I was using a VPN and did not work.
Re: (Score:2)
I only use it for YouTube geoblocks where it works fine. For TV stuff I just head to RARBG or The Pirate Bay.
Re: (Score:2)
The issue is that while 'everyone' knows that the real purpose is to conneect and access media that someone doesn't want you asking, their advertising says crap like "protect your banking details when at a coffee shop" and BS like that. Basically they want to snag a bunch of more oblivious people as customers to round out their geofencing bypass/piracy obfuscation core customer base.
Re: Nobody uses a VPN for security (Score:1)
I also use a VPN from home to connect to my work network. It's required to access most things on the company network remotely.
Plenty of legal reasons to use a VPN.
Re: (Score:2)
You're correct; however, for what it's worth, VPNs frequently advertise on security. From ads I've seen, that actually seems to be the primary selling point for a lot of them (presumably because it's easy to sell fear).
Re: (Score:2)
Re: (Score:3)
Re:Nobody uses a VPN for security (Score:5, Insightful)
I’m a believer in having a VPN back to home, and if you need something beyond that (presumably for something illegal at your home), then the author’s solution makes sense. The VPN to home is great for so many things but beyond that it is overkill for most.
Re: (Score:2)
Re: (Score:3)
Or (if you have gigabit fiber), you install a personal VPN server on a computer at home, and use that to fool a lot of streaming video software into thinking that you're watching at home while you travel.
VPNs are indeed useful, but I'd never pay a third party for someth
Re: (Score:1)
Indeed, same here.
VPN home vs. commercial (Score:2)
Or (if you have gigabit fiber), you install a personal VPN server on a computer at home, and use that to fool a lot of streaming video software into thinking that you're watching at home while you travel.
And this an even better solution because some streaming provider like Netflix keep playing the whack-a-mole game with known IP of VPN relays.
So IP ranges belongging to commercial VPN solution are likely to be blocked, whereas your own personnal homemade server running on a home IP is not.
Re: (Score:1)
touché!
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
What is this VPN traffic stuff you refer to? Wireguard on port 80?
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
How can they do that? Don't people work from home using their VPNs? You mean to tell me comcast throttles you if you are working from home? Find another internet provider.
For the sake of simplifying the topic, we can assume that VPN traffic is not distinguishable from regular traffic. The only way an ISP blocks VPN traffic is by blocking traffic to the IP or IPs serving that VPN. That is, an ISP is using a black list (very likely for a very good reason).
That blacklist is not going to contain IPs for business-related VPNs (say a VPN for BoA workers), unless it gets blacklisted (and you can assured that business would know right away, will investigate why it got blacklisted
Re: (Score:2)
Re:Nobody uses a VPN for security (Score:5, Insightful)
yeah, except now Comcast throttles vpn traffic. Torrenting anything is near pointless.
Comcast does not throttle VPN. This has been tested time and time again and there is zero evidence.
Besides if they were, they'd have thousands of customers knocking their doors down unable to work from home during the pandemic.
Re: (Score:3)
Fios user here. I pull in torrents at 35Mb/s sometimes through a vpn.
Re: (Score:3)
Ads. (Score:1)
I'm getting ads on Slashdot for stuff my wife bought from her computer, and she just complained that she's getting ads on Facebook for stuff I bought on my computer. So now I think every computer in our household needs its own VPN.
Re:Ads. (Score:5, Insightful)
VPN won't help. Your email provider(s) sell each other the "anonymized" user data with a wink then turn around & run that data through algorithms that de-anonymize it. Presto! User98373jf75agdJ is really Joe Ichijo at 1234 Main Street Anytown USA. Then they do analysis on "strongest connections" by analyzing sent and received emails to determine your social circle. Then they grab phone numbers from your frequent email connections and analyze the text messages sent and received on those phones. Then they analyze the apps on those phones and your connections interact with and make even more connections.
If you use a computer then google and amazon know all about you. We are not the customer -- we are the product.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
You have an over-inflated Hollywood view of what is going on in the data world.
Back in reality: No they aren't going through algorithmically deanonymising you to determine your social circle. They are more than happy to use the entirely anonymised data to target you anyway through their partners. No one gives a crap if you're Joe Ichijo at 1234 Main Street. They care that some user in Anytown bought ${thing} and ${otherthing} and inferred that they are male.
Nothing more. Often data privacy laws deal with th
Re: (Score:2)
You have an over-inflated Hollywood view of what is going on in the data world.
Perhaps. I just finished reading Cory Doctorow's "Attack Surface" [craphound.com] and came away a bit hyper-sensitized
Just curious. From anonymized email, how would I determine:
Re: (Score:1)
Tell your wife she would then need to pass captcha challenges for many many sites she will try to visit and cope with some sites systematically blocking her. That should solve the problem.
A bunch of commercial VPN IPs are constantly on blacklist because users of the VPN service use it to launch various types of attack. We host websites and use some blacklist to systematically block request to our servers for requestors on those lists but we whitelist some IP networks relevant to where the customer base is.
If you are using a VPN (Score:3, Interesting)
And you're not using it for work, or being a political dissident, or crime, then you're wasting your time. Especially if you're doing it because you think the "privacy" of your boring, basic online life is so important that it needs to be guarded from.... your ISP, the people who have a financial incentive in not pissing you off or violating your trust.
Re:If you are using a VPN (Score:4, Interesting)
And you're not using it for work, or being a political dissident, or crime, then you're wasting your time.
Curious. If it works for political dissidents and criminals, why wouldn't it protect my privacy as well? Or are you saying that criminals and political dissidents are disillusioned when using a VPN service?
Re:If you are using a VPN (Score:4, Insightful)
The VPN is ~90% secure.
Your ISP is ~90% secure
The ISP in a dictatorship is ~30% secure.
The dissident in a dictatorship goes from 30% to 90% with a VPN. You will go from one kind of 90% to another kind of 90%.
Obviously the numbers are just made up, but it illustrates the point. Nobody really knows what the real values are.
Perhaps the VPN is a little bit more safe, perhaps it is a little bit less safe.
For the average user in a western country, the difference is going to be small.
Re: (Score:2)
Or you want access to media you paid for that just isnt available where you are currently at.
Re: (Score:2)
Re: (Score:2)
And you're not using it for work, or being a political dissident, or crime, then you're wasting your time.
And if you're using a paid VPN service because you're a political dissident or a criminal, then you're endangering yourself, because VPN services are ideal places for governments to keep an eye on you. They nicely collect in one place all of the traffic people want to hide.
Re: If you are using a VPN (Score:3)
Re: (Score:2)
They don't have a market incentive, they have regulatory incentive. *Especially* in today's climate, both politically and tech-wise. They know if they start fucking with the users too much, the FCC will get their grubby little paws into their business, start throwing around fines and possibly even mandating specific policies, which no business ever wants. They can screw with the users _a little bit_, but no more than they already have done.
Re: (Score:2)
They have an even bigger incentive to avoid being held liable under the DMCA.
Customers talk, but lawyers are louder.
Nice Try (Score:5, Funny)
nice try, FBI
Re: (Score:2)
Oh please, as if they're such amateurs. They don't hack your connection, they start companies that pretend to keep your service secure so those people that want to hide stuff from them would sign up with them and hand it over.
Why yes, the spooks are getting lazy...
Re: (Score:2)
nice try, FBI
The FBI runs the VPN servers.
Work VPN (Score:2)
I don't use a VPN for the standard stuff these paid VPNs are used for—I don't pirate stuff, I don't view any content that needs to be private for legal reasons—but when I have to use a Google service I use my work VPN. Given their massive data harvesting operation, it probably doesn't do much good (even in combination with my Pi-Hole + ad blockers + tracker blockers), but I will do what I can, within reason, to throw off my scent. It's not that I have anything to hide, I just want to do what lit
Author misses the point (Score:5, Insightful)
Re: (Score:2)
HTTPS is not an excuse (Score:2, Insightful)
If anything, it makes it worse (Score:2)
Indeed. If the problem is non-secure traffic, or otherwise intercepting sensitive data, if I compromise YOUR link, I get your data. If I compromise a VPN server though, I not only get your data, I get the data of everybody else using the system, and they're generally going to be the types with more to hide.
So while intercepting your traffic might be easier, the VPN server is higher value, and thus attract more work to compromise.
Re: (Score:2)
Apple vs Android smartphone hotspot overheating? (Score:2)
This has been a deal-breaker for me because of course I often use 'my own internet' while working in the office, especially when developing using my own notebook PC (with linux on it).
A
Re: (Score:2)
My experience is the opposite. My iphone serves quite well at family gatherings when there are a half dozen kids on limited plan wanting to use my unlimited data. Checkmate.
Anyway, travel, as has been mentioned before - prohibitively expensive to hotspot, and use roaming. But I am happy to use the hotel wifi with a VPN. And some crappy hotels want you to install a self-signed wildcard certificate to use the wifi - no way. (That well known chain is on my blacklist).
With work travel, not always possible to go
Netflix? (Score:3)
Meanwhile, Netflix has banned all HE ipv6 tunnel endpoints.
Re: (Score:2)
What kind of a fucking idiot... (Score:4, Insightful)
Re: (Score:3)
You should not trust Nord or PIA. Period.
If your VPN advertises, at all.... then its not a good VPN and is likely a honeypot of some kind and that while you are probably not a target of the pot, they'll take your subscription money anyways, and still maybe you actually are a target afterall, or may become one.
If your VPN uses something other than open source software for your end, then its not a good VPN.
None of this has to do with a VPN's ability to "keep your data saf
Re: (Score:2)
I "trust" my ISP. I also "trust" the VPN I have chosen (AirVPN.) These two Trusts are not equal. I Trust my ISP more when I do banking, but I trust AirVPN more when I want to connect to thing when my IP address (which may lead to my identity) might be a liability.
You can also throw Tor into the mix. Good discussion of the risk of malicious ISPs and/or VPNs here;
Tor over VPN or VPN over Tor? [privateint...access.com]
Of course Tor is painfully slow for torrenting most of the time.
Re: (Score:2)
Re: (Score:2)
This is a common misconception about VPNs. The idea is to not to make mass surveillance and corporate surveillance impossible, just much more expensive and targeted.
Re: (Score:3)
A VPN is only half the deal. Knowing those people and knowing they can be trusted is the other, very much harder, half, that's usually forgotten.
You know, that same half that is actively and deliberately made a taboo on the entire TLS infrastructure... or do you even know what CA said it verified that this site is this site? Let alone who the people are that are behind it?
So you are already using an untrustworthy "VPN" as we speak.
It's called a TLS connection, like HTTPS, "secured" by one of the many, ofte
Pro-governments will pro-government (Score:1)
Guys, I am just like you and used to have this service that meant the government could no longer track who I spoke with and which buildings I visited during the day.
However, now I simply feel no need for it. I feel so free and happy.
Have a nice day.
It's less that they are superfluous (Score:2)
It's more that they're generally less trustworthy than even your ISP when it comes to ratting you out.
For most people yes (Score:2)
I would stay the hell of any VPN service that sponsors YouTube content - e.g. NordVPN, ExpressVPN etc. Half your money goes straight into their advertising budget, not into the quality of service or support you get. And why do you need a consta
Solution (Score:5, Funny)
Oh you sweet summer child... (Score:3)
You think VPNs around here are about privacy?
lol
They are about file sharing! And watching streaming services around the world.
They know it, but they can't say it. So they tell you something about "privacy".
Tom Scott agrees: https://www.youtube.com/watch?... [youtube.com]
Of course they sell your ass to the first government with a court order that comes around!
Unless you mean https://njal.la/vpn/ [njal.la] of course. That's the Pirate Bay guys. They have enough experience with courts to know how to make themselves unable to betray you, even if forced to.
HTTPS isn't security either (Score:2)
Why would I trust any of the people/companies involved in signing the certificates that make HTTPS work?
HTTPS encrypts traffic, but my sensitive data was ALWAYS much more likely to be stolen at the other end by staff members than it ever was to be intercepted on the way.
As everyone else has said: paid-for VPNs are bout breaking geofences, not security.
We still need it (Score:2)
As long as the MAFIAA still exists.
What about Regionlocking and Internet Censorship. (Score:2)
I use my VPN (Nord) mostly to get around region locking and country specific Internet censorship.
You may think the Internet is one big happy place that looks consistent across all countries, but it simply isn't the case.
Thanks for not naming the services (Score:1)
Apparently I'll be dropping my PIA subscription. The summary couldn't be bothered to tell us which services were owned by the malware
Thanks for reading the time. (Score:3)
Somebody think of the YouTubers!? (Score:1)
Tracking (Score:2)
The best VPN is the one (Score:2)
Not Interception (Score:1)
Pay here to read about not paying there... (Score:2)
Article about not paying for a VPN...
Behind a paywall...