So I’m confused networking stuff has never been my strong suit, is this saying you can still be fucked on public WiFi even if you connect through a VPN?
There are some attacks you are vulnerable to on public WiFi that a VPN can help with.
More generally, whoever is transporting your data knows who you are talking to. If you don’t use a VPN, your ISP and whoever owns the router know what websites you are visiting (although they don’t know the specific content). If you use a VPN, your ISP and router know you are using that VPN, but not what websites you are visiting. Now your VPN knows what websites you are visiting, but they still don’t know what the content is.
No, the context is that for many years, shady commercial VPNs would sponsor YouTubers and the scripts they were given were full of lies and half truths about the dangers of public WiFi, with the implication being that if you purchase their VPN service they will “protect you”. But the problems these VPN companies were claiming to solve have already been solved by HTTPS and it’s perfectly fine to use public WiFi without a VPN. They are using scare tactics to sell you a product.
What this poster is saying is that they’re disappointed to see this same fear mongering misinformation from Proton, who have an otherwise good reputation for being consumer friendly.
is this saying you can still be fucked on public WiFi even if you connect through a VPN?
The quick and dirty answer is no, unless an attacker can figure out a way to get your VPN to strip it’s encryption (doubt you’ll ever see this outside something like defcon but you never know lol).
The long answer is that not all VPNs are equal depending on what you are trying to accomplish.
A VPN will simply tunnel your internet traffic over an encrypted channel to a server anywhere in the world.
On a technical level, this means that it will guarantee your internet traffic is unreadable until it hits the destination, which does mean it can make it more secure to use a public wifi/hotspot.
Of course privacy is actually a massive security iceberg, so some caveats in no particular order are:
spoiler
Modern protocols like HTTPS are already encrypted, although someone can still mess with stripping and poisoning techniques, so having a VPN running would be peace of mind.
Your privacy from companies like Google, Facebook, etc won’t be enforced by a VPN if you don’t also use a new browser session (incognito) because they can easily track your identity via cookies and accounts.
Even if you use a fresh session and dedicated VPN accounts, aforementioned tech companies can still identify you via statistical modeling based on your activity. They don’t really care what your IP is unless they need to pay tax for a country or follow some random media block law.
Your privacy from the government is nonexistent because most VPN companies will share your info if the government requests it.
Lots of VPNs choose to block torrenting so they don’t have to deal with protecting their customers (although lots also don’t).
Even if you setup your own VPN via a VPS in anonymous way, the government can still watch your exit traffic and link the origin back to you by inspecting the VPN packets (which is why Tor exists, a much different solution to the privacy problem).
You should use a VPN if:
You want to torrent copyrighted material (yar har piracy)
You want to spoof your location to get access to geolocked content
You want to negate an attackers ability to mess with your connections on public WiFi
You want a secure channel between two of your own locations (make two separate networks accessible to eachother, or VPN to home/work to access resources on that network).
^ same thing but remote access etc.
You should not use a VPN if:
You need to hide what you do on the internet from the government (See Tor, journalists stuck in shithole regimes).
You want privacy from internet megacorps (you’d have to keep fresh sessions or use them sparingly which you can 90% do without a VPN anyway)
You want to hide anything after it reaches the VPN server (public VPN services, doesn’t apply if you VPN to something you physically own and access only its local resources).
–
After all that, the use case basically becomes:
VPN to within your own country to secure your connection on public WiFi
VPN to home or work to access network
VPN with a good public service to other countries to watch or torrent media
Networking stuff IS my strong suit, and I’m confused about what points most people here, including OP, are trying to make here. Maybe I’m just not awake enough yet.
Wtf proton what? What do people think Proton is saying and what’s the WTF part…?
I don’t think the confusion has anything to do with networking. I’ve been puzzling over this post for a few minutes now… To be honest, I think I’m just more confused.
Maybe this is some sort of AI battle of the wits or contagious stroke or something.
Yes, to a degree. A VPN protects you from an attacker on the same WiFi network as you and that’s about it.
Most assaults on your privacy don’t happen like that, and for the most part the attacks that do happen like that are stopped by the website using https and proper modern security.
The benefit of the VPN is that it puts some of that protection under your control, but only as far as your VPN provider.
A VPN is about as much protection from most cyber attacks as a gun is.
They’re not a security tool, they’re a networking tool. They let you do some network stuff securely, and done correctly they can protect from some things, but the point of them is “this looks like a small, simple LAN, but it’s not”.
It’s much easier to package and sell network tools than security tools, and they’re much more accepted by users, since security tools have a tendency to say “no” a lot, particularly when you might be doing something dumb,and users hate being told no, particularly when they’re doing something dumb.
So I’m confused networking stuff has never been my strong suit, is this saying you can still be fucked on public WiFi even if you connect through a VPN?
There are some attacks you are vulnerable to on public WiFi that a VPN can help with.
More generally, whoever is transporting your data knows who you are talking to. If you don’t use a VPN, your ISP and whoever owns the router know what websites you are visiting (although they don’t know the specific content). If you use a VPN, your ISP and router know you are using that VPN, but not what websites you are visiting. Now your VPN knows what websites you are visiting, but they still don’t know what the content is.
I hope that helps.
No, the context is that for many years, shady commercial VPNs would sponsor YouTubers and the scripts they were given were full of lies and half truths about the dangers of public WiFi, with the implication being that if you purchase their VPN service they will “protect you”. But the problems these VPN companies were claiming to solve have already been solved by HTTPS and it’s perfectly fine to use public WiFi without a VPN. They are using scare tactics to sell you a product.
What this poster is saying is that they’re disappointed to see this same fear mongering misinformation from Proton, who have an otherwise good reputation for being consumer friendly.
The quick and dirty answer is no, unless an attacker can figure out a way to get your VPN to strip it’s encryption (doubt you’ll ever see this outside something like defcon but you never know lol).
The long answer is that not all VPNs are equal depending on what you are trying to accomplish.
A VPN will simply tunnel your internet traffic over an encrypted channel to a server anywhere in the world.
On a technical level, this means that it will guarantee your internet traffic is unreadable until it hits the destination, which does mean it can make it more secure to use a public wifi/hotspot.
Of course privacy is actually a massive security iceberg, so some caveats in no particular order are:
spoiler
Modern protocols like HTTPS are already encrypted, although someone can still mess with stripping and poisoning techniques, so having a VPN running would be peace of mind.
Your privacy from companies like Google, Facebook, etc won’t be enforced by a VPN if you don’t also use a new browser session (incognito) because they can easily track your identity via cookies and accounts.
Even if you use a fresh session and dedicated VPN accounts, aforementioned tech companies can still identify you via statistical modeling based on your activity. They don’t really care what your IP is unless they need to pay tax for a country or follow some random media block law.
Your privacy from the government is nonexistent because most VPN companies will share your info if the government requests it.
Lots of VPNs choose to block torrenting so they don’t have to deal with protecting their customers (although lots also don’t).
Even if you setup your own VPN via a VPS in anonymous way, the government can still watch your exit traffic and link the origin back to you by inspecting the VPN packets (which is why Tor exists, a much different solution to the privacy problem).
You should use a VPN if:
You should not use a VPN if:
–
After all that, the use case basically becomes:
Networking stuff IS my strong suit, and I’m confused about what points most people here, including OP, are trying to make here. Maybe I’m just not awake enough yet.
Wtf proton what? What do people think Proton is saying and what’s the WTF part…?
I don’t think the confusion has anything to do with networking. I’ve been puzzling over this post for a few minutes now… To be honest, I think I’m just more confused.
Maybe this is some sort of AI battle of the wits or contagious stroke or something.
Yes, to a degree. A VPN protects you from an attacker on the same WiFi network as you and that’s about it.
Most assaults on your privacy don’t happen like that, and for the most part the attacks that do happen like that are stopped by the website using https and proper modern security.
The benefit of the VPN is that it puts some of that protection under your control, but only as far as your VPN provider.
A VPN is about as much protection from most cyber attacks as a gun is.
They’re not a security tool, they’re a networking tool. They let you do some network stuff securely, and done correctly they can protect from some things, but the point of them is “this looks like a small, simple LAN, but it’s not”.
It’s much easier to package and sell network tools than security tools, and they’re much more accepted by users, since security tools have a tendency to say “no” a lot, particularly when you might be doing something dumb,and users hate being told no, particularly when they’re doing something dumb.
no, you can’t have intercourse over the Internet.