this post was submitted on 16 May 2024
36 points (100.0% liked)
Technology
37360 readers
208 users here now
Rumors, happenings, and innovations in the technology sphere. If it's technological news or discussion of technology, it probably belongs here.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Your provider will just see encrypted traffic (mostly), so yes it will provide protection.
Your provider will just see encrypted traffic (mostly) anyway, so no it will not provide protection. The only thing that you're now hiding from your provider is which servers you're connecting to. Instead you're showing that info to a VPN company whose main business practice is scaring people into buying a product they probably don't need. Think about who you would trust more.
The provider and national TLAs will see all traffic that is in cleartext and meta traffic which is even more valuable. It can also actively tamper with that traffic. So you're technically incorrect and you assume your threat model is universal. It's not. And, of course, there are use cases for Tor, whether with or without VPN.
While my threat model is not universal, it comes close, at least for the average user which OP seems to be from their question. In practice, there is very little unencrypted traffic these days and in the case of that traffic you will have to ask yourself if your (commercial) VPN provider is more trustworthy than your ISP.
If you need to ask if you need a VPN there's a 99% chance that you don't. There are certainly a few use cases for both commercial VPNs and TOR (see my other comment) but to even be aware that those apply to you, you probably already have enough technical knowledge to approach the question from the direction "I want to do XYZ, how can I be more secure?" and not "I've heard of VPNs, do I need one?"
My national government has no business knowing which protocols I use to contact which endpoints and tamper with that traffic. Wrapping up that information in a tunnel is a good first protection layer.
If you're using a commercial VPN from a provider who can legally operate in your country, your national government can just as easily get that information from them as from your ISP.
Correct. But that's no reason to make it easy for them. Burglars can break my windows and climb through and steal my stuff. I'm still going to lock my doors
While ISPs are in many jurisdictions obligated to log your connections (data retentions laws), VPN providers are not.
How would a national government (not TLAs) target particular individuals in a large number of users and what information can they gather given e.g. https://mullvad.net/en/help/no-logging-data-policy ? So perhaps not quite as easily as ordering a tap.
Even though most data traffic is encrypted who you're talking to is not encrypted.
So a third party can observe, who you're talking to, how much data you're sending to them, how frequently you talk to them....
The classic example is if you start visiting a suicide prevention website, even though they don't know the content that you're being served, they can guess oh you're having mental issues. We should revoke your security clearance... Etc
Itβs not just all about encrypting traffic. Many people connect to the internet over a static IP most of the time from their home network. A VPN provides protection against tracking in this case.