Why you shouldn't use a VPN

[Moo]

VPN companies market themselves as "protecting your privacy" online.
Everybody wants to protect their privacy, right?
You may be surprised, but as a very privacy-conscious person, I think VPNs do more harm than good.

Want to know why? Check this out:

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

Don't be shy about googling the terms you hear in this video.
VPN companies make money by convincing you that privacy and security are a click away, and require no thought.
This is obviously not the truth, but if you do want to learn the truth, you need to be willing to learn and understand things at a deeper level than most consumers.

 

[Sprint3473]

VPNs can be very useful; however, for casual users, a VPN is not needed. Most websites use SSL/TLS encryption. Unless you are concerned about someone spying on your DNS queries (e.g., name to numbers/ website -> IP address). However, when cruising or you are using a censored network, a very VPN can help bypass IT MORONS or Corporate Idiots (looking at you, carnival corp); corporations use VPNs in a very different manner, e.g., allowing employees who are not in the office to access sensitive resources.

 

[Cottontail]

VPNs can be very useful; however, for casual users, a VPN is not needed. Most websites use SSL/TLS encryption. Unless you are concerned about someone spying on your DNS queries (e.g., name to numbers/ website -> IP address). However, when cruising or you are using a censored network, a very VPN can help bypass IT MORONS or Corporate Idiots (looking at you, carnival corp); corporations use VPNs in a very different manner, e.g., allowing employees who are not in the office to access sensitive resources.

Yeah, I've had situations where my job required me to use one. I think the short answer is: If you have to be told why you need a VPN, you probably don't need a VPN. I've been frustrated for a while that several of my favorite tech and gaming YouTubers have taken up VPN sponsors, so every video is tagged with an ad that tries to make it seem like VPNs eliminate all of your internet security concerns.

 

[BobbiSueEllen]

I guess my only questions would be:

1. Would a VPN be of greater benefit where the transfer of financial & other sensitive info online are concerned, and;
2. If not, are VPNs hard-selling on that basis?

 

[Sprint3473]

A:

1. if your financial institution does not use TLS/SSL, it's time to move your money. an VPN here will not add any additional security; however, if you want more security for your financial data, choose banks that support NON SMS 2FA; at this time, the only one that does is Charles Schwab.

 

[Sprint3473]

Also, Choosing usernames and passwords that are random and using a good password manager are better steps; I Recommend Bitwarden.

Adding, for security questions, using a random response and storing that in your password manager is also a good idea, eg data that nobody could guess.

Don't reuse passwords; each account should have a unique username and password.

Also, don't click on any links in emails; think before you click... And don't trust links that google provides

 

[Sprint3473]

Bitwarden provides a browser plugin, as well as many other password managers; instead of googling for my bank, I use the browser plugin, where I know I have stored a safe link to the site, and it will take me there; remember your password manager can also store URL's

 

[Sprint3473]

Sorry, im spamming now... but I do strongly suggest using an https://www.yubico.com yubikey wherever possible, Google supports this as well as many others, including AWS

 

[Bearcatz]

VPN services are very useful for privacy, but they're one piece of a complicated puzzle basically no one is capable of setting up or willing to live with. Basically, for those non-techy, your VPN service does almost nothing when you're just immediately logging into your google, facebook, twitter, amazon, etc accounts.

 

[babywolfboy]

i don't trust paid VPNs because i have an extremely hard time believing they're not monitoring you and/or selling your data. these companies do not care about you as a customer, they just care about your money, and making more of it. i kinda just refuse to believe that a large corporation like that is on your side when it comes to keeping your data safe, or your privacy private, for that matter. they're motivated by profits, i have an extremely hard time believing these companies don't see the potential profit in selling all that data they're "keeping safe" and at least consider it... i'll pass! i'm not doing anything that would require me needing to hide my web browsing habits. also i'm not a fan of how a lot of those VPN ad reads on YouTube tell you that you can use them to bypass Netflix's country-locked available programs, because Netflix can and does ban people for doing that!

the average computer user who needs a VPN is more than likely tech savvy enough to set up one of their own, or can figure it out after looking up some tutorials. you can set up a VPN completely for free if you know what you're doing. a paid VPN service is such a waste in my eyes.

 

[Sprint3473]

for the most part I agree with not using paid VPNs especially "free" VPN's, I you need to stand one up quickly one of my favorites is https://github.com/trailofbits/algo, and for corporate VPN TailScale is my favorite.

 

[littleFeathers]

i don't trust paid VPNs because i have an extremely hard time believing they're not monitoring you and/or selling your data.

Indeed. Think about it. If you use a VPN, all your Internet traffic goes through that VPN provider. If you're not using a VPN, then the only place your traffic is all in one place is your local ISP and maybe an upstream provider. After that it scatters to the four winds.

Of course your local ISP could be tracking your activity, so who do you trust? My local ISP is a co-op, so they have little incentive to try and sell me. Maybe even less since a big cable company just laid their (co-ax!) cable here that probably is selling their customers. FYI, the co-op laid fibre here 3 years ago, right to my MDF.

 

[Bearcatz]

Of course your local ISP could be tracking your activity, so who do you trust?

If it were comcast or time warner, the lesser of two evils is 100% a VPN service.

 

[Sprint3473]

Comcast uses DNS to track you. However, you can update your ROUTER or LOCAL MACHINE form using an alternative DNS... I run my own blackholes bind9 server. but there are a lot of options pi-hole is one.

I'm using Comcast, but YAH no VPN is required, just fix your DNS.

I will add that regardless of your home ISP, you should always update your router to use an alternative DNS and never use their hardware.

 

[PCPilot]

If it were comcast or time warner, the lesser of two evils is 100% a VPN service.

Having worked for AT&T in the past, the large telcos are too incompetent to be effectively evil.

 

[Sprint3473]

Having worked for AT&T in the past, the large telcos are too incompetent to be effectively evil.

lol, ATT is well. a friend of the NSA

1. https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/
2. https://www.nytimes.com/2015/08/16/...-nsa-spy-on-an-array-of-internet-traffic.html
3. https://techcrunch.com/2018/06/25/nsa-att-intercept-surveillance/
4. https://www.pbs.org/wgbh/frontline/article/how-att-helped-the-nsa-spy-on-millions/

 

[PCPilot]

If a state-level actor is actively interested in you and your activities, your opsec isn't good enough to save you - VPN or no VPN.

 

[Sprint3473]

If a state-level actor is actively interested in you and your activities, your opsec isn't good enough to save you - VPN or no VPN.

I would disagree. However, we are all entitled to our views. I for one... well yah...

 

[Bearcatz]

Having worked for AT&T in the past, the large telcos are too incompetent to be effectively evil.

Well, I think we can all agree from dial-up to IP Flex they don't ever turn anything up according to plan. lol

If a state-level actor is actively interested in you and your activities, your opsec isn't good enough to save you - VPN or no VPN.

I'd partly agree. But, that's no excuse to not do anything.

The goal isn't to have no finger prints, because how many people on the level sanded off their finger prints? Change them just enough though, and you're a totally different person.

 

[littleFeathers]

I will add that regardless of your home ISP, you should always update your router to use an alternative DNS and never use their hardware.

I agree (if nothing else it avoids all those ads that get thrown at you whenever you typo a DNS name), but the ISP still gets to see the IP addresses (and necessarily so), and those generally map easily enough back to site names.

Once the packets leave your ISP, there is a little anonymity (outside your ISP) in that your own IP address is usually dynamically assigned, so the IP address you have today might not be the one you have tomorrow (or after you reboot your router).

But, that's no excuse to not do anything.

Definitely. I also run different browser instances for sensitive things, sites that I kinda trust, and for everything else. And they run under different user IDs on my computer to get a little more isolation. And, of course, keep the software up to date.