this post was submitted on 06 Oct 2024
732 points (90.8% liked)

Technology

59637 readers
3235 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 74 points 1 month ago (9 children)

I don't understand why everyone assumes using a VPN means paying for a third party. I have Wireguard deployed in my NAS and I always have that VPN connection active on my phone to be able to access my LAN deployed services remotely, Jellyfin for example.

[–] [email protected] 1 points 1 month ago

IMO, the post is centered around proton VPN, and since that's a public VPN service, it's the focus of the discussion.

Private VPNs are a very different story.

[–] [email protected] 2 points 1 month ago

Yup, I have the same, but not to access services on my devices, but to tunnel services so they can become public services. Basically, Jellyfin is accessible at mydomain.com, which tunnels traffic over WireGuard to my internal Jellyfin instance. I'll connect to the VPN occasionally if I need to access something else on my network though.

That said, I've considered paying for a VPN service so I can get around my state's stupid ID laws around porn and social media, which I consider to be a massive privacy violation. But it hasn't bothered me enough to actually spend the $5/month or whatever.

[–] [email protected] 10 points 1 month ago

I don't understand why everyone assumes using a VPN means paying for a third party.

It's because that is what is advertised to them.

[–] [email protected] 2 points 1 month ago

I do the same, but it's very clear that when people talk about "a VPN" they're referring to a commercial cloud hosted product.

[–] [email protected] 25 points 1 month ago (1 children)

Most VPNs sell themselves on encrypting your traffic to an endpoint that either is in a different locale to get around region locks or to put it out of the grasp of the RIAA so they can’t send your ISP copyright notices.

While remote access to a local network is a good use case for a self-hosted VPN it’s totally unrelated to the use case for commercial VPNs

[–] [email protected] 13 points 1 month ago (2 children)

For the use case of encrypting your traffic while using a public WiFi, both commercial VPNs and self-hosted ones provide the same functionality.

[–] [email protected] 11 points 1 month ago (1 children)

I think the point they're getting at Is that you can't use a self-hosted vpn to hide your piracy activity because the link is registered to yourself.

[–] [email protected] 3 points 1 month ago (1 children)

Yes, but this thread is about security while using public Wi-Fi, which the original comment was saying doesn't require commercial VPNs.

[–] [email protected] 2 points 1 month ago

And I highly doubt people are pirating while on public wi-fi, the bandwidth just isn't good enough, and even if it was, it would be a dick move to other public wi-fi users.

[–] [email protected] 7 points 1 month ago (1 children)

Yes that’s true. But also that’s the wink and nudge marketing claim that VPN marketers make while everyone knows the real reason you are using a VPN.

With HTTPS, DNS-over-HTTPS, and most endpoint firewalls dropping non-gateway traffic, the risk is a lot less than the VPN ad reads want you to believe

[–] [email protected] 1 points 1 month ago (1 children)

DNS-over-HTTPS sounds like it'll be the least used by general public since most people I know are still using default DNS settings which would point towards their ISP's. I'm not sure how many ISPs have moved towards DNS-over-HTTPS or if they are even activated by default.

[–] [email protected] 1 points 1 month ago (1 children)

Firefox has DoT enabled by default, maybe Chrome does the same. That would cover the use-case of most people on public wifi.

[–] [email protected] 1 points 1 month ago (1 children)

Wait, it's set in the browser? I've always thought you set that at the OS level.

[–] [email protected] 1 points 1 month ago (1 children)

Both, the browsers (and any other application) can choose to ignore your DNS settings and use whatever other mechanisms they like.

[–] [email protected] 1 points 1 month ago

Cool, didn't know that. I'll try and find the setting in the browser.

[–] [email protected] 13 points 1 month ago (1 children)

It's also worth mentioning that the VPN in question, Proton, offers one of the best free tiers of any VPN company.

[–] [email protected] 3 points 1 month ago

Agreed. I've used it, and it's perfectly fine for normal web browsing. In fact, I added it to my router a while ago to test it out, and I'm considering leaving it on as a "secure" SSID so we can use it for things that my state requires ID for (e.g. porn and social media).

[–] [email protected] 4 points 1 month ago (1 children)

I tried setting this up, and I can connect to my honeserver, but I've no idea how to access its LAN services. How does it work?

[–] [email protected] 3 points 1 month ago (1 children)

Do you have internal DNS set up? I have my wire guard deployed on both of my pihole servers, which have local DNS entries for my internal services, which point back to my internal Traefik container for NAT translations. I know that sounds a bit complicated, but that's how it works for my environment.

[–] [email protected] 1 points 1 month ago

Wow yeah, that's way more than what I have haha. So I guess I need to look into DNS...

[–] [email protected] 9 points 1 month ago

My setup as well (plus encrypted DNS for good measure)

I still have to somehow trust my ISP but I go down from having to trust my mobile ISP, my employer WiFi, random shops WiFi to just one ISP (that,fwiw, has shown to be transparent, customers friendly etc)