this post was submitted on 25 Feb 2024
263 points (88.8% liked)

No Stupid Questions

36304 readers
938 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago
MODERATORS
(page 3) 38 comments
sorted by: hot top controversial new old
[–] [email protected] 54 points 10 months ago (10 children)

Slightly off-topic rant:

I hate how the 'VPN' term has been took over by companies selling services using VPN technology.

VPN was initially 'Virtual Private Network' – used to securely connect own (as belonging to an organization or person) devices over a public network. Like securely connecting bank branches. Or allowing employee connect to a company network. And VPN are still used that way. They are secure and provide the privacy needed.

Now when people say 'VPN' they often mean a service where they use VPN software (initially designed for the use case mentioned above) to connect to the public interned via some third-party. This is not a 'private network' any more. It just changes who you need to trust with you network activity. And changes how others may see you (breaking other trust).

When you cannot trust your ISP and your local authorities those 'VPNs' can be useful. But I have more trust to my ISP I have a contract with and my country legal system than in some exotic company in some tax haven or other country that our consumer protections or GDPR obligations won't reach.

Back to the topic:
I do not believe that all VPN services are owned/funded by governments, but some may be. I don't have much reason to trust them, they are doing it for money and not necessarily only the money their customers pay them. In fact I trust my government more that some random very foreign company.

[–] [email protected] 13 points 10 months ago (3 children)

I hate how the ‘VPN’ term has been took over by companies selling services using VPN technology.

Agreed. What they're really selling is a proxy service, I don't know why that term isn't used. The fact that VPN software is used to establish that proxy isn't relevant, the end result is a proxy.

load more comments (3 replies)
load more comments (9 replies)
[–] [email protected] -3 points 10 months ago (1 children)

This isn't a community for speculation or conspiracy theories

[–] [email protected] 37 points 10 months ago (2 children)

Why is “governments” the boogeyman that comes to mind? Scammers and thieves would have much more interest in your everyday consumer internet usage.

[–] [email protected] 12 points 10 months ago (2 children)

What exactly do you mean by "scammers and thieves"? The only protection you get from a VPN is privacy from your ISP. That ISP obviously operates in your country (there has to be some physical connection) and is regulated by your government. It's easy for the government to demand data from the ISP about you (or about certain usage patterns and which users have them) without you knowing, not to mention how easy it is for the ISP itself to monetize your usage data.

A scammer or thief can't as easily grab hold of that data. If you're imagining a hacker gaining access to the ISP's database or network, that's certainly plausible but it's just as possible with a VPN provider. I personally don't think the big commercial VPNs are much more secure than ISPs. Maybe a little.

load more comments (2 replies)
[–] [email protected] 28 points 10 months ago

Haha, nice try governments

[–] [email protected] 77 points 10 months ago (14 children)

I fear false privacy because a corporation runs it. I've never been afraid of a government but I worry about corporate shittery all the time.

load more comments (14 replies)
[–] [email protected] 15 points 10 months ago (3 children)

I believe protonvpn is no log. I hope they make their servers ram only like mullvad eventually though, it would be a great improvement.

load more comments (3 replies)
[–] [email protected] 19 points 10 months ago* (last edited 10 months ago)

VPNs provides limited privacy and some security. For example, your traffic might be correlated to the traffic exiting at you VPN provider if enough netflow data is collected. Theoretically data from your ISP and your VPNs ISP would be enough. Today, countries and their agencies are probably collecting/trading enough netflow data for this purpose.

As a rule of thumb; since companies these days are very keen on getting in to the data trading market; you can safely assume that most of them has access, if it is legal.

[–] [email protected] 22 points 10 months ago (4 children)

Yes i guess most of them could be but i don't think proton is because they are open source and comes under swiss law just to be safe use tor.

load more comments (4 replies)
[–] [email protected] 147 points 10 months ago (6 children)

All I know is that if you're very worried about being surveilled by governments, the Fediverse is the absolute last place you should want to be.

This is one of the most transparent platforms we have come up with yet. Instead of all your data only being viewable by a host company, it's viewable and able to be analyzed by basically anyone who puts some effort in. This makes it economically worthless, can't really sell something that everyone can already just get for themselves.

We're all out in the open here. So, wave to all the national security agencies everyone. Hiiiii! Hope you're all enjoying the memes!

load more comments (6 replies)
[–] [email protected] 41 points 10 months ago (1 children)

Fun fact, TOR was created by the US navy.

[–] [email protected] 36 points 10 months ago* (last edited 10 months ago) (1 children)

As a way for spies to communicate anonymously and securely.

[–] [email protected] 17 points 10 months ago (3 children)

That's what they want you to think 😉

[–] [email protected] 37 points 10 months ago* (last edited 10 months ago) (1 children)

Nope, that's literally what onion routing is about in case you aren't being facetious. It's in the whitepaper and in the code. It's also in the Snowden leaks.

Edit: ~~Lemmy doesn't allow direct image posting anymore?~~

1

1

Of course that was a long time ago, and hidden services may be much more easily compromised now. And they'll always have their precious 0days. Don't traffick kids, terrorism, or ounces of pure fentanyl and tor will work just fine for you.

[–] [email protected] 17 points 10 months ago (1 children)

and hidden services may be much more easily compromised now

In the end it's still just a site on a server, if it's poorly configured or not secured well it's as vulnerable as any other on the clear net. Once they're able to work out where it is it becomes a honey pot shortly afterward.

[–] [email protected] 9 points 10 months ago (1 children)

Yes, but with the amount of darknet markets and CSAM hidden services that have been taken down within a relatively short span of time compared to the last decade of tor's more widespread history, it seems they may have a new vulnerability (or perhaps just a new covert post-snowden-acceptance surveillance court ruling) that allows them to identify hidden services real IP addresses. It's speculation, but they wouldn't use it bluntly or everyone would know there was a vulnerability and thousands more eyes would be on the tor code (or awareness of nation-state level traffic omniscience in the case of something as simple as a timing attack). A CSAM hidden service has been run by the federal governments of a few countries, so there's no question of ethics or law in that case.

[–] [email protected] 11 points 10 months ago (1 children)

The "users" are probably the weak point. Badly configured setups leaking info, aggregation using that info to fingerprint a user, etc. When they have a user account with access they can use it to keep collecting data and digging. I imagine it's a slow process. Nothing networked can be 100% secure though.

load more comments (1 replies)
[–] [email protected] 98 points 10 months ago* (last edited 10 months ago) (5 children)

Nah, most governments can just buy that data from the most of the VPNs if they need to - no need for secrecy.

If you think nord VPN is protecting you from government surveillance I have a bridge to sell you - it's really affordable.

[–] [email protected] 60 points 10 months ago (1 children)
[–] [email protected] 38 points 10 months ago (1 children)

Now that they've finished going RAM only it's even more secure

[–] [email protected] 15 points 10 months ago

And for $5 a month you're losing money not using them.

load more comments (4 replies)
[–] [email protected] 18 points 10 months ago (4 children)

For commercial offerings this is probably true for at least some of them, but creating your own VPN isn't terribly difficult if you are serious about your privacy. I typically just use them when I travel to countries like China where I can't get to a bunch of necessary services, so I don't mind if they route my YouTube traffic through CIA headquarters, but if I was doing anything more than that I would just set up my own.

[–] [email protected] 12 points 10 months ago (6 children)

Which vpn have you found to work in china? Nord used to but doesn't any more

[–] [email protected] 11 points 10 months ago

Astrill is the only consistent one and I have to server hop at times.

[–] [email protected] 13 points 10 months ago* (last edited 10 months ago)

I almost never trust any site that advertises any kind of VPN service (it's always ranked by the best paying referrals) but this mirrors what I've seen in discussions.

From https://www.cloudwards.net/best-vpn-services-for-china/

Preferred VPN Choice: The general consensus among VPN users in China is that Astrill VPN is the most reliable option. However, it’s an incredibly expensive VPN, so it’s worth trying other cheaper options first. Surfshark is our top choice for best VPN for China as it has a solid reputation for working in the country while also offering affordable plans.

Alternative VPN Options: Other good options for China include CyberGhost, Proton VPN, Widscribe and Mullvad. NordVPN is also an option, but it’s not as reliable in China as the other six, so we only recommend it if you already have an account.

Censorship Evasion Strategy: Since VPNs are in a running battle with censorship, we recommend subscribing to multiple VPNs to ensure you have coverage at all times. No matter which VPNs you use, make sure you download them before going to China, as the download pages are often blocked.

load more comments (4 replies)
[–] [email protected] 22 points 10 months ago

Part of the point of a VPN is there's not a dedicated IP tied to you (or at least tying all of your activity together). That doesn't provide any benefit besides a corporate/government firewall bypass unless a mass of people are using your server.

[–] [email protected] 17 points 10 months ago (1 children)

But then you don’t get the benefit of having increased privacy due to lots of people using the same IP.

[–] [email protected] 6 points 10 months ago* (last edited 10 months ago)

Linka? Long shot, but message me if it's you.

[–] [email protected] 11 points 10 months ago (1 children)

What homespun protocols you using from China? The regular ones like OpenVPN get blocked yeah.

[–] [email protected] 14 points 10 months ago

There are a ton of obfuscating protocols that a VPN can run. obfs is one of the most popular. You can configure your VPN to appear as basically any traffic. HTTPS, DNS, QUIK.

load more comments
view more: ‹ prev next ›