I’ve been using one but I’m not sure what benefits I’m getting from it. I feel like the only thing happening is I’m adding a little bit of latency to all my requests for no reason.
A safe access to my home infra/lab.
From my experience, the latency can be neglected in comparison of the latency of the connection of a mobile.
When the VPN has connexion issues, all the apps on my phone are waiting. Some reach timeout. But they recover all at once, without DNS issues, when the VPN comes back up.
When I move from network to network, from private wifi to public wifi, from country to country, … I am know I can try hotspots without checking if it’s from a malevolent entity (private hacker, stupide enterprises (who log for whatever reason that I go on website they don’tlike (pro-abortion, gaming, …), or anything else). If the VPN is up, I can. If it is down, I can’t but there’s no risk for me, just momentary annoyance.
Yar har fiddle dee dee…
Other comment have gone way more in-depth, but there’s also a difference between using commercial VPNs and ones you set up yourself. I have a few private VPNs set up on servers I physically own in different countries and that offers different protections than just using NordVPN.
Pros:
- Websites can’t see your real IP and thus can’t figure out your real location that easily
- You might also be able to blend in with other users who use the same VPN server
- Your ISP can’t see what you’re websites you’re connecting to
- Your Network operator (e.g. a coffee shop offering public wifi) and you’re ISP can’t see your unencrypted connections (e.g. HTTP, Telnet)
- You can bypass regional censorship or other forms of content unavailability
Cons:
- Your VPN provider can see everything you’re connecting to (but not the content if you use HTTPS, which thankfully has become very common), so you need to be able to trust them
- A good and trustworthy VPN usually costs money
- Slightly slower connection and higher latency
Things to look out for when choosing a VPN provider:
- No-log policy
- Regular security audits
- Open source client applications
- Private/anonymous payment options (crypto currency)
- Monero is the best option if you want to stay fully anonymous
- Minimal information required for signing up, ideally none (some providers don’t even require an email address, they just give you a random generated Account ID)
Mullvad is the gold standard for VPNs in my book
The fact that they allow you to order a physical voucher with a product key, and that product key serves as your only authentication makes it especially anonymous. I love it.
It matches all the criteria I outlined. IVPN too btw: https://www.ivpn.net/
They’re also on Mastodon, which is also a plus in my opinion (not really significant though) @ivpn@mastodon.social
And ProtonVPN IMO.
Yeah. Proton, Mullvad and IVPN are the three best providers out there. That’s also why they’re recommended by privacy/security enthusiasts: https://www.privacyguides.org/en/vpn/?h=vpn#recommended-providers
In the cons there’s also an increase of the attack surface since you’ll be using a program to run the VPN
On the pros, some offer DNS blocking
WireGuard is now even part of the Linux kernel. The protocol and the reference implementation are fully open source, you can just download a WG profile from your provider and you won’t even have to use their application.
On the pros, some offer DNS blocking
You can also set that up without a VPN, or independently of your VPN. The standard WireGuard client doesn’t interfere with your DNS setup.
Wireguard and openvpn both have open source clients.
That may make it more secure than other clients, but the surface is still larger. Any time you add an executable
- Websites can’t see your real IP and thus can’t figure out your real location that easily
Most people in the US use it to avoid getting letter from their ISP from downloading illegal content.
Some people use to access other country content.
Some people use it to avoid ISP snooping their browsing habits
Genuine question: How can an ISP detect that someone is downloading illegal material if the actual content is encrypted using SSL/TLS? Is it all approximated based on the domains/IPs and the amount of data that is sent? If they can’t tell with a 100% certainty, can it be used as proof when trialed in court?
Isn’t that mainly just torrent trackers that publish your IP address and then the ISP gets a request for who was using that particular IP address. I don’t think an ISP would itself be interested in detecting whether their customers download illegal content - there is no business case for them to do that.
Ahh that makes sense - thanks!
I’m not an expert but I’m guessing unencrypted DNS requests and potentially monitoring IPs of different torrents. DNS requests would show what websites a user is going to, and then you can always see peer IPs when connected to a torrent.
The links themselves are not encrypted, only the data packets
A few ways I’ve used it.
Odd, a site seems to be non-functional. (Enable VPN). Site begins to work. Oh, my ISP was fucking with me.
A site is stuttering. (Enable VPN). Magically works. Oh, my ISP was fucking with me.
The most annoying, my family’s Internet over the holidays was blocking my laptop from updating Ubuntu, enabled VPN, udpate went just fine.
In general, it stops ISPs from dictating if they approve or disapprove of your behavior. Hide what you’re doing and all traffic is just anonymous bits and bobs.
As it fucking should be by law… but in the US the conservative party continually repeals the law that enforces non-interference. So for now, we need VPNs.
I don’t think it’s the isp intentionally fucking with you and it’s probably more incompetence on their side.
My isp will occasionally have this issue and then after a few month everything is OK.
i enjoy not getting threatening letters from my ISP about downloading shit.
I’ve never felt the need to use a VPN at home. I’m not really trying to hide from my own ISP, nor obfuscate where my connections come from.
I do host my own VPN from my home network though. This allows me to access my self-hosted services without exposing them directly to the internet, as well as keeps my mobile devices behind my pihole dns servers so they always receive dns adblocking and access to private dns records (self-hosted stuff). This also keeps mobile traffic a bit more secure from snooping, particularly on public/corporate wifi networks.
You should consider your threat model first before using something without being unsure of the benefits.
If you’ve never thought about threat models, here are some questions to get you started.
- List the assets that require protection. (Like credit card info)
- Who might want to gain access to those assets? (e.g. Hackers)
- How can you mitigate the risks? (Updates)
You may have a lot to say, so write things down to clarify your thoughts. Once your threat model document is complete, it will be easier for you to figure it which tools you really need, and which ones are only nice to have.
I’m not smart enough to explain the privacy benefits, but what I can say is that a vpn is so useful for getting access to region-locked websites. People usually mention that you’ll get access to exclusive Netflix content, but if you’re the sort to use a vpn at all, you’re probably not the sort to use Netflix anyway. With a vpn, I can use Tubi despite living outside the US, and novel-translation sites that refuse traffic from my country don’t even give those ‘verify you’re a human’ prompts.
Also, I can switch locations to a place with better upload/download speeds, so things that would before take at least 5 minutes get done in seconds.
It hides details on your traffic from your ISP, that’s about it.
Your ISP can really only see the domain names you visit, as HTTPS encrypts the other info like the path and actual content.
I find this Tom Scott video (YouTube) to be pretty good at explaining why you would want a VPN and why most marketing arguments are BS.
Eli5 VPN: https://dnsleaktest.com/ Visit this site unsecured and it will display your general geographic location (county/region). Connect to your VPN and try again incognito and under most circumstances it will display the VPN location instead.
Example scenario: you are in Canada and connect to Netflix and are incredibly disappointed with the Canadian selection. You connect toa VPN from New York a few miles away and you get access to the full United States catalogue. (Netflix is fighting this)
Example 2: you setup your smart vacuum on your home network and being concerned about security, you disabled access outside your home. You can connect to a personal VPN you configure to “spoof” being inside the house while on vacation to modify your vacuum settings.
Vpns are also commonly used as “public transit” for users to obfuscate their identity.
Benefit: When you make a request against a website, they often put trackers on you including your operating system, browser application, and store data like your geographic location. Advertisers are tracking your history, sites are using cookies to charge more with dynamic pricing when you revisit, data brokers are selling that data. There have been use cased where whistle blowers are identified off that purchased data from known journalist meetings. There’s a lot of reasons to have a VPN, but never use a free one. Adding an extra jump to your VPN location is definitely adding latency, if you don’t need one, it’s just extra weight.
Tried it, it’s a couple of belgiums off, but not bad
If you don’t use VPN all your traffic will flow through ISP. That doesn’t mean ISP can see your passwords or anything. They can only see which website you’re connecting to given that you are using unencrypted DNS if you are using encrypted DNS with TLS Hello they can only see IP. The claims that VPN protects you from hackers in public WiFi is dead since all websites switched to HTTPS and HSTS.
By using VPN all of these details now won’t be visible to your ISP but they will be visible to VPN provider.
If you live in a place where LEA can’t kick down your door and arrest you for visiting website it deems illegal then using VPN doesn’t give you anything.
Of course even a lot of first world country have strict laws against piracy in that case VPN is good but if you aren’t pirating and live in a free country I’d suggest don’t bother with VPN unless you have other reasons.Another reason could be to access geo restricted content on Netflix and stuff
Another thing to keep in mind, if you are committing/suspected of any crime then LEA will definitely go through your search history, they can get this through your device if you’ve cleaned that up but use google account then they can ask google, or go to ISP and ask this, obviously if you’re in this category then there are better solutions like Tor I2P
There are other extreme examples where a cheap ad friendly VPN with no registration comes in handy. If you want to create a zero knowledge email. Most email provider will block you if you are trying to create account with ProtonVPN or from Tor, but if your route your traffic through Tor and then to an ad friendly VPN they mostly allow it cuz they think you’re a dumb dumb. Note - it is generally not recommended to use VPN over Tor.
Why is it not recommended to use a VPN over Tor? Doesn’t that mean the ISP can’t see you are connected to Tor?
No VPN over Tor means you first connect to Tor and then to VPN. This is highly discouraged because if someone can tie the VPN to you then they can bypass Tor entirely and get what websites you were visiting.
What you are suggesting is Tor over VPN, here you’ll first connect to VPN and then to Tor, this is less risky but still not recommended as using Tor is not illegal in most countries (remember US Navy built it initially and they and many other spy agencies still use it) also there are other better ways to achieve hiding from ISP. bridges were designed specifically for that.
Ok, so the ISP can see that I’m connected to the Tor network? Using Tor over VPN just adds one more layer of privacy, right? Tor isn’t illegal here; what I’m trying to achieve is anonymity on the internet.
You’re losing anonymity, when you log into your VPN through TOR
TOR gives you anonymity, but if you connect through TOR to your VPN, which you probably registered with some of your data (or maybe your real IP), all the hops through TOR are useless, because your VPN connection is associated with you.
It really depends on who you want to hide from.
If it’s your ISP, then connecting over VPN to TOR could make sense, when your ISP is restrictive regarding TOR. But that’s pretty much the only usecase I can come up with at the moment
Nice try FBI
you joke but even the FBI encourages vpn use