A VPN isn’t magically solving all privacy and security issues. Personally, I would trust Mullvad, Proton and IVPN with my data over my ISP. They’ve been audited, and they’ve been put to test multiple times, and not been able to give away data. But it all really boils down to personal needs, and each to their own on that. If you don’t want a VPN, then don’t buy into one.
Set https everywhere. Use secure DNS servers. Install TOR along with all that. Tell me how your VPN provider can “see everything you do” with many layers of encryption, decentralization, and propagation of your data?
It protects you only if you have chosen the right VPN provider.
Of course if you choose some random VPN that was advertised in a youtube video that may as well be a downgrade depending on what your ISP does with your data already.
But if you choose a honest VPN provider, who’s values aligns with yours, and does not share (neither collect) any data on your usage and traffic, then that can easily be better.
Also keep in mind that ISP’s often operate knowing that they are the only provider in the area. Or the only usable one, or that the others aren’t better either. There’s no competition, and they make use of the fact that they can do whatever they want that is legal (a lot of things is), because the user can’t just switch to another that does not do it.
However, there’s a competition between VPNs. Unfortunately most of that competition is driven by lies, but fortunately not all of it is.
some people just want to bypass geolocked content, this only requires having a vpn in whatever region you want content in.
those who only care about piracy and avoiding dmca claims, they need a VPN who do not keep logs. or is hosted in a country that does not respond to DMCA requests
those who need a VPN for privacy reasons, theres tiers of it. basically some people will refuse to use VPNs hosted in Five Eyes/Nine Eyes countries as the government would likely know your actions. some people dont care of government knows, others do.
DoT also encrypts the request, so the ISP cannot spy on the Domain Name you have requested.
And thanks to Https the ISP only sees the IP address which cannot in every case be resolved to a unique Domain, especially large sites that are hosted on service providers like Cloudflare, amazon etc etc
But what’s not encrypted by either is the Server Name Indicator or SNI, ie: the initial request to a webserver stating which host you’re trying to reach at that IP, before establishing the TLS connection, contains the domain you’d requested via DoH/DoT, in plaintext.
It will prevent the ISP from snooping on, or tampering with, the DNS request. However when you go to use the IP you’ve retrieved via DoH/DoT; your first request establishing a TLS connection to that IP will contain an unencrypted SNI which states the domain you are trying to use. This can be snooped on by your ISP.
It seems many more browsers support it than last I’d looked. I’m curious to see how much of the general web has adopted support for it onnthe server side. I’ll have to look into that more, and see what it’ll take to setup for self-hosting.
The joke is making fun of anyone who does assume incognito mode is hiding anything from third parties.
All the Chrome bashing around this issue is pathetic. Every major browser has the same feature and none that I know of give it a name that makes the purpose any more clear. It’s obvious a lot of people have an irrational hatred of Chrome and don’t understand the actual issues involved.
Yes I get the joke. But the reason it's focused on chrome is because it is far and away the most popular browser by an insane margin, so "incognito mode" is universally known and understood.
Hey there, I have been lately trying to better understand how privacy/my network work lately. I’m kind of right at that line where the next barrier gets pretty technical. I think I have a decent understanding of DoH, but I know it has quite click for me yet. How would you describe it? (I’m assuming that is an acronym for DNS over HTTP?)
Yes, or more precisely it’s DNS over HTTPS.
The S at the end stand for Secure, but technically it means that it is HTTP inside TLS. TLS encrypts the traffic, and verifies server responses to be authentic.
HTTP and HTTPS are most often used by websites, but there are many more common uses of it.
When a program - like firefox - uses DoH to resolve domain names (that is, find their corresponding IP address, they can have multiple), then instead of asking the DNS server that was configured in the operating system (often automatically set by your router’s “advisory”, though DHCP) through a clear text channel that is prone to inspection and manipulation, instead of that it asks a DNS server that communicates over HTTPS, just like webservers do.
By doing this, domain name lookups have the protection of TLS, and they look like as if you have just visited a website. It’s harder* to find out which server was that request sent to, what was the purpose of that request, and since the content of the request is encrypted, and the response is encrypted and signed just as when visiting a website, it’s harder to see as an outside observer what was being done, including what website’s IP did you look up, and it’s harder for them to modify this response.
DoH servers to be used may be set up with an IP address if that is fix and never changes, or through a domain name. If you only have the domain name of a DoH server, then you can’t contact that yet, first you have to look up it’s IP address using either an other DoH server who’s address is fix or the current one is known, or with a plain DNS server.
This is really helpful thank you. Definitely one of somewhere between “I kind of get it” and “I understand some of these words,” but I think with a little term research and some pondering this will click better. Appreciate your taking the time to break it down!
Everytime this is reposted in a new template I remind everyone that no one is using incognito mode to hide from their ISP they are using it to hide from their spouse or partner.
Yes, but I want auto fill turned on for some websites because they go straight to the section that I want instead of navigating through the site every time.
I produce a podcast that gets us into some twisted corners of the internet. Especially when I fact check things for the other hosts. Mullvad + proton VPN always up, no question.
Beyond that it’s legitimately useful for logging into a second account on a site or for various testing purposes as a web developer. Though if you’re consistently using it for the former, containers are a better solution.
I don’t need the obvious URL’s popping up whenever I start typing. I’m just one fat finger away from a bad mistake and subsequent loud sounds on my studio speakers when anyone could be around if I don’t do that.
It’s best to keep that stuff separated out to spare yourself some incredibly avoidable embarrassing moments.
I use private mode for a whole bunch of stuff, visiting shopping sites i dont want coming up in targeted ads, watching youtube videos that are out of my usual jam and not wanting to get endless suggestions for crap im not into because i wanted to see a plumbing repair how-to or listen to a song wildly out of my usual genres because i was in the mood.
No doubt. Whoever’s making these memes obviously wasn’t around when Incognito/Private browsing was introduced. It was never advertised as hiding anything from your ISP.
i use private windows mainly so i don't clutter up browser histories with useless stuff i won't go back to (if i do run across something to save, it gets bookmarked or printed to pdf).
Yeah thats why I use Firefox Focus on mobile. It has no feature to save history. I use normal Firefox in case I want to save history or login permanently
Yes, they do. I use 4 different browser profiles for various things. But everyone who uses my computer while I cannot control what they do, gets their own user account or can use a guest account.
I’ve always been used to browser clearing everything on exit. On my phone I set Firefox focus as the default browser so whenever I search anything I just dump it after
I’m in my thirties, single for years and occasionally make sexual jokes. People know I fap. Everyone faps (huh, could be the title for an educational children’s book…), I don’t hide my browser history. Other question is who from? I live alone.
They can see the entire URL, not just the domain. They just can't see the contents themselves. But they can still see "dudesfuckingfurniture.com/gettingfreakywithadresser.mpeg"
Are you sure? The file path after the domain would not be necessary for an ISP to see, only the domain. I’m not sure how all that works, but it’s definitely not a technical requirement thay they can see the complete URL.
They’d also theoretically see the size of the URL, and the size of the page, along with the transport type. So they can infer a lot of information from the exchange, but they couldn’t say for sure what you were viewing on a specific website.
And hopefully in the future they won’t even he able to see the domain. I wonder why they never considered giving out certificates for IPs to solve this problem. Seemed like the easiest solution to me.
There was a demo for a technology put out recently that circumvents this. I don’t remember the exact mechanisms, but it obscured DNS such that your ISP couldn’t see the DNS record you requested, and then used a proxy to route traffic before it hit the final endpoint eliminating exposing the IP to your ISP. It worked very similar to a VPN, but without the encrypted connection, and had some speed focused optimizations including the proxy being proximate to your ISP. It was pretty interesting.
It doesn’t really help. The ISP needs to route you somewhere to get the data, so they’ll need to know who you want to talk to. Even if they don’t see the DNS name (like if you used a third party DNS server) they can still associate the IP address with someone.
There’s things like TOR and VPNs that can route your information through other third parties first, but that impacts performance pretty significantly.
Yeah, but often enough multiple sites share a single IP. It would already be better if the ISP (and everyone in between) didn’t know whether I wanted pink-fluffy-unicorns.com or hardcore-midget-bdsm.com.
Depending on where you’re going even IP addresses are getting to the point that they aren’t helpful. IP addresses are likely to belong to a cloud provider, and unless they are hosting email or a service that requires a reverse record, all you’d get is the cloud provider’s information.
Yeah, that’s what I meant originally. But I still don’t know how to enable that in my Apache. My Google-Fu isn’t good enough. All I see is ads for CDNs and conflicting information about whether it’s supported in Apache or not.
How does that help? You can tell any computer it’s Google.com or IP 8.8.8.8. you can tell your device that the other computer is correct, and middle man yourself
Except, we have one key to rule them all, one key to bind them. There’s literally a group of people who split the root key among themselves, and scattered it across the world (when they went home). They get together ever year or two, and on a blessed air-gapped computer, unite the key to sign the top level domains again. Those domains sign intermediate domains, and down the chain they sell and sign domains.
If any of these root domains fall to evil, these brave guardians can speed walk to the nearest airport and establish a new order
(I think we actually just started installing all the root and some trusted intermediate domains on every device directly, so I’m not sure if they still bother, but it’s a better story)
The solution you’re looking for is DNSS, where we encrypt the DNS request too so they can’t see any of the url. Granted, they can still look at you destination and usually put the pieces together, but it’s still a good idea
Ultimately, packets have to get routed, all we can do is do our best to make sure no one can see enough of the picture to matter. There’s more exotic solutions that crank that up to 11, but the trade offs are pretty extreme
Oh wow cant believe I missed this part of the UI… but yeah, you’re totally right. I thought it would happen auto-magically after importing via OPML. I feel clumsy now, but thanks for pointing it out!
Did you set up recurring searches for new episodes? Idk what it is set to be default but you have to set each show to do episode searches at a given interval.
I use Google Lens and I also have to keep Google app installed. I agree it’s annoying that they just can’t make the apps work standalone. There already is a package that nearly all Google apps dependend on. The package is Google Play Services. Why can’t they implement this into Google Play Services as they do with all the other stuff (quick share, find my phone, location services etc…)?
It’s part of the never ending death march of every decent Google product.
First it’s a name change, then they’ll tweak a core functionality so it’s really really helpful, then they’ll either kill it immediately or move it into another package (thus fracturing older apps and devices from the functionality completely), then they pay wall it or kill it abruptly.
slrpnk.net
Hot