Security notes - security for the everyday person: Difference between revisions
Jump to navigation
Jump to search
Line 291: | Line 291: | ||
But do you need them? | But do you need them? | ||
Line 296: | Line 299: | ||
Depends. | Depends. | ||
In security, you do threat modeling, a.k.a. figuring out '''what problem you are trying to solve'''. | In security, you do [[threat modeling]], a.k.a. figuring out '''what problem you are trying to solve''', | ||
because it's easy to solve a problem you didn't really have, or focuses on a smaller but forgets a larger issue. | |||
In which case we bought into [[fear, uncertainty, and doubt]], and/or a sales pitch, and are not more secure. | |||
Which can even have net-negative effect, when nothing changed, | |||
when you only ''think'' you are safer, and act more careless. | |||
If you want to hide your browsing behaviour from your ISP (or free wifi spot), it helps. | |||
: browser traffic mostly isn't snoopable, but looking up the site name is. | |||
: this can be overstated, because in many countries such snooping is illegal -- but that doesn't mean they don't | |||
:: Redundant in that: the network can't snoop on the contents of HTTPS website traffic, which is now common on everything (and always was on important sites like banks and such) | |||
:: Redundant in that: other WiFi clients already can't snoop on you (because of how WiFi works), except with some specialist hardware | |||
:: useful in that: the network behind it ''can'' listen to plain HTTP, site name lookups (DNS requests, and/or HTTP [[SNI]] headers) and potentially block based on each | |||
:: sometimes that's a thing -- e.g. even if they can't see any data exchange with porn.org, they can see the fact that you looked up the name just now so are ''probably'' visiting it. | |||
If you want to not get localized in the world | |||
: because as far as a remote side is concerned, you come from that VPN company's servers, not from your own ISP's | |||
: say, livestreamers may worry about doxxing. While your hope IP ''usually'' doesn't give people anything closer than "this city or two", this is still a very reasonable defense (assuming it is not your only one) | |||
If you want to get around country restrictions, or even just sites that overzealously switch languages while traveling, it helps | |||
: which is purely about practical use, unrelated to privacy or security. Just the [[proxy]] part. | |||
: note that this may be against the ToS you agreed with on the site. | |||
:: How much the site actually cares, and how much it does against it, depends on what kind of site it is, whether it cuts into profits. But in the case of e.g. netflix, it's because ''they'' say no - the law doesn't. | |||
If you want to encrypt your browser traffic against snooping -- it mostly was already. | |||
If you want nother people on WiFi to not snoop on you -- they already can't really. | |||
If you want to be anonymous to the sites you visit, you should ''assume'' it does not work. | |||
: in particular when you tell it who you are, by logging in | |||
: but also, assume that VPN barely affects [[browser fingerprinting]] | |||
It solves some network-level privacy issues, but solves ''zero'' browser-level privacy issues | |||
: and do you ''really'' know which is which? | |||
: | More technically: | ||
The main point of a VPN is often proxying: | |||
that all your traffic goes to your VPN company's servers first (encrypted), | |||
and only ''then'' to the rest of the internet (unencrypted). | |||
: The first part of that path also cannot be snooped on. | |||
:: As far as the ISP is converned, it's just another secure connection - the contents are unknown | |||
::: They can find out ''that'' it's a VPN connection, but nothing about the contents | |||
Also, they add encryption, but as those parentheses suggest, only for part of the path. | Also, they add encryption, but as those parentheses suggest, only for part of the path. | ||
: whether that has any added value depends on who you (dis)trust more | : whether that has any added value depends on who you (dis)trust more | ||
Line 332: | Line 361: | ||
Upsides | Upsides | ||
* avoiding warnings from your own ISP (or others) for using P2P | * avoiding warnings from your own ISP (or others) for using P2P | ||
Line 365: | Line 372: | ||
Arguables: | Arguables: | ||
* useful if you assume your ISP is malicious | * useful if you assume your ISP is malicious | ||
Line 388: | Line 393: | ||
* may give a false sense of security | * may give a false sense of security | ||
:: most people don't realize what it ''doesn't'' protect. Basically, see all of the 'Neither' section below | :: most people don't realize what it ''doesn't'' protect. Basically, see all of the 'Neither' section below | ||
What you may think it does, but doesn't: | What you may think it does, but doesn't: | ||
* defeating ''some'' of the trackability of people who are specifically interested in you | |||
: Certainly not all. Not even close. And 'some; is not enough. | |||
* "VPN makes your internet connection faster" | * "VPN makes your internet connection faster" | ||
:: No. Also, that's vague. See the next two points. | :: No. Also, that's vague. See the next two points. | ||
Line 397: | Line 406: | ||
* "VPN makes your latency lower" | * "VPN makes your latency lower" | ||
:: It can't. The very nature of what it does is an extra step in routing (via the VPN servers) and encryption (which isn't free) | :: It can't. The very nature of what it does is an extra step in routing (via the VPN servers) and encryption (which isn't free) | ||
:: it may | :: it may add very little, but it cannot subtract. | ||
:: if a test somehow shows lower latency, that test is extremely forced in a way we must get technical about. | :: if a test somehow shows lower latency, chances are that test is extremely forced in a way we must get technical about. | ||
:: they only way it can be better is ''if'' something (probably your ISP) is actively doing content-specific throttling. | |||
::: in which case a VPN may make the latency more stable, but still not lower | |||
* "VPNs make for faster download speeds" | * "VPNs make for faster download speeds" | ||
:: Generally not. | :: Generally not. | ||
:: may have slight negative effect | :: again, may have slight negative effect, but that is often negligible | ||
:: the only reason it would be positive is that someone is specifically slowing that download, and now cannot | :: the only reason it would be positive is that someone is specifically slowing that download, and now cannot | ||
::: if so, yeah, a VPN would be a good stopgap - while you take | ::: if so, yeah, a VPN would be a good stopgap - while you take legal action to what is probably illegal for your ISP to do, or if not, that you ''want'' to make a big fuss about making illegal. | ||
Line 438: | Line 451: | ||
Specifics: | Specifics: | ||
* Defeating net non-neutrality | * Defeating net non-neutrality | ||
:: In most other places, net neutrality is still the norm - with some exceptions, like government forcing ISPs to ban specific sites (happens in a few places, mostly for P2P, and fairly ineffective). | |||
:: In most other places | :: but it's a thing in the US now that they're actively dismantling net neutrality[https://en.wikipedia.org/wiki/Net_neutrality_in_the_United_States#Net_neutrality_and_the_Trump_administration_(2017)] | ||
* "VPN masks your identity", "evades tracking", "you leave no trail" (anonimizing) | * "VPN masks your identity", "evades tracking", "you leave no trail" (anonimizing) | ||
Line 453: | Line 466: | ||
::: If you're talking P2P, know that there are companies that do purpose-built tracking - because there's so much of it and lessening (scaring and/or sueing you makes sense) makes it cheaper to run the network. | ::: If you're talking P2P, know that there are companies that do purpose-built tracking - because there's so much of it and lessening (scaring and/or sueing you makes sense) makes it cheaper to run the network. | ||
:: Note that a generic VPN is wider, Tor is a nicer option for some cases (and since it's redundant with VPN, choose which you prefer) | :: Note that a generic VPN is wider, Tor is a nicer option for some cases (and since it's redundant with VPN, choose which you prefer) | ||
Revision as of 11:21, 13 April 2024
Security related stuff.
Securing services
Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted |