Rich Freeman via plug on 31 Mar 2021 07:46:38 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Yipes! Those Web Ads are KILLING Me!

On Wed, Mar 31, 2021 at 10:33 AM Thomas Delrue via plug
<> wrote:
> On 3/31/21 08:38, LeRoy Cressy via plug wrote:
> > It might be a good idea to use a VPN.
> VPN's are not about privacy, VPN's are about ComSec. While they encrypt
> "the pipe" between your endpoint and the VPN service to prevent prying
> eyes, a VPN by itself doesn't do anything more than that. It changes
> where you appear on the internet, and that's (mostly) it. Just turning
> on a VPN will not make ads magically disappear, unless you explicitly
> pick a VPN that applies censorship for you. And if they censor that, who
> knows what else they may censor for you out of the 'goodness of their
> hearts'.
> VPN's may actually _decrease_ your privacy (depending on the provider)
> because now you have to trust your VPN provider as well to not be
> douche-ey and that field is way more wild-west-like than your ISP.

I mostly agree, but a few thoughts:

First, you probably have little choice in your ISP, but you have a ton
of choice in a VPN provider.  It is more of a wild west, but since
their whole market is around privacy/security and they have no ties to
you otherwise, you probably are going to be able to find some better
options.  Plus, if you get burned you can switch, unlike with an ISP
in many cases.  The VPN is also more isolated from your real-world
identity - they don't need as much info to provide service, so they
don't have as much private data to leak.  Your ISP ran a cable to your
house so they know exactly who you are, and can associate your
identity with all the traffic you send.

Next, the VPN does protect you against some ISP shenanigans.  For
example, there are those super-cookies that some ISPs have played
with, where they basically inject headers into http traffic you send
with a session ID.  The website on the other end can pay the ISP to be
able to associate that session ID with a unique ID that you can't do
anything about, so the website can correlate your identity across
sites and sessions as much as they want even if you go clearing your
cookies and so on, and there is nothing you can do to block it.  https
of course is one way to avoid this.  A VPN is another.  Even with
encryption your ISP still can track the connection, and potentially
pass data about it to others out-of-band.  That is something a VPN
gets around.

However, I do agree the VPN is going to do nothing about traditional
cookies, advertising, and so on.  That all gets done by the website,
and the VPN doesn't change any of that.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --