• LWD@lemm.ee
    link
    fedilink
    arrow-up
    55
    ·
    8 months ago

    Why I just hand my browsing data over to my ISP (and so should you)

    Why I let random websites have my unique location-specific identifier (and so should you)

    Don't think so

        • toastal@lemmy.ml
          link
          fedilink
          arrow-up
          8
          ·
          8 months ago

          Didn’t watch the video, but… Traffic is often already encrypted with TLS or other encryption & you don’t have to use the ISP for DNS. This would cover a lot of the data you would be discussing. Instead if using these advertized commercial VPNs you are giving the data to those corporations instead which is hardly better in many cases—luckily most of your traffic is encrypted with TLS & you don’t have to use them for DNS …which takes us back to the previous statement for concerns.

          There’s still value in VPNs for a several online activities (censorship, piracy, activism, etc.) & threat models to certain folks, but assuming the ISP is the bogeyman in most common scenarios for non-niche use cases is incorrect—but it isn’t how these commercial VPNs are selling themselves. If the ISPs possess the ability to break TLS encryption we’d have bigger issues to worry about & VPNs wouldn’t help. I would assume the video goes in this route but chooses the clickbait title for views.

            • toastal@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              If it’s all encrypted & they don’t have the DNS requests, all they can see is that you sent X bytes to some IP which isn’t very helpful. Who’s to say these VPNs aren’t selling their data back to the ISPs anyhow?

                • toastal@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 months ago

                  By who? Who is auditing the auditors? That’s not to say audits aren’t good, but when the code is proprietary, a lot of trust is required. I would prefer banking on solid, open tech which the TLS standard is. There is still use cases for VPNs, but outside like streaming piracy, you might be better served by the Tor network.

              • Lemongrab@lemmy.one
                link
                fedilink
                arrow-up
                1
                ·
                8 months ago

                Encryption doesn’t mean perfectly hidden. Metadata isn’t encrypted for HTTPS iirc. And the ISP knows who your sending traffic to since they are routing you there and are usually your DNS. When connected to a good and trusted VPN, all that is hidden, your DNS can’t give away your location, and the only server you contact is the VPN

                • toastal@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 months ago

                  What metadata? The headers are as encrypted as the payload. That there was a key exchange between you & a server isn’t too useful.

                  “Usually” is a strong word for DNS as well since all OSs let you change it & the megacorporations like Google & Cloudflare have already compelled a lot of folks to use their DNS ta resolve faster since the ISP ones are slow (& the smarter, curious folks used that as a launching point to find other provider or self-host). Some platforms have even been shipping DNS-over-HTTPS to get around some of these issues (since the payload & headers are encrypted under TLS).

        • Possibly linux@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          You are handing your data over to the VPN. However, with https only and encrypted DNS there is a lot less data to hand over

    • biddy@feddit.nl
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      Why would you hand your browsing data to the VPN company? It’s just moving the problem.

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        8
        ·
        8 months ago

        Market competition still exists for them, so they actually have a reason to live up to their promises still

  • Leraje
    link
    fedilink
    English
    arrow-up
    35
    ·
    8 months ago

    Do ISP’s monitor or sell or pass on your data? Yes.

    Do VPN’s? Depends on the VPN. Find one that doesn’t and can back that up with 3rd party audits and legal encounters.

    So can a good VPN protect your privacy? No, not by themselves. A VPN is part of an overall toolkit to be as private as you personally would like to be. It can help protect your privacy, that’s all.

    It’s really that simple.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      3rd party audits and legal encounters

      The problem I have with this is that audits or court cases do not prove that the server is only using that same exact code at the instant you are using it… changes to software are constantly made all the time, and they could all invalidate previous audits or presumptions of privacy or security.

      • Leraje
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        That’s true, there’s always going to have to be some trust, but a provider that takes the time and expense to invest in a privacy audit or defend their clients by not logging and establishing that in court certainly indicates they’re worth having that trust in.

  • Vendetta9076@sh.itjust.works
    link
    fedilink
    arrow-up
    27
    ·
    8 months ago

    A) as others have pointed out this is a rather shit video

    B) I fucking hate the “and nor should you” trend. Fuck off with what I should or shouldn’t do, just give me the facts and I’ll decide for myself.

    • LWD@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      I don’t like the way it sounds, but I appreciate the honesty. Videos like this are always prescriptive, even if they present themselves as if they are a personal, “just for my needs” thing.

      By the way, do you remember a video and Medium article posted by someone who was trying to convince us that big companies like Google aren’t really privacy invasive?

    • ExtremeDullard@lemmy.sdf.org
      link
      fedilink
      arrow-up
      21
      ·
      edit-2
      8 months ago

      half of the video is solely a critique of NordVPN

      I don’t know how good or bad NordVPN is. I have never used it. But I never will. EVER.

      You know why?

      Because they paid so many interesting Youtubers to shill their stupid VPN service, ruined so many otherwise interesting Youtube videos and wasted so much of my time that I swore I would never give them a single dollar of my money.

      I can’t stand advertisement and advertisers, and NordVPN has been truly heavy-handed. They’re not the only ones: Brilliant comes to mind too. They can all fuck off. They’ve achieved the exact opposite of what their ads was supposed to achieve with me: I’ll never patronize them.

        • ExtremeDullard@lemmy.sdf.org
          link
          fedilink
          arrow-up
          4
          ·
          8 months ago

          Actually I use Freetube with sponsorblock on the desktop and Newpipe with sponsorblock on Android. So I mostly don’t see shitty sponsors anymore.

          But my Formuler TV box - which runs Android - has some weird crashing problem with the default Newpipe player, so I have to use an external player (MX Player) which doesn’t have sponsorblock, sadly.

          So whenever I want to watch Youtube videos on my TV, I have to eat some NordVPN shilling - at least a little bit, just time for me to grab the remote and skip it - and I’m too cheap to replace the TV box.

          • Galaxy@lemm.ee
            link
            fedilink
            English
            arrow-up
            6
            ·
            8 months ago

            You could try Smart Tube which has built in adblock and sponsorblock and see if that works better on your android tv box

            • ExtremeDullard@lemmy.sdf.org
              link
              fedilink
              arrow-up
              3
              ·
              8 months ago

              SmartTube works very well. The problem is, it requires a Youtube account to have subscriptions, playlists and the like. That’s a hard no for me.

            • potemkinhr@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              Shout out for Smart Tube, the best YT app on smart boxes/android TVs, never had any issues

      • electric_nan@lemmy.ml
        link
        fedilink
        arrow-up
        34
        ·
        8 months ago

        My ISP, who I pay $100/mo for internet, tells me straight up that it monetizes my browsing data. I pay $5 a month to a VPN that ‘promises’ it doesn’t do that. Safer bet is the VPN. Even if they (VPN) sell my data, I prefer to spite the ISP anyway.

      • 0xtero@beehaw.org
        link
        fedilink
        arrow-up
        12
        ·
        8 months ago

        I see. Sure. There’s a risk of course.
        But VPN companies are not legally obligated to collect and save your Internet usage data like your ISP is.
        So select a provider that doesn’t, like Mullvad.

        • Possibly linux@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          Your Internet traffic is encrypted. As for DNS it is a little harder but you can setup encrypted DNS as well.

          • fl42v@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            Have all the sites you visit rolled out ech so far? 'Cause otherwise it’s enough for your ISP to notice you visiting fcriiff* to draw certain conclusions.

            * a reference to Cory Doctorow’s “Radicalized”. Mb anything your government doesn’t want you to do, be it torrents, LGBT stuff, abortion clinics, etc.

          • 0xtero@beehaw.org
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            Your Internet traffic being encrypted is totally up to the site receiving your traffic or to the app on your phone sending it. And you still leave your metadata at your ISP, along with DNS.
            Sure you can always set up your own DNSSEC but the effort compared to just clicking “connect” in that VPN app is not even compareable.

            I can be private and anonymous without VPN - but a normal user? Just use VPN dude.

  • noodlejetski@lemm.ee
    link
    fedilink
    arrow-up
    14
    ·
    edit-2
    8 months ago

    many ISPs over here offer a ~5-10% discount on monthly bills if you agree to have your traffic analysed for marketing purposes. the last time I signed a contract I had to explicitly opt out of that. the ISP providing internet to all of my landlord’s flats offers a similar deal when signing a contract, and 1. I’m willing to bet that my landlord has opted in, and 2. I have no way of opting out of that for my flat. I think I’ll stick with a VPN for the foreseeable future.

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    8 months ago

    Firstly, using a VPN ultimately consists in trusting the company providing the VPN service that it won’t be fucking around with your privacy. Considering that all your traffic goes through it, that’s a lot of trust to place in one company. And I generally don’t trust any tech company to resist the lure of selling your data for profit for very long in 2024 - even those that profess to be privacy-friendly.

    Secondly, modern corporate surveillance doesn’t rely on IP addresses anymore. So if you think a VPN protects your privacy, it really doesn’t. All it does is tell Google et al. which VPN provider you’re a customer of - i.e. you’re giving them even more data that they don’t need to have.

    That’s why I don’t even bother with a VPN. I only use one to evade geo-blocking every once in a while.

    • sbv@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      ·
      8 months ago

      using a VPN ultimately consists in trusting the company providing the VPN service that it won’t be fucking around with your privacy. Considering that all your traffic goes through it, that’s a lot of trust to place in one company.

      Is that any different than the trust we place in our ISPs?

      I agree with you. I fully expect my ISP/VPN provider to sell my traffic data, but I don’t see the value in paying a VPN do to it.

      • ExtremeDullard@lemmy.sdf.org
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        8 months ago

        Is that any different than the trust we place in our ISPs?

        It’s not. Your ISP is probably selling your data, and your VPN may or may not do that too. Just assume everybody sells your data.

        The difference is, when you leave home and you connect to a wifi, you start using another ISP. If you then lose the wifi and connect using 4G, you’re using yet another ISP. If you use a VPN, you funnel all your traffic to a single provider all the time. In other words, instead of distributing the risk over several potentially bad actors, you concentrate it on a single one.

        Like I said, that’s a lot more trust that I’m willing to place in a single company that only essentially pinky-swears won’t put me under surveillance.