• SoonaPaana@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    12
    ·
    1 year ago

    Why is installing a VPN considered bad? Is it because it is done without user consent? I don’t understand if there is any malicious intent.

    • can@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      58
      arrow-down
      4
      ·
      1 year ago

      Brave browser has been automatically installing VPN services on Windows computers without user consent, but it remains inactive unless the user subscribes.

      They’re installing extra software that’s useless unless you give them money. Plus you really want to be aware of your VPN since all your traffic will be going through it.

      • Aatube@kbin.social
        link
        fedilink
        arrow-up
        6
        arrow-down
        3
        ·
        edit-2
        1 year ago

        It doesn’t auto enable and chromium also gives you a lot of unnecessary features. While I think Brave is bloat I don’t see how this is any more than the usual.

    • just another dev@lemmy.my-box.dev
      link
      fedilink
      English
      arrow-up
      33
      arrow-down
      4
      ·
      1 year ago

      Because a vpn can monitor all the websites that you visit. Not directly what you’re looking at, but definitely where you’re looking. Just line your provider can, if you’re not using a vpn. But at least with your provider, you have a contract with them - you pay them to transport your data and nothing more. Some very scummy providers aside, that’s where it stops.

      A free vpn, however, needs to pay for transporting your data somehow. And if you’re not paying for it with money, then who/what is?

      See also Tom Scott’s explanation about vpns, why you probably don’t need one, and why he refused their advertisement money.

      • dustyData@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        1 year ago

        It’s not even free, the service itself is a payed subscription. But it’s there and it could be working and funneling data without the user knowing it if they wanted to.

        • just another dev@lemmy.my-box.dev
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          I’m interested to hear what you think a vpn will protect you against. Or what you think the flaws in Toms arguments are.

          Edit: I don’t know about you, but I trust my own, GDPR-backed isp far, far more than I trust whichever foreign based vpn company. Especially if they for it for free or cheap.

            • just another dev@lemmy.my-box.dev
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              The only thing you’re “protecting” yourself from by using a vpn to surf the Internet, is your own provider. It won’t stop any spying software on your phone, or any nefarious scripts on the websites you visit.

              Tom’s argument was more nuanced than that, which is why I linked it. I suggest you watch it and explain where he’s wrong if you want to give your argument to ignore him any weight. Ad hominems and “imagined” arguments alone won’t get you very far, I’m afraid.

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          1 year ago

          I actually work in cyber security and I was really happy Tom Scott released that video. VPN companies are some of the scummiest companies out there, and their rampant sponsorships on YouTube were shameless misinformation and fear mongering in order to scare you into giving all your internet traffic to them. Seeing so many sellout tech YouTubers take their sponsorships despite knowing better COUGH NetworkChuck, was one of my biggest pet peeves.

          There are seemingly legit VPN companies out there, and there are some legitimate use cases for them, but what Tom is addressing are the shady ones that lie to you about what they’re for and how they help you for their own monetary and in some cases data mining benefit. In most cases you do not need a VPN, and it doesn’t do anything to protect you from “internet criminals”, or provide extra “security” and it only “protects” your privacy by shifting the for-profit company that gets to see all the websites you visit.

          I too would like to know why you think a VPN is needed “on today’s web”, I would bet money it came directly out of one of theirs ads scripts.

          • sab@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            1 year ago

            I doubt either one of you will ever hear from them. I guess they haven’t even watched the video to begin with.

            • Encrypt-Keeper@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              1 year ago

              When I’m away from home, I use my own Wireguard VPN back into my private network, where all of my traffic is filtered.

              That’s your own VPN, not a commercial VPN service and you’re using that for what I would assume is DNS filtering. Thats entirely unrelated to what a commercial VPN service does and what Tom Scott’s video is about. And that’s not even a benefit of your VPN, your VPN is just a tool you’re using for remote access to your DNS filter/server which is what’s actually providing you that service. I could do the same exact thing with a recursive DNS server and Pihole using DOH without a VPN at all.

              I use a VPN for my job as well, and it isn’t to protect company products (we don’t make a product). It’s to keep prying eyes out.

              That is again an entirely different use case and product than what a commercial VPN service is offering. That’s not even for privacy, it’s for secure remote access to your company network.

              I’m sorry, but when my wife and kid’s phones are showing them ads for things we talked about 5 minutes ago, they appear horrified by it. Then they move along like nothing happened. That’s the typical user.

              That’s not a problem a VPN service solves.

              I will continue to not be spied on 24/7 by corporations and my government.

              With a VPN service like ProtonVPN, all you’re doing is changing the corporation that can see which sites you visit from your ISP, to Proton. It isn’t inherently any more private or secure, you’re just choosing which corporation you allow the ability to spy on you.

              I don’t remember if I saw that video from Tom Scott or not, but I imagine his argument was along the lines of, “if you aren’t doing anything nefarious or you don’t live in a nation state that censors you, then you have nothing to worry about”.

              No, his argument was that outside of spoofing your location, and hiding which sites you visit from your ISP specifically, VPN services don’t provide the average consumer with any additional benefit over what you get for free by default due to the wonderful inventions of TLS, and HSTS. The point is that VPN service companies use scare tactics to get you to purchase a product you don’t need to solve problems you don’t have. NetworkChuck made a whole sponsored video about how somebody can man-in-the-middle you at a coffee shop to steal your credit card information to demonstrate the effectiveness of a VPN service and the attack he demonstrated was literally impossible. He created a fake, non-real world scenario straight out of 2003 to deceive the less tech literate public in order to shill a VPN service.

              Tom Scott provided a fantastic public service by educating people on what a VPN actually DOES and what it DOESN’T DO. So people can actually make a decision as to whether they need one due to the facts, not misinformation and false advertisement. You on the other hand still can’t seem to articulate what exactly you think a VPN services does for you and how it does it. You have a lot of buzzwords and vague statements about “being spied on”, and never actually said why you think commercial VPN products should be used by the average user “On todays web”.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      2
      ·
      edit-2
      1 year ago

      I agree with what other people said. And here’s a new twist.

      Any software that messes with the networking stack, can cause really difficult to debug errors. And it may induce errors in other programs. The more complicated your computer’s networking, the more fragile it is.

      So introducing, silently, unasked for, network drivers and VPN hooks into the operating system is harming the compute stability of their user base.

      At the very least, it should be opt-in! There should be a dialogue asking hey we have this new awesome feature, click okay to install it, something like that. Informed consent

    • ackzsel@kbin.social
      link
      fedilink
      arrow-up
      15
      arrow-down
      2
      ·
      1 year ago

      It’s “all your mail is now redirected to a third party that makes money by mining it for data without you knowing” level of nastiness. Absolutely deplorable and a reason to never touch anything made by the people behind Brave even with a ten foot pole. Brave is a scam and why people pretend its not is beyond me.

      • ares35@kbin.social
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        that’s what the new outlook ‘app’ (replacing win 10/11’s mail ‘app’) does with gmail accounts. routes all your mail from gmail through microsoft servers before delivering to the app on your pc.

        • ackzsel@kbin.social
          link
          fedilink
          arrow-up
          4
          arrow-down
          2
          ·
          1 year ago

          They’re apprehending ALL of your browsing activity to their lucky vpn provider of choice.

    • ares35@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      a service has far more privs on the system than a browser should have or need (which can be installed on a per-user basis, no admin/root required).