UKH

Morning, 

It all went dark for a while then   

VPN's  

I keep seeing adverts for them, and some look a reasonable price wise.

Do I need one ? 

I'm not a dodgy type but and just thinking about the future and the wild west nature of the internet nowadays .

I'd appreciate some advice from people on the merits , or are the concerns people raise scaremongering .

I've no idea. 

TWS

You don't need one.

Some benefits of a VPN are a bit exaggerated. And its hard to know which to trust (see NordVPN's recent announcement).

But they can be useful, and are relatively cheap.

Tom Scott does a good video on them:
youtube.com/watch?v=WVDQEoe6ZWY&

As far as I can see, for the 'average' internet user, the major benefit is to access sites which are geographically restricted, eg I have been tempted to try a VPN to allow me access to parts of the BBC website which are blocked to anyone outside the UK (I live in France). But so far I haven't bothered.

I use Mullvad VPN. I don't think I necessarily need to use one, but I work in the digital industry so I probably have a higher than average awareness of the data exhaust that your online activities cause and how the tech giants can monetise it. The behavioural profiling they provide and the micro-targeting of messaging that enables is a threat to democracy as we know it. I try to do my best to not provide them with more data to feed their algorithms.

Thanks for the replies .

I don't think for my level of internet use I do need one or it's benefits would be mainly unused for myself judging by the replies so far.

That's probably most of what I use mine for. That and because I do contract work in some fairly disreputable countries (I'm looking at you, Somalia!) I sometimes can't otherwise access my credit card provider's website to pay off the balance!

Enabling DNS over HTTPS (DoH) will stop your ISP snooping on your web traffic. As others have said, the only real need for a VPN is spoofing your origin country for restricted content or downloading illegal content. For general browsing DoH and using HTTPS sites will protect you.

https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-google-ch...
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/

Thanks , 

I don't watch much TV online , just YouTube bits and Netflix (not so much )

I don't file share - I just buy music when I want something.

I don't FB or twitter etc ...

Only UKC to pass the time between working .

UKC is certainly one of the sites that uses the least number of tracking services, but they do use Google Analytics. Take a look at this article for more details on what that entails: https://www.lifewire.com/stop-google-from-tracking-your-searches-4123866

Oh, and you do FB and twitter, you just don't know it...

Surely that just stops them snooping on your DNS requests? They'll still see the IP address you're browsing, won't they?

And any site data that's in plain http. And probably some other bits of traffic, I suspect.

If you use unsecured wifi (eg you jump onto a public wifi access point, or connect to one that you cannot verify the authenticity and security of) then you should consider VPN to protect your network traffic.

None of us here are dodgy

You're asking a very valid question, and it's great that you're thinking of your security.  I use a Private Internet Access subscription (https://www.privateinternetaccess.com) , and it's switched on whenever I need to use wifi that's not my equipment, or I can't verify the security of the access point.

As an example, I recently stayed in a villa when away on a climbing trip, the villa had wifi.  I always connected with VPN enabled, as a) I don't know who installed the router and access point and b) anyone staying in or visiting the villa had access to the equipment.  If you have access to the hardware, then there's all sorts if nefarious things that can be done; it's best not to take the risk.

I make a point of never connecting to networks apart from my service provider 4g network.

:-D

Well being generally unlikable and unsociable I don't get to holiday or stay anywhere like that.  I don't get out very much nor plan to the way my life is going. 

Comes with my territory. 

I use Ghostery that appears block stuff like Google Analytics.

It's a free addon for Waterfox.

Thanks I shall give that a look 

And who does the snooping instead? Namely: the provider of the DNS over HTTPS service - which is probably Google. So all you are doing are providing them with yet more personal data.

Summary: it's not as simple as you've just implied.

This is the about the only universally correct response to any of these VPN threads. Very rarely does anyone present a genuine valid use case for them, John Arran’s above being one of the exceptions. 

The number one fallacy, which is encouraged by VPN companies to the point of fraudulence, is that they’re in some way going to protect you from the modern, Facebook-y, retailers-tracking-your-favourite-type-of-pasta type snooping that the public is concerned about today.

All they do, and all they were ever designed to do, is stop someone who owns the network between you and the VPN endpoint observing your network traffic.

If you want to look up pro-democracy materials in Beijing, a VPN to a western country is a great idea (though use of a VPN carries its own risks!). If you’re in a safe and modern country like the UK buying a cheapy VPN service from some random company in some other country probably increases the risk of your traffic being snooped if anything. 

PS. Ghostery, Adblock and the like are good recommendations (other than for looking at UKC, obviously ) and will do more to protect the average person’s privacy, for free, with no performance hit, than a VPN. 

Still open to a man in the middle attack.  And while doh will obscure the lookup - they'll still be able to see which ip and tcp port you're connecting to.

1.1.1.1 is the common DNS to use, it's CloudFlare. Are they owned by Google?

No idea who owns them. But why do you suggest it's better to trust all your (and everybody else's) DNS lookup data with 'Cloudfare', rather your own ISP?

I prefer the DNS requests from my IP to be lost in the of billions of lookups Cloudflare deal with everyday.

The snoppers charter means UK ISP's need to keep 1 years worth of internet browsing data for each customer. No thanks!

Surely a VPN does little or nothing to hide your tracks from those tech giants? If you visit a site with, say, Google adverts on it, visiting via your ISP's servers or your VPN's servers doesn't really have much impact on whether Google can profile you.

Only a pretty sophisticated one, I would think. It's certainly going to be much more difficult to pull off a man in the middle attack on encrypted DNS than conventional DNS. That's a big part of the point.

True, but I think that's much less informative than it used to be, as more and more sites and services are hosted in giant data centers with CDNs and other complexities in between and both IP addresses and ports shifting around.

True, which is why I use other tools to block them as well. 

Fair enough but it's comments like that which mislead people into thinking they'd benefit from a VPN when they really wouldn't. VPNs don't have any real impact on the tracking capabilities of the "web giants" that you talked about, and since you seem to know that, I'm not sure why you mentioned it in response to a question about whether someone should get a VPN. It's irrelevant.

But how secure is the other end of the VPN?  Your connection will only be secure between your endpoint and the VPN providers device, which could be anywhere. If I wanted to snoop on user traffic, you'd be better off looking there, rather than a single WiFi router halfway up a Spanish hillside

You are deluded if you think that your lookup history will be 'lost in the billions.' If Cloudfare has a commercial interest in tracking you - along with every other user of their services - then that's what they will be doing.

What you have achieved is to give your lookup data to a US-based company (where do they keep their data?), rather than your UK-based ISP.  Maybe this is better; maybe it isn't. In any case I don't think there is a simple 'right or wrong' answer here and, just because DNS over HTTPS is currently getting a lot of hype, it doesn't mean that it should be uncritically viewed as an answer to privacy concerns.

Not every company has Facebook's ethos.

https://www.theregister.co.uk/2018/04/03/cloudflare_dns_privacy/
https://blog.cloudflare.com/announcing-1111/

Is it not possible to enable DOH in Explorer? I just did a quick Google and nothing came up!?!

I've seen plenty of free VPN's in the App Stores, which I considered for Netflix, or connecting to Coffe Shop Wifi etc, b ut npo nothing about any of the companies behind the free Apps, so it's probably still risky.

I've no idea what that means .

I'm a scientist not a computer tech.

I imagine it could . No idea 

This is a slightly different point to what was discussed earlier (which was basically ‘should I use a VPN from an unknown but probably honest commercial company’) but is worth touching on.. in the worst case using a VPN is DEFINITELY risky.

You would be sending all of the traffic from your computer to their network for analysis. A lot of that will be encrypted these days, but some of it won’t be and they would see all of it.

You really want to be careful about anyone offering you a VPN service for free. What are they getting out of it?

If a browser doesn’t natively support DoH it’s not trivial. You can/have to route through a resolver you trust which is connected to a remote resolver via an encrypted method (https or TLS); probably a local resolver using cloudflared or dns-proxy .  You can then set all your normal un-encrypted (including non-browser originating requests) DNS requests through 127.0.0.1, which then forward to the remote DNS via DoH.

I coded out a MacOS run at startup taskbar tool that you can turn on/off and change the DoH resolver around  using a combination of the above for “a bit of fun” a couple years back.

Not a straightforward solution though if you want quick and easy DoH without a supported browser, though I imagine it will become a part of OSs in due course.

https://developers.cloudflare.com/1.1.1.1/dns-over-https/cloudflared-proxy/

I use airvpn, and have done for the last 4 years. I may be mistaken in my understanding of the service, but I use a VPN for my personal privacy while surfing the web.

I close the door and draw the curtains at home so that people can't see in my home, so why should I let strangers view my web mundane activities?

Also, why should the government have backdoor access to my VPN and WhatsApp mundane chats because the encryption is working?

Maybe the Great Wall similar to that of China's internet intrusion is heading this way?

GCHQ,the NSA and The Five Eyes are invasive enough in my personal life as it is while I surf YouTube looking at kittens fight through cling film doors.

It sounds way over my head, to be honest.. Maybe I'll just install Chrome!

Valid point. Maybe I'll just install a free one for Netflix and just have it disabled the rest of the time.

Im not aware that it’s actually live in chrome yet - but it is in Firefox (on Mac). As people have said; if you then use chrome, google search, google DoH through chrome, amongst other tools (like gmail)... you can quickly see where the issue is.

Distribution of services as well as encryption of services is required if you actually want to move toward genuine privacy.