Context: my gf mentioned getting a vpn for privacy, and I tried to explain that it “does” help, but it’s more like type of windows on a house. It certainly can be part of the package, but it’s no where near the foundation.

So i tried to explain the best that i could That if she was worried about online privacy the first step wasn’t to mask traffic, but to not submit personal data to anything online like FB, not use Google services that package everything on you together to sell to advertisers, and to limit phone apps to essentials.

But I’m curious on what other steps you guys would consider the “foundation” of online privacy that should be prioritized before a vpn. Any thoughts? Or am I way off base?

Note: this is in context of vpn for privacy. Using vpn to avoid Geo blocking and censorship I see as incredibly valid for those that need it.

  • @TCB13
    link
    English
    15
    edit-2
    8 months ago

    For a lot of people, encrypted and signed DNS, has around 75% of the benefits of a VPN without actually using a VPN.

    This is often overlooked but the thing is that most ISPs / countries block websites, log user activity and run traffic interception by changing DNS queries to redirect people to a server they control. Just by using a DNS provider that is capable of DoH / DoT you’ll be safer (and yes, enable domain and certificate validations).

    Using vpn to avoid Geo blocking and censorship I see as incredibly valid for those that need it.

    So, no this might not even be a valid use-case for a lot of people.

    • @ericbombOP
      link
      28 months ago

      Oh man see I knew i was missing stuff! My gf wanted more if an explanation of why I didn’t love a vpn but I couldn’t really explain more than “if you leave sign pots everywhere that you live here, probably don’t need to worry about bread crumbs”

      • @TCB13
        link
        English
        28 months ago

        Oh well, who doesn’t. This thing with DNS is like the dark secret of the VPN industry because if you think about it all those VPN providers run their own DNS servers and tunnel the DNS traffic via their tunnel and when they don’t you know what happens - if the ISP can still redirect your DNS queries it will still get your traffic.

        Either way, this is more of a people problem than a tech problem. You did right by telling her not to use so much social media and share less data, but it’s all about a mindset. It’s about the person that sees a cookie popup and goes in all options and disables everything. That never clicks on an offer for a “free service” and looks for the almost indivisible “skip setup” option.

        Besides the convenience aspects I believe there’s something fundamentally wrong with people’s education when it comes to cybersecurity and privacy. People should think of applications, services and websites like strangers on a street: if a random person ask you where you are going will you tell him? No you won’t, then why would you share your location with any app by default? If someone on the street asks your for your address will you give it up? No! Then why would you provide your e-mail address to any website?

        • @ericbombOP
          link
          28 months ago

          You’re so right and never thought of it like that! If you Google and find a new service you’ve never heard of, we’re expected to give up our soul in a heartbeat! Even for a new email so many are like: First name Last name Phone number for dual authentication Install this app for dual auth Birthdate!

          Like dude, there are a lot of services that just that information alone is enough to call in and take my account. It’s so scary how common that is.

          A game I play uses PayPal as the payment processor, and pay pal decided to pay this specific company I had to upload the front and back of my ID.

          Just… ugh.