69
submitted 1 year ago by tester1121@lemmy.world to c/privacy@lemmy.ml

I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?

you are viewing a single comment's thread
view the rest of the comments
[-] Ooops@kbin.social 8 points 1 year ago* (last edited 1 year ago)

But encrypting already encrypted HTTPS data is largely irrelevant (for that simplified analogy) unless you don't trust the encryption in the first place. So the relevant part is hiding the HTTPS headers (your addresses from above) from your the network providing your connection (and the receiving end) by encrypting them.

Unless of course you want to point out that a VPN also encrypts HTTP... which most people have probably not used for years, in fact depending on browser HTTP will get refused by default nowadays.

[-] serialtwo_six@union.place 0 points 1 year ago

@Ooops @tester1121 @loudWaterEnjoyer and apparently you also believe that the primary benefit of hiding your packet data is to avoid high-layer sifting by ISPs, and not hostile bad actors or foreign/domestic governments

[-] Ooops@kbin.social 1 points 1 year ago* (last edited 1 year ago)

Yes, given OPs question (triggered by VPN Ads even) and way of asking there is no reason to believe in any scenario where a state-sponsored actor "on the same network" is intercepting data (like "transmitted passwords") because it's only secured by https. That's "can I login safely from a public wifi?"-level.

As you seem to be passionate about these security issues I'm sure that you are familiar with the concept of threat assesment first. Do you believe that a random user asking publically about information seen in advertising is the target of government-level actors wanting to steal his login passwords used on https sites and that breaking the encryption is the easiest measure here?

As I read this question "high-layer sifting by ISPs" (and providers of open wifi) is exactly the threat scenario here.

this post was submitted on 06 Sep 2023
69 points (96.0% liked)

Privacy

31949 readers
647 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS