39

With ever more Supreme Court fuckery going on I'd like to help comrades in my local org be better secured against potential breaches.

Ideally I'd like to recommend 1-3 options that meet these needs:

  • Easy to use
  • Can be used on phones as well as mobile devices
  • Doesn't retain any network traffic data

Any ideas on what options we have?

you are viewing a single comment's thread
view the rest of the comments
[-] sovietknuckles@hexbear.net 14 points 4 months ago

and VPNs only obfuscate your IP address from the website you're connecting to.

If you're in the US, ISPs can legally sell your data since 2017, so another purpose of VPNs is to obfuscate what sites you are visiting from your ISP.

[-] silent_water@hexbear.net 5 points 4 months ago

under most cases, they only have this data via DNS. it's encrypted once the actual https request is made - only the destination ip address is available at that point. so encrypting DNS and securing that is probably more important than the protection a VPN provides. if you use a VPN without some form of DNS encryption, you're trading one ISP you don't trust for a second you shouldn't trust but inappropriately are. DNS anonymization is an extra step you can and should take to ensure you're not trusting your DNS provider, either - it works by tunneling encrypted DNS requests through shared, public relays.

what you actually need a VPN for is to mask your ip address to the website you're visiting and to mask the ip address you're visiting from your ISP. these are important considerations but it's useless if you don't first protect DNS, ensure you can't be tracked via cookies/be fingerprinted, and ensure you're only connecting to websites over https.

VPNs are an important and useful tool but they're not the first or best tool for digital hygiene. you have to tackle each layer, one at a time. start at the top and work down the hierarchy.

[-] sovietknuckles@hexbear.net 7 points 4 months ago

it's encrypted once the actual https request is made - only the destination ip address is available at that point.

HTTPS includes the domain of the site you're visiting in plaintext, and your ISP will get that information about every request you make unless you're using a VPN/a proxy/Tor, DNS aside.

this post was submitted on 01 Jul 2024
39 points (95.3% liked)

technology

23313 readers
87 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS