Bob Lord πŸ” 

I made the mistake of searching the internet for this phrase "how large is the personal VPN industry?" 😱

This is a multi-billion dollar industry based on the manufactured fear that Evil Baristas are going to break into your bank account if you use public wi-fi. 🦹 β˜• It's just not true.

@zackwhittaker just posted this excellent article in which he writes, "...VPNs are only helpful in a handful of situations. For some, using a VPN can be as dangerous as not using one."
https://techcrunch.com/2024/11/15/think-you-need-a-vpn-guide-start-here/

Exactly right.

People are often surprised that all your banking and shopping connections are fully encrypted without needing to pay anyone. My results are almost certainly typical for banking and shopping:
https://medium.com/@boblord/attack-of-the-evil-baristas-b204436f0853

To my TLS denier friends, please think about this question: β€œWhat would change your mind?” What specific technical changes would you like to see for you to abandon your coffee shop VPN addiction? What changes would you need to see in IETF standards, cryptography libraries, browsers, operating systems, websites, and CAs? Also, what crimes would we see reduced as a result? (That last one is a trick question. Evil baristas are not cracking your bank’s TLS connections.)

If your answer is β€œnothing would change my mind,” then you have made a decision based on religion and not facts.

Think you need a VPN? Start here. | TechCrunch

Not everyone actually needs to use a VPN. This simple guide will help you decide if you need a VPN for your situation.

TechCrunch
Nov 16, 2024 at 7:28pmWeb
Show threadscriptjunkieNov 16, 2024
@boblord @zackwhittaker I'm going to disagree as virtually every non nerd I know who uses them does so to avoid region restrictions and stream stuff they want to watch.
Show threadBob Lord πŸ” Nov 16, 2024
@sj @zackwhittaker I've heard a few people say that, but then that's a different use case that's not about security.
Show threadscriptjunkieNov 16, 2024

@boblord @zackwhittaker Right, and I think that use case is what the multi billion dollar industry is based on.

"This is for security, definitely not violating IP law" is a convenient cover.

Show threadAndrew BartlettNov 16, 2024

@boblord @zackwhittaker I trust my ISP and mobile phone company more than I trust an VPN service, particularly given the recent revelations about the connections to Israeli Military intelligence.

I also don't really trust that a VPN is much of an anti tracking service given browser fingerprinting.

Show threadReiner Jung πŸ‡¬πŸ‡± πŸ‡ΊπŸ‡¦ πŸ‡ͺπŸ‡ΊNov 16, 2024
@boblord @zackwhittaker I thought it is for watching videos on Netflix from different locations.
Show threadMichael HorowitzNov 16, 2024
@boblord @zackwhittaker
Your focus on TLS is misplaced. There are also DNS trust issues and potential attacks from other LAN side users. And, you can research a VPN provider and find one that is trustworthy. You can not research the trust in a coffee shop. And, evil twin SSIDs. And, as to TLS, all certificates are not the same.
Show threadBob Lord πŸ” Nov 17, 2024
@defensivecomputing @zackwhittaker Which VPN product do you recommend? πŸ™πŸ»
Show threadMichael HorowitzNov 16, 2024
@boblord @zackwhittaker
One benefit that a VPN can provide is DNS filtering - be it ad blocking, tracker blocking malware blocking or whatever. Not all VPN providers offer this but many/some do. And its a free feature. Yes, people can get this without a VPN, either in one browser or system wide, but how many people really do?
Show thread@[email protected]Nov 17, 2024

@boblord @zackwhittaker In a previous life, my job involved studying cases where someone would try to attack the TLS level. The findings: the vast majority of TLS attacks came from VPNs, specifically from the ones which required the user to install new root certificates.

Next: "Send me a fax, email is not secure."

Show threademeryNov 17, 2024
I will stop using VPNs when the global passive adversary goes away.

CC: @[email protected]