tablet 
all these stupid VPN ads act like TLS has never existed
Dec 22 at 7:29amWeb
Show thread0x4d6165 (Julie or Mae)Dec 22
@thermia and that DNS over https/tls doesn't exist
Show threadsodiboo Dec 22
@0x4d6165 @thermia okay but realistically this is not on by default on most devices, a lot of public networks still get away with blocking it, and Encrypted Client Hello isn't right here so even with Doh/DoT, the domains you're visiting are still visible in most TLS handshakes.

(all of the solutions exist of course. but they're not widespread. not yet)
Show thread0x4d6165 (Julie or Mae)Dec 22
@sodiboo @thermia good point! Yeah I still use a VPN on public wifi but other than that it doesn't really make sense for me imo
Show threadsodiboo Dec 22
@0x4d6165 @thermia like. because ECH is not universal, the claim that "a VPN hides what websites you visit from your ISP or public network" is simply true. and to a lesser extent, it may always be true because IP addresses generally correlate to domain names. and like, you can't hide IP addresses from an ISP or else an ISP does not work.
Show thread0x4d6165 (Julie or Mae)Dec 22
@sodiboo @thermia the other side is you're still trusting someone if not the ISP then your VPN provider. Now there are pseudonymous ones but it's still an important limitation
Show thread0x4d6165 (Julie or Mae)Dec 22
@sodiboo @thermia and I would hazard a guess most entities aren't paying for mullvad with cash or monero
Show threadziviDec 22
@0x4d6165 @sodiboo @thermia i would much rather trust battletested decentralized solutions like tor or i2p over a sketchy corporation
Show threadZimmieDec 22
@0x4d6165 @sodiboo @thermia Exactly. “Use our VPN/proxy service to keep your telco from snooping on you!” always leaves off the “Let Belarusian telcos snoop on you instead!”
Show threadKye.br Dec 22
@sodiboo @0x4d6165 @thermia DoH is default on Firefox. Don't know about chrome
Show threadkimaprDec 22

@0x4d6165 @thermia doesn’t DoH have the same problems as a VPN but worse

you’re still trusting some random corpo with all your DNS requests, but now that doesn’t come with the benefit of not having your ISP see what server IPs you talk with (and without ECH even what hostnames) or the remote site not knowing your IP.

Show thread0x4d6165 (Julie or Mae)Dec 22
@kimapr @thermia there's more non-profit/publicly owned DNS providers than there are VPNs. And I trust them more than my ISP
Show threadLatte macchiato  Dec 22
@thermia shift your trust from a local ISP to my shell company registered in the seychelles ​
Show threadLouisDec 22
@privateger and please accept and trust my totally-not-shady-i-swear-its-for-blocking-ads root CA on all of your devices. ​
@thermia
Show threadleaDec 22
@privateger @thermia you should route all your traffic through my network. just install this CA cert first ​
Show threadRTG-powered VelDec 23
@privateger vel would trust near any VPN company much more than any ISP here tbh. at least the VPN companies have less legal data reporting obligations
@thermia
Show threadSkyper 💻🎧☕📖Dec 26

@privateger @thermia I feel you, but it's a bit more subtle than that. For example, in France, all ISPs are required by law to have "black boxes" run by the government in their facilities...

I've written a short essay on the pros and cons regarding using a public VPN:

https://blog.skyplabs.net/posts/vpn-security-improper-http-redirects/

VPN, Security and Improper HTTP Redirects - Skyper's blog

Personal blog about IT, Electronics, InfoSec, Hacking, Bug Hunting...

Show threadDave Wilburn Dec 22

@thermia

It's a weird phenomenon where a niche industry markets itself for one use (privacy) despite the fact that it is mostly used for something else entirely (piracy).

Show threadJonas KöritzDec 22
@thermia websites should start advertising TLS as a feature again and mock VPN ads by copying their claims 😁
Show threadPaul Wilde    Dec 22
@thermia they heard about SSL deprecation and thought "we have to do something about this!"
Show threadjust a blåhajDec 22
@thermia
all ads in general exaggerate :(
so fuck them, i'll block all of them.