[superkuh]

They protect against ISPs. My ISP, Comcast, regularly and as part of it's policy performs man in the middle attacks on subscriber connections in order to insert malicious javascript into user requests from 3rd party websites.

If hiding from your ISP is your threat model then a VPN is fine. It'd be better to use individual per-application tunnels though so you can still host servers with your ports locally and participate in the internet as an equal. Using a full VPN you rent prevents that.

[Wowfunhappy]

> Comcast regularly and as part of it's policy performs man in the middle attacks on subscriber connections in order to insert malicious javascript into user requests from 3rd party websites.

Wait what? This is the first I'm hearing about this!

[pietroglyph]

I think GP is referring to this: https://www.privateinternetaccess.com/blog/2016/12/comcast-s...

Comcast's behavior isn't exactly malicious right now, but it could be pretty easily.

[superkuh]

When it happened it broke websites' functionality (ie, it'd pop up in the Steam store browser and I'd be unable to close the pop-up within and have to start over). I even had it pop up between me and my bank website's non-HTTPS front page.

They may have desired to notify me of things but it's obvious what would happen. Those who implemented this system were not ignorant. They were malicious. Those above them telling them to do so may have been just ignorant or stupid.

These days I tunnel everything through one of my remote VPS.

[elliekelly]

It's nuts. And it's true. Link to previous thread on the topic: https://news.ycombinator.com/item?id=15890551

I found a github repo with the code once but I don't seem to have saved it. I'm sure it's on here somewhere though.