[tyingq]

Seems to ignore two things...

a) Your ISP is almost always in the same legal jurisdiction as you are. A VPN need not be.

b) A VPN has some incentive to deliver on privacy. Your ISP does not.

It's fair to call out that a VPN isn't perfect for either privacy or anonymity. But it clearly can be better than your ISP.

[bigiain]

Not only does my ISP have no "incentive to deliver on privacy, my ISP is _legally required_ not to deliver on privacy.

They are by law in the tinpot jurisdiction I live in, required to retain all "meta data" about my internet connection, and provide it to "law enforcement" which has turned out to include not just terrorist and serious drug crime divisions of the police, but also local council garbage services and the taxi commission.

All I need from a VPN service is for it to be slightly more difficult to request all the data invading my privacy than the mandatory legal disclosure of it that I'm subject to anyway. Anything beyond time-zone slowness and paperwork incompetence is just a bonus. I prefer VPN providers based in France or Finland or Iceland - on the perhaps vaguely over reliant on bad stereotypes theory that they'll put English language requests at the bottom of the pile, and that the Sydney Taxi Commission won't have an Icelandic speaker on hand to ask them for my internet date records...

Even if they keep all traffic logs, and even if they happily turn it over without a fight to anyone who can fake a plausible looking LEO email address from Australia, I'm still ahead in at least some important waays privacy-wise over not running a VPN at all... If they really don't keep logs, or really will push back against LEO requests without proper warrants, even better. But not doing that doesn't;t make them useless...

[lagadu]

This is my reasoning behind using a vpn for things other than getting around geoblocked content: I'm adding another layer of international bureaucracy and law enforcement to the process of a copyright's holder getting to me, despite it actually being legal where I live.

There's no barrier like international bureaucracy and language barriers. Good luck navigating the courts of 3 countries within the time period that any logs might have to be saved for at the last hop.

[peterkelly]

After reading the first sentence of your reply I (correctly) guessed which country you were talking about. It's a depressing state of affairs for sure.

[chewz]

People from the First World have no idea that porn and politically sensitive content is blocked in so many countries. Youtube is heavily censored - you won't be able to watch Charlie Chaplin movies or some lectures on Greek democracy in Thailand.

Also this censoring is poorly executed by some ISPs via simple DNS hijacking. As a result your connection is slow and with terrible jitter.

As for the proverbial airport/cafe WiFi - using VPN is not about not beeing tracked - it is about blocking easy access to your laptops filesystem by attacker on the same network.

Also if you do not trust commercial VPN provider just set up your own.

[chewz]

> Thailand’s Junta Got Charlie Chaplin’s ‘The Great Dictator’ Blocked From YouTube YouTube caved to requests from Thailand's military-backed government to block a Thai-subtitled clip from the renowned political satire.

https://www.indiewire.com/2017/06/great-dictator-blocked-tha...

[snazz]

How would an attacker access your laptop’s filesystem if you’re connected to the same network? I can’t think of any way that would work unless your operating system is horribly misconfigured (maybe to make the entire filesystem a network drive?). And how would a VPN protect you here?

[chewz]

Do you think every single machine/local network access is properly configured, especially with Windows? Not once I have been browsing Point-Of-Sale files in a cafe where I have been using WiFi cause someone did not separate networks. Just an example.

[JetSpiegel]

> unless your operating system is horribly misconfigured

So, Windows with (default?) settings?

[najra]

What would you consider the best/easiest way to setup your own?

[martinraag]

Streisand [https://github.com/StreisandEffect/streisand] automates the setup of several different VPN services on cloud providers.

[chewz]

I am running strongswan[1] with IKEv2 on cheap (10$ per year) VPS in Amsterdam, Netherlands. Or you can google for how to set up your own VPN on AWS/Google Cloud free tier.

[1] https://wiki.strongswan.org/projects/strongswan/wiki/UserDoc...

[2] https://medium.com/@tatianaensslin/how-to-create-a-free-pers...

[auslander]

IKEv2 is solid, fast and secure. And major OSes have native VPN clients, including iOS - no need to use 3rd party client software.

[rtpg]

> b) A VPN has some incentive to deliver on privacy. Your ISP does not.

Regarding this point, I think a good strategy here is to acknowledge that ISPs, like most organizations, don’t want to add to their workloads. Of course they aren’t privacy centric, but appeals to them oriented around _not_ having to store a bunch of logs or set up a bunch of processes can help to unite more people around initiatives to make things better for everyone

If everyone has the same ideals then it’s easy to team up. But even if everyone has different ideals, you might all still be wanting 90% of the same result and can still team up!

[mosselman]

Yes, VPNs might be unjustly talked about as a set-it-and-forget-it way to gain privacy online a bit, but what I find far more harmful is the blind trust people seem to have in their ISP. I often see the argument "You are just shifting trust from one company (ISP) to another (VPN).", yes, that might actually be the whole point.

ISPs can't be blindly trusted. I switched ISPs lately because my previous one started offering personalised TV-ads. This is a very scary topic and in Belgium it has already lead to some fishy things:

https://www.nieuwsblad.be/cnt/dmf20160913_02466535

Nice quote with regards to personalised tv-ads:

"Er komt ook een nog verdergaande versie waarbij ook het surfgedrag zal leiden tot gerichte tv-reclame. Daarbij wordt gemonitord naar welk type websites er in een gezin vaak wordt gesurfd, om zo interessepatronen te ontwaren die lucratief kunnen zijn voor adverteerders."

"There will be a far-reaching version in which browsing behaviour will also lead to personalised tv-ads. The websites visisted by families will be analysed in order to discover interest patterns that could be lucerative for advertisers."

Add this to the many cases where ISPs have fought for being allowed to use deep packet inspection to monitor what we do and you start to see that ISPs in fact think they have a right to collect and sell our data. Am I not already paying for internet and TV?

[ignoramous]

What's happening is the service providers are realising that a lot of lucrative billion dollar businesses have been built by selling ads on top of their last-mile services, they might as well do the same. In India, the companies that are ISPs are also Cable Providers and Mobile Network Providers. They have been caught MiTMing Https to inject ads. They do it cause they want their share of the internet ad revenue cake.

What's strange is that Belgium, in the post-GDPR world, has businesses with regressive behaviour wrt user profiling. What gives?

[Dylan16807]

Logs are worth a lot of money to advertisers if your customers can't effectively avoid the process.

[AstralStorm]

And a lot of money to a lawyer who will sue the ISP under privacy laws if it comes to light.

It has to be clearly stated in the signed contract that your data will be shared with third parties, in what way and how they will be processed. The company involved would definitely lose any Privacy Shield provisions for the EU and potentially peering rights.

Losing enough peering is identical to being disconnected.

Class suit of this kind is easy.

[kakarot]

I didn't get any money when my cell provider was caught multiple times selling my location history to anyone with a buck, including dangerous vigilantes.

[Dylan16807]

In the US they can share all the site IPs they want.

If you make them put it in the contract, sure: "We'll share it with all these ad agencies for the purposes of targeting." That doesn't help me at all!

[thinkloop]

> It has to be clearly stated in the signed contract that your data will be shared with third parties

The most valuable companies in the world trade in identity. They spend billions trying to figure out who you are. ISPs have it served on a silver platter, and there is generally little ISP choice. If ISPs haven't written it in contracts already, there must be a political reason for it, otherwise they doubtlessly would. Anyone know what the societal contract with ISPs is?

[john_minsk]

>Class suit of this kind is easy.

...in US

[smolder]

No, definitely not in the US. They sell everything and our treacherous congress specifically voted to allow it.

[pbhjpbhj]

If regulations require ISPs keep logs, or if they can make a profit from those logs then the workload is justified in reducing losses (fines from regulatory noncompliance) or increasing profits.

[dangerface]

> Your ISP is almost always in the same legal jurisdiction as you are. A VPN need not be.

Most of them are registered in five eyes countries, or twelve eyes. If they have anything in the US even if its just a single server they will claim jurisdiction over the lot.

There are too many agreements and loopholes to rely on the whole jurisdiction thing. Unless you use a 100% Estonia VPN company and server with no other locations you are not safe, even then its not enough. 5 years ago Sweeden was the safest country for privacy, things change.

> A VPN has some incentive to deliver on privacy. Your ISP does not.

While they generally don't an ISP can give you better privacy than a VPN, no worries about dns leaks, they can route every one through a low latency mixer etc.

I would rather pay an extra £20 a month to my ISP for real privacy than pay a VPN £5 a month for fake peace of mind.

[wglb]

So what protection does a foreign VPN provider have from the NSA? The answer: None.

[manquer]

If your threat model includes NSA you need to reconsider lot more than just a VPN

[auslander]

Disk encryption, firmware lockdown, home security with notifications, burner phones, Tails and Tor (via VPN), IRC, fleet of hacked Windows machines to route through, 10 online identities.

[blackflame7000]

Windows Defender oughta do it /s

[raxxorrax]

I always recommend users to pick a VPN service in a country not on friendly terms with domestic agencies. Sure, that country gets your data but have a harder time correlating it with anything.

In my circle, VPN use starts to be requested by non-technical users that just want to minimize their digital footprint.

Seems amazing to me, since people spend 200$+ on a service for a year, so it seems rather important to them.

No reason not to use globalization to your own advantage.

[pbhjpbhj]

A foreign provide surely has more, in the legal realm, than a domestic one?

[amdavidson]

What legal protection from the NSA does a foreign (to the USA) provider have? Signals intelligence from foreign sources is the NSA's exact mission.

At least the NSA has a purported requirement not to do domestic spying, even if Snowden proved that's not being followed.

[pbhjpbhj]

I was thinking that a domestic entity has no protections from the NSA, they have to open up if NSA says so "for national security reasons"? Whilst a foreign entity has not requirements to do so. Both domestic and foreign entities are subject to the same practical abilities; ergo a foreign entity is safer?

As for "no domestic spying", I thought the five-eyes group spied on each other to order so as to circumvent those requirements in domestic law??

[despera]

No it cannot be better. It can be only equally good or as bad as your ISP. Just because they claim that they protect your privacy that's just a blind faith.

Users trusted PureVPN claims for protecting their privacy but all it took was an FBI investigation and through court documents to find out that they actually were keeping logs, despite all their claims.

[feanaro]

It cannot be better but it is a matter of blind faith to trust they are better?

[okmokmz]

>No it cannot be better. It can be only equally good or as bad as your ISP

False

>Just because they claim that they protect your privacy that's just a blind faith.

Even if this is the case, it does not make your previous statement true