| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by 0xADEADBEE 2630 days ago

There's a couple of bad faith arguments in this article that I didn't care for:

- Regarding user identification, rolling my IP address is trivial with a VPN. Less so on my static IP.

- The Facebook example without cookie deletion is a low-effort Straw Man

- I reject the leap that "we have figured out that they [VPNs] do not add much to your online privacy". In the very narrow terms defined, yes of course, but either the author has willfully missed out why people use them, or doesn't understand why.

I did enjoy this note though: "Somehow, VPNs have turned them not failing to do their job into something they can market as a special feature."; I think there's some truth to that.

I tunnel my traffic over a VPN to avoid my ISP building a profile on me. I change my IP every-so-often to mess with trackers at large. I accept that browser fingerprinting is probably thwarting my overall effort somewhat, but I'm reducing the vectors that I can. I firmly believe that VPN companies are capitalising on fear but I respect the hustle. I don't think any of those points are particularly niche (niche subject notwithstanding!) so I find it interesting to see this take on it. Perhaps this isn't an article representative of the position of the wider HN crowd?

2 comments

tylerl 2630 days ago

What you see as bad faith is actually a direct reflection of the benefits these VPN providers are claiming to provide -- if not explicitly on their own site (publishing false claims in writing often leads to bad outcomes) then at least in the ad copy they give to the Youtube hosts to read.

In ~100% of cases, you're safer SSH-tunneling your traffic to a cheap server at a cloud hosting provider.

everdrive 2630 days ago

>I tunnel my traffic over a VPN to avoid my ISP building a profile on me.

What do you believe this profile is made of? I don't mean this sarcastically. Facebook or Equifax's profile of you must be very complete and contextual.

But, your ISP has:

- The domains you visited, but not the specific URLs (via SSL & certificate names)

- The domains you visited, but not the specific URLs (via DNS)

- The IPs you visited.

- The ports of those IPs.

- Any unencrypted traffic, which as noted, is pretty rare these days.

Do you believe that with this information your ISP can build a very meaningful profile? It seems to me that the profile which Amazon, Facebook, and a Bank, (VPN or not) can build is far more damaging. (and, I admit that just because you can't prevent the worse profiling, it doesn't mean you shouldn't mitigate what you can.)

I promise, I don't mean any of this in a negative way. I'm somewhat in your boat -- I tried to do a lot for privacy via blocking and other mitigations, but I often wonder: do Amazon and Gmail effectively defeat my efforts?