[neolog]

Mozilla is using Mozilla's website to explain why one of their security products is useful.

[Jaxkr]

It’s misleading marketing. Modern HTTPS fixes all the issues they say a VPN solves. NOBODY is entering sensitive information on an unencrypted HTTP website.

[Demonsult]

HTTPS reveals the server name in plain text early in the connection process. That, the DNS query and the IP header are tunneled away by a VPN.

[neolog]

A VPN hides my IP address from the website and the domain from my ISP. HTTPS doesn't.

[nichch]

Your IP address is a very small data point in the swarm of information used to fingerprint you.

See https://amiunique.org/

[shock]

An IP provides an approximate physical location – a canvas fingerprint does not.

[nichch]

Sure. That’ll protect you from a site that

- you visit once, or only on VPN, and have never visited before

- you don’t have a personal account on

- doesn’t contain third party scripts that track and correlate data (any js can obtain every point on that page and POST it away).

In practice, unless you are going extremely out of your way to protect your privacy, (for most cases) a VPN is security theater and may even further expose you depending on your threat model.

[paulie_a]

Do you really believe that?