[burnaway]

>> If you need to hide all of your traffic from other users in your local network, you can accomplish that in a trust-no-one fashion by running your own VPN endpoint on a server you control which provides better privacy guarantees compared to a centralised commercial VPN whose business model will eventually involve selling your data (once user growth stops but shareholders demand continued revenue growth).

the privacy protection for most people using VPNs is required against their ISP and other actors looking to analyse their traffic, not users on the local network. a commercial VPN will be better for privacy due to the crowding effects, ie. large number of users sharing the same IP and protects against correlation attacks - it's much easier to trace the activities on your own VPN endpoint back to you. of course you need to trust the operators, which is as different question.

[Terry_Roll]

>ie. large number of users sharing the same IP and protects against correlation attacks

Depending on where you are based in the world (see https://www.submarinecablemap.com) realtime throttling of vpn traffic can still identify a user and where they are going in some cases.

You can get a degree of privacy from visiting websites located on servers in big data centres, but nothing a search warrant couldnt find out retrospectively.

Just traceroute your journey inside a vpn to see where abouts you are going when connecting to a webserver anywhere in the world and workout the physical route you are travelling on the cable map.

Obviously the number of languages you speak also restricts where in the world you will be going online to a point and timezones can also make you stand out like a sore thumb if you visit a website when the locals generally arent.

I've identified (US) websites which can workout what DNS server you are using, so in my case, based in the UK if I swap from using a UK ISP dns to using another dns like quad9 in Germany, the (US) websites alter the content you can see, just on that single DNS server change.

There is no privacy!

[npteljes]

>There is no privacy!

I think this is a good message. In the same vein, there's no security either. All you can do is make your and your adversaries' life harder, and balance the different tradeoffs.

[Terry_Roll]

> there's no security either.

Dont buy that, care to elaborate?

[npteljes]

In the same line of thinking as the parent comment, there's no 100% security either. If you loot at IT, everything can be hacked, secrets leak, intelligence agencies hoard vulnerabilities, or even have insiders in security firms or larger corporations.

In the real life, no lock is invulnerable. Most can be picked, frozen, melted, etc and surely have other weaknesses too.

But to achieve their goal, they don't need to perfect. Just reasonably good. And so, I wish for people to be mindful about the nature of these. That they are not perfect, they are not hidder, nor secure. Just, maybe, reasonably so.

[Terry_Roll]

Your lock example isnt perfect, it cant fight back.

In IT, you need both joined up offensive and defensive measures which includes self destruct if secrets need to be kept. That is at best a Check Mate.

Take a VPN, in nearly all instances I have encountered the only traffic is genuine traffic, there is no dummy traffic to muddy the waters from external Deep Packet Inspection.

Likewise routing can be used to isolate, I'll give you a real world example which you might be able to relate to.

You are travelling by car from A to B, and you can take a variety of routes to get there. Most modern cars now have built in sat nav, and all you know is when your target is leaving and they will be using the car manufacturers satnav. So you have a window (at the start of their journey) in which to manipulate the targets satnav by giving it fake traffic data to cause it to take a particular route. Ergo you have been able to isolate your target onto roads they wouldn't normally travel. Now that can be done nationally over the radio station network, or nearby using a transceiver SDR in a chase car.

What makes you think the internet is any difference? Business efficiency like JIT is a weakness as we see with the chip shortages and other problems caused by covid lockdowns. VPN companies are no different, they need to maximise profit so they dont add in fake traffic to hide their customers traffic, and by virtue of being able to choose from multiple VPN providers, users self isolate themselves into yet smaller groups. VPN providers should really organise and share networks to further muddy the waters from external entities.