[thathndude]

But a VPN service is only additive. The way I see it, it’s one of two ways:

1. The VPN is being honest. No tracking. All is well.

2. The VPN is lying, tracking, maybe even reselling your traffic. Fair enough, but they’re not in any more privileged situation than your ISP. They still can’t see inside your TLS connections and whatnot. And you still get the ancillary benefits of:

A. Geographic diversity of IPs;

B. Easy to get a new IP;

C. Security at potentially unsafe access points.

So, worst case, for $80 a year you get some IP flexibility and security at Starbucks. Best case, you also get the whole no-tracking thing.

[crimsonnoodle58]

Agreed.

I know my ISP in Australia tracks my internet usage, as required by the Government.

I don't know if my VPN provider (Mullvad) truly doesn't track.

But either way, I'm no worse off, most likely I'm better off.

[vladvasiliu]

> C. Security at potentially unsafe access points.

> you get some [...] security at Starbucks

This keeps coming up. What additional security do you get if everything is HTTPS nowadays? If you connect to unencrypted endpoints somewhere, why is a potentially untrustworthy VPN better than a potentially untrustworthy Wifi access point?

[roelschroeven]

Using a VPN prevents Starbucks from seeing which sites you connect to (by monitoring DNS traffic and IP addresses); I can see how people might find that useful.

[vladvasiliu]

If it's your own VPN, then sure. But if it's a random, untrustworthy VPN, it's just a question of who gets to sell your data. I also don't totally agree with the other poster's point. I think that it's maybe better for there to be multiple entities which each get a subset of the data (the different coffee shops I may visit), instead of a single one who gets everything (my VPN provider). Even if it's possible to somehow stitch everything back together again, at least this makes whoever's interested in my data work a little for it instead of having it on a silver platter.

Personally, I don't want my data sold at all. It's not Starbucks specifically who I want to prevent from selling my data. If it's totallynotshadyvpn.com who does it, it's just as bad.

[thathndude]

"Personally, I don't want my data sold at all. It's not Starbucks specifically who I want to prevent from selling my data. If it's totallynotshadyvpn.com who does it, it's just as bad."

That ship has sailed

[mu53]

MAC addresses can be used to uniquely identify you, and then they can see what domains you are connected to. It really can tell them a lot especially factoring in background processes and capabilities of predictive ML right now.

Its all about how far you spread your information. Giving it all to a VPN or spreading it across every wifi access point you need to use.

[vladvasiliu]

Don't most devices use randomized MAC addresses for Wifi nowadays? I don't have a Windows machine handy to verify, but I'm pretty sure even they do it. Not sure if it's the default, though. Ditto for MacOS.

My Linux box (NetworkManager on Arch) does it, but I don't remember whether I had to manually turn it on.

edit: according to [0], NetworkManager defaults to randomized for scanning, but not for connections.

[0] https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoof...

[coldtea]

>Don't most devices use randomized MAC addresses for Wifi nowadays?

Does it help if you're one of 2 people in the Starbucks, and the other person is the one logging the IPs you visit?

[vladvasiliu]

Well, since they can't correlate the MAC with you, I don't see how it's different from the VPN provider logging and selling the IPs you visit.

[coldtea]

>Well, since they can't correlate the MAC with you

They don't have to. They see you right there.

[Ms-J]

The additional security comes from people not being able to tamper with the routing table or DNS on the ISP side and redirecting your connections.

[coldtea]

For a lot of people their own government not being able to track their traffic (especially in difficult regimes) would be a strong benefit too.

[Bu9818]

If it's sufficiently strict, a VPN might get them in trouble and is not infallible to a sufficiently motivated adversary.

[flir]

You're missing an aspect. VPN use is a filter. If you're using a VPN, you're drawing attention to yourself.

A TLA that isn't running at least half a dozen VPN companies isn't doing its job, IMO.

[Ms-J]

Yes, a VPN does drawn more attention to your self, especially with the automated targeting. Best practice is to use an uninteresting VPN of your own, say to a very well known cloud provider as many businesses do this, or to a well known VPN, as your first layer. Terminate this connection and add chains of stronger VPN's after that.

Also, yes TLA's run many of the major VPN's behind the scenes.