Hacker News new | ask | show | jobs
by vladvasiliu 1031 days ago
> C. Security at potentially unsafe access points.

> you get some [...] security at Starbucks

This keeps coming up. What additional security do you get if everything is HTTPS nowadays? If you connect to unencrypted endpoints somewhere, why is a potentially untrustworthy VPN better than a potentially untrustworthy Wifi access point?
3 comments
roelschroeven 1031 days ago
Using a VPN prevents Starbucks from seeing which sites you connect to (by monitoring DNS traffic and IP addresses); I can see how people might find that useful.
link
vladvasiliu 1031 days ago
If it's your own VPN, then sure. But if it's a random, untrustworthy VPN, it's just a question of who gets to sell your data. I also don't totally agree with the other poster's point. I think that it's maybe better for there to be multiple entities which each get a subset of the data (the different coffee shops I may visit), instead of a single one who gets everything (my VPN provider). Even if it's possible to somehow stitch everything back together again, at least this makes whoever's interested in my data work a little for it instead of having it on a silver platter.

Personally, I don't want my data sold at all. It's not Starbucks specifically who I want to prevent from selling my data. If it's totallynotshadyvpn.com who does it, it's just as bad.

link
thathndude 1030 days ago
"Personally, I don't want my data sold at all. It's not Starbucks specifically who I want to prevent from selling my data. If it's totallynotshadyvpn.com who does it, it's just as bad."

That ship has sailed

link
mu53 1031 days ago
MAC addresses can be used to uniquely identify you, and then they can see what domains you are connected to. It really can tell them a lot especially factoring in background processes and capabilities of predictive ML right now.

Its all about how far you spread your information. Giving it all to a VPN or spreading it across every wifi access point you need to use.

link
vladvasiliu 1031 days ago
Don't most devices use randomized MAC addresses for Wifi nowadays? I don't have a Windows machine handy to verify, but I'm pretty sure even they do it. Not sure if it's the default, though. Ditto for MacOS.

My Linux box (NetworkManager on Arch) does it, but I don't remember whether I had to manually turn it on.

edit: according to [0], NetworkManager defaults to randomized for scanning, but not for connections.

[0] https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoof...

link
coldtea 1031 days ago
>Don't most devices use randomized MAC addresses for Wifi nowadays?

Does it help if you're one of 2 people in the Starbucks, and the other person is the one logging the IPs you visit?

link
vladvasiliu 1031 days ago
Well, since they can't correlate the MAC with you, I don't see how it's different from the VPN provider logging and selling the IPs you visit.
link
coldtea 1031 days ago
>Well, since they can't correlate the MAC with you

They don't have to. They see you right there.

link
vladvasiliu 1031 days ago
But then your VPN provider can do exactly the same. It even works if there are 1000 people in the coffee shop.
link
Ms-J 1030 days ago
The additional security comes from people not being able to tamper with the routing table or DNS on the ISP side and redirecting your connections.
link