this post was submitted on 12 Feb 2024
147 points (96.8% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54716 readers
300 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
VPN, in addition to masking your real IP, will also encrypt all of your Internet traffic, even from your ISP.
What does that mean? Encryption is a means of making your data unreadable to everybody except those with permission to view it (you and the other person you’re talking to; servers in this case). Your ISP (otherwise known as your Internet Service Provider) is not your friend. They will turn your Internet traffic data over if asked.
This will include, at a minimum, any DNS lookups (more on that in a moment) and any unencrypted (http://) websites you have visited. A VPN can prevent this by obfuscating your Internet traffic. It is a special ISP (of sorts) that should not be logging anything you do on the Internet.
Back to DNS (Domain Name Service). Just like with phones, the Internet uses numbers to connect to other servers. And like a contacts list, DNS is a way to map those numbers to names. For example, one of the IPs used by www.google.com is 142.250.72.132. It would be near impossible to remember all the IPs used by every website, so we use DNS servers to translate them for us. It’s more complex than that of course, but good to understand the basics.
Back to the topic of VPNs. As long as you use a reputable VPN that doesn’t log your internet traffic, you should be safe from pesky lawyers knocking at your door. The beautiful thing about a VPN is that typically you set it up and forget it’s there.
Lastly, my best advice I can give you is to trust your instincts. If something feels too sketchy, then don’t do it. Some things are not worth the consequences. Happy sailing!
So does https. The only difference is that the ISP no longer can see which sites you are visiting. But now the VPN provider does.
Nope. Everyone who has the key can read the data. But usually only parties with permission do have it. Also no one is saving all the traffic data. Only metadata usually. And that is true for the VPN provider mostly too. They also have to turn over the data if they want to operate in the given country. The key is either using a VPN who claims (you as a user cannot verify it) to have zero logging or a very short log retention. Or to use a VPN provider outside your countries jurisdiction.
I'm having doubts about the VPN provider not logging. To trust them is a decision to be made. For simple things (like masking my internet usage when in a public wifi) I use my own OpenVPN server on my VPS. Though I cannot use this for piracy, since I'm the only user and it is directly liked to my name and address (through my VPS hoster).
About DNS: When I setup the VPN, the DNS queries should also go through there, right? Should I additionally look into DNS Sec? For my complete home network I already ditched the ISPs DNS server (currently using cloudflares 1.1.1.1). I probably would setup a VM in my NUC, that I got recently, for the services.
Thanks for your advice. I'm thinking about this for quite a while now. When I start sailing, I want to be prepared. Currently I'm collecting all the information. Then I will decide, if I want to try it.
VPNs usually route your DNS through them as well, sometimes to other DNS servers but sometimes they just send them to your original DNS server but through the VPN, kinda up to your VPN config - all of the vpn services I've used to date did this, although they were all reputable ones. I'd not recommend to use a questionable VPN though.
Dnssec only verifies authenticity of the server and the integrity of the data, so it helps to prevent man-in-the-middle of DNS, it doesn't provide privacy. Look into DNS over Https (DoH) instead. It provides e2e encryption for your DNS traffic which achieves what dnssec does, but also gives you privacy. DNS over TLS (DoT) also does this, but it runs on a different port so it's easier to block (e.g. if your isp decided they don't like private DNS), while with DoH your DNS traffic looks the same as other web traffic - and afaik it can't be blocked. As above, it's likely this is not needed for use with a VPN, but I'd recommend looking into in general for use even when not on the VPN. Things like controld or nextdns can give you even more peace of mind (although read up on their policies for yourself)
Pihole also can be your sole DNS provider and then you can pick your upstream server.
Thats what I have in my home network. Upstream is currently cloudflares 1.1.1.1
Unless you configure pihole to connect to CF via DoH, the above is still entirely true. Pihole is not a privacy tool, it's a filtering tool.
I used to have this setup too until I realised spending a single hour per year on pihole "costs" me more than paying for a good DNS resolver which can also do the blocking, and I can easily use on my phone as well when I'm away. I'm very happy to have switched, personally.
Definitely true, but I think the problem is there's no DNS out there that blocks everything you want. I've never found a DNS resolver that blocks my TV's telemetry domains, for instance. A pi-hole on a RPi runs super cheap so the quick initial setup adding blocklists is super worth it for me at least.
The above is still true for the upstream regardless, pihole provides filtering - it doesn't replace the privacy provided by using a trusted upstream server and you should still configure pihole to use DoH to the upstream.