this post was submitted on 06 Oct 2024
735 points (90.8% liked)

Technology

59534 readers
3195 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

you are viewing a single comment's thread
view the rest of the comments
[–] undefined@links.hackliberty.org 5 points 1 month ago (1 children)

Maybe from a security perspective but in terms of privacy, no. SNI can still be read, and just because DNS isn’t plaintext doesn’t mean it’s not possible to see which servers you’re talking to. And like others have said, there’s still a lot happening in plaintext at the OS and/or application level.

[–] deadcade@lemmy.deadca.de 1 points 1 month ago (1 children)

Still doesn't make a VPN the "magic all in one solution" it claims to be. And SNI is encrypted on newer servers using encrypted client hello (ECH).

In terms of privacy, you're switching around which entity gets to see a ton of details. Do you trust random public wifi enough, given modern security standards? Or do you trust a VPN company more, despite false advertising?

Use HTTPS and DoH (Becoming a default on some Android versions), and the average person will be just fine without a VPN.

[–] undefined@links.hackliberty.org 1 points 1 month ago* (last edited 1 month ago)

That doesn’t really solve the issue of others near the public network being able to sniff out which IP addresses you’re connecting to. In fact, they could deny service to your DoH provider and force DoH not work (if they did the same to the VPN endpoint hopefully your VPN has a kill switch).

As for shifting the entity that sees your network traffic, that’s true and you definitely have to trust the VPN provider (and whatever company their traffic is passing through).