this post was submitted on 06 Oct 2024
735 points (90.8% liked)

Technology

59589 readers
2936 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

you are viewing a single comment's thread
view the rest of the comments
[–] moon@lemmy.cafe 381 points 1 month ago (56 children)

What is he talking about, public WiFi can easily poison and monitor your DNS requests (most people don't know or use encrypted DNS), and there's still tons of non-https traffic leaks all over the place that are plain text. Even if encrypted, there's still deep packet inspection. VPNs can mitigate DPI techniques and shift the trust from an easily snoopable public WiFi to the VPN's more trustworthy exit servers.

This guy really needs to elaborate on what he's trying to say when the cyber security field very much disagrees with this stance. I'm not a huge fan of Proton, but they aren't doing anything wrong here. You should use it for public Wi-Fi.

[–] AlecSadler@sh.itjust.works 8 points 1 month ago (5 children)

I'm not even an expert in this stuff, but with a tool I found online I demonstrated that it was easy to snoop people's passwords on my school's wifi networks back in the day. It took minutes.

[–] 5dh@lemmy.zip 22 points 1 month ago (4 children)

That must’ve been quite a while ago

[–] AlecSadler@sh.itjust.works -5 points 1 month ago (2 children)

I mean, yes, I'm in my 40s, but it's just as effective today.

[–] 5dh@lemmy.zip 30 points 1 month ago (1 children)

I’m sorry, but I don’t believe it is. Nearly all traffic is TLS. When this is attacked, you’d get TLS error. Am I missing something?

[–] AlecSadler@sh.itjust.works 2 points 1 month ago

There exist plenty of services on school campuses that send passwords in plaintext. There are services outside of school campuses that do, too. Hell, I've been able to bypass 2FA checks by just navigating around them, I don't know what else to tell you, not everything out there uses the best security practices, so don't assume that they do.

[–] ByteOnBikes@slrpnk.net 5 points 1 month ago

I guarantee you it's not.

load more comments (1 replies)
load more comments (1 replies)
load more comments (51 replies)