Why do I always get a bad feeling about the motivations behind stuff like this? I want to believe it's for better privacy and security, but it's being driven by a corporation or two, and that makes me 100% suspicious. Like, for example, suddenly Edge is no longer respecting local DNS options and my pihole protects one fewer device from the real dangers to privacy. I don't want to be cynical so often, but this really doesn't feel like a benevolent move. Yeah, it's conditional at the moment, but as with Chrome and manifest v3, among many other examples, I'm losing my faith that anything with the potential to increase ad revenue will remain turned off for long.
VPNs don’t help privacy at all. They allow you to substitute trust in your ISP for trust in a different entity. For some, that may be good, but for most others it’s a wash.
I'd say they're still a net win, generally. The ISP vs VPN service tracking who does cancel out (if you ignore privacy claims of VPN providers, vs ISPs generally not guaranteeing that at all), but for every other service I might consume, when I'm on VPN I'm no longer connecting from a unique IP that can have other identifying information tagged to it.
To add to that: in Sweden (which is generally pretty ok in regards to privacy and rights) ISPs are required to store traffic for 6 months, while VPN providers are not.
It might be cheaper but still not free. Cost of electricity + time to maintain + Raspberry Pi itself. Not to mention that you don't get the variety of servers (for geo-location or more diverse networks not tracked to you by websites themselves).
Well the Raspberry Pi is already on 24/7 running a few other services for my home network. But even then, the energy consumption per month costs pennies. I update the device once a quarter and it takes me 5 minutes. These costs are so negligible as to have no impact on my decision making process.
Why would you? Nobody can connect to it without your private key. Or is there something I am not aware of? Genuine question, as I am running wireguard in a few places and thought it was secure by default.
Modern TLS is enough to prevent others from eavesdropping everything except domain names when on public WiFi. Domain names are sent in clear text if your client supports SNI.
ESNI is not implemented yet on any website. And there is no software support except beta versions of Chrome/Edge and you have to manually toggle flags in dev mode.
All SNIs are passed as plain text to your ISP/VPN, even with DoH/TLS secure DNS enabled.
They just replace your ISP with a VPN company. Which is the two is more shady is something you have to figure out, keeping in mind that a subsection of the internet just stops working or turns the aggressiveness of their anti-bot protections up to the maximum on a VPN.
1. You make DNS request about example.com. Your ISP sees this. Your ISP can see what websites you "might" visit.
2. You connect to 1.2.3.4. Your ISP sees this. Your ISP can see what websites you "did" visit.
3. You request some data and receive some data. Your ISP sees the size of the data. If it's not encrypted, it can also see the content. Your ISP can see (at least) the size of objects that you requested -- which is enough to fingerprint many specific contents.
Okay so not using a VPN gives effectively zero privacy. Let's look at a VPN:
1. You connect to a VPN (and let's assume your connection doesn't "leak" insomuch as now _all_ network traffic goes through the VPN). Your ISP can see this.
2. You make DNS request about example.com. Your VPN sees this and your ISP can see a network packet. Your VPN can see what websites you "might" visit, your ISP can't.
2. You connect to 1.2.3.4. Your VPN sees this. Your VPN can see what websites you "did" visit. Your ISP still sees traffic to the VPN.
3. You request some data and receive some data. Your VPN sees the size of the data, and your ISP only sees the aggregate-size of data across all of your sessions. If it's not encrypted, your VPN can also see the content but your ISP should still only see aggregate size. Your VPN can see (at least) the size of objects that you requested -- which is enough to fingerprint many specific contents. Your ISP will have a tough time fingerprinting content from specific websites.
4. Your ISP can note that you have a high amount of traffic, possibly note that the traffic is going to a known VPN destination, and that your "normal" traffic is now gone.
Now, your VPN can see all the stuff that your ISP used to see. In addition, your ISP can now determine that you might be doing something illegal, suspicious, or at the very least "enterprise grade" and demand more money.
Your isp is legally resident in the country most likely to want to spy on you. There are also very few isps per country, so it's less work for the attacker to cover everyone they care about.
There are vast numbers of vpns, so total coverage is impossible. They are also very likely to be in a different legal jurisdiction so it's non trivial to do.
So, yes, you have, by making yourself a harder target despite having the same amount of centralisation on your part
Adding that in general a country's law (data protection/privacy in this context) usually targets its own citizens; traffic related to foreign citizens (as in the case of VPNs) would for sure have a lower degree of protection.
There's quite a few VPNs who have been asked to keep logs by the authorities but the VPN providers contest it in court, and since their jurisdiction laws don't need them to, the courts side with the VPN providers.
Mullad, OVPN are a couple.
What are your opinions on those?
Not every country has laws like USA/India, which give the government free reign by citing certain Acts.
IDK about simplyinfinity, but here in NZ, the last mile of internet infrastructure (the fibre from homes to the exchange) is owned by regulated companies which must lease access to them at set rates or lower, and mustn't act as ISPs.
As such, we have dozens of ISPs with their own backend infrastructure, all sharing the same last-mile, and most available nation-wide.
That said, they're all going to be buying transit from a big backbone ISP to get overseas connectivity.
As others have mentioned you gained privacy from your government that has easy access to whatever information your ISP has but not towards a VPN provider.
But the information you leak towards your ISP or VPN isn't the only variable. With a VPN you leak less information to the services you interact with (e.g. your IP is hidden) which undoubtedly increases privacy.
Based on that analysis, I say clearly yes!
Privacy is about choosing who to share with, be it a specific group or no-one. Being able to share with a VPN of my choice (who, if reputable, shouldn't further disseminate my information) is likely a privacy gain compared to being forced to share with my ISP (many of whom would gladly sell my data).
Being able to choose to reveal data to Mullvad over Comcast or Verizon seems like a clear win to me.
Yea i really don't get these people. Frustratingly. Perfect is the enemy of good here. Yes, full privacy is the goal, but i know certain actors are spying on me. If i can bypass them, i can at least attempt to improve it.
At the very least i rob Comcast of my data. Which is my goal, after all. Not full privacy.
> Yes, full privacy is the goal, but i know certain actors are spying on me. If i can bypass them, i can at least attempt to improve it.
The problem is that it doesn’t actually change anything while giving a false sense of security.
Your VPN’s ‘improved’ privacy is just as worthless as the privacy you get with just your ISP. If something requires privacy, neither can be used, and if it doesn’t then why should it matter which one you use ?
Privacy is an on/off thing. Either you have it or you don’t. There is no in-between.
No... It's a demonstration of adherence the axiom "Don't let perfect be the enemy of good" being misapplied.
The "Good" (VPN) is exactly as imperfect as it's complete abscence. There has been no improvement whatsoever. Literally, as far as Privacy is concerned, nothing short of "No one actor has the capability to sit on a full stream of traffic", will suffice.
Either you're MITM'd or you aren't. Use malicious postmen if it makes it easier.
If you have the same guy come, and all of your mail goes through him, he can reconstruct all conversational state.
Now imagine you get a different malicious postman at random every day. He eacesdrops on every packet, but he's not privy to which of his fellows is scheduled to get the next packet. Therefore, it's not practicable to MITM in any practical way. This all goes out the window when someone controls the malicious postman scheduler, of course, because then they can figure out a map of who to go to to reconstruct your conversation.
The above is the concept behind Tor, and why the only effective counter to it is to run a hell of a lot of entry/exit nodes so you can conceivably time correlate given enough consecutive probe points are hit.
Russia has the ability to drop a nuke in the region you currently live in, so there's no such thing as safety and therefore why do you have locks on your doors?
i find this extremely doubtful. I see the point of your statement, but i'm willing to bet 99% of all the already built nuclear devices wouldn't work today. There's no way that they're all stored in such a way that the delicate mechanisms are protected from the environment and oxidization, moisture ingress, insects, heat and cold expansion and contraction.
That a nation could make a new device is arguable, that a nation could make a device that could be delivered without flying planes over another country is less arguable. Even nukes as they stand would only pose significant threats to certain parts of a country (there was a map floating around the web a few days back of areas of the US most susceptible to the - pardon the pun - fallout from a tactical strike.)
My VPN provider (Mullvad) doesn't have my full name, address, and social security number. They could build a profile off my account number, sure, so I have to trust that they're not. If they actually aren't, fantastic, I win. If they actually are, I still win, because they have less data to build a profile on me from. I know for certain that my ISP is selling my data, so I'm certainly no worse off.
On top of that, I get the benefit of not being tracked everywhere on the web. Or if they are tracking me, they have bogus data. And I can set my exit server to a jurisdiction with more user-friendly privacy laws.
> Also, what better place to tap traffic than the connection of a VPN provider.
Well, per my previous post, my ISP is definitely a better place. Hell, you don't even need to tap them. They'll just sell you the data, along with other PII. (Setting aside Mullvad' multi-hop support, which would require taps in multiple jurisdictions).
I think the point you're trying to make is that this isn't resilient to the NSA monitoring my traffic. I had hoped it was clear from my message that there's another level of privacy I'm concerned with related to intrusive private entities. I'm not expecting the GDPR or similar privacy laws to stop the NSA either, but they serve a useful purpose.
I guess I'm banking on Meta and Google not tapping Mullvad. Or even the RIAA or MPAA, for that matter. Because my ISP will very willingly give those entities data. And as long as unencrypted SNI is the norm, my ISP knows more than I want it to know about my browsing behavior. Not to mention the stuff that isn't HTTPS. Sure, Verizon knows I've established a connection an encrypted tunnel and how much bandwidth I routed through it, but that's a level of metadata I'm not concerned with.
So, yeah, Mullvad could be logging every packet through their tunnel. They could even assemble a profile based on my account and sell it to all the data brokers and advertising networks. They still don't have my SSN. Even if all of that happened, then I'm still no worse a situation than if I didn't use them because my ISP is doing those things. At worst, I'll be out 5€ for the month.
If you don’t trust your ISP, then why not simply switch to another one ? I literally have dozens of ISP’s to choose from at my address. Last time I checked there were 13 ISP’s offering fiber service alone, if you’re willing to settle for DSL or cable there a lot more options. And that is with me living in ‘socialist’ Europe. I can only dream of how many options people in ‘free market’ USA must have.
I have two viable options, ignoring 5G and satellite services. The one I'm on is the lesser of two evils. And I've largely neutralized the primary concern I have with the ISP I'm on.
VPN and ISP are similar in term of middlemen, but there is an important difference downstream of said middlemen.
With your ISP, you appear on the internet as a residential IP that provides your approximate location and most likely doesn't change very often. The requests you make can be easily correlated by PRISM or any other middleman, or by any CDN running the websites you visit.
With a VPN, your exit IP is unrelated to your geographic location, changes very often, and hopefully it is shared among many more users.
GeoIP services are trash. My current IP on most GeoIP services gives a location >900 miles away. My last IP had a location in another country. I don't think I've ever had a GeoIP lookup resolve within 100 miles for any IP I've had.
GeoIP is only necessary when seeing a new IP. But once the IP starts to build a reputation, then the specific location can be determined. It's especially true if you buy something online.
My several datapoints is wildly inconsistent and has never been within several hundred miles.
My office: suburb of Chicago
My home: downtown Atlanta
My friend's house: just outside Phoenix
The McDonald's free WiFi: Chicago
A church's WiFi: Some random location in Arkansas.
I'm in North Texas.
Just a few examples I've remembered since making a point to test while I'm out.
Also you could use double VPN config from different VPN providers in separate geo locations with openDNS thrown in one of them. then it would be much harder to correlate your traffic out of the mix. its not about perfect secrecy its about becoming hard enough target.
> Now, your VPN can see all the stuff that your ISP used to see.
> Have you really gained more privacy?
Absolutely, 100%, unambiguously, yes; my ISP openly says that they monetize my data, my VPN says they don't. I'm very happy to gamble that the VPN is telling the truth when faced with the expectation that the ISP is telling the truth.
VPNs entire business revolves around not giving up your data, that's why you pay them. ISP business revolves around protecting their monopoly which means making the government happy. Massively different incentives which means they will act differently. If VPN leaks data and people find out they're done. If ISP does nothing changes for them.
The amount of loss of privacy you incur when some particular item of personal information about you is revealed to another party often depends on how much other information that party has about you.
If the ISP is legally protected from any inquiry or transparency into what they do with the data and is systematically incompetent about protecting it and the vpn exists in a country with good privacy laws, then yeah.
Of course they do? They are a tool that routes traffic through a third party. That can be anywhere from terrible to fantastic for privacy, with everything in between. There's nothing "of course" about it.
ISPs generally don't claim to protect your privacy at all [0]. So it would be foolish to trust them to do something they never claimed they would do. VPNs generally do claim they will protect your privacy so at least trusting them makes some amount of sense.
Going from "trusting" an entity that explicitly requires you to consent to spying when you sign up to trusting one which explicitly promises to protect your privacy when you sign up does seem like it would "help privacy" in most cases.
A major difference between your ISP and a VPN is that your ISP is generally an established company based in the same jurisdiction as you are. So, if they do something terrible, in theory at least, they can be brought to court. A non-trivial number of VPNs that claim to protect your privacy, however, are based all around the world with unclear corporate structures. If they do something terrible, you likely have no recourse at all. How much faith you want to put in a promise made by such a company is up to you - but I would push back on the idea that simply making a promise really provides much value by itself.
Why would I trust an entity that often has the legal backing to harvest my data and provide it to the government whenever they "deem" it necessary? The same government that has direct means of control over me? Whether it's the US, China, Germany, I think I'd rather put my chances with some private company that at least has financial and maybe ethical motivations (depending on the company) to protect my privacy. An ISP will only go as far as the law requires to protect it and who knows what backdoor deals are made with governments to subvert those same laws.
There is no realistic/helpful/useful legal process to sue over a breach of privacy. So my ISP being in my jurisdiction doesn't do me any good at all.
ISPs don't emphasize privacy in their marketing, but some large ISPs claim they protect it [0], although their claims are pretty dubious[0][1].
I think your logic holds up, but it's not quite as definitive as you say. VPNs are not the straightforward privacy upgrade that HTTPS is. (I don't think you were trying to imply otherwise.)
I think the picture improves if you choose more carefully. Choosing an established VPN that has a no-log policy and has been audited seems much better, because now multiple companies are putting their reputation on the line. On the other hand, I think a relatively unknown company that's reselling someone else's VPN and hoping to cash in on the "VPN = privacy" is only a slight upgrade over a major ISP.
I would reverse that assertion under the one condition that you don't use a VPN provider from your own country. In Australia at least, ISPs are legally required to maintain logs of everything you access for several years. By choosing to trust a VPN provider outside of Australia, you defacto have better privacy than you otherwise would have.
They also expose your data to the VPN operator. That's a negative on privacy. Whether it's a net negative or positive depends on the VPN operator and ISP involved.
In Germany (according to TTDSG) an ISP does not have to claim that. They need explicit permission to track you. It is pretty much as the post does not have to claim that they open your envelopes.
https://www.ivpn.net/ see "Do you really need a VPN?" - not affiliated with them, but tell me any other VPN-service that is actually this upfront... most are marketing the hell out of their apparent magic effects...
since we're on the topic: how is it still a thing that vpn services are actively pitching content-block/copyright circumvention? Seems weird to pitch something as shady this loud and publicly? Reminds me of how weird I find it that trackers and illegal hosting sites have twitter accounts...
I believe it is harder for my government to get my data from a foreign VPN service than from my local oligopoly ISP that is already effectively an arm of the government.
I think the only good reasons to use VPNs are for torrenting and accessing movies only available in other countries. For any privacy reasons its best to use Tor.
When trying to ascertain the intents of large organizations, I find it useful to examine previous actions. In the case of Microsoft, their willingness/intent to add ads and telemetry (including keylogging) into their OS seem to indicate they are doing this for serving ads better to their larger (paying) customers.
If you're not paying for the (specific) service, you are the product.
I mean, if you have an attitude that anything an organization does must be for an ulterior motive, you're always going to get what you are looking for. Heck, people too for that matter. Maybe my dog just pretends to love me to get food.
But in this case, Microsoft is looking for any competitive advantage against Google. They won't win on targeting, and they still make more money selling software than ads. So this does seem like an easy win for them.
> if you have an attitude that anything an organization does must be for an ulterior motive …
Well in the case where they are spending a lot of money to implement and operate a feature that nobody asked for and which has obvious privacy downsides, it does seem worthwhile to examine their motives. It’s not like we’re responding to the announcement for the next model of the Microsoft ergonomic keyboard with “hmmm, what are they up to?”
What is the obvious privacy downside of selectively enabling a Cloudflare VPN when browsing on public Wifi or unsecured sites (which is when it enables)? That Cloudflare can see what sites you visit?
On public Wifi and unsecured sites, anyone could potentially see and modify the data anyway.
The privacy issue is obvious. If my browser is funneling all of its traffic through a specific VPN instead of letting my system handle it, I have to wonder whether that choice was based on the VPN operator wanting to see my data or cooperating with someone who does.
This is like finding out Microsoft decided all internet traffic on windows should be proxied through their servers. Could there be a benefit? Yes. Does it raise serious questions? Most definitely.
> If my browser is funneling all of its traffic through a specific VPN instead of letting my system handle it
It's not. According to the article, it only funnels insecure traffic through the Cloudflare VPN (eg, to a site with an invalid certificate). And this doesn't prevent you from using your own VPN as well.
If you're connecting to a site over HTTP, and the packet takes 10 hops to get there, that's 10 machines that can see who you're connecting to and what data you're sending. Including, in all likelihood, a major CDN like Cloudflare. Also including anyone on the same public Wifi network. This data was never kept private to begin with.
If you're connecting over HTTPS with a valid certificate, the VPN isn't used. Even if it were though, they couldn't see your data. It's encrypted.
I am 100% with you in general, but this feels more like the Windows Defender launch than some fully cynical power grab. That is to say - Microsoft gets a lot of grief and work from windows installs getting taken over / viruses / etc. For users who don't pick up their own protection (and don't choose to turn off the default windows protection) this feels like a better default. I don't trust Microsoft, but you are already exposed to their manipulations when you are using their OS - and this will help protect you from other manipulations.
The reason you have a bad feeling is it gives the FBI/FEDS a single point to collect your data, with a man-in-the-middle attack that you will have no idea is there.
Maybe a dumb question, but isn't that already a given when using a browser? To me it always seemed a bit absurd to use VPN as it basically just gives another person all your info, but just assumed browsers and the big 5 just got most of the data anyway.
The only thing I can see working is pollution, pollution of our data. There are some current extensions that do some of that, but they are likely not enough and what we really need is a kind stream of data and requests that your own requests are simply merged into.
The thing is that it would need to be smart enough to prevent pattern recognition, e.g., it cannot just be random data because your specific searches and string of searches or actions will stand out quite obviously.
Yes, it would place a severe tax on the internet and a few things could be done to minimize that, but I currently do not see any other better option.
I could see it implemented where your activities online are merged with and threaded into those of related or similar communities, e.g., be it family and friends, the YC community, or a combination of different groups. The effect would come from the proximity to similar but not exact activities. To use a common example, if your legal free speech activities could make you a target, those online activities are muddled and polluted by being merged with other people's legal free speech activities, and your activities would be merged with those of others.
Consider it a kind of mutual compromise of society in order to provide protection/obfuscation in numbers ... the zebra in a herd, if you will. They can't arrest/target everyone if everyone has activity data that looks like they defy the ruling powers.
> The only thing I can see working is pollution, pollution of our data.
this is a terrible and dangerous idea. Nobody cares about the accuracy of the data they collect on you. Stuffing your dossier with random things won't cause anyone to throw it away just because there might be errors in it. Instead all of that data, random/accurate or not, will be used against you all the same.
Your clever browser extension might have been responsible for browsing to a bunch of fast food websites, but your health insurance provider won't care. They'll just see that in your internet history and quietly raise your health insurance premiums anyway.
If your legal free speech activities make you a target, adding more free speech activities to your permanent record just means you'll also now be targeted for those activities on top of your own.
You can't know what will prejudice someone else against you. You might not be gay, or Muslim, or a heavy drinker, or an Andrew Yang supporter, but your browser extension pulls in the wrong data that gets you flagged as being one and it could cost you your job, get you denied housing, etc.
You might not be looking into getting an abortion, but anti-abortion activists who buy up the data of anyone who appears to be trying to get one, or looking for support after getting one, will still see you listed and you will still get harassed by them or dragged into a texas court room.
You might not be rich, but data brokers and consumer reputation services will see that you've been interested in expensive vacation spots and online stores will start charging you more than your neighbors for the same items on the assumption that you are.
If you want to try to hide in the crowd look into a VPN or TOR (although be aware device/browser fingerprinting can still get your traffic associated with you). Just please understand that giving others more ammo to use against you isn't helping yourself or anyone else. Adding more and more data to your internet history just increases your risks substantially because no matter if you deserve it or not your life will be impacted in countless ways by the data you surrender and none of that data, "pollution" or genuine, ever goes away.
Using a browser that monetizes itself in any way seems like a slippery slope to me. I'd rather use Ungoogled Chromium/Bromite or even LibreWolf if it came down to it. Saying "that's it, I'm moving to Brave!" is basically declaring that you're moving your data from Microsoft(1) to Microsoft(2).
Yes but being able to use all of Chrome's extensions in Brave is a huge win to me. And most Chrome documentation, Q and A, tutorials are mostly relevant to Brave as well. I see Google and other behemoths contributing to an open source project as a good thing. The product may not be where it is today without their help, including paying people to work on a free product. Still, yeah don't trust them.
Can you please give a concrete example of what Apple should do, in your opinion, to expand their API targets? And how is that related to web standards complexity?
People complain about excess functionality being added to web browsers (HTML5, WebXR, WebRTC, etc) and many of these complaints are valid. Web browsers don't need these features, they should be relegated to native apps.
Except they can't be. Native apps don't offer the same freedoms that the web does. And so, we keep stacking technologies on top of web browsers to alleviate the problem. It's a bad situation, and both Google and Apple are gruesomely complicit in making this situation worse.
> Can you please give a concrete example of what Apple should do, in your opinion, to expand their API targets?
Stop browser lockdown. Allow sideloading. You know, the basics of computing that we had figured out since the mid-90s or when we sued Microsoft.
>not even Microsoft can afford to maintain their own browser engine
We don't know that. Maybe Microsoft could maintain their own browser engine if Google hadn't provided one on permissive open-source licensing terms that met their needs.
They gave up way too easily though. I don't think they ever had an interest in actually making a good browser engine. They've never managed one in their entire history. Microsoft love mediocrity, the "just good enough" mindset. Nobody takes their products on because they really excel at what they do. Just because they have a huge installed base, they're not so bad there's really a problem to use them and they integrate with everything else (e.g. Windows) nicely. For example Slack is so much better than that turd called Teams but nobody wants to pay the extra because Teams is free with O365 and user frustration doesn't cost anything on the bottom line.
This is why Apple really came out of the blue with Steve Jobs' razor focus on quality above all. Microsoft's goal is never to be 'best in class'. Because they don't need to be. People will buy it anyway.
So what's the solution? I hate this status quo as much as you do, and standing here in a Mexican Standoff is not viable forever. You're right. "The web" as a platform has been twisted and perverted beyond real usability at this point. There is no path forward where we undo Google's damage and preserve the qualities of the web we enjoy today. So, how do we fix this?
The solution (to me) is simple - fix native app distribution. Make platform targets operate the same as they used to, and give people control over their computer again. The only ones preventing us from a platform-agnostic utopia is Apple and Google, both of whom profit off the artificial difficulty of distributing applications.
So, here we are. Google is poisoning the web while Apple refuses to swallow their pride. Everyone is hurting, and nobody stands to gain anything but the shareholders. A hopeless situation, but let's not pretend like everything here is morally grey.
The solution is already impossible. When Mozilla had browser domination they had a chance to dictate something. The moment Chrome became popular, now another company, just as MS and IE did before, could just do the feature creep of "add feature, subtly break/slow down opposition, get more users that just want browser that works"
For starters, if a company makes a web browser with market share exceeding 50%, and also produces web sites and web apps, if those web sites and web apps to do any sort of user agent testing or require non-standard features of the aforementioned browser, it should be treated as ipso facto monopoly abuse.
Exactly. Brave just takes Chromium (from Google) and adds weird crypto stuff to it. None of the Chromium forks are "different browsers" in my eyes. They all depend on upstream for everything important. They couldn't develop the browser on their own.
Just use Firefox. It works just as well as Chrome (*), but it's based on a completely different engine which was built from the ground up.
(*) On desktop at least (on Android I still use a Chromium fork for now)
>Just use Firefox.
No.
Well, I'm not so rude, so "No, thank you".
>It works just as well as Chrome ()
Not on anything* I use, it doesn't, so "No....thank you".
Tbf, I do keep trying ff, but...clunky, jeepers!
'Fraid I'll hang on until my Brave jumps it's particular shark and then maybe I'll hop over to something else, but for now, and as long as I can still use UblockO, Brave it is.
> Brave just takes Chromium (from Google) and adds weird crypto stuff to it
That's a really unfair(and untrue) statement. Brave also removes some code they find privacy violating, built in a best in class adblocker, built a full cross-device sync system that works perfectly, some UI tweaks and enhancements, built Tor connectivity in, etc. Probably a lot more that I'm leaving out.
I am def not a fan of crypto or BATs or whatever they were pushing, but you can use it fine ignoring all of that.
To be fair, you can also disable Microsoft's built-in VPN. The problem is trusting people who don't have your best interests at heart, and using Brave products just kicks that can further down the road.
Normally this might just be a platitude of the sort, "Go check it for yourself." But in this case that's not what I'm saying. Brave is going to be used by large numbers of tech focused users with a privacy/security bent. And they are also competing against Google who will make sure even the slightest slip by Brave is promoted across the entirety of the web.
That code is scrutinized heavily. That the worst you can find about Brave is people making false statements about crypto stuff (it is entirely optional and opt-in with 0 coercion or dark patterns to push you there) speaks incredibly highly as to the current state of the Browser. Might that change in the future, as you seem to be suggesting? Yip! And when it does there will be a new Brave. But for now they continue to stay on an excellent path forward.
Blink (Chrome) is a fork of WebKit which is a fork of KHTML (Konqueror), but that is a very much different situation. None of the Chromium/WebKit-based browsers are full forks but rather merge custom patches with upstream development. They don't have the development capacity to go against any Google changes except for a few things here and there. Meanwhile Google isn't relying on KDE to develop new features - in fact KDE isn't developing any new KHTML features but instead is switching (or has switched) to WebKit/Blink.
I have at least three sites I use that i have to open in edge since they don't work properly in Firefox. Local bank, credit card issuer, and employer's guest wifi login portal.
The thing I like most about Brave is actually the crypto stuff, and I hate almost all crypto. This is actually a good use case for it - you have a distributed system (users browsing) across untrusted hosts (users).
People like to shit on advertising, but much of the internet exists today because of advertising. Do you think Youtube could exist at that scale without ads? I don't think so, personally. At least, not without another way to monetize.
Brave is the only player providing an alternative monetization strategy. Crypto or not, to me, that is by far the most interesting thing a browser has done in a long, long time.
Many sites are broken on non-Google browsers though. But the advantage of being able to use adblockers in Firefox alone outweight that - not even taking privacy into consideration.
> (on Android I still use a Chromium fork for now)
What chromium fork is on android and actually better than Firefox for android? I use Firefox for the best possible experience on android and would like to be aware of another option.
From my (anecdotal) experience, Bromite is faster than Firefox on my phone, but your mileage may vary.
I was originally using Firefox due to its uBlock Origin support, but Bromite has ad-blocking built-in (unfortunately it's not quite up to par with uBO but it works well enough).
I would suggest that you try both and see which one you prefer.
I must have a hundred things that I change on every install. At a bare minimum I'd be disabling pocket, prefetch, and search from the address bar for privacy reasons and then disabling service workers, webgl, and wasm for security reasons.
> Using a browser that monetizes itself in any way seems like a slippery slope to me. I'd rather use Ungoogled Chromium/Bromite or even LibreWolf if it came down to it.
The problem with this approach is that it’s impossible to get a safe binary that isn’t downloaded from “libfree.cxcc.gg” or whatever. The other option being to build from source, which is an absolute nightmare for Chromium.
All of those browsers have signatures available if you question the integrity of your binary. Otherwise this argument isn't any different for the likes of Brave or Chrome even.
> All of those browsers have signatures available if you question the integrity of your binary
Signatures available from whom?
The point being that a web browser is a very special case of software that has to absolutely 100% trustworthy from a reputable commercial entity (that is, someone that can be sued). The only other thing with that level of trust is your operating system.
So my Linux kernel running the majority of the infrastructure of the company I work for is untrustworthy?
Do you not trust kernel.org? Or the GPG signatures of the commits?
What about Mozilla?
As for "someone that can be sued", have you read any of the EULAs of the commercial entities that you think are "reputable" and "100% trustworthy"? You can't sue them.
Similarly, do you trust all of the CAs that have certificates in your OS or browser trust store?
I would. I already use FF mainly under a locked-down profile for mere reading. (I use another profile for madatory interactive sites like banking and stuff).
Others like me would. And resource-constrained devices. An eco-system of low-tech sites could emerge with a label signaling them as simple and virtuous.
The issue I have with Gemini is that it discards 25+ years of established domain knowledge and existing software for something which does not provide any additional functionality over what today's software already offers.
Gemini is on the other extreme (except for requiring the crypto complexity that comes with TLS). I would prefer something that still lets people express themselves creatively like the early web did. Personally, I think even newer CSS is fine even if more complex than it could be if re-designed - the problem is mostly JS and million different APIs that come with that as well as the expectation that that the browser will be able to execute that JS insanely fast.
> Using a browser that monetizes itself in any way seems like a slippery slope to me.
Is that a practical sustainable long-term business practice though? Firefox was only able to be free because Google was paying Mozilla. Browsers are some complex software and software developers wanna get paid. I know that the in's and outs of history of browser software has conditioned us to expecting browsers for free but that doesn't reflect the reality of developing the software.
Firefox, with its full complement of full-time developers, could stay alive with a tiny fraction of what Mozilla earns in a year. Most of Mozilla's work is tangential to Firefox at best.
Surely there's space in the browser market for a model akin more to how Wikipedia operates.
That's the thing, it shouldn't be a business practice at all. Browsers are part of the Internet infrastructure and that should not be treated like any other business but be regulated enough to ensure anyone gets fair use of the infrastucture and should rely primarily on public funding.
The Internet being global makes this challenging, and almost all countries (including so-called democracies) wanting to drink as much authoritarian juice as they can get away with does mean that there is plenty of risk here as well. But letting one or a few giant megacorporations entirely dicate the primary intrastructure for information interchange is so much worse.
I don't think any way is unacceptable. I'd be totally happy to pay for the software for example. It's all the sneaky crypto / adware / tracking stuff that I have a problem with.
I'm very glad you mentioned the homepage spam. It's increasingly difficult (and valuable) to live without information overload these days; Edge's forced "news" spam has pushed me away as well.
blocking msn.com via hosts will give you a blank new tab page in Edge, only including an Edge background image, and a search bar leading to your chosen search engine.
You can disable all that from Edge itself, at least on the desktop. When on the new tab page, there's a "Page settings" icon in the top right. If you click on that, there's a bunch of options there regarding what should be present on the page; the bottom-most item is "Content", and if you set it to "Content off", it all goes away.
What is shocking is the content is so low quality it's appalling it came from a big, respected company as Microsoft. A lot of the posts are often clickbaits, and there are ads carelessly interspersed between the posts all over the page.
I know it makes a lot of money for Microsoft but the fact they chose to keep the quality so low really looks bad.
Biz, gov and mil management relies on MSFT; executives, their attorneys and bankers, respect MSFT for doing what they do ($$). Similar to big retail and worse, gambling, the single user is last in line; used and abused individuals.. nobody expects a lot from the individuals involved, and their opinion matters less. Wolves among sheep, basically.
the only unremovable thing that bothers me is the stupid bing points thing that i dont care about. It doesnt encourage me to use bing, it just makes me question how they continue to manage to swipe my queries enough to increase that score.
I'm all for pushing for more privacy/etc; but is Brave what we want to advocate for as an alternative? They did some pretty heinous link jacking relatively recently. I'm not sure FF/(/chromium) have been caught doing anything worse than that yet.
I work for a very large corporation who has decided the default browser will be Edge. Getting another browser installed on your machine takes an act of congress and several upper level approvals.
Does this mean they will also have the ability to collect corporate data from the browser in companies like mine?
While I agree with the sentiment that ultimately we have to have some level of trust somewhere on the stack, there are a few minor differences.
In theory anyway, I pick my ISP. If this was "support for using a VPN" instead of "we're injecting OUR VPN" I would feel a lot better.
I'm aware Im using my ISP. Even someone who doesn't know much about computers knows their traffic is going somewhere. They might not know the repercussions of that, but if this is just transparently on in the background, effectively a keylogger, a user might never know this is happening.
I give my ISP money. Back to the choice option. Some ISPs are bad and are trying to nickel and dime you to maximize profits. Some ISPs are actually good (I'm not swiss so I don't know for sure, but Init7 looks amazing https://www.init7.net/en/support/faq/privatsphaere/). I don't have to question with my ISP "how are they profiting off of me" because I give them money every month. They might be, but they don't intrinsically NEED to be scraping my data. I am not sure how Microsoft benefits from giving me a free VPN unless they are scraping my data.
I can use a VPN to bypass my ISP monitoring if they do monitor. I have no idea how Microsoft's stuff is set up here. If the end result is that it gets routed through their VPN after my VPN, or instead of my VPN, or even through their stuff at all, but with stamped metadata, then there's not necessarily a great way to get around it other than "don't use Edge"
In general, yes, your ISP isn't your friend. But an ISP is something I asked for, have a use for, and need. A Microsoft stealth VPN is none of those things.
This was also how I could justify being more trusting of Apple. They didn't need all my data because that was paid for up front. The ongoing services that needed to make money I used were also paid for. Obviously that's no long quite true with Apple ramping up their ad business, but that attitude is still often the best you can do without a level of effort that I just am not willing to go through.
From my experience, non-tech people just leave browser defaults. I'd argue this is better than letting them to use public wifi without VPN. If you really care about security you won't use it, of course
HTTPS is trivial to break with a man in the middle attack, yes you get a scary warning in your browser about an invalid certificate, but I'd bet that 90% of people will just click through it and ignore it.
Really? Most people? I cannot think of anyone from my family who would even think about it for a second - they would just get annoyed they can't get to their bank website or whatever and just click continue. Also what tech support? Me?
But now there is no button "continue", you have to click multiple buttons, which are not clearly labelled, in order to see the page. I'm sure 90% of people would not even be aware that you are able to continue.
Even more, for self-signed certificate on chrome, there is no button to continue for example. Check https://self-signed.badssl.com/
Yes, there is. I often have to use it to deal with some internal misconfigured site inside the corporate intranet (the cause is almost always that a certificate has expired, when it isn't it's because a host can be reached with two names and the cert matches only one of them, but that case can be fixed by using the proper URL). I have no trouble telling chrome desktop to bypass.
handelsbanken.se is on line 163144. (I was a little bit off on the length of the list before)
unicredit.it is not on the list, but unicredit.ba and unicredit.ro are. (Lines 7331 and 7332) It does send HSTS headers.
danskebank.se and sella.it are not in the file, nor are the base strings, but both sites do send HSTS headers.
fideuram.it is not on the list, and does not send HSTS headers, so they don't seem particularly interested in security. They also haven't set an A record for the root domain, so visiting `fideuram.it` returns NXDOMAIN. Only `www.fideuram.it` exists.
fideuram removed the phisical tokens for 2fa and moved to SMS, saying that it was because of some european directive… I went to read the directive. It basically said to not use sms and avoid apps in favour of dedicated 2fa devices for banking.
Banks often have awful security systems. Kiwibank in NZ has a "two-factor security" system. All it is is a security questions thing where you click on screen to fill in 3 letters of the hidden answer. The on-screen keyboard makes it secure, you see? Against keyloggers.
I once wrote them a long email about what two-factor is actually supposed to be and why it exists, and got a reply basically saying "lol ok, our security is great ok?"
I've since switched away from them for a bank which does 'two-factor' by sending codes via SMS, but only when its algorithm decides that it needs to. That's not very often.
From my experience working as on-campus tech support in college, most people who aren't tech savvy will quickly give up or look to someone else for help. They will likely not think to click Advanced -> Continue Anyway (unless they have been taught to do that before).
Tech support comes in many forms. The owner of the website, a friend who knows about computers, someone else in the workplace, the vendor they purchased their laptop from.
Also, what does "HSTS sites" mean. Does it mean (a) "official" HSTS via HTTP header alone, (b) "unofficial" HSTS via preload list (see RFC 6797 section 12.3), i.e., the list maintained by Google, hardcoded into a browser, or (c) both. The "unofficial" approach only seems feasible for a limited number of domainnames and unworkable for every domainname in existence.
In tests I have done on Chrome (YMMV), executing "Clear site data" via Developer Tools, or including
Clear-Site-Data: *
in an HTTP response header, e.g., added via a user-deployed proxy, will clear an "official" HSTS block, allowing the "MITM" to proceed.
Besides being generally annoying, HSTS allows for setting "supercookies" that persist even in "Incognito" mode
The RFC for HSTS even admits how it can be used for web tracking. Not too concerning for the advertising company sponsoring the RFC.
14.9. Creative Manipulation of HSTS Policy Store
Since an HSTS Host may select its own host name and subdomains thereof, and this information is cached in the HSTS Policy store of conforming UAs, it is possible for those who control one or more HSTS Hosts to encode information into domain names they control and cause such UAs to cache this information as a matter of course in the process of noting the HSTS Host. This information can be retrieved by other hosts through cleverly constructed and loaded web resources, causing the UA to send queries to (variations of) the encoded domain names. Such queries can reveal whether the UA had previously visited the original HSTS Host (and subdomains).
I use a loopback-bound forward proxy to enforce zero tolerance for HTTP across all programs, not just the web browser. Everything is sent via HTTPS. The proxy is configured to to check certificates, and deny connections, according to rules I set. I use a text-only browser for noncommercial, recreational web use so I need a forward proxy, if for nothing other than to deal with the spread of TLS. But I also use it for a whole laundry list of tasks.
Maybe it is just me, but HSTS, like much of Google's rhetoric, comes across as unfriendly if not hostile to proxies, regardless of who is running them. Consider this line from the RFC
"The rationale behind this is that if there is a "man in the middle" (MITM) -- whether a legitimately deployed proxy or an illegitimate entity -- it could cause various mischief (see also Appendix A ("Design Decision Notes") item 3, as well as Section 14.6 ("Bootstrap MITM Vulnerability"));"
"Mischief." Does that include inspecting one's own HTTP traffic on one's own network. How about blocking certain methods of tracking, data collection and advertising. Apparently it includes disabling HSTS.
Let's be honest. Google is an undisputed king of "mischief". The stakes for Google mischief are much higher and there have been too many fines to count. Consider the latest. How many people deploying their own proxies get fined $4B. (Arguably, an issue of "control" was at the heart of that decision.)
I'd argue the invalid certificate would only get the middle segment of semi-tech literate but security illiterate people. So maybe a lot of people on this site . The average user, based on my observations, tends to take these warnings very seriously.
Have you looked at what the UX is for invalid certificates in 2022? It's not like ten years ago where you just click enough times and "visit anyway".
Here, try this link in Chrome: https://untrusted-root.badssl.com/. When you click Advanced, it tells you "the website sent scrambled credentials that Chrome cannot process". And beyond that there's just no button to bypass it. You can't visit the site. (Sure, there's probably a chrome://flags or --disable-web-security way to bypass this, but that's well beyond the average user's comfort zone, as well it should be.)
I clicked that link - in Chrome on Android all I had to do was click "advanced" then "proceed anyway". I have never changed any flags or default settings in this browser.
I just tried to open the site in Safari, and there's no "Continue anyway" button, only "Go Back". I did not change any default settings, because I use Firefox as my daily driver ( and Firefox does have "Accept risk and continue" button, but I think the word "risk" on it is scary enough for many people to not click it).
EDIT: It turns out there is a "visit this website anyway" option in Safari, but it is not a button, it's a link which you only notice when you click "Show details" button and read the warning.
It's trivial to set it up for the attacker. If you have a Linux laptop you can set up a redirect for all the traffic on the network through your machine with two commands, then there's plenty of tools that will intercept any incoming HTTPS certificate, replace it with your own, the decrypt the traffic. It sounds like a lot but anyone can set this up in about 15 minutes - that's why I said it's trivial.
The user mistake is just clicking "advanced" then "proceed". I know all my family members would do that without questioning.
Plus, Firefox is soon implementing HTTPS-Only by default if I remember correctly. What was it, maybe 2016 there was a big push for SSL and the majority of the web, even login and payment pages, were HTTP? Now only a small percentage of the web isn't HTTPS. I have HTTPS-Only enabled in Firefox and rarely do I have to click the 'Continue Anyway' button to browse an HTTP page. For most general users that only use popular services, I'm sure it's even more rare.
I have a site from 1997, pure html, with drivers, install disks, documentation for computers from the 80s/90s.
It works. It's fine. No, it does not need ssl. What, someone is going to hack a floppy driver for a computer, which doesn't even have a built in network stack?!
No, I am not going to do work on it, any work, at all.
It is all fun and games until one of the downloads from your site picks up malware in transit and the user goes "why did this web admin infect my computer? Sue!"
Depending on what the drivers are for, you may be a prime candidate for MitM. People already go to your site to download software they're going to run in the most privileged mode. This is a perfect candidate for a type of watering hole attack.
Considering you're providing those for 90s machines, you could be the last resort website for a few interesting industry computers with no security restrictions around them.
> Depending on what the drivers are for, you may be a prime candidate for MitM.
Doing that MitM is technically very easy, but in practice pretty hard. You'd have to have an adversary on your network path watching for connections to this particular esoteric low-volume site hosting drivers for machines from the 80s and 90s.
That is extremely unlikely.
I have a much easier way to target that content: Just put up a new site hosting the same content with malware attached. No need for MitM shenanigans.
Security isn't about absolutes, it is about risk managment and being aware of the likelihood and consequence of the risks is important.
You could host hashes of the downloads on an https page. Should be quite simple. Malware can still work on a computer without a built-in network stack and if users are getting downloads onto that computer, then data can leave through the same means.
You're at a coffee shop or library using their WiFi. Your computer sends a plaintext HTTP message. The attacker just needs to be able to see that message and get a response back to you before the real site does, and the real site is a lot further away than the guy sitting at the table next to you (or the hacked router, if he doesn't want to be there in person). Then they can feed your browser whatever they want.
A login form to phish you, perhaps?
They can even start replying, then go off and fetch from the actual site before finishing the response, if it helps to incorporate the real data.
And update all links to not go back to the HTTP site...
And troubleshoot weird issues (TLS errors are generally not helpful)...
And maintain that setup for years...
Not an insurmountable effort for sure, but if you estimate 30 min for the total additional effort of adding HTTPS to a site then I have a bridge to sell you.
That is fine. The site itself is safe. Accessing it over untrusted transits is not. What has changed since 97? Well, attacks became far more sophisticated, and the transits that people access stuff over became far less trustworthy.
There is nothing wrong with your website. However, you shouldn't be surprised when modern browsers stop working with it. Progress doesn't come free.
Not caring about whether some segment (possibly even a majority) of users can or are willing to jump through hoops to access your site is a valid choice, just like publishing through gopher is. You do you.
> No, I am not going to do work on it, any work, at all.
Without HTTPS, the content can be replaced entirely. Last time it was JavaScript that DDOS'd github. If you don't want to serve content over HTTPS, then you don't care what your users receive. Just delete the site and they all get 404's instead, since you already admit that you don't care either way.
If it makes you feel any better, HTTP without HTTPS was a mistake we all made together. It should never have happened.
Given that HTTP without TLS can provide backwards compatibility while anyone and their dog is advocating for deprecating TLS versions and them being too complex for most people to maintain on their own, I respectfully disagree that plain HTTP was a mistake.
You are hosting executable data of some kind on a non-authenticated protocol. That's totally not dangerous at all. A MITM definitely couldn't cause any damage by altering executable data in transit on unsuspecting users. This has never happened to anyone.
>are safe
No, they are not.
>No, I am not going to do work on it, any work, at all.
If you are too lazy to do it securely maybe you just shouldn't do it at all.
HTTPS everywhere by default can't come fast enough. There is no excuse at all to not have HTTPS support today and browsers should deny access to these lazy and careless sites by default. Anyone who can't spend the 5m to set it up for their website can go kick rocks as far as I'm concerned.
Recently I noticed that FF doesn't even let you accept invalid (meaning no longer recognized as valid by FF because they changed the rules to requrie SAN) certificates for HSTS-enabled sites. The bug report's response was that the HSTS standard specifies that. Fuck that, the users should always be the one in control of such decisions in the end.
You forget exactly how much the government felt they got out of just knowing whom was talking to whom, not even bothering to collect the data of the conversation itself.
Microsoft was one of the first companies to sign up for PRISM [1], doing so in 2007. I think there's a subconscious feel among many that because the media stopped reporting on these things, that it stopped happening. PRISM never ended, and almost certainly has only expanded and grown even more invasive and brazen largely owing society's apathy towards what Snowden revealed.
Literally to this day one can read things like the NSA manual for using their software that enables real-time absolute surveillance of Skype: "User's Guide For PRISM Skype Collection." [2] The idea of any degree of privacy from any tech company hosted in America is a lie. The main difference with China is that we lie about our surveillance state, and force companies to lie about it, while China openly advertises theirs.
Public wifi and bluetooth detectors all over is whats scary, as most public wifi is used by phones, not machines and who the hell is running edge on their phone?
but this just reminded me of the failed FB phone and the failed microsoft phone...
So deanonymizing bluetooth device IDs. I know the Canadian spies used airport Wifis to deanonymize Wifi MAC addresses then set up wifi stations all over Toronto to experiment in tracking people.
How would they do the same for bluetooth? Broadcasting "Dans iPhone" doesn't tell you much.
Correct, but its a more insidious web on this level...
they have so many correlation engines for device location, that it will soon be impossible to be "off grid", if its not already.
how the heck do you think there are fn leaks from over a decade ago of "text messages received by the government reveal that person X who is on the shit-list was quoted as saying [BULLSHIT] sources close to CNN have stated.."]
ASIDE: Famous story from ~20 years ago was talking about the CIA handlers at CNN... and the revolving door of in-q-tel emps from fb moving back and forth within the security team (one of which had to be walked out of the building for [things])
you dont need "dan's phone" they have had eschelon for DECADES and were able to literally do 6-degrees ppl tracking since the 1990s...
WTH do you think they named it "starlink" instead of sky-net...
And when they built the first part, they were advertising the wonderful things the rural folks in africa's greater continent will benefit, then after a few years they showed that the system will primarily service the dense populations of the coasts of places like the USA and AUS -- which is where a big portion of the five-eyes service.
IMEI and such is a bitch..
iOS is the biggest location tracking platform ever...
Remember when the founder of Android (from Danger) was let go from google with a ~200MM$ golden parachute at $90MM to gtfo?
yeah but im pretty sure 99% of the population just clicks past those SSL certificate warnings, in part because they don't understand what that means, and in part because there are way too many sites that let their certificates expire.
Story time. Someone I know once got laid thanks to Facebook not encrypting their sessions
My university was still using basic ass unencrypted WiFi with some kind of terrible dns-hijack sign in to “auth”. This of course meant that everyone put their shiny MacBooks on essentially public wifi and logged in to social media in the clear in class.
Some enterprising chaps made a browser extension that made it trivial to snoop any open sessions and impersonate that session in a new tab.
Someone I know would do this during lecture and post to people’s social media as them saying they should pay attention in lecture. Possibly some other scandalous things were said. The hilarity that led from that stranger doing so led to the beautiful nerdy girl sitting behind this person noticing and daring them to post more. That became hanging out, parties, and as far as I know they got married and have kids now.
Literal people exist that wouldn’t otherwise because Facebook didn’t have HTTPS
>Some enterprising chaps made a browser extension that made it trivial to snoop any open sessions and impersonate that session in a new tab.
Firesheep was super big for a while, yeah. I used it to show a few coffee shops that yes, really, WiFi with a password of "password" was measurably better for their customers than no password: https://en.wikipedia.org/wiki/Firesheep
You can learn a lot about a person based on the IPs they visit. HTTPS/SSL doesn't protect you from that.
In many cases you can even determine which protocols and general content they are consuming from that IP based on traffic shaping/fingerprinting. The burst of traffic your browser sends when loading a particular site is quite exploitable. There's plenty of software already available that makes use of this.
We had recently hired new programmers, 2 freshgrad and 1 junior. All of them use edge on their personal laptop and I didn't notice extension button anywhere.
It's also a way to front run ISPs in the data market. Then these vendors can sell the data on the data broker market and pocket the cash the ISPs are getting by selling whatever browsing history data they can infer (from DNS and traffic).
I suspect this is the corporate motivation. The increased state surveillance and control is a side effect.
they already have this at several points in your network. from ISP to target site. meh.
the reason microsoft is doing that is because google is forcing their hand with Floc implemented in the browser.
you wont be in ads next year unless you can slurp more traffic than the NSA. and only google can do that today, thanks to chrome + android. apple is a close second.
How do you think google competitors will have access to all those user to form the cohorts without having the browser or google analytics code everywhere?
The insane thing is that, because the VPN has a 1GB/month traffic limit, there is no way to enforce it unless they associate all traffic with a Microsoft controlled user identity. Cloudflare literally has to keep track of any sites you visit and associate them to your ID to make it work.
Though, I do believe that for connections from public WiFi it's somewhat of an improvement. It establishes a minimal security baseline of: "ok, we'll sell your data and let FBI snoop on you, but we won't inject trojans in your downloads and then hijack your webcam to create ransom-porn (though the FBI/??? might)".
And not even then. Most VPN providers in the top 10 are actually very shady and their organizational structure is quite opaque.. to say the least. I wouldn't be surprised if at least half of the top providers are actually FBI fronts, like the ANOM chat app.
It is so weird that they're 'VPN providers'. They're proxies. It's not really a VPN unless I'm in control, or they're providing servers in the VPN to connect to.
ISPs in Poland at least give you the ability to pay so they do not spy on you. It is very small (10%)but I have no doubt most people cheap out. Internet is relatively cheap here.
While it doesn’t resolve all the issues, the single point to monitor is your internet connection where they have jurisdiction, not some arbitrary VPN provider. Then if they can force the IKE a certain way they decrypt.
I think the other side of this is if you have FBI attention, do you really want to look more suspicious? Whatever fight you try with them you will not win.
Yep, a VPN baked into a browser like this is literally Microsoft stealing the network routes from your ISP, who is probably too embarrassed to complain that what’s happening is they are taking that sweet, sweet data with them. It’s like high-fructose corn syrup for targeted advertising imho. Who’s selling?
Check out the book “Hard Drive” about the early days of Microsoft, and you will never be able to see anything that corporate does without suspicion, and for a good reason.
Probably because Facebook already tried the free VPN and it was every bit the privacy nightmare you'd expect it to be. Given Microsoft's track record, there's no reason to expect that to be any different.
If it was good for you, Microsoft would the the one announcing it. Loudly and repeatedly. They would do it even if it was harmful, but there existed some artificial narrative where it sounds good.
You are hearing it from a third party exactly because they couldn't construct any explanation minimally realistic that sounded good.
They haven't announced it yet because it hasn't been released. Reading the article, it does sound pretty decent.
Partnership with cloudflare, selectively enables when you are connected to untrusted networks like public wifi.
Pretty much the only downside is that they turn it on by default... which is always tricky when most of your target audience is not computer savvy in the least.
How to give people security features that they have to figure out themselves when they can barely open the browser .. a dilemma for the ages.
If you have never worked at a large tech company like Microsoft, you'll probably have a bad feeling because there's a lot you don't know about the business process of shipping features like this. It's reasonable to be cynical and confused if you have never seen it from the other side.
For the most part, product features like this are shipped for boring and completely non-nefarious reasons. It's just hard to believe that if you've never worked on one.
Windows is an appliance (an interface) for amazon shopping and watching netflix.
The MS telemetry has proven that 99.999% of consumers do not tweak default settings or dig under the hood.
The 1-2 million now former "windows power users" are just too small population to be economically feasible to deal with.
For MS it does not matter to lose those few to other tweakable OSs.
Instead MS's product department is dreaming of scooping the remaining billions of cash-laden consumers. Presumably this is what the telemetry tells them.
Cash is good, consuming is good, keeps the economy running, making shareholders happy.
The motivation is to keep up with Apple who themselves are trying to distinguish themselves from Google. Doesn’t need to be sinister. If your primary business model doesn’t depend on tracking people to sell ads, and you’re competing with someone else whose does, then leaning in to making the use of your software/hardware more private makes sense.
This is where Apple's implementation, where the info is split between them and a third party with neither of them able to read the traffic on their own is so smart. Especially since there are multiple counter-parties to Apple. It also negates the risk of an MITM attack. Yes of course they could collaborate with a counter-party to break the system, but it seems significantly less likely to happen, and if it was happening it would be significantly more likely to come to light.
I mean nobody is forcing you to use Edge or Chrome, there are better alternatives like Vivaldi or if you really want to take it to extreme Ungoogled Chromium. But I agree with your sentiment, although it just means you should probably move to open source and obscure options.
Also:
> Brave, Mozilla, and Vivadi have said they intend to continue supporting Manifest v2 extensions for an indeterminate amount of time.
Exactly.. I would take it from Firefox if they offered something like iCloud Private Relay.
But the thing they offer from Mullvad is no better than a traditional VPN (because it is a traditional VPN). And even more limited because it only works in the browser.
And indeed the circumvention of Pihole is a big problem.
I noticed today I can't find the Chrome flag (v105) to enable its reader mode. It's like they just nuked it since it made articles actually readable. It's not a huge deal, but I liked not having to launch another service like Pocket.
When did the world start trusting any company with a VPN more than their ISP? I still find the privacy pitch to be flakey at best, where at least I can choose who’s aware of my traffic, but getting past geo-blocks really seems to be the most obvious consumer value, which this Cloudflare vpn lacks.
ISP injecting content into your connection is a known story (google "ISP injecting ads" for many results).
For better or worse Microsoft (or other corps) have not done that in recent memory afaik. They might do equally dodgy stuff in other aspects, but they don't tamper with the integrity of your connection (they might sniff it a bit).
And often you're paying a nontrivial amount of money to the ISP for the "privilege" of getting injecting ads and tracking injected. This really rubs people the wrong way, justifiably so I think.
My ISP actively lobbied to be able to harvest (steal) my data. Who do I trust more: the guy who says that they aren't selling my data, or the guy who corrupted my government so that they can actively sell me out (not to mention their monopoly)?
Sure, the first guy could be a liar, but I know that the second guy is a thief.
I don't care about geo-blocking - my only threat model is to keep a scumbag ISP at bay.
Edit: I should add that keeping sites I browse from knowing my IP is also part of my threat model.
Seing how many webstes' TLS is terminated by Cloudflare, you shouldn't state that they don't have your credit card info with such conviction unless you never used it online.
I know people that use VPNs 24/7 just for privacy. I would assume there's many more that use them for the reason you described though. Torrents are less useful than ever, piracy is down in general thanks to streaming services and products having moved to SaaS. From what I can tell, the number of people using VPNs merely for privacy alone is growing and a good sign that people feel that strongly about it.
Media piracy is less tempting than in 2006 (before streaming) but more tempting than in 2014 (before competition decreased overall and everyone started siloing content as part of their truce).
Server-side control has been making software piracy less and less viable, video games sorta included. And a lot of mainstream games have found ways to make money without charging to buy the game upfront.
It can go either way. Many ISPs are known to be nasty, but hardly anyone sees the effects of that, so it's hard to tell. I think VPNs market "more security," people mostly blindly buy it, and everyone is happy.
Yeah, to me, a VPN is only a way around geo restrictions.
Edge is a reskinned Chromium browser with Microsoft tracking and telemetry baked in. Just because they have a VPN now, it doesn't make it any more private/secure. Why do people use Edge? If you're any way privacy conscious you wouldn't use Microsoft products.
In my case, it is the default browser at my current company. I don't know the reasoning behind it, but we are also forced into Teams. Corporate requirements is my reason.
But for a windows domain environment Edge makes sense.
- Comes builtin, no need to patch browsers separately and worry about outdated Google Chrome installs in a 1000+ computer fleet.
- Integrates with Office 365 that the company already use/pay for.
- Can be managed with policy over Office 365 or Intune
- Has IE Enterprise Mode for the old apps that need IE11
For Teams, the alternative is this:
- Pay for Zoom AND Slack AND Office 365 AND have IT personell manage all 3
- Pay for Gsuite and use... hangouts?
or
- Just pay for Office 365 and get email, fileshare, office suite and chat/fileshare/video tool all in one that works "fine" and can be managed all in admin.microsoft.com (that goes into 500 different portals that all change each month but I digress...)
Oh, and you can use whatever browser, even if its not the default. I use Firefox but Edge is the default one.
> Yes, I'm definitely going to audit some giant as hell CPP code base (diffs) every four weeks.
I've had this discussion with other people too, just because you don't want to doesn't mean you can't. So your point of suspecting something nefarious is moot for me until you can back it up.
If I do already use Windows, then I'm already relying on MS
Using Edge doesn't change much, meanwhile using ungoogled Chromium means that I have to trust additional actors
Additionally MS inserting e.g "backdoor" into Edge could cost them a lot of in PR damages meanwhile what if ungoogled chromium inserted some kind of "backdoor"?
I don't even know people who maintain it, so I wouldn't even be able to break their windows or throw eggs at them
> I don't even know people who maintain it, so I wouldn't even be able to break their windows or throw eggs at them
I hear your point on this, it's pretty hard to put your faith in a browser that updates regularly and not just for schema reasons. But you seem okay with Edge..
> Using Edge doesn't change much, meanwhile using ungoogled Chromium means that I have to trust additional actors
This is where I'm confused.
> Additionally MS inserting e.g "backdoor" into Edge could cost them a lot of in PR damages
I'm not an M$ hater, they've been incredible. dotNet core is a gift. GoPilot is a good use of whatever we're doing here. But why do you think if they could work a 'backdoor' (without leaks from employees) would actually matter. Their fine would be minimal.. See FB
I think we've come full circle. I'm defending your point that Edge might be just another 'Okay' browser.
> Using Edge doesn't change much, meanwhile using ungoogled Chromium means that I have to trust additional actors
Because I'm already on Windows, thus I already trust Microsoft
>I'm not an M$ hater, they've been incredible. dotNet core is a gift. GoPilot is a good use of whatever we're doing here. But why do you think if they could work a 'backdoor' (without leaks from employees) would actually matter. Their fine would be minimal.. See FB
On the other hand take a look at Intel - they had security issues and not even intentional and there was a lot of dmg to their brand due to all those CPU related vulns in last years
> also "ungoogled Chromium" - The process is Chrome is Googled Chromium.
You can download Chromium[0], but people tend to be referring to the project called "Ungoogled Chromium"[1] to remove any calls to Google domains, eg. safe browsing, which are still present in Chromium.
It seems that both had alleged collaborations with PRISM. The main difference I see between the two wiki articles, is that people complain about Microsoft's telemetry but not Apple's (even though they do have a lot of telemetry [1]).
In general it feels like Apple has won the trust of the public, partially through good products, partially through good marketing.
Windows 10 is a privacy disaster compared to previous versions of Windows. They track every single app and website you open, what files you have on your PC, and much more.
My primary browser is Firefox. I have Edge as my backup browser for sites that don’t work with Firefox, and sometimes for watching stuff. There is no reason for me to install Chrome. (And Microsoft isn’t that bad, even if Edge sometimes does weird things.)
There is a good reason why Trident is alive and kicking, people just don't know about it. But it's the reason for more than 98% of exploits, because shitty software of Microsoft still uses Trident to render MSHTML based documents (office etc).
The same will be true for a traffic-observing webview2, for decades to come. And it will never be removed again, because of Microsoft's development philosophy.
While I would never use a VPN service fronted by a data thieving company, I really hope that VPN usage goes more mainstream so that companies can't have "no access from VPN" as a security strategy.
Ally bank recently did this and many others have intermittent issues due to flagging, etc.
Is Cloudflare known as a data thieving company? I didn't have that association with them yet. They're not really in the data selling business, are they?
I said "a VPN service fronted by a data thieving company" and I misspoke - I should have said "backed" instead of "fronted."
AFAIK Cloudflare isn't a data thief (yet). If (when) they decide to be, they will have access to quite a lot at the rate they are going. At this point, how can we trust that any public company won't eventually monetize user data?
Oh stop, already. Cloudflare isn't in the "business of selling insights". They make their money from enterprise sales of their various network products.
They're in the business of competing with AWS and are pretty damn good at it, too.
Security teams don't block certain VPN traffic for fun.When a certain IP block has been running credential stuffing attacks all month long, It's very reasonable to see any request from said block with a lot of suspicion. In many cases, 99.9% of login attempts from certain IP blocks are just fraudulent, and there might be more requests from one of said blocks than legitimate requests from the rest of the world combined.
Completely blocking a VPN is often too blunt an instrument, but even the best alternatives are unfriendly to legitimate traffic. The most user-friendly thing you can do is to rely on bonus security controls, like asking for two factor authentication for everything. No, you will not be able to log into anything from a new device, even, without the two factor. A very understandable tradeoff for a bank, but we'll end up seeing that for any account protecting anything of relatively low value.
If your second factor is tied to, say, a phone, it's not going to be fun to wait to replace it if it's lost. But in a world where most traffic is coming from a VPN, there aren't many good alternatives.
If this "VPN" is under the control of an entity collecting information about users wherever it can what's the sense of the service.
"VPN" (in fact the term should be "virtual internet access network") make sense only when it is independent of any entity controlling internet traffic...
As a generally happy Cloudflare customer, a Cloudflare VPN makes me deeply uneasy. (Yes, I know Warp has been around for a while.) Using it means Cloudflare owns a huge chunk of your Internet traffic end to end and decrypted, a uniquely powerful position to be in. And this is going to be default on in Edge according to TFA, even though it’s only applied to plain HTTP sites by default at the moment.
People are fools if think there isn't a Room 641A in Cloudflare, except it's a lot better since web service operators willingly handed over all their private keys and therefore user data.
While I agree that it is concerning, WARP doesn't decrypt your traffic unless you sign in to ZeroTrust, enable it in your dashboard and install their CA.
Not much you can do about them having decrypted traffic for sites that use them.
When you don’t use a VPN, at least your traffic to Cloudflare doesn’t carry a unique ID of yours. Effort is required to correlate your traffic, especially if you are CGNAT’ed and share an IP with others, or have a dynamic IP that changes frequently.
Https is among the most broken ideas in the history of CS. I remember the first time I really learned about it and I went like it can't be this stupid.
Most Internet traffic today between A and B is decrypted by C because of this.
Https is a wrapper around http. The result is that any service that needs any http information can decrypt all https traffic. So on the web, passwords, apikeys, personal information and so is in general decrypted by a third party, Fastly, Akamai, Cloudflare and so on.
That is entirely untrue. HTTPS is just HTTP encrypted with TLS. The only parties that can decrypt the traffic are the people with the session keys: you and the website you’re visiting.
Not sure how this is a problem with HTTPS, then. It’s like complaining that AES encryption is broken because you have away your keys to a bunch of people.
You’re glossing over that these third parties C are contracted trusted parties of entity B and thus for B’s purposes are considered part of B.
HTTPS and transport security isn’t a broken idea.
Standardized content security has been tried in many contexts and has typically been even less secure unless it’s for long lived opaque media, like S/MIME for emails. Structured data like XML security has been abysmal.
> "However, the VPN will not run while you’re streaming or watching videos — so that you can save up on traffic which is capped at a modest 1 GB per month."
OK? And what happens after that? After you go over your 1 GB cap? You're cut off from the internet?
> Also, we must be aware of the risks associated with using the built-in VPN services of Microsoft, Apple, and the like. The tools they so generously offer might protect you from being tracked by your Internet Service Provider (ISP),
It seems using a VPN from your browser vendor does not increase your risk. I don’t think a VPN would have any information that your browser did not.
People generally don’t tolerate browsers that phone home with any and all accessible information. But if you claim to also run a built-in VPN service...
I oftentimes see people using Chrome (not Chromium) while logged into a profile. Are you telling me that either those people are actually a minority, or that Chrome doesn't phone home?
Not really: Your browser vendor might push out a malicious update or enable dormant functionality that sends them telemetry on your browsing, or even your entire web traffic, but a VPN definitively does receive all of you traffic (including, at least, the host name of almost all sites you visit).
I can observe who my browser/OS talk to (beyond the sites I already visit) – but what happens inside a VPN provider is impossible to tell.
It's already installed and it works well enough. Plus, if I'm using Windows, I'm already sending a bunch of telemetry to MS, so I don't see a reason to go out of my way to send some to goog, too. Also, I'm not a Netflix customer, but I understand that on PC you need Edge to get high-definition (>=1080p) video. Chrome doesn't work (neither does it work on Mac). So the question becomes: is there a legimate use case for Chrome when Edge is available (and is mostly the same thing)?
I, personally, am quite against using a Google browser (or derivative), but for my gaming PC where I only launch the browser once in a blue moon, I just can't be bothered to download anything else since Edge works. On my work PC I use Firefox, and am quite happy with it.
Vivaldi has it, and it's a Chromium-based browser made by people who left Opera after it was sold to the Chinese. Opera had vertical tabs even a decade or so ago, back when it was still using its own Presto engine (they switched to Chromium and seems to have lost this feature).
There are significant changes in Edge compared to Chrome stable and perf and efficiency improvements on Windows (not to mention deeper system integration).
A crazy thing happened to me on a recent trip to Mexico city. I thought my AT&T mobile plan covered Mexico, but after 2 days it stopped working. So I tried to log into my account online with AT&T. It would keep redirecting me to the Mexico AT&T website instead of the US website. The first time I realized I needed a VPN.
I don't like this. When I add a URL to the address bar I want TCP/IP traffic to be directed to only the remote address I requested, and not have traffic relayed through some third party.
Besides the point, 18 hops to get to HN via my colo server in London, UK; what is cogentco doing with the excessive routing?
1 24 ms 24 ms 25 ms 10.0.0.1
2 32 ms 25 ms 24 ms x.x.x.x
3 28 ms 28 ms 27 ms core-router-b-nlc.netwise.co.uk [185.17.175.246]
4 29 ms 25 ms 25 ms core-router-hex.netwise.co.uk [185.17.175.240]
5 29 ms 25 ms 26 ms te0-7-0-17.505.rcr21.b015534-1.lon01.atlas.cogentco.com [216.168.64.16]
6 27 ms 25 ms 25 ms be2186.ccr22.lon01.atlas.cogentco.com [154.54.61.70]
7 27 ms 25 ms 28 ms be2870.ccr41.lon13.atlas.cogentco.com [154.54.58.173]
8 94 ms 93 ms 94 ms be2317.ccr41.jfk02.atlas.cogentco.com [154.54.30.185]
9 103 ms 100 ms 100 ms be2806.ccr41.dca01.atlas.cogentco.com [154.54.40.106]
10 118 ms 117 ms 117 ms be2112.ccr41.atl01.atlas.cogentco.com [154.54.7.158]
11 130 ms 130 ms 134 ms be2687.ccr41.iah01.atlas.cogentco.com [154.54.28.70]
12 147 ms 146 ms 181 ms be2927.ccr21.elp01.atlas.cogentco.com [154.54.29.222]
13 155 ms 155 ms 156 ms be2930.ccr32.phx01.atlas.cogentco.com [154.54.42.77]
14 172 ms 348 ms 192 ms be2941.rcr52.san01.atlas.cogentco.com [154.54.41.33]
15 198 ms 202 ms 205 ms te0-0-2-0.rcr12.san03.atlas.cogentco.com [154.54.82.70]
16 209 ms 165 ms 165 ms te0-0-2-3.nr11.b006590-1.san03.atlas.cogentco.com [154.24.18.194]
17 166 ms 171 ms 203 ms 38.96.10.250
18 165 ms 162 ms 162 ms news.ycombinator.com [209.216.230.240]
but hops from 9 to 30 are "blank" like this:
30 * * *
the last non-blank hop is this:
8 M5-HOSTING.bar1.SanDiego1.Level3.net (4.16.110.170) 69.921 ms GIGLINX-INC.bar1.SanDiego1.Level3.net (4.16.105.98) 60.600 ms M5-HOSTING.bar1.SanDiego1.Level3.net (4.16.110.170) 69.882 ms
Is that excessive? It looks like it's taking the most direct route it can. First goes west to NY, then goes south to DC, south again to Atlanta, and then makes a series of westward hops to Houston, El Paso, Phoenix, and San Diego. And I'm guessing the hops within London and San Diego would be something like a router for local traffic, a router for regional traffic, and a router for international/interstate traffic.
Sorry I misspoke I know that routing traffic isn't a direct peer to peer connection but that's different from ALL traffic going through one company.
I'm not an expert on internet routing but it seems to me a bit disconcerting how much of web traffic is already routed through cloudflare servers. This centralization scares me.
I play video games. Things have actually changed a heck of a lot in the last couple of years and seem to be accelerating thanks to the Steam Deck. 90% of the games I care about now work fine in Linux, sometimes with a little massaging (there are also now many more tools and forum posts to help with this). Modding certain things is occasionally the biggest impediment but that too is getting easier thanks to stuff like https://github.com/frostworx/steamtinkerlaunch , which if you use the Flatpak Steam can be installed via the app installer right alongside it.
You're describing a worse user experience than gaming on Windows. Single player games on Steam is a best case scenario.. Blizzard games, or games with anti cheat are a total pain to run or won't run at all.
This is why people tolerate Windows in 2022.
I'm not saying I like it, I was just trying to answer your question :)
I remember this being done back when Opera 7 was used. I think it had a feature for mobile OS, where it would route requests to Opera's servers and serve clients a minified, smaller version of the page, so people on 2G at the time could still use the web. I don't remember people being outraged at the time at the prospect of a browser having a baked-in VPN option though.
I remember this as well and thought it was a neat service. One that I would have liked to emulate using my own proxy in order to save bandwidth on my mobile data but never got around to actually doing.
These days with widespread HTTPS, the only way to do this is to bake it into the browser itself.
And of course, this was back when you could trust Opera to do what they said they were (or weren't) doing.
At the time, spyware was not yet a mainstream business model so there was no outrage because respectable, established companies didn't yet become spyware operators. There was still mutual trust back in the day.
That was Opera Mini, and it's still around (and popular in areas where Internet speed is still measured in Kbps and/or you pay for data per megabyte).
It's not even that it served a minified version, too. It basically did all layout server-side, so the client got something more akin to a PDF of the webpage optimized for its screen size. It also compressed images.
609 comments
[ 2.4 ms ] story [ 382 ms ] threadUnless your credentials leak, of course, but a security expert would have that same risk.
Your personal solution seems pretty good though.
All SNIs are passed as plain text to your ISP/VPN, even with DoH/TLS secure DNS enabled.
Or course they do, I'm so tired of seeing posts like this when really what you mean is that it's not perfect privacy and therefore you don't like it.
They just replace your ISP with a VPN company. Which is the two is more shady is something you have to figure out, keeping in mind that a subsection of the internet just stops working or turns the aggressiveness of their anti-bot protections up to the maximum on a VPN.
Let me compare an ISP spying vs a VPN spying:
1. You make DNS request about example.com. Your ISP sees this. Your ISP can see what websites you "might" visit.
2. You connect to 1.2.3.4. Your ISP sees this. Your ISP can see what websites you "did" visit.
3. You request some data and receive some data. Your ISP sees the size of the data. If it's not encrypted, it can also see the content. Your ISP can see (at least) the size of objects that you requested -- which is enough to fingerprint many specific contents.
Okay so not using a VPN gives effectively zero privacy. Let's look at a VPN:
1. You connect to a VPN (and let's assume your connection doesn't "leak" insomuch as now _all_ network traffic goes through the VPN). Your ISP can see this.
2. You make DNS request about example.com. Your VPN sees this and your ISP can see a network packet. Your VPN can see what websites you "might" visit, your ISP can't.
2. You connect to 1.2.3.4. Your VPN sees this. Your VPN can see what websites you "did" visit. Your ISP still sees traffic to the VPN.
3. You request some data and receive some data. Your VPN sees the size of the data, and your ISP only sees the aggregate-size of data across all of your sessions. If it's not encrypted, your VPN can also see the content but your ISP should still only see aggregate size. Your VPN can see (at least) the size of objects that you requested -- which is enough to fingerprint many specific contents. Your ISP will have a tough time fingerprinting content from specific websites.
4. Your ISP can note that you have a high amount of traffic, possibly note that the traffic is going to a known VPN destination, and that your "normal" traffic is now gone.
Now, your VPN can see all the stuff that your ISP used to see. In addition, your ISP can now determine that you might be doing something illegal, suspicious, or at the very least "enterprise grade" and demand more money.
Have you really gained more privacy?
There are vast numbers of vpns, so total coverage is impossible. They are also very likely to be in a different legal jurisdiction so it's non trivial to do.
So, yes, you have, by making yourself a harder target despite having the same amount of centralisation on your part
Now, sure, they could "just" delete logs, but their government can "just" tell them not to, or even tell them to live send the logs to them directly.
So it's really "which country's government you trust".
Mullad, OVPN are a couple.
What are your opinions on those? Not every country has laws like USA/India, which give the government free reign by citing certain Acts.
As such, we have dozens of ISPs with their own backend infrastructure, all sharing the same last-mile, and most available nation-wide.
That said, they're all going to be buying transit from a big backbone ISP to get overseas connectivity.
But the information you leak towards your ISP or VPN isn't the only variable. With a VPN you leak less information to the services you interact with (e.g. your IP is hidden) which undoubtedly increases privacy.
Being able to choose to reveal data to Mullvad over Comcast or Verizon seems like a clear win to me.
At the very least i rob Comcast of my data. Which is my goal, after all. Not full privacy.
The problem is that it doesn’t actually change anything while giving a false sense of security.
Your VPN’s ‘improved’ privacy is just as worthless as the privacy you get with just your ISP. If something requires privacy, neither can be used, and if it doesn’t then why should it matter which one you use ?
Privacy is an on/off thing. Either you have it or you don’t. There is no in-between.
The "Good" (VPN) is exactly as imperfect as it's complete abscence. There has been no improvement whatsoever. Literally, as far as Privacy is concerned, nothing short of "No one actor has the capability to sit on a full stream of traffic", will suffice.
Either you're MITM'd or you aren't. Use malicious postmen if it makes it easier.
If you have the same guy come, and all of your mail goes through him, he can reconstruct all conversational state.
Now imagine you get a different malicious postman at random every day. He eacesdrops on every packet, but he's not privy to which of his fellows is scheduled to get the next packet. Therefore, it's not practicable to MITM in any practical way. This all goes out the window when someone controls the malicious postman scheduler, of course, because then they can figure out a map of who to go to to reconstruct your conversation.
The above is the concept behind Tor, and why the only effective counter to it is to run a hell of a lot of entry/exit nodes so you can conceivably time correlate given enough consecutive probe points are hit.
That a nation could make a new device is arguable, that a nation could make a device that could be delivered without flying planes over another country is less arguable. Even nukes as they stand would only pose significant threats to certain parts of a country (there was a map floating around the web a few days back of areas of the US most susceptible to the - pardon the pun - fallout from a tactical strike.)
Yeah, of course not, that's not nearly the only reason to use a VPN.
On top of that, I get the benefit of not being tracked everywhere on the web. Or if they are tracking me, they have bogus data. And I can set my exit server to a jurisdiction with more user-friendly privacy laws.
Also, what better place to tap traffic than the connection of a VPN provider.
Well, per my previous post, my ISP is definitely a better place. Hell, you don't even need to tap them. They'll just sell you the data, along with other PII. (Setting aside Mullvad' multi-hop support, which would require taps in multiple jurisdictions).
I think the point you're trying to make is that this isn't resilient to the NSA monitoring my traffic. I had hoped it was clear from my message that there's another level of privacy I'm concerned with related to intrusive private entities. I'm not expecting the GDPR or similar privacy laws to stop the NSA either, but they serve a useful purpose.
I guess I'm banking on Meta and Google not tapping Mullvad. Or even the RIAA or MPAA, for that matter. Because my ISP will very willingly give those entities data. And as long as unencrypted SNI is the norm, my ISP knows more than I want it to know about my browsing behavior. Not to mention the stuff that isn't HTTPS. Sure, Verizon knows I've established a connection an encrypted tunnel and how much bandwidth I routed through it, but that's a level of metadata I'm not concerned with.
So, yeah, Mullvad could be logging every packet through their tunnel. They could even assemble a profile based on my account and sell it to all the data brokers and advertising networks. They still don't have my SSN. Even if all of that happened, then I'm still no worse a situation than if I didn't use them because my ISP is doing those things. At worst, I'll be out 5€ for the month.
I can feel the sarcasm dripping from this sentence.
Where would you like to move the goal posts now?
I think you answered your own question.
With your ISP, you appear on the internet as a residential IP that provides your approximate location and most likely doesn't change very often. The requests you make can be easily correlated by PRISM or any other middleman, or by any CDN running the websites you visit.
With a VPN, your exit IP is unrelated to your geographic location, changes very often, and hopefully it is shared among many more users.
GeoIP is only necessary when seeing a new IP. But once the IP starts to build a reputation, then the specific location can be determined. It's especially true if you buy something online.
My office: suburb of Chicago My home: downtown Atlanta My friend's house: just outside Phoenix The McDonald's free WiFi: Chicago A church's WiFi: Some random location in Arkansas.
I'm in North Texas.
Just a few examples I've remembered since making a point to test while I'm out.
> Have you really gained more privacy?
Absolutely, 100%, unambiguously, yes; my ISP openly says that they monetize my data, my VPN says they don't. I'm very happy to gamble that the VPN is telling the truth when faced with the expectation that the ISP is telling the truth.
As terrible as that is, yeah I feel pretty safe pirating movies using it.
But you're right that blindly trusting a VPN without doing any research might be worse than blindly trusting your ISP.
and my neighbours can determine I might be doing something illegal when I close my curtains, sure.
No, but you have lost less privacy.
The amount of loss of privacy you incur when some particular item of personal information about you is revealed to another party often depends on how much other information that party has about you.
The adversary is netflix or a IP rights enforcement company, and the user doesn't care what their ISP or a state could observe.
For what they are used for, they are fine. If you are worried about state or megacorp spying, the solution is less technical and more political.
Going from "trusting" an entity that explicitly requires you to consent to spying when you sign up to trusting one which explicitly promises to protect your privacy when you sign up does seem like it would "help privacy" in most cases.
[0] https://www.privacypolicies.com/blog/isp-tracking-you/
Why would I trust an entity that often has the legal backing to harvest my data and provide it to the government whenever they "deem" it necessary? The same government that has direct means of control over me? Whether it's the US, China, Germany, I think I'd rather put my chances with some private company that at least has financial and maybe ethical motivations (depending on the company) to protect my privacy. An ISP will only go as far as the law requires to protect it and who knows what backdoor deals are made with governments to subvert those same laws.
There is no realistic/helpful/useful legal process to sue over a breach of privacy. So my ISP being in my jurisdiction doesn't do me any good at all.
I think your logic holds up, but it's not quite as definitive as you say. VPNs are not the straightforward privacy upgrade that HTTPS is. (I don't think you were trying to imply otherwise.)
I think the picture improves if you choose more carefully. Choosing an established VPN that has a no-log policy and has been audited seems much better, because now multiple companies are putting their reputation on the line. On the other hand, I think a relatively unknown company that's reselling someone else's VPN and hoping to cash in on the "VPN = privacy" is only a slight upgrade over a major ISP.
[0]: https://www.latimes.com/business/story/2021-11-12/column-int... [1]: https://www.ftc.gov/system/files/documents/reports/look-what...
1. They keep your data safe from your ISP. 2. They keep your IP hidden to the sites you browse.
Those two clearly "help" privacy.
It allows me to trust only my ISP instead of every ISP in various coffee shops.
> For some, that may be good, but for most others it’s a wash.
That sounds less like "VPNs don’t help privacy at all" and more like "VPNs are helpful some of the time".
since we're on the topic: how is it still a thing that vpn services are actively pitching content-block/copyright circumvention? Seems weird to pitch something as shady this loud and publicly? Reminds me of how weird I find it that trackers and illegal hosting sites have twitter accounts...
Even if they had the best intentions, it's pretty easy to botch these things which erode your privacy even more.
If you're not paying for the (specific) service, you are the product.
But in this case, Microsoft is looking for any competitive advantage against Google. They won't win on targeting, and they still make more money selling software than ads. So this does seem like an easy win for them.
Well in the case where they are spending a lot of money to implement and operate a feature that nobody asked for and which has obvious privacy downsides, it does seem worthwhile to examine their motives. It’s not like we’re responding to the announcement for the next model of the Microsoft ergonomic keyboard with “hmmm, what are they up to?”
What is the obvious privacy downside of selectively enabling a Cloudflare VPN when browsing on public Wifi or unsecured sites (which is when it enables)? That Cloudflare can see what sites you visit?
On public Wifi and unsecured sites, anyone could potentially see and modify the data anyway.
This is like finding out Microsoft decided all internet traffic on windows should be proxied through their servers. Could there be a benefit? Yes. Does it raise serious questions? Most definitely.
It's not. According to the article, it only funnels insecure traffic through the Cloudflare VPN (eg, to a site with an invalid certificate). And this doesn't prevent you from using your own VPN as well.
If you're connecting to a site over HTTP, and the packet takes 10 hops to get there, that's 10 machines that can see who you're connecting to and what data you're sending. Including, in all likelihood, a major CDN like Cloudflare. Also including anyone on the same public Wifi network. This data was never kept private to begin with.
If you're connecting over HTTPS with a valid certificate, the VPN isn't used. Even if it were though, they couldn't see your data. It's encrypted.
This is absolute BS they're implementing this.
The thing is that it would need to be smart enough to prevent pattern recognition, e.g., it cannot just be random data because your specific searches and string of searches or actions will stand out quite obviously.
Yes, it would place a severe tax on the internet and a few things could be done to minimize that, but I currently do not see any other better option.
I could see it implemented where your activities online are merged with and threaded into those of related or similar communities, e.g., be it family and friends, the YC community, or a combination of different groups. The effect would come from the proximity to similar but not exact activities. To use a common example, if your legal free speech activities could make you a target, those online activities are muddled and polluted by being merged with other people's legal free speech activities, and your activities would be merged with those of others.
Consider it a kind of mutual compromise of society in order to provide protection/obfuscation in numbers ... the zebra in a herd, if you will. They can't arrest/target everyone if everyone has activity data that looks like they defy the ruling powers.
this is a terrible and dangerous idea. Nobody cares about the accuracy of the data they collect on you. Stuffing your dossier with random things won't cause anyone to throw it away just because there might be errors in it. Instead all of that data, random/accurate or not, will be used against you all the same.
Your clever browser extension might have been responsible for browsing to a bunch of fast food websites, but your health insurance provider won't care. They'll just see that in your internet history and quietly raise your health insurance premiums anyway.
If your legal free speech activities make you a target, adding more free speech activities to your permanent record just means you'll also now be targeted for those activities on top of your own.
You can't know what will prejudice someone else against you. You might not be gay, or Muslim, or a heavy drinker, or an Andrew Yang supporter, but your browser extension pulls in the wrong data that gets you flagged as being one and it could cost you your job, get you denied housing, etc.
You might not be looking into getting an abortion, but anti-abortion activists who buy up the data of anyone who appears to be trying to get one, or looking for support after getting one, will still see you listed and you will still get harassed by them or dragged into a texas court room.
You might not be rich, but data brokers and consumer reputation services will see that you've been interested in expensive vacation spots and online stores will start charging you more than your neighbors for the same items on the assumption that you are.
If you want to try to hide in the crowd look into a VPN or TOR (although be aware device/browser fingerprinting can still get your traffic associated with you). Just please understand that giving others more ammo to use against you isn't helping yourself or anyone else. Adding more and more data to your internet history just increases your risks substantially because no matter if you deserve it or not your life will be impacted in countless ways by the data you surrender and none of that data, "pollution" or genuine, ever goes away.
You would confuse models currently shooting fish in a barrel.
You would still pick the cheapest insurer (probably one that does not look at your data).
You can live without anyone abusing your privacy in this way.
having a wife and kids helps with this. or any shared wifi with a guaranteed shitstream for your tunnel to wade through
Like sending usage information to the browser developer.
Like downloading code (experiments) for specific users which can essentially do anything.
Are you debugging your browser 100% of the time and fully analyzing all communications that there is nothing leaked. Is anyone?
Except they can't be. Native apps don't offer the same freedoms that the web does. And so, we keep stacking technologies on top of web browsers to alleviate the problem. It's a bad situation, and both Google and Apple are gruesomely complicit in making this situation worse.
> Can you please give a concrete example of what Apple should do, in your opinion, to expand their API targets?
Stop browser lockdown. Allow sideloading. You know, the basics of computing that we had figured out since the mid-90s or when we sued Microsoft.
We don't know that. Maybe Microsoft could maintain their own browser engine if Google hadn't provided one on permissive open-source licensing terms that met their needs.
MS can afford it financially. The desire to put in the effort to is not there.
This is why Apple really came out of the blue with Steve Jobs' razor focus on quality above all. Microsoft's goal is never to be 'best in class'. Because they don't need to be. People will buy it anyway.
The solution (to me) is simple - fix native app distribution. Make platform targets operate the same as they used to, and give people control over their computer again. The only ones preventing us from a platform-agnostic utopia is Apple and Google, both of whom profit off the artificial difficulty of distributing applications.
So, here we are. Google is poisoning the web while Apple refuses to swallow their pride. Everyone is hurting, and nobody stands to gain anything but the shareholders. A hopeless situation, but let's not pretend like everything here is morally grey.
Are people now using Edge because of this change?
Users, trusting the ad company that provides them free email, search, video, photos etc. will action on the suggestion and install Chrome.
More users gives google the market power to dictate web standards
Just use Firefox. It works just as well as Chrome (*), but it's based on a completely different engine which was built from the ground up.
(*) On desktop at least (on Android I still use a Chromium fork for now)
>It works just as well as Chrome () Not on anything* I use, it doesn't, so "No....thank you".
Tbf, I do keep trying ff, but...clunky, jeepers! 'Fraid I'll hang on until my Brave jumps it's particular shark and then maybe I'll hop over to something else, but for now, and as long as I can still use UblockO, Brave it is.
Even Opera is looking interesting again....
What browsers have you been daily-driving to come to that conclusion?
That's a really unfair(and untrue) statement. Brave also removes some code they find privacy violating, built in a best in class adblocker, built a full cross-device sync system that works perfectly, some UI tweaks and enhancements, built Tor connectivity in, etc. Probably a lot more that I'm leaving out.
I am def not a fan of crypto or BATs or whatever they were pushing, but you can use it fine ignoring all of that.
Normally this might just be a platitude of the sort, "Go check it for yourself." But in this case that's not what I'm saying. Brave is going to be used by large numbers of tech focused users with a privacy/security bent. And they are also competing against Google who will make sure even the slightest slip by Brave is promoted across the entirety of the web.
That code is scrutinized heavily. That the worst you can find about Brave is people making false statements about crypto stuff (it is entirely optional and opt-in with 0 coercion or dark patterns to push you there) speaks incredibly highly as to the current state of the Browser. Might that change in the future, as you seem to be suggesting? Yip! And when it does there will be a new Brave. But for now they continue to stay on an excellent path forward.
If they still don't work, they're doing some messed up stuff on those sites.
People like to shit on advertising, but much of the internet exists today because of advertising. Do you think Youtube could exist at that scale without ads? I don't think so, personally. At least, not without another way to monetize.
Brave is the only player providing an alternative monetization strategy. Crypto or not, to me, that is by far the most interesting thing a browser has done in a long, long time.
I think I overestimate the amount of broken sites due to the adblocker messing them up, not Firefox.
What chromium fork is on android and actually better than Firefox for android? I use Firefox for the best possible experience on android and would like to be aware of another option.
From my (anecdotal) experience, Bromite is faster than Firefox on my phone, but your mileage may vary.
I was originally using Firefox due to its uBlock Origin support, but Bromite has ad-blocking built-in (unfortunately it's not quite up to par with uBO but it works well enough).
I would suggest that you try both and see which one you prefer.
I want to but in Firefox developer tools there is no option for developer tools to follow new tabs.
Apparently this has been an open bug with Firefox for a while.
But it is what keeps me from using Firefox vs Chromium's full time
The problem with this approach is that it’s impossible to get a safe binary that isn’t downloaded from “libfree.cxcc.gg” or whatever. The other option being to build from source, which is an absolute nightmare for Chromium.
Signatures available from whom?
The point being that a web browser is a very special case of software that has to absolutely 100% trustworthy from a reputable commercial entity (that is, someone that can be sued). The only other thing with that level of trust is your operating system.
Do you not trust kernel.org? Or the GPG signatures of the commits?
What about Mozilla?
As for "someone that can be sued", have you read any of the EULAs of the commercial entities that you think are "reputable" and "100% trustworthy"? You can't sue them.
Similarly, do you trust all of the CAs that have certificates in your OS or browser trust store?
Those were the days.
Any Browser can be a reality.
Others like me would. And resource-constrained devices. An eco-system of low-tech sites could emerge with a label signaling them as simple and virtuous.
Dillo
Links
NetSurf
I'm sure people said the same thing when Edge was in beta. "How is Microsoft Chrome(2)?"
(And I think Edge is worse than being Chrome(2).)
Is that a practical sustainable long-term business practice though? Firefox was only able to be free because Google was paying Mozilla. Browsers are some complex software and software developers wanna get paid. I know that the in's and outs of history of browser software has conditioned us to expecting browsers for free but that doesn't reflect the reality of developing the software.
Surely there's space in the browser market for a model akin more to how Wikipedia operates.
Donations by corporations, and edited by powerhungry users (ryulong) and bots?
The Internet being global makes this challenging, and almost all countries (including so-called democracies) wanting to drink as much authoritarian juice as they can get away with does mean that there is plenty of risk here as well. But letting one or a few giant megacorporations entirely dicate the primary intrastructure for information interchange is so much worse.
I know it makes a lot of money for Microsoft but the fact they chose to keep the quality so low really looks bad.
Only thing I have to pull out Chrome for is corporate intranet.
Clueless shareholders on the 59th floor of JP Morgan who don't even use Edge see "oooh VPN, me like buzzwords" and upvote the stock.
Does this mean they will also have the ability to collect corporate data from the browser in companies like mine?
In theory anyway, I pick my ISP. If this was "support for using a VPN" instead of "we're injecting OUR VPN" I would feel a lot better.
I'm aware Im using my ISP. Even someone who doesn't know much about computers knows their traffic is going somewhere. They might not know the repercussions of that, but if this is just transparently on in the background, effectively a keylogger, a user might never know this is happening.
I give my ISP money. Back to the choice option. Some ISPs are bad and are trying to nickel and dime you to maximize profits. Some ISPs are actually good (I'm not swiss so I don't know for sure, but Init7 looks amazing https://www.init7.net/en/support/faq/privatsphaere/). I don't have to question with my ISP "how are they profiting off of me" because I give them money every month. They might be, but they don't intrinsically NEED to be scraping my data. I am not sure how Microsoft benefits from giving me a free VPN unless they are scraping my data.
I can use a VPN to bypass my ISP monitoring if they do monitor. I have no idea how Microsoft's stuff is set up here. If the end result is that it gets routed through their VPN after my VPN, or instead of my VPN, or even through their stuff at all, but with stamped metadata, then there's not necessarily a great way to get around it other than "don't use Edge"
In general, yes, your ISP isn't your friend. But an ISP is something I asked for, have a use for, and need. A Microsoft stealth VPN is none of those things.
Aside from that, this isn’t possible for HSTS sites.
Even more, for self-signed certificate on chrome, there is no button to continue for example. Check https://self-signed.badssl.com/
handelsbanken.se danskebank.se unicredit.it fideuram.it sella.it
unicredit.it is not on the list, but unicredit.ba and unicredit.ro are. (Lines 7331 and 7332) It does send HSTS headers.
danskebank.se and sella.it are not in the file, nor are the base strings, but both sites do send HSTS headers.
fideuram.it is not on the list, and does not send HSTS headers, so they don't seem particularly interested in security. They also haven't set an A record for the root domain, so visiting `fideuram.it` returns NXDOMAIN. Only `www.fideuram.it` exists.
I once wrote them a long email about what two-factor is actually supposed to be and why it exists, and got a reply basically saying "lol ok, our security is great ok?"
I've since switched away from them for a bank which does 'two-factor' by sending codes via SMS, but only when its algorithm decides that it needs to. That's not very often.
Tech support comes in many forms. The owner of the website, a friend who knows about computers, someone else in the workplace, the vendor they purchased their laptop from.
Isn't it possible for the user to disable HSTS. A simple web search produces detailed instructions, from a CA.
https://sectigostore.com/blog/how-to-disable-hsts-in-chrome-...
Also, what does "HSTS sites" mean. Does it mean (a) "official" HSTS via HTTP header alone, (b) "unofficial" HSTS via preload list (see RFC 6797 section 12.3), i.e., the list maintained by Google, hardcoded into a browser, or (c) both. The "unofficial" approach only seems feasible for a limited number of domainnames and unworkable for every domainname in existence.
In tests I have done on Chrome (YMMV), executing "Clear site data" via Developer Tools, or including
in an HTTP response header, e.g., added via a user-deployed proxy, will clear an "official" HSTS block, allowing the "MITM" to proceed.Besides being generally annoying, HSTS allows for setting "supercookies" that persist even in "Incognito" mode
https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a-bro...
The RFC for HSTS even admits how it can be used for web tracking. Not too concerning for the advertising company sponsoring the RFC.
14.9. Creative Manipulation of HSTS Policy Store
Since an HSTS Host may select its own host name and subdomains thereof, and this information is cached in the HSTS Policy store of conforming UAs, it is possible for those who control one or more HSTS Hosts to encode information into domain names they control and cause such UAs to cache this information as a matter of course in the process of noting the HSTS Host. This information can be retrieved by other hosts through cleverly constructed and loaded web resources, causing the UA to send queries to (variations of) the encoded domain names. Such queries can reveal whether the UA had previously visited the original HSTS Host (and subdomains).
I use a loopback-bound forward proxy to enforce zero tolerance for HTTP across all programs, not just the web browser. Everything is sent via HTTPS. The proxy is configured to to check certificates, and deny connections, according to rules I set. I use a text-only browser for noncommercial, recreational web use so I need a forward proxy, if for nothing other than to deal with the spread of TLS. But I also use it for a whole laundry list of tasks.
Maybe it is just me, but HSTS, like much of Google's rhetoric, comes across as unfriendly if not hostile to proxies, regardless of who is running them. Consider this line from the RFC
"The rationale behind this is that if there is a "man in the middle" (MITM) -- whether a legitimately deployed proxy or an illegitimate entity -- it could cause various mischief (see also Appendix A ("Design Decision Notes") item 3, as well as Section 14.6 ("Bootstrap MITM Vulnerability"));"
"Mischief." Does that include inspecting one's own HTTP traffic on one's own network. How about blocking certain methods of tracking, data collection and advertising. Apparently it includes disabling HSTS.
Let's be honest. Google is an undisputed king of "mischief". The stakes for Google mischief are much higher and there have been too many fines to count. Consider the latest. How many people deploying their own proxies get fined $4B. (Arguably, an issue of "control" was at the heart of that decision.)
Here, try this link in Chrome: https://untrusted-root.badssl.com/. When you click Advanced, it tells you "the website sent scrambled credentials that Chrome cannot process". And beyond that there's just no button to bypass it. You can't visit the site. (Sure, there's probably a chrome://flags or --disable-web-security way to bypass this, but that's well beyond the average user's comfort zone, as well it should be.)
EDIT: It turns out there is a "visit this website anyway" option in Safari, but it is not a button, it's a link which you only notice when you click "Show details" button and read the warning.
[1]: https://twitter.com/cyb3rops/status/1561995926666985472?s=20...
I tried on a blank profile to make sure there were no strange settings.
Not sure how that matches.
The user mistake is just clicking "advanced" then "proceed". I know all my family members would do that without questioning.
It works. It's fine. No, it does not need ssl. What, someone is going to hack a floppy driver for a computer, which doesn't even have a built in network stack?!
No, I am not going to do work on it, any work, at all.
Millions of such sites exist, are fine, are safe.
This genuinely happens a lot in the 2020s.
More likely sites get cloned, improve their SEO over the original, and distribute malware.
Sceptical of that claim, can you provide a few documented cases?
Particularly for low-volume sites like the parent post.
Depending on what the drivers are for, you may be a prime candidate for MitM. People already go to your site to download software they're going to run in the most privileged mode. This is a perfect candidate for a type of watering hole attack.
Considering you're providing those for 90s machines, you could be the last resort website for a few interesting industry computers with no security restrictions around them.
Doing that MitM is technically very easy, but in practice pretty hard. You'd have to have an adversary on your network path watching for connections to this particular esoteric low-volume site hosting drivers for machines from the 80s and 90s.
That is extremely unlikely.
I have a much easier way to target that content: Just put up a new site hosting the same content with malware attached. No need for MitM shenanigans.
Security isn't about absolutes, it is about risk managment and being aware of the likelihood and consequence of the risks is important.
You're at a coffee shop or library using their WiFi. Your computer sends a plaintext HTTP message. The attacker just needs to be able to see that message and get a response back to you before the real site does, and the real site is a lot further away than the guy sitting at the table next to you (or the hacked router, if he doesn't want to be there in person). Then they can feed your browser whatever they want.
A login form to phish you, perhaps?
They can even start replying, then go off and fetch from the actual site before finishing the response, if it helps to incorporate the real data.
And update all links to not go back to the HTTP site...
And troubleshoot weird issues (TLS errors are generally not helpful)...
And maintain that setup for years...
Not an insurmountable effort for sure, but if you estimate 30 min for the total additional effort of adding HTTPS to a site then I have a bridge to sell you.
There is nothing wrong with your website. However, you shouldn't be surprised when modern browsers stop working with it. Progress doesn't come free.
I always chuckle at this site does not need SSL post from n-gate.
PS: Use the URL directly in browser because the site doesn't like traffic from HN.
Or just fix your browser settings to not send cross-domain Referer headers.
Frankly, even sadly, they are also entirely forgettable and don’t add enough value to hold back the modern web.
Without HTTPS, the content can be replaced entirely. Last time it was JavaScript that DDOS'd github. If you don't want to serve content over HTTPS, then you don't care what your users receive. Just delete the site and they all get 404's instead, since you already admit that you don't care either way.
If it makes you feel any better, HTTP without HTTPS was a mistake we all made together. It should never have happened.
Given that http predates SSL 1.0 by a few years, somewhat inevitable.
>are safe
No, they are not.
>No, I am not going to do work on it, any work, at all.
If you are too lazy to do it securely maybe you just shouldn't do it at all.
HTTPS everywhere by default can't come fast enough. There is no excuse at all to not have HTTPS support today and browsers should deny access to these lazy and careless sites by default. Anyone who can't spend the 5m to set it up for their website can go kick rocks as far as I'm concerned.
HTTPS can introduce all scenarios for not being able to connect.
I'm not hosting any secret data, but I do want to be able to post from anywhere.
Literally to this day one can read things like the NSA manual for using their software that enables real-time absolute surveillance of Skype: "User's Guide For PRISM Skype Collection." [2] The idea of any degree of privacy from any tech company hosted in America is a lie. The main difference with China is that we lie about our surveillance state, and force companies to lie about it, while China openly advertises theirs.
[1] - https://en.wikipedia.org/wiki/PRISM
[2] - https://www.aclu.org/sites/default/files/field_document/Guid...
but this just reminded me of the failed FB phone and the failed microsoft phone...
Looking at the ones I use daily... headphones, TV soundbar, Xbox controllers, TV remote. None of those provide an interesting attack vector.
My iPhone isn't really going to be connecting to random stuff and leaking data, so I don't really see the risk here. Maybe I'm missing something?
Incorrect -- BT scanners and loggers have been LONG tracking your things avail...
and the fact that Apple doesnt allow you to "turn off" it merely pauses..
both wifi and BT...
they use prox sensors for BT for airtags, wifi etc and ALL OF THAT data in mined like mad.
Any Apple person that says otherwise is lying to you.
How would they do the same for bluetooth? Broadcasting "Dans iPhone" doesn't tell you much.
they have so many correlation engines for device location, that it will soon be impossible to be "off grid", if its not already.
how the heck do you think there are fn leaks from over a decade ago of "text messages received by the government reveal that person X who is on the shit-list was quoted as saying [BULLSHIT] sources close to CNN have stated.."]
ASIDE: Famous story from ~20 years ago was talking about the CIA handlers at CNN... and the revolving door of in-q-tel emps from fb moving back and forth within the security team (one of which had to be walked out of the building for [things])
you dont need "dan's phone" they have had eschelon for DECADES and were able to literally do 6-degrees ppl tracking since the 1990s...
WTH do you think they named it "starlink" instead of sky-net...
And when they built the first part, they were advertising the wonderful things the rural folks in africa's greater continent will benefit, then after a few years they showed that the system will primarily service the dense populations of the coasts of places like the USA and AUS -- which is where a big portion of the five-eyes service.
IMEI and such is a bitch..
iOS is the biggest location tracking platform ever...
Remember when the founder of Android (from Danger) was let go from google with a ~200MM$ golden parachute at $90MM to gtfo?
Story time. Someone I know once got laid thanks to Facebook not encrypting their sessions
My university was still using basic ass unencrypted WiFi with some kind of terrible dns-hijack sign in to “auth”. This of course meant that everyone put their shiny MacBooks on essentially public wifi and logged in to social media in the clear in class.
Some enterprising chaps made a browser extension that made it trivial to snoop any open sessions and impersonate that session in a new tab.
Someone I know would do this during lecture and post to people’s social media as them saying they should pay attention in lecture. Possibly some other scandalous things were said. The hilarity that led from that stranger doing so led to the beautiful nerdy girl sitting behind this person noticing and daring them to post more. That became hanging out, parties, and as far as I know they got married and have kids now.
Literal people exist that wouldn’t otherwise because Facebook didn’t have HTTPS
Firesheep was super big for a while, yeah. I used it to show a few coffee shops that yes, really, WiFi with a password of "password" was measurably better for their customers than no password: https://en.wikipedia.org/wiki/Firesheep
In many cases you can even determine which protocols and general content they are consuming from that IP based on traffic shaping/fingerprinting. The burst of traffic your browser sends when loading a particular site is quite exploitable. There's plenty of software already available that makes use of this.
I suspect this is the corporate motivation. The increased state surveillance and control is a side effect.
EDIT: clarified "US" government, though I don't necessarily intend to suggest other governments are the worry.
https://en.wikipedia.org/wiki/Global_surveillance_disclosure...
the reason microsoft is doing that is because google is forcing their hand with Floc implemented in the browser.
you wont be in ads next year unless you can slurp more traffic than the NSA. and only google can do that today, thanks to chrome + android. apple is a close second.
Good:
* Better privacy from the intrusive ad motivated JS shit hole the internet has become.
* Faster internet for those on slow connections
* Protection from ISP MITM. Many countries now have mandatory data collection laws that ISPs have to follow.
* Better than a lot of shady 3rd party commercial VPN providers.
* Is opt-in (for now)
* Potential to reduce Google's dominance
Bad:
* Obvious MITM choke point, as you mentioned
* Potential control / monitoring by two large corporations
* Business goals usually override users.
Are you sure?
>a VPN baked into Edge appears to be turned on by default, but only for certain use cases.
Though, I do believe that for connections from public WiFi it's somewhat of an improvement. It establishes a minimal security baseline of: "ok, we'll sell your data and let FBI snoop on you, but we won't inject trojans in your downloads and then hijack your webcam to create ransom-porn (though the FBI/??? might)".
However, there analogy is not 100% on point.
Out of the perspective of a PRISM Premium Partner this makes perfect sense.
I think the other side of this is if you have FBI attention, do you really want to look more suspicious? Whatever fight you try with them you will not win.
If Edge is using DoH, you're out of luck.
You are hearing it from a third party exactly because they couldn't construct any explanation minimally realistic that sounded good.
Partnership with cloudflare, selectively enables when you are connected to untrusted networks like public wifi.
Pretty much the only downside is that they turn it on by default... which is always tricky when most of your target audience is not computer savvy in the least.
How to give people security features that they have to figure out themselves when they can barely open the browser .. a dilemma for the ages.
For the most part, product features like this are shipped for boring and completely non-nefarious reasons. It's just hard to believe that if you've never worked on one.
Windows is an appliance (an interface) for amazon shopping and watching netflix.
The MS telemetry has proven that 99.999% of consumers do not tweak default settings or dig under the hood.
The 1-2 million now former "windows power users" are just too small population to be economically feasible to deal with.
For MS it does not matter to lose those few to other tweakable OSs.
Instead MS's product department is dreaming of scooping the remaining billions of cash-laden consumers. Presumably this is what the telemetry tells them.
Cash is good, consuming is good, keeps the economy running, making shareholders happy.
Because of microsoft history. Including recent history.
Also:
> Brave, Mozilla, and Vivadi have said they intend to continue supporting Manifest v2 extensions for an indeterminate amount of time.
But the thing they offer from Mullvad is no better than a traditional VPN (because it is a traditional VPN). And even more limited because it only works in the browser.
And indeed the circumvention of Pihole is a big problem.
Some ISPs also needlessly block certain sites (ex. Verizon blocks nyaa.si)
For better or worse Microsoft (or other corps) have not done that in recent memory afaik. They might do equally dodgy stuff in other aspects, but they don't tamper with the integrity of your connection (they might sniff it a bit).
Sure, the first guy could be a liar, but I know that the second guy is a thief.
I don't care about geo-blocking - my only threat model is to keep a scumbag ISP at bay.
Edit: I should add that keeping sites I browse from knowing my IP is also part of my threat model.
Everyone I know who has a VPN subscription simply uses it to prevent DMCA letters from their ISP when torrenting.
VPN providers with a "no logs" policy simply shrug these off.
ok I'll bite, let's hear it
Server-side control has been making software piracy less and less viable, video games sorta included. And a lot of mainstream games have found ways to make money without charging to buy the game upfront.
Yeah, to me, a VPN is only a way around geo restrictions.
FWIW, it is not bad performance-wise.
But for a windows domain environment Edge makes sense.
- Comes builtin, no need to patch browsers separately and worry about outdated Google Chrome installs in a 1000+ computer fleet.
- Integrates with Office 365 that the company already use/pay for.
- Can be managed with policy over Office 365 or Intune
- Has IE Enterprise Mode for the old apps that need IE11
For Teams, the alternative is this:
- Pay for Zoom AND Slack AND Office 365 AND have IT personell manage all 3
- Pay for Gsuite and use... hangouts?
or
- Just pay for Office 365 and get email, fileshare, office suite and chat/fileshare/video tool all in one that works "fine" and can be managed all in admin.microsoft.com (that goes into 500 different portals that all change each month but I digress...)
Oh, and you can use whatever browser, even if its not the default. I use Firefox but Edge is the default one.
You're already sending data to MS anyway
(I use Firefox, but if I were to use a chromium browser it wouldn't be Edge or Chrome...)
I don't know them, so I don't trust them.
e.g MS doesn't want to steal money from my card
also "ungoogled Chromium" - The process is Chrome is Googled Chromium.
Chromium was a thing before Google-Chrome..
Edit: My mistake: Chrome and Chromium were release the same time.
I'd rather write my own browser from scratch
I've had this discussion with other people too, just because you don't want to doesn't mean you can't. So your point of suspecting something nefarious is moot for me until you can back it up.
Using Edge doesn't change much, meanwhile using ungoogled Chromium means that I have to trust additional actors
Additionally MS inserting e.g "backdoor" into Edge could cost them a lot of in PR damages meanwhile what if ungoogled chromium inserted some kind of "backdoor"?
I don't even know people who maintain it, so I wouldn't even be able to break their windows or throw eggs at them
I hear your point on this, it's pretty hard to put your faith in a browser that updates regularly and not just for schema reasons. But you seem okay with Edge..
> Using Edge doesn't change much, meanwhile using ungoogled Chromium means that I have to trust additional actors
This is where I'm confused.
> Additionally MS inserting e.g "backdoor" into Edge could cost them a lot of in PR damages
I'm not an M$ hater, they've been incredible. dotNet core is a gift. GoPilot is a good use of whatever we're doing here. But why do you think if they could work a 'backdoor' (without leaks from employees) would actually matter. Their fine would be minimal.. See FB
I think we've come full circle. I'm defending your point that Edge might be just another 'Okay' browser.
Because I'm already on Windows, thus I already trust Microsoft
>I'm not an M$ hater, they've been incredible. dotNet core is a gift. GoPilot is a good use of whatever we're doing here. But why do you think if they could work a 'backdoor' (without leaks from employees) would actually matter. Their fine would be minimal.. See FB
On the other hand take a look at Intel - they had security issues and not even intentional and there was a lot of dmg to their brand due to all those CPU related vulns in last years
no it wasn't.
They were both launched the same period, but chromium was the 'trimmed' down open source version.
You can download Chromium[0], but people tend to be referring to the project called "Ungoogled Chromium"[1] to remove any calls to Google domains, eg. safe browsing, which are still present in Chromium.
0: https://www.chromium.org/getting-involved/download-chromium/
1: https://github.com/ungoogled-software/ungoogled-chromium
Please compare the severity and extent of
https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Privacy...
with
https://en.wikipedia.org/wiki/Criticism_of_Apple_Inc.
Depending on how you weigh the issues MSFT is far from equivalent on privacy
In general it feels like Apple has won the trust of the public, partially through good products, partially through good marketing.
[1]: https://mspoweruser.com/macos-big-sur-has-its-own-telemetry-...
Windows 10 is a privacy disaster compared to previous versions of Windows. They track every single app and website you open, what files you have on your PC, and much more.
... while the browser is watching you [1].
> Microsoft isn’t that bad
Yes it is. That bad.
[1] https://en.wikipedia.org/wiki/In_Soviet_Russia
There is a good reason why Trident is alive and kicking, people just don't know about it. But it's the reason for more than 98% of exploits, because shitty software of Microsoft still uses Trident to render MSHTML based documents (office etc).
The same will be true for a traffic-observing webview2, for decades to come. And it will never be removed again, because of Microsoft's development philosophy.
Ally bank recently did this and many others have intermittent issues due to flagging, etc.
>try to connect to ally
>vpn not allowed - try connecting through on of our authorized vpn partners: microsoft, nordvpn!, etc.
AFAIK Cloudflare isn't a data thief (yet). If (when) they decide to be, they will have access to quite a lot at the rate they are going. At this point, how can we trust that any public company won't eventually monetize user data?
They're in the business of competing with AWS and are pretty damn good at it, too.
Completely blocking a VPN is often too blunt an instrument, but even the best alternatives are unfriendly to legitimate traffic. The most user-friendly thing you can do is to rely on bonus security controls, like asking for two factor authentication for everything. No, you will not be able to log into anything from a new device, even, without the two factor. A very understandable tradeoff for a bank, but we'll end up seeing that for any account protecting anything of relatively low value.
If your second factor is tied to, say, a phone, it's not going to be fun to wait to replace it if it's lost. But in a world where most traffic is coming from a VPN, there aren't many good alternatives.
All JavaScript scripts are blanked by Squid ICAP clients.
WireGuard to a VPS for DNS resolver/nameserver.
Run a mean transparent Squid proxy, Snort/Zeek/Suricata and whitelist bastion dns forwarder.
No problem. No spam. No headache.
Not much you can do about them having decrypted traffic for sites that use them.
Yes, that’s the huge chunk I’m talking about, and when you use them as your VPN they can effortlessly trace that decrypted traffic to you.
Other options of securing DNS included "just" encrypting traffic to DNS server. But no, they decided to centralize sending DNS records via HTTPS
Most Internet traffic today between A and B is decrypted by C because of this.
HTTPS and transport security isn’t a broken idea.
Standardized content security has been tried in many contexts and has typically been even less secure unless it’s for long lived opaque media, like S/MIME for emails. Structured data like XML security has been abysmal.
OK? And what happens after that? After you go over your 1 GB cap? You're cut off from the internet?
* GET bank.example.com/accounts
* GET bank.example.com/accounts/1
vpn disconnect
* GET bank.example.com/accounts/1/details <- 403 new IP, who dis?
It seems using a VPN from your browser vendor does not increase your risk. I don’t think a VPN would have any information that your browser did not.
I oftentimes see people using Chrome (not Chromium) while logged into a profile. Are you telling me that either those people are actually a minority, or that Chrome doesn't phone home?
I can observe who my browser/OS talk to (beyond the sites I already visit) – but what happens inside a VPN provider is impossible to tell.
From a personal perspective, goog and microsoft are basically equivalent and I don't want either of their browsers.
I, personally, am quite against using a Google browser (or derivative), but for my gaming PC where I only launch the browser once in a blue moon, I just can't be bothered to download anything else since Edge works. On my work PC I use Firefox, and am quite happy with it.
https://vivaldi.com/blog/vivaldi-business-model/
but hops from 9 to 30 are "blank" like this: 30 * * *
the last non-blank hop is this: 8 M5-HOSTING.bar1.SanDiego1.Level3.net (4.16.110.170) 69.921 ms GIGLINX-INC.bar1.SanDiego1.Level3.net (4.16.105.98) 60.600 ms M5-HOSTING.bar1.SanDiego1.Level3.net (4.16.110.170) 69.882 ms
I'm not an expert on internet routing but it seems to me a bit disconcerting how much of web traffic is already routed through cloudflare servers. This centralization scares me.
Some people want to use the Adobe suite on user upgradable hardware.
If you come out of your bubble you'll see there's plenty of reasons to still use Windows (typing this in Firefox running on Fedora, FWIW).
This is why people tolerate Windows in 2022.
I'm not saying I like it, I was just trying to answer your question :)
Now why didn't they call it Microsoft Secure Network! And MSN in short.
And next they should start a VPN'ed messaging service, they can name it "MSN Messenger".
But do not forget that Opera 7 was release TWENTY YEARS AGO. Things are a bit different now. Think eternal september.
These days with widespread HTTPS, the only way to do this is to bake it into the browser itself.
And of course, this was back when you could trust Opera to do what they said they were (or weren't) doing.
https://en.wikipedia.org/wiki/Google_Web_Accelerator
It's not even that it served a minified version, too. It basically did all layout server-side, so the client got something more akin to a PDF of the webpage optimized for its screen size. It also compressed images.
These days that probably wont even manage the tracking requests being sent from the machine a month.