This. And the idea that these so called ‘VPN’ services somehow improve your security and privacy on the internet is laughable. All they do is let you get onto the public, untrusted, internet through a different on-ramp. There is no point to them. The internet is just as untrustworthy through a VPN service as it is through any other internet connection.

But you're not a kid anymore and nowadays it's way harder to crack public wifi networks.

Fearmongering by VPN vendors is very real.

I wouldn't have a problem browsing my home banking on a public wifi network. Everything is tls-encrypted, my browser can do dns-over-https, and anything important (including the login) requires me to enter an one-time code from my non-smart token.

And by the way, on a public wifi you might be pray of the occasional wifi attacker where as if you're using a vpn from a vpn vendor you're by definition giving all your traffic to a company whose main specialty is networking, usually under the vague promise not to log your traffic.

The whole idea of VPNs and why I encourage people to use them is so that when they're sitting on public wifi at a coffee shop, their traffic is going out encrypted. It has almost nothing to do with hiding from authorities or authorities surveilling you. It has everything to do with the kiddiot in the corner hoping to steal a login because your mom re-used the same one 400 times and her favorite cross-stitch site doesn't use SSL.

I’m sorry but wtf?

You’re saying that, in my own home, I should just accept that my devices connect to an external wifi against my will and VPN back into my own home… while in my home?

Seriously?

:(. that's really frustrating. So you really need to vpn to a secure network anytime you use free Wi-Fi?

No, you're just delegating those capabilities to some completely unregulated random actors instead.

> which means any sort of shady bullshit would be a virtual death sentence

This assumes that their shady bullshit is discovered by someone. I would bet good money that the vast majority of it isn't. They could be sampling traffic and selling it to other companies without modifying it and users would never be any the wiser.

Honestly, I wish we could get past this broken narrative that VPNs are a panacea.

Unless you run this yourself, I don't understand why you nor anyone thinks that adds to their data integrity? VPNs can, have, and are the subject of break-ins and have their own agenda and or government oversight.

People think that VPNs are this magical black box that makes you secure and private, because the YouTube ads told everyone so, the reality is that you are just adding an extra point of trust or potential failure. The needle has barely moved.

All while making performance, in particular latency, worse.

Conflating "I use a VPN because my commercial ISP would probably sell my data if given the chance" with "I'm a potitical dissident being directly attacked by a nation-state actor".

You can still use a VPN despite it being vulnerable to your governments quantum computer...

Sure, it's hard to find a trustworthy VPN provider, but that's not to say they don't exist

Is it really? I guess it depends on what sort of threat you are trying to protect yourself from.

Using public wifi lots of places leaves different traces at completely disconnected ISPs/service-points. For an attacker, obtaining and correlating all these is probably not a realistic option.

Consistently using a third-party VPN service (as opposed to hosting your own) centralizes all your data in a single point which is much easier to target.

Except that using a VPN then funnels _all_ of your traffic through a single server which is ideally placed to monitor your browsing activity. And, VPN providers tend to be quite hard to evaluate for their trustworthiness.

This is nonsense. It depends entirely on your goals. It's important to me that my ISP doesn't know what I'm doing while I couldn't care less if my VPN provider does. I also need to circumvent geoblocking from time to time.

VPN is dead because some customers want you to route the internet interfaces of all machines through the VPN server.

How does this even make any sense?

Why not? Doesn't it depend on your purpose and threat level? If you have state level actors chasing you than VPNs will only be part of your opsec toolchest — preferring TOR where possible and being very strict about where you access the internet (certainly not at home). But if you are just downloading the latest episode of Sherlock from your local hive of wretched scum and villainy, a VPN will surely help.

VPNs are only part of the solution of course (not using any social media, not connecting to any of your normal accounts, limiting VPN use to whatever it is you want to keep private), but you seem adamant that even this is not a valid use of VPNs, or am I misreading your posts?

Which is precisely the use case I use a VPN for.

I'd rather trust an at least somewhat trustworthy VPN provider with my data than a random coffee shop and clients who happen to be on the same network at the time.

The problem is that it doesn’t actually change anything while giving a false sense of security.

Your VPN’s ‘improved’ privacy is just as worthless as the privacy you get with just your ISP. If something requires privacy, neither can be used, and if it doesn’t then why should it matter which one you use ?

Privacy is an on/off thing. Either you have it or you don’t. There is no in-between.

This is not factually accurate.

Redirecting your connectivity can be a good thing, if the VPN has a strong privacy policy, since ISPs are pushing to be able to sell browsing histories (via DNS records).

And a VPN is great when your "ISP" is unencrypted public wifi.

You might not be able to trust your VPN provider, but if you're paying them and they're relatively reputable (located in the US or EU) they will be regulated if they violate their privacy policy. (Ex: deceptive trade practice invokes FTC's section 5 authority)

Also, we're on HN - many of us roll our own VPN with Streisand etc.

Maybe you should stop parroting kneejerk contrarianism every time you encounter common advice.

A VPN is inherently not a privacy tool. It is perceived that way because of the acronym Virtual 'Private' Network but privacy is not in the design specs at all.

It's just for tunneling over untrusted networks like Starbucks Wi-Fi and spoofing your geo-location. That's it. You can't verify the no-logs claims by providers unless you're physically in their building and auditing the setup yourself.

Because the airport made a shitty choice in designing it's wifi, and people who connect to such networks are making shitty choices.

HTTPS is nothing more than a content protocol wrapped in a transport encryption layer used for a subset of your overall traffic.

When you connect to an open wifi network your device is literally screaming 1s and 0s into the air like a maniac. A subset of these 1s and 0s are the things you're actively telling the computer to do. Most of this stuff is things like ARP, Name resolution services and other stuff that isn't encrypted for perfectly understandable reasons.

Instead, when connecting to an open airport wifi network, a personal decision is made that the connectivity is more important than encryption. Airport wifi connections could and should be encrypted with AP client isolation, but they aren't.