Hacker News new | past | comments | ask | show | jobs | submit login

Yes. Yes! I’ve never understood how people argue that they are somehow better than an ISP by default.



My ISP throttles connections (strangely including Zoom).

My ISP mines my data and sells it to the highest bidder despite costs not coming down.

My ISP determines what I can look at and can't (such as torrent sites).

My ISP is participating in anti-competitive behavior and I need the internet but I don't have a meaningful way to tell them to fuck off.

My VPN doesn't log. My VPN doesn't filter my traffic. My VPN reduces what my ISP can know about me and monetize me. My VPN allows me to access sites appearing in different countries or as a different user which changes what content websites serve to me, including price of products.

VPNs are a soft security practice, but one hell of a way to tell your ISP to fuck off. I think there's this group of people that say "oh, a security feature isn't bullet proof, therefore it is useless." But this is just dumb. All security features are probabilistic in nature and depend not only on how you use them, but your threat model and the will of your adversary. For people, like me, trying to escape dragnet operations VPNs do help. But alone they aren't enough and that's okay.


Well said.


My ISP is subject to my local laws. Which are not good, in terms of my privacy.

My VPN provider is not - but is obviously subject to their local laws. Which are almost certainly also not good for my privacy either.

Spreading the threat across two different jurisdictions is without doubt "somehow better" than just using my ISP, at least in the case of protection against snooping by non serious crime law enforcement.

(Where I am, organisations like local councils, the taxi commission, fishing inspectors, and dog catchers - can all access our "mandatory telecommunications metal data retention" stuff with very little oversight... While my VPN is still in five eyes, so there's no point pretending national security, intelligence, or serious crime like terrorism/drugtrafficing would have no trouble getting cross jurisdictional access, I'm pretty sure the fishing inspectors or dog catchers won't have that sort of access.)


What threat model are you trying to protect from by using VPN, and why is HTTPS + DoH (DNS over HTTPS) not sufficient for that threat model ?


HTTPS still reveals the domain you're requesting, last I checked.


The eSNI/ECH extensions fix that.


It can’t fix the problem that it reveals the ip address you’re connecting to though. Even if the sites you’re visiting are all on servers that virtual host heaps of other sites as well, it certainly narrows that haystack down to a handful of bits of hay with your bright shiny needle standing out in the middle.


...if you manually turn it on in Firefox and the websites you're connecting to support it.

I don't know where things stand with other browsers.


Because not everything uses a bloated, web-first protocol.


I get letters and my internet turned off if I torrent on my ISP I don't using VPN. Simple as.


In Sweden we got the "datalagringsdirektivet" that says that every operator must keep their traffic for 6 months. VPN-providers are not bound to this law so that's my reason.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: