Hacker News new | past | comments | ask | show | jobs | submit login

So, should they be requested to do so by a formally issued court order, they would comply and start logging a user’s activity, but do not do so by default.

Calling them worthless at providing secure browsing seems far-fetched; calling them a scam is fully disingenuous.




What, specifically, is the “secure browsing” that they offer and how does it improve on HTTP over modern TLS?

Funnelling your traffic through another entity doesn’t magically increase security.


*Tunneling* it through one hides the nature of that traffic from intermediary systems that it traverses from you up to that VPN exit point.

There is a lot of metadata in packets that can be viewed by any interim hop, like your ISP, workplace IT security, ARP-cache-poisoned coffeeshop router, etc.


> ARP-cache-poisoned coffeeshop router, etc.

Eh, that's not really a thing anymore.


Not for Starbucks, who does fancy per-user VLANs, but for your local spot that's using an AP-router-combo they bought at Best buy, it sure is.


Being able to cover/scramble your actual or virtual location can provide security in some contexts


It also would prevent your ISP or local attackers from seeing the domains you are reaching out to, which is still visible over https.

It's all tradeoffs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: