←back to thread

Who Owns, Operates, and Develops Your VPN Matters

(www.opentech.fund)
201 points sdsantos | 1 comments | 03 Sep 25 16:51 UTC | HN request time: 0s | source
Show context
fujigawa ◴[03 Sep 25 17:28 UTC] No.45118394[source]
Commercial VPNs will go down as one of the greatest money-making schemes of the last decade. Outside of a few specific use cases their sales often rely on leveraging non-technical users' fear of what they don't fully understand.

I have non-technical friends and relatives that have fully bought into this and when I asked why they use a VPN I got non-specific answers like "you need it for security", "to prevent identity theft", or my personal favorite: "to protect my bank accounts".

Not a single person has said "I pay to route my traffic through an unknown intermediary to obscure its origin" or "I installed new root certificates to increase my security."

replies(16): >>45118443 #>>45118486 #>>45118558 #>>45118644 #>>45118672 #>>45118693 #>>45119064 #>>45119252 #>>45119261 #>>45119717 #>>45119817 #>>45119936 #>>45120136 #>>45120782 #>>45124630 #>>45126517 #
tomrod ◴[03 Sep 25 17:33 UTC] No.45118443[source]
Commercial VPNs do indeed vaguely promise to protect your data, access, etc.

For those of us that are technical but unschooled, what resources would you recommend we learn from?

replies(3): >>45118477 #>>45118490 #>>45119575 #
1. gardnr ◴[03 Sep 25 19:29 UTC] No.45119575[source]
The gist of the report summary is that VPN companies can be really shady. At the same time, these companies enjoy an undeserved implicit trust from the public.

Sending all our data through an untrusted intermediary is a bad idea. Installing software from an unknown company (that hijacks the machine's entire network stack) is not a good way to protect data.

It all really depends on what you are protecting against. For the average person wanting to protect data and avoid being tracked, setting up thoughtful DNS infra, and a basic firewall, is probably more effective than using a commercial VPN from your home network.

For public networks, it's probably safer to set up a VPN server on your home network and use that in case you need to connect to public wifi or some other potentially hostile network.

I'm not aware of any authoritative article on this topic but I generally share writings by Schneier. This one touches on the subject: https://www.schneier.com/blog/archives/2021/06/vpns-and-trus...