this post was submitted on 06 Oct 2024
726 points (90.7% liked)

Technology

60101 readers
1864 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 381 points 2 months ago (36 children)

What is he talking about, public WiFi can easily poison and monitor your DNS requests (most people don't know or use encrypted DNS), and there's still tons of non-https traffic leaks all over the place that are plain text. Even if encrypted, there's still deep packet inspection. VPNs can mitigate DPI techniques and shift the trust from an easily snoopable public WiFi to the VPN's more trustworthy exit servers.

This guy really needs to elaborate on what he's trying to say when the cyber security field very much disagrees with this stance. I'm not a huge fan of Proton, but they aren't doing anything wrong here. You should use it for public Wi-Fi.

[–] [email protected] 71 points 2 months ago* (last edited 2 months ago) (7 children)

Yup. You can grab any unencrypted data passed between the user's browser and a server literally out of thin air when they're connected to an open access point. You sit happily at the Starbucks with your laptop, sniffing them WiFi packets and grabbing things off of them.

Oh and you have no idea what the myriad of apps you're using are connecting to and whether that endpoint is encrypted. Do not underestimate the ability of firms to produce software at the absolute lowest cost with corners and walls missing.

If I was someone who was to make money off of scamming people, one thing I'd have tried to do is to rig portable sniffers at public locations with large foot traffic and open WiFi like train stations, airports, etc. Throw em around then filter for interesting stuff. Oh here's some personal info. Oh there's a session token for some app. Let me see what else I can get from that app for that person.

[–] [email protected] 25 points 2 months ago (2 children)

Just FYI https://shop.hak5.org/products/wifi-pineapple. There are ready-made devices that can do basically what you are describing!

load more comments (2 replies)
load more comments (6 replies)
[–] [email protected] 42 points 2 months ago* (last edited 2 months ago) (3 children)

How is DPI a problem if it's encrypted? That would only work if the attacker had installed their CA cert on your client machine, right?

[–] [email protected] 48 points 2 months ago (1 children)

I’m doing DPI on my own network and I can still view TLS certificate fingerprints and some metadata that provides a good educated guess as to what a traffic flow contains. It certainly better that it’s encrypted, but there is a little information that leaks in metadata. I think that’s what was meant.

[–] [email protected] 30 points 2 months ago* (last edited 2 months ago) (1 children)

True, but this is generally not useful information to anyone. They can see you're visiting bank.com, but they still can't see your bank details.

It might be useful if they're trying to target you for phishing, but a targeted attack is extremely unlikely.

Also, any wireless equipment from the past 15 years or so supports client isolation.

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 32 points 2 months ago (3 children)

Dpi only works if they install a cert on your phone. Else they can't crack it (in real time) or you would receive HTTPS errors

load more comments (3 replies)
[–] [email protected] 28 points 2 months ago (3 children)

Yeah, while it is true, lots of VPN companies are grifts just buying VPS's and installing OpenVPN, this "Cyber security expert" puts far too much faith in HTTPS and probably never seen a lecture from the Black Hat conference

load more comments (3 replies)
load more comments (32 replies)
[–] [email protected] 147 points 2 months ago (8 children)

When I first saw this I thought it was funny. The fact that so many people are falling for it has only made it even funnier.

FWIW, Haley Welch might seem dumb as bricks, but she also seems quite sweet - doing charity stuff, keeping her other friend from "that" vid for the ride, etc. As far as people becoming famous for bullshit reasons goes, she seems to be handling it well.

[–] [email protected] 95 points 2 months ago (3 children)

I feel bad for her, honestly. She was open about her sexuality and she's conventionally attractive, so now she has all these leering old men on TV slobbering all over her.

Bill Maher practically tried to talk her into bed on his show with his creepy shit about mentoring her.

[–] [email protected] 32 points 2 months ago (1 children)

Oof. What is up with these creepy, sweaty dudes on talkshows? I know they somewhat reflect the general populace, but to pull shit like this on air is just boggling.

load more comments (1 replies)
[–] [email protected] 19 points 2 months ago* (last edited 2 months ago) (1 children)

You know, you're the first person I've seen that's shared the same view as me (not that I've spoken about the topic much! lol)

Woman admits that she has performed an extremely benign sexual act before - ghasp! A girl has given someone a blowjob before!

And more than that, she has a "dumb" accent! Let's make endless memes about her online basically calling her a slutty moron whose only life skill is sucking cock.

Honestly no wonder women feel pressured to pretend they have no sexual desires

load more comments (1 replies)
load more comments (1 replies)
load more comments (7 replies)
[–] [email protected] 133 points 2 months ago (7 children)

I don't know how effective VPNs are over a public WiFi network, but I do know it stopped Spectrum from sending me "you are downloading copyrighted material, stop it" emails once I started using one. Fuck Spectrum, I don't have them anymore, but that seems like a good enough reason to keep using one in certain circumstances.

[–] [email protected] 52 points 2 months ago (10 children)

They need to advertise a legitimate use for their service.

If they don't have a threat from public wifi or other security concerns to remedy, then the only purpose for their service is to bypass region limits and block infringement notices. They would be considered complicit in such infringement.

That their service also hinders efforts to stop pirates needs to be an "unintended" and "unavoidable" side effect.

load more comments (10 replies)
[–] [email protected] 35 points 2 months ago (9 children)

On public WiFi I just vpn into my home network. The issue with public WiFi is that it can be sniffed by anyone in range since there is generally no encryption.

Although pretty much everything we do is over tls these days, and DoH helps protect against even dns sniffing. There's still at least some risk to working in the clear over a public WiFi network. At least in information gathering, what bank you use, etc.

But, there's no real benefit in using a paid vpn over one you own unless you're downloading illegal content, want to watch another Netflix region, or are in a country with heavy Internet monitoring/filtering.

load more comments (9 replies)
load more comments (5 replies)
[–] [email protected] 92 points 2 months ago* (last edited 2 months ago) (4 children)

Considering how most of the Internet is encrypted with TLS, if you add DNSSEC+DoH/DoT on top, trying to MITM someone on a public WiFi is way harder than it was, unless you're a state-level adversary and you're able to craft valid certificate for a domain you don't control from a globally trusted (root) certificate autority (which will lose its trusted status quite fast once discovered, ex: CNNIC)

[–] [email protected] 52 points 2 months ago (5 children)

Not all applications on your computer may be encrypting their packet traffic properly, though. That goes especially for the applications that might be trying to reach out for resources on your local home network (like printers, file shares, and other home servers) as well as DNS requests which are usually still made in the open. I would not recommend eschewing an entire security layer willy-nilly like that. On public Wi-Fi, I would definitely still suggest either a VPN or using your cell phone as a tether or secure hotspot instead if possible.

load more comments (5 replies)
[–] [email protected] 38 points 2 months ago (9 children)

Yeah, the days of your local coffee shops Wi-Fi being a problem or mostly gone. Not the VPN doesn't have a place anymore though. If you're trying to hide your downloading of ISOs from your ISP it's still a perfectly reasonable method. Or temporarily relocating yourself to another country to make a purchase or watch some streaming content both perfectly reasonable.

Of course some of the streaming providers are getting wise to this.

[–] [email protected] 30 points 2 months ago (4 children)

why would I need to hide my terabytes of Linux ISO downloads?

[–] [email protected] 24 points 2 months ago (2 children)

Bill Gates, man, Bill Gates

load more comments (2 replies)
load more comments (3 replies)
load more comments (8 replies)
load more comments (2 replies)
[–] [email protected] 88 points 2 months ago (7 children)

I’m not online enough to understand this.

[–] [email protected] 47 points 2 months ago (6 children)

Hailey "Hawk Tuah" Welch is an influencer that gained a lot of popularity from her nickname (the sound of spitting, with HEAVY implications of performing fellacio). She used her platform to voice a very reasonable and intelligent opinion, which surprised a lot of people because her nickname is essentially blowjob queen.

One of her opinions is that it's important to spread cyber security and used her fame to try to educate the public (potentially a fake story from the image? Idk this drama). And some xit-head claiming to be a cyber security expert ate the onion and offered some shitty advice. Proton fact checked them, because there are a ton of fake news stories about her right now.

[–] [email protected] 25 points 2 months ago (1 children)

I'm pretty sure that Proton quoting her in the first place is fake. I know she's milking her 15 minutes of fame for all she can, but this seems outside her experience.

load more comments (1 replies)
load more comments (5 replies)
load more comments (6 replies)
[–] [email protected] 73 points 2 months ago (12 children)

I don't understand why everyone assumes using a VPN means paying for a third party. I have Wireguard deployed in my NAS and I always have that VPN connection active on my phone to be able to access my LAN deployed services remotely, Jellyfin for example.

[–] [email protected] 25 points 2 months ago (10 children)

Most VPNs sell themselves on encrypting your traffic to an endpoint that either is in a different locale to get around region locks or to put it out of the grasp of the RIAA so they can’t send your ISP copyright notices.

While remote access to a local network is a good use case for a self-hosted VPN it’s totally unrelated to the use case for commercial VPNs

load more comments (10 replies)
load more comments (10 replies)
[–] [email protected] 68 points 2 months ago (3 children)

This was nothing more than a poorly executed joke from Proton. Some people are massively overreacting.

load more comments (3 replies)
[–] [email protected] 57 points 2 months ago (6 children)

obviously the shitty VPNs like NordSurshark, TorGuard, Tunnelbear, cyberghost and PrivateInternetExpress suck...pretty much every VPN that's part of some giant conglomerate sucks ass in terms of privacy and security

But then there's iVPN, Mullvad and ProtonVPN and even Adguard VPN which do very little to no advertising at all and allow their products to speak for themselves. I mean...Kitboga and RionaPoison are sponsored by Proton, but Proton is a good company that takes their security and the security of their swiss-law-abiding users very seriously.

Don't be a scumbag and Proton won't snitch on you.

[–] [email protected] 29 points 2 months ago* (last edited 2 months ago) (7 children)

The VPNs you characterise as "shitty" aren't necessarily a bad choice; they're cheaper than the legitimate privacy VPNs. Mullvad is famously 5€ per month, Proton is 4.49€ per month, but NordVPN is 3.09€, Surfshark is 2.19€, and PIA is 1.79€ per month.

If you're really just here to pretend you're in another country (rather than privatemaxing) or hide your torrenting activity from your ISP, the cheaper options can be a perfectly legitimate choice.

load more comments (7 replies)
load more comments (5 replies)
[–] [email protected] 53 points 2 months ago (1 children)

I have a vpn for... reasons... 🏴‍☠️⚓️🏴‍☠️

[–] [email protected] 18 points 2 months ago (15 children)

I have VPN so I can look at porn.

load more comments (15 replies)
[–] [email protected] 44 points 2 months ago (1 children)

I assumed it was a joke. My feed has been full of jokes about her talking about urban planning and transit oriented development.

load more comments (1 replies)
[–] [email protected] 37 points 2 months ago (1 children)

I'm sure as shit trusting proton over some random public network in a cafe setup by some random open reach engineer or something

load more comments (1 replies)
[–] [email protected] 34 points 2 months ago (2 children)

Can someone share proton's response? I don't have a xitter account

[–] [email protected] 22 points 2 months ago (3 children)
[–] [email protected] 30 points 2 months ago

Appreciate the alternative!

Grabbed this screenshot because I don't trust anything on Twitter to stay visible (or the platform to even be stable)

https://protonvpn.com/blog/public-wifi-safety/#:~:text=5%20ways%20to%20stay%20safe%20on%20public%20WiFi

load more comments (2 replies)
[–] [email protected] 18 points 2 months ago (1 children)

Nobody has a Xitter account.

[–] [email protected] 16 points 2 months ago (2 children)

Millions and millions of idiots do.

Is this some highly-voted pedantry about the site not technically being called "Xitter"? Or wtf is going on in this thread....?

load more comments (2 replies)
[–] [email protected] 34 points 2 months ago (3 children)

Thank goodness someone explained that to me. I was startong to wonder if she was some sort of technology expert, or something.

load more comments (3 replies)
[–] [email protected] 33 points 2 months ago

Don't hire that contractor lol

[–] [email protected] 32 points 2 months ago

This was poorly executed. The National Park Service twitter account does jokes well.

[–] [email protected] 16 points 2 months ago (8 children)

So I'm confused networking stuff has never been my strong suit, is this saying you can still be fucked on public WiFi even if you connect through a VPN?

[–] [email protected] 50 points 2 months ago (10 children)

There are some attacks you are vulnerable to on public WiFi that a VPN can help with.

More generally, whoever is transporting your data knows who you are talking to. If you don’t use a VPN, your ISP and whoever owns the router know what websites you are visiting (although they don’t know the specific content). If you use a VPN, your ISP and router know you are using that VPN, but not what websites you are visiting. Now your VPN knows what websites you are visiting, but they still don’t know what the content is.

I hope that helps.

load more comments (10 replies)
[–] [email protected] 20 points 2 months ago (2 children)

Networking stuff IS my strong suit, and I'm confused about what points most people here, including OP, are trying to make here. Maybe I'm just not awake enough yet.

Wtf proton what? What do people think Proton is saying and what's the WTF part...?

load more comments (2 replies)
[–] [email protected] 20 points 2 months ago (1 children)

No, the context is that for many years, shady commercial VPNs would sponsor YouTubers and the scripts they were given were full of lies and half truths about the dangers of public WiFi, with the implication being that if you purchase their VPN service they will “protect you”. But the problems these VPN companies were claiming to solve have already been solved by HTTPS and it’s perfectly fine to use public WiFi without a VPN. They are using scare tactics to sell you a product.

What this poster is saying is that they’re disappointed to see this same fear mongering misinformation from Proton, who have an otherwise good reputation for being consumer friendly.

load more comments (1 replies)
load more comments (5 replies)
load more comments
view more: next ›