What the hell Proton!

What is he talking about, public WiFi can easily poison and monitor your DNS requests (most people don't know or use encrypted DNS), and there's still tons of non-https traffic leaks all over the place that are plain text. Even if encrypted, there's still deep packet inspection. VPNs can mitigate DPI techniques and shift the trust from an easily snoopable public WiFi to the VPN's more trustworthy exit servers.
This guy really needs to elaborate on what he's trying to say when the cyber security field very much disagrees with this stance. I'm not a huge fan of Proton, but they aren't doing anything wrong here. You should use it for public Wi-Fi.
- Yup. You can grab any unencrypted data passed between the user's browser and a server literally out of thin air when they're connected to an open access point. You sit happily at the Starbucks with your laptop, sniffing them WiFi packets and grabbing things off of them.
  Oh and you have no idea what the myriad of apps you're using are connecting to and whether that endpoint is encrypted. Do not underestimate the ability of firms to produce software at the absolute lowest cost with corners and walls missing.
  If I was someone who was to make money off of scamming people, one thing I'd have tried to do is to rig portable sniffers at public locations with large foot traffic and open WiFi like train stations, airports, etc. Throw em around then filter for interesting stuff. Oh here's some personal info. Oh there's a session token for some app. Let me see what else I can get from that app for that person.
  
  Just FYI https://shop.hak5.org/products/wifi-pineapple. There are ready-made devices that can do basically what you are describing!
  
  We need a switch like Firefox has that disallows anything non-HTTPS, but from the phone level. Companies like Apple and Google could also eventually warn apps that they're going to make it the default setting.
  
  Also, any unlatched, unfirewalled vulnerabilities you have are immediately available to anyone on that local WiFi network. One thing VPNs may do is cause you to ignore requests from systems on the local network, which helps.
- How is DPI a problem if it's encrypted? That would only work if the attacker had installed their CA cert on your client machine, right?
  
  I’m doing DPI on my own network and I can still view TLS certificate fingerprints and some metadata that provides a good educated guess as to what a traffic flow contains. It certainly better that it’s encrypted, but there is a little information that leaks in metadata. I think that’s what was meant.
  
  I think it might be confusion between inspecting plaintext metadata like SNI vs actually inspecting encrypted contents (e.g. HTTPS content, headers, etc.).
  
  Yeah, deep packet inspection really doesn't work without breaking https security via man in the middling everything.
- Dpi only works if they install a cert on your phone. Else they can't crack it (in real time) or you would receive HTTPS errors
  
  You dont need to examine the contents of http traffic to do what many services call DPI.
  you can still read unencrypted traffic, like most DNS. Or even without that, you can frequently tell from the endpoint IP who someone is talking to, and what types of applications from port numbers used. Etc.
  If you're torrenting, for example, that's pretty easy to see.
- Yeah, while it is true, lots of VPN companies are grifts just buying VPS's and installing OpenVPN, this "Cyber security expert" puts far too much faith in HTTPS and probably never seen a lecture from the Black Hat conference
  
  probably never seen a lecture from the Black Hat conference
  Not defending Robert Graham because I'm also eyebrow raising his statement. And while you may be 100% correct that he never actually stayed to listen to a lecture, he absolutely spoke at a lot of them since 2000.
  https://infocondb.org/presenter/robert-graham
  
  Many VPNs using OpenVPN is...fine.
  The value adding is the VPN infrastructure they're providing. You can't just install the standard OpenVPN client and expect it to DO anything without some kind of service.
  True on the HTTPS thing.
- I'm not even an expert in this stuff, but with a tool I found online I demonstrated that it was easy to snoop people's passwords on my school's wifi networks back in the day. It took minutes.
  
  That must’ve been quite a while ago
- most people don't know or use encrypted DNS
  But a cybersecurity expert does. That's the point. If you know those things, VPNs become obsolete, for most people. So why not teach people about it, instead of promoting VPNs?
  And can you really trust an extremely profit focused company, that is built on user data, more than your local Café? If you're in China, sure, use a VPN, they're the lesser evil. But most spots don't have the resources or expertise to analyze and sell or otherwise misuse your logs. VPN companies not only do, most rely on it.
  If you're a highly targeted person, it's another story, but in that case your only hope is Tor or a new identity.
  
  Proton is a non profit.
  
  So why not teach people about it, instead of promoting VPNs?
  Ok then, in the meantime the rest of us will use a fucking VPN? I don't know what "encrypted DNS" means, and I'm 99% you're going to respond with either "whaaaaat you don't know something that 99.999% of other people also don't know? Clearly you are too dumb for the internet" or else "oh sure I'd be glad to explain that! It's real simple, see when you have a Rosendin gembal, it befrazzles the gesticulators of your brangles (link to a Wikipedia article on brangles). So you just have to re-delineate the scanditrons to break the tensor lines in your scintrins! You can code a fairly simple app from scratch to do it, and there's a FOSS program someone made to help you identify the cabangs in your computer's lenticles: (link to a github page that is literally just a transcription of an eldritch god screaming in binary)"
  VPNs are extremely user friendly and they are happy to explain in layman's terms exactly what they do and how they work. If there's a better way, it's locked behind years of techie knowledge.
  
  Encrypted DNS doesn't solve everything. Handshake for TLS sessions is still in clear, you can usually see the SNI, and since we are talking about Wireless, usually this data is available to anybody who is in the vicinity, not just the network owner. This already means that you can see what sites someone is visiting, more or less. TLS 1.3 can mitigate some of this (for those who implement ESNI, but you don't know that beforehand). Also TLS works until the user is not accepting invalid certificates prompts (HSTS doesn't work for everything) and there are still tons of HTTP-based redirect (check mailing newsletters and see how many first send you to an HTTP site, for example) that can be used for MiTM attacks.
  A VPN moves the trust to a single provider that you can choose, which is much better than trusting every single WiFi network you can attach to and the people connected to it, I would say.
  Also if you pay for the VPN (I pay Proton), it's not true that the company business is based on user data, they are based on subscriptions.
  
  Lmao, we're not worried about the cafe. We're worried about the man in the middle. And yeah with enough tech knowledge you can set up an encrypted tunnel home and use your normal connection from there. But most people aren't that tech savvy
  
  But most spots don't have the resources or expertise to analyze and sell or otherwise misuse your logs.
  Most spots don't have also the resources or expertise to secure their own spot. As I remember, cheap routers used in public places may contain a lot of vulnerabilities.
  encrypted DNS
  Will it help me if I'm using LbreTorrent do download piracy content on my phone? Or how it would help me to hide my location from mobile apps that extract location from IP?
  
  People can't learn not to throw trash in the street, climate change that is backed by decades of science is a problem, or hell, they can't even learn to effectively not click on super suspicious phishing links.
  How on earth are they going to learn about implementing encrypted DNS when most barely know the difference between a browser and a computer.
  
  I've never really understood that argument. Most VPN software I've seen forces your DNS through the VPN as well which would bypass a public Wi-Fi's attempt to DNS poison.
  I use a VPN anytime I'm not on my home network just because it's a super easy way for me to force my DNS to my own custom DNS with Adblock listing on the machine that's running the VPN endpoint.
  It's wireguard, and it connects to a direct IP address. If someone tries to redirect or otherwise man in the middle of the connection wireguard will simply fail to establish a connection. Thanks to the fact that it uses a similar idea to pgp where the client and server already have each other's public keys and there's not really an unencrypted initial handshake even the initial talking has a form of encrypted communication thanks to the key pairings.
  So like, my vpn is definitely proving security. Whether or not every random ass VPN you can buy is smart enough to force all DNS over the VPN or anything else I guess I can't say for sure maybe it's not common and that's why but it definitely can be used to help automate some security measures when using a public network

When I first saw this I thought it was funny. The fact that so many people are falling for it has only made it even funnier.
FWIW, Haley Welch might seem dumb as bricks, but she also seems quite sweet - doing charity stuff, keeping her other friend from "that" vid for the ride, etc. As far as people becoming famous for bullshit reasons goes, she seems to be handling it well.
- I feel bad for her, honestly. She was open about her sexuality and she's conventionally attractive, so now she has all these leering old men on TV slobbering all over her.
  Bill Maher practically tried to talk her into bed on his show with his creepy shit about mentoring her.
  
  Oof. What is up with these creepy, sweaty dudes on talkshows? I know they somewhat reflect the general populace, but to pull shit like this on air is just boggling.
  
  You know, you're the first person I've seen that's shared the same view as me (not that I've spoken about the topic much! lol)
  Woman admits that she has performed an extremely benign sexual act before - ghasp! A girl has given someone a blowjob before!
  And more than that, she has a "dumb" accent! Let's make endless memes about her online basically calling her a slutty moron whose only life skill is sucking cock.
  Honestly no wonder women feel pressured to pretend they have no sexual desires
  
  Okay so I haven’t heard about her before this but, from this thread and a quick google search, I feel like I know enough. Anyway. I’m hopeful then that the fame will pass— lots of internet fad celebrities fade and become more or less normal people again soon— but she pockets enough money to live a good life and keep paying it forward.
- I didn't know who she was, so I just assumed it was true and that she was just another celebrity sponsored by a VPN company.
  
  Yup, I don't know who she is, nor do I particularly care. What I do care about is how Proton behaves, and if they're going to stoop to the levels other VPN providers go to in order to attract customers, it's not a service I'd like to support.
  I'm currently not a Proton customer, but I've been considering it. I'm currently w/ Tuta for email and use a DIY VPN, but I could see switching to Proton as their product line expands.
- Falling for what?
- She's handling fame better than Chappel Roan.
  
  You think she's not handling fame well because she's setting clear boundaries, and reminding fans that she's not their friend just because she's famous?

I don't know how effective VPNs are over a public WiFi network, but I do know it stopped Spectrum from sending me "you are downloading copyrighted material, stop it" emails once I started using one. Fuck Spectrum, I don't have them anymore, but that seems like a good enough reason to keep using one in certain circumstances.
- They need to advertise a legitimate use for their service.
  If they don't have a threat from public wifi or other security concerns to remedy, then the only purpose for their service is to bypass region limits and block infringement notices. They would be considered complicit in such infringement.
  That their service also hinders efforts to stop pirates needs to be an "unintended" and "unavoidable" side effect.
  
  I use Proton when I'm on my university's campus because they switched to using EDUroam for the campus wifi. I used to be a Sys Admin at a different university a while back, and from what I know, EDUroam allows the IT department to monitor basically all of the traffic over the network. I don't know exactly how deep that stuff goes, but if I was doing anything personal or sensitive like banking or whatever, I'd flip on the VPN on my personal computer. I also don't have any personal accounts logged in on the school issued laptop because they have it loaded with institutional spyware. Once I graduate, I'll blank the drive and reinstall the OS to have a decent Lenovo laptop on hand as a spare.
  Edit to add: I use Proton because it was the least shady service that I could get for a reasonable price as a student. It is also helpful for finding textbooks. :)
  
  There are plenty of legitimate uses for their services, they just aren't things that the vast majority of people actually need. For example:
  access things in a LAN from a WAN - i.e. access a personal PC when you're at a friend's house, and your home LAN is behind CGNAT
  get around local laws - e.g. my state requires ID checks for porn and social media, so getting a VPN one state over gets around that
  prevent ISP from seeing the sites you visit - very valid privacy concern, especially since SNI exists to de-mask TLS packets
  There are also some sketchier needs, such as:
  get different content on your streaming platform
  hide sharing of illegal content (i.e. piracy)
  perform illegal transactions (e.g. going on Tor to buy drugs or whatever on the black market)
  I think VPNs are trying to appeal to more than just the above needs, they're trying to create needs to grow their marketshare. That isn't something a reputable VPN should do, or at least that's something that would make me hesitate to use a given VPN.
  
  I'm not defending Proton. I don't even use them.
  Edit: The region limits thing is nice though. It's not why I got the VPN, but it's nice to not have to pay to watch the Olympics and just watch it via the CBC or the BBC.
- On public WiFi I just vpn into my home network. The issue with public WiFi is that it can be sniffed by anyone in range since there is generally no encryption.
  Although pretty much everything we do is over tls these days, and DoH helps protect against even dns sniffing. There's still at least some risk to working in the clear over a public WiFi network. At least in information gathering, what bank you use, etc.
  But, there's no real benefit in using a paid vpn over one you own unless you're downloading illegal content, want to watch another Netflix region, or are in a country with heavy Internet monitoring/filtering.
  
  With TLS and DoH, how is your bank and other information leaked?
- I experienced the same with Cox Internet.
- All ISPs are legally obligated to forward that shit to you. The alerts are not from spectrum, they're just relaying the information.
  Right now, copyright owners do not have legal permission to find out who you are directly without a court order. They would only seek that information if they were planning to file a lawsuit.
  Media companies know, from the Napster incident, that such actions can backfire stupendously. It's rare that they even bother anymore. I can go into detail on why, but I'll leave it out for brevity.
  So they send the notice to your ISP, who is legally obligated to match the information on the notice to the subscriber and forward the notice to you.
  For many, this goes to an ISP provided mailbox, which most people ignore the existence of it. Clearly spectrum operates differently.
  The notices are from copyright holders who have no idea who you are, and can't determine that information unless they intend to sue you. So those can be, for the most part, ignored.
  It's not your ISPs fault that you got those. They couldn't give a shit less about what you do on their service, or what you download. They just want you to pay your bill every month and keep the gravy train rolling.
  
  I'm saying fuck Spectrum for other reasons. Either way, there's less of a trail.

Considering how most of the Internet is encrypted with TLS, if you add DNSSEC+DoH/DoT on top, trying to MITM someone on a public WiFi is way harder than it was, unless you're a state-level adversary and you're able to craft valid certificate for a domain you don't control from a globally trusted (root) certificate autority (which will lose its trusted status quite fast once discovered, ex: CNNIC)
- Not all applications on your computer may be encrypting their packet traffic properly, though. That goes especially for the applications that might be trying to reach out for resources on your local home network (like printers, file shares, and other home servers) as well as DNS requests which are usually still made in the open. I would not recommend eschewing an entire security layer willy-nilly like that. On public Wi-Fi, I would definitely still suggest either a VPN or using your cell phone as a tether or secure hotspot instead if possible.
  
  Sure, but it's also like, if you're stepping away from your laptop for a few minutes should you lock the screen or shut it down completely.
  The most secure option is to shut it down completely, but also it's fine to just lock your screen.
  If you've already got a VPN and it's as easy as locking your screen to enable, go for it, use it. But if you don't, you don't need to go out and get one. You'll generally be ok without one.
- Yeah, the days of your local coffee shops Wi-Fi being a problem or mostly gone. Not the VPN doesn't have a place anymore though. If you're trying to hide your downloading of ISOs from your ISP it's still a perfectly reasonable method. Or temporarily relocating yourself to another country to make a purchase or watch some streaming content both perfectly reasonable.
  Of course some of the streaming providers are getting wise to this.
  
  why would I need to hide my terabytes of Linux ISO downloads?
  
  I have a VPN so I can securely access my home network when I’m away
- Or the tld is .mobi
  
  Interesting read, thanks!

I’m not online enough to understand this.
- Hailey "Hawk Tuah" Welch is an influencer that gained a lot of popularity from her nickname (the sound of spitting, with HEAVY implications of performing fellacio). She used her platform to voice a very reasonable and intelligent opinion, which surprised a lot of people because her nickname is essentially blowjob queen.
  One of her opinions is that it's important to spread cyber security and used her fame to try to educate the public (potentially a fake story from the image? Idk this drama). And some xit-head claiming to be a cyber security expert ate the onion and offered some shitty advice. Proton fact checked them, because there are a ton of fake news stories about her right now.
  
  I'm pretty sure that Proton quoting her in the first place is fake. I know she's milking her 15 minutes of fame for all she can, but this seems outside her experience.
  
  Sorry, not just implication; she was straight up talking about that.
  
  Popular format
  
  Thanks for clarifying. This thread has felt like the cyber security equivalent of the Flat Earth Theory.
  
  Hailey "Hawk Tuah" Welch is an influencer
  Ah, OK, I'm out.
- how do I reboot my computer?
  
  Throw a brick at it.

I don't understand why everyone assumes using a VPN means paying for a third party. I have Wireguard deployed in my NAS and I always have that VPN connection active on my phone to be able to access my LAN deployed services remotely, Jellyfin for example.
- Most VPNs sell themselves on encrypting your traffic to an endpoint that either is in a different locale to get around region locks or to put it out of the grasp of the RIAA so they can’t send your ISP copyright notices.
  While remote access to a local network is a good use case for a self-hosted VPN it’s totally unrelated to the use case for commercial VPNs
  
  For the use case of encrypting your traffic while using a public WiFi, both commercial VPNs and self-hosted ones provide the same functionality.
- Since Wireguard uses UDP and peers only reply to a received packet if it's expected and valid, it won't show up in port scans and barely increases your attack surface. Tailscale and Zerotier are quite nice, but personally I dislike NAT-punching protocols.
  
  I use tailscale for hosting gameservers for friends and the occasional watch together on jellyfin. Kinda scuffed setup with one burner github account for login. And ~10 devices connected to that network. So I need to authenticate every device myself (at the beginning and sporadically) but I don't need to pay Tailscale for adding multiple accounts to the network.
  At the beginning I tried to do set up everything with my own wireguard server. I only have a public v6 IP, so some of my friends connected without problems and for some it would not work. After I think 3h helping them in their router settings I just gave up. I looked up if I could rent a service somewhere that gives me a public Ipv4 relay, found Tailscale instead and stopped looking for something else haha. Sometimes it's not worth the effort.
  
  I am technical, I decided to just not open up any port that's not needed for Plex and Jellyfin, sometimes it would be nice to access radarr and sonarr remotely, but fuck I just don't want to deal with the setup
- It's also worth mentioning that the VPN in question, Proton, offers one of the best free tiers of any VPN company.
  
  Agreed. I've used it, and it's perfectly fine for normal web browsing. In fact, I added it to my router a while ago to test it out, and I'm considering leaving it on as a "secure" SSID so we can use it for things that my state requires ID for (e.g. porn and social media).
- I don't understand why everyone assumes using a VPN means paying for a third party.
  It's because that is what is advertised to them.
- My setup as well (plus encrypted DNS for good measure)
  I still have to somehow trust my ISP but I go down from having to trust my mobile ISP, my employer WiFi, random shops WiFi to just one ISP (that,fwiw, has shown to be transparent, customers friendly etc)
- I tried setting this up, and I can connect to my honeserver, but I've no idea how to access its LAN services. How does it work?
  
  Do you have internal DNS set up? I have my wire guard deployed on both of my pihole servers, which have local DNS entries for my internal services, which point back to my internal Traefik container for NAT translations. I know that sounds a bit complicated, but that's how it works for my environment.
- I do the same, but it's very clear that when people talk about "a VPN" they're referring to a commercial cloud hosted product.
- Yup, I have the same, but not to access services on my devices, but to tunnel services so they can become public services. Basically, Jellyfin is accessible at mydomain.com, which tunnels traffic over WireGuard to my internal Jellyfin instance. I'll connect to the VPN occasionally if I need to access something else on my network though.
  That said, I've considered paying for a VPN service so I can get around my state's stupid ID laws around porn and social media, which I consider to be a massive privacy violation. But it hasn't bothered me enough to actually spend the $5/month or whatever.
- IMO, the post is centered around proton VPN, and since that's a public VPN service, it's the focus of the discussion.
  Private VPNs are a very different story.

This was nothing more than a poorly executed joke from Proton. Some people are massively overreacting.
- How could one have known that this was meant as a joke?
  I like Proton but to me it seems like the social media person from Proton did an oopsie and as a reaction they try to save it.
- As always.

- The VPNs you characterise as "shitty" aren't necessarily a bad choice; they're cheaper than the legitimate privacy VPNs. Mullvad is famously 5€ per month, Proton is 4.49€ per month, but NordVPN is 3.09€, Surfshark is 2.19€, and PIA is 1.79€ per month.
  If you're really just here to pretend you're in another country (rather than privatemaxing) or hide your torrenting activity from your ISP, the cheaper options can be a perfectly legitimate choice.
  
  Mullvad doesn't try and lock you in with any auto-renewal shenanigans and was the second service that I know of to offer payment via xmr. The first was ivpn but their server speeds were trash.
- https://thatoneprivacysite.xyz/ is a good base for comparisons
  
  Bear in mind that info hasn't been updated since 2019, when the OG thatoneprivacysite sold out to a shady company. The .xyz site is an old backup someone put up of the site before it changed to only recommend a handful of bad VPNs.
  
  Just what I was looking for. Thanks.

I have a vpn for... reasons... 🏴‍☠️⚓️🏴‍☠️
- I have VPN so I can look at porn.
  
  why?
  
  Dude!
  
  I just wanna look at me Japanese cartoons

I assumed it was a joke. My feed has been full of jokes about her talking about urban planning and transit oriented development.

Thank goodness someone explained that to me. I was startong to wonder if she was some sort of technology expert, or something.
- Who is she?
  
  the girl from the memes a few weeks ago https://knowyourmeme.com/memes/hawk-tuah-girl

I'm sure as shit trusting proton over some random public network in a cafe setup by some random open reach engineer or something
- They have 54% one star reviews on TrustPilot
  But none that I saw were about security/privacy instead just comments about pricing.

Can someone share proton's response? I don't have a xitter account
- https://xcancel.com/ProtonVPN you can find it here
  
  Appreciate the alternative!
  Grabbed this screenshot because I don't trust anything on Twitter to stay visible (or the platform to even be stable)
  https://protonvpn.com/blog/public-wifi-safety/#:~:text=5%20ways%20to%20stay%20safe%20on%20public%20WiFi
  
  Wow, one of a few heroes keeping Nitter alive
- Nobody has a Xitter account.
  
  Millions and millions of idiots do.
  Is this some highly-voted pedantry about the site not technically being called "Xitter"? Or wtf is going on in this thread....?

Don't hire that contractor lol

This was poorly executed. The National Park Service twitter account does jokes well.

So I'm confused networking stuff has never been my strong suit, is this saying you can still be fucked on public WiFi even if you connect through a VPN?
- There are some attacks you are vulnerable to on public WiFi that a VPN can help with.
  More generally, whoever is transporting your data knows who you are talking to. If you don’t use a VPN, your ISP and whoever owns the router know what websites you are visiting (although they don’t know the specific content). If you use a VPN, your ISP and router know you are using that VPN, but not what websites you are visiting. Now your VPN knows what websites you are visiting, but they still don’t know what the content is.
  I hope that helps.
  
  What about using tor instead of a vpn?
  
  What about DoH/DoT which comes enabled by default in some browsers I believe? This should "hide" your activity from isp/router as well, shouldn't it?
- Networking stuff IS my strong suit, and I'm confused about what points most people here, including OP, are trying to make here. Maybe I'm just not awake enough yet.
  Wtf proton what? What do people think Proton is saying and what's the WTF part...?
  
  I don't think the confusion has anything to do with networking. I've been puzzling over this post for a few minutes now... To be honest, I think I'm just more confused.
  Maybe this is some sort of AI battle of the wits or contagious stroke or something.
  
  Look at the link in the description.
  Basically, someone went on a rant saying using public wi-fi w/o a VPN is extremely risky, and Proton is basically boosting it, implying a relationship w/ the OP. Proton argues that this is satire and part of a viral trend of misattributing quotes and topics, and the poster here is calling Proton out on it, likening them to the scammy VPN companies that sponsor YouTube videos and other SM content that oversell their claims.
  So basically Proton claims they're being satirical, and the poster is saying they're just as bad as other VPN companies.
- No, the context is that for many years, shady commercial VPNs would sponsor YouTubers and the scripts they were given were full of lies and half truths about the dangers of public WiFi, with the implication being that if you purchase their VPN service they will “protect you”. But the problems these VPN companies were claiming to solve have already been solved by HTTPS and it’s perfectly fine to use public WiFi without a VPN. They are using scare tactics to sell you a product.
  What this poster is saying is that they’re disappointed to see this same fear mongering misinformation from Proton, who have an otherwise good reputation for being consumer friendly.
  
  Exactly. Using a VPN can improve your anonymity, provided you trust your VPN operator more than the infrastructure you're using. But many VPN vendors claim a VPN is essential to provide security, which isn't true in the slightest, and Proton shouldn't be stooping to that level. There are plenty of good reasons to use a VPN that don't involve illegal activities, but it's hardly essential for the average person.
- is this saying you can still be fucked on public WiFi even if you connect through a VPN?
  The quick and dirty answer is no, unless an attacker can figure out a way to get your VPN to strip it's encryption (doubt you'll ever see this outside something like defcon but you never know lol).
  The long answer is that not all VPNs are equal depending on what you are trying to accomplish.
  A VPN will simply tunnel your internet traffic over an encrypted channel to a server anywhere in the world.
  On a technical level, this means that it will guarantee your internet traffic is unreadable until it hits the destination, which does mean it can make it more secure to use a public wifi/hotspot.
  Of course privacy is actually a massive security iceberg, so some caveats in no particular order are:
  
  You should use a VPN if:
  You want to torrent copyrighted material (yar har piracy)
  You want to spoof your location to get access to geolocked content
  You want to negate an attackers ability to mess with your connections on public WiFi
  You want a secure channel between two of your own locations (make two separate networks accessible to eachother, or VPN to home/work to access resources on that network).
  ^ same thing but remote access etc.
  You should not use a VPN if:
  You need to hide what you do on the internet from the government (See Tor, journalists stuck in shithole regimes).
  You want privacy from internet megacorps (you'd have to keep fresh sessions or use them sparingly which you can 90% do without a VPN anyway)
  You want to hide anything after it reaches the VPN server (public VPN services, doesn't apply if you VPN to something you physically own and access only its local resources).
  --
  After all that, the use case basically becomes:
  VPN to within your own country to secure your connection on public WiFi
  VPN to home or work to access network
  VPN with a good public service to other countries to watch or torrent media
- Yes, to a degree. A VPN protects you from an attacker on the same WiFi network as you and that's about it.
  Most assaults on your privacy don't happen like that, and for the most part the attacks that do happen like that are stopped by the website using https and proper modern security.
  The benefit of the VPN is that it puts some of that protection under your control, but only as far as your VPN provider.
  A VPN is about as much protection from most cyber attacks as a gun is.
  They're not a security tool, they're a networking tool. They let you do some network stuff securely, and done correctly they can protect from some things, but the point of them is "this looks like a small, simple LAN, but it's not".
  It's much easier to package and sell network tools than security tools, and they're much more accepted by users, since security tools have a tendency to say "no" a lot, particularly when you might be doing something dumb,and users hate being told no, particularly when they're doing something dumb.
  
  Exactly. VPN companies vastly oversell what their services offer.
  That said, I set up my own VPN, we use one at work, and I'm considering paying for a commercial VPN service. My personal VPN gets around my ISP's CGNAT so I can host public services within my LAN, my work VPN gives us remote access to protected services, and the commercial VPN I'm considering paying for is to get around my state's laws (they are requiring ID for porn and social media, and I think that's a privacy overreach).
  VPNs have their place, but they're hardly "essential" for most people, especially if your concern is security.
- no, you can't have intercourse over the Internet.
- Yes. X.509 means https is worthless protection from APTs
  Edit: its clear from downvotes that people in this community don't understand security and don't understand how to use Lemmy downvote buttons

"It's a prank bro"😅 but seriously as an IT guy I'm tired of pushing VPNs down our (collective) throats, not saying the threat isn't real but it's really overblown by the ads
- Just free, unregulated market shenanigans.
  
  Better to have ads pushed down our collective throats than let collectivists have us by the throat. An 'unregulated' market lets us choose whether or not to use them, instead of justifying their necessity to avoid censorship.

Taking cybersecurity advice from someone called Hawk Tuah is modern day version of clicking banner that says find 40+ single women in your zip code
- Hot MILFs wanna talk to YOU!

Well with https enforced and secure dns not much to worry about.
- Maybe from a security perspective but in terms of privacy, no. SNI can still be read, and just because DNS isn’t plaintext doesn’t mean it’s not possible to see which servers you’re talking to. And like others have said, there’s still a lot happening in plaintext at the OS and/or application level.
  
  Still doesn't make a VPN the "magic all in one solution" it claims to be. And SNI is encrypted on newer servers using encrypted client hello (ECH).
  In terms of privacy, you're switching around which entity gets to see a ton of details. Do you trust random public wifi enough, given modern security standards? Or do you trust a VPN company more, despite false advertising?
  Use HTTPS and DoH (Becoming a default on some Android versions), and the average person will be just fine without a VPN.

you gotta love the "lol joke" fall back. the same strategy used by generation of trolls
- Well, I for one wholly believed Hawk Tuah herself endorsed Proton VPN

Mulvad.

Also - using someone who got famous by describing sucking dick seems quite weird :) Who wants technical advice from her?
- That's the joke.
- What does sucking dick have to do with technical competency?

The only effective antivirus program known to man is called a backup
- How is this related to a VPN? Antivirus does nothing against a MITM attack.
  
  Woosh
  I'm saying that no system is secure on a long enough timeframe . But that if you do get infected you can nuke and pave if you have a backup. Most of these VPN advertisers treat their product VPN like a magic shield / antivirus when it is In fact, nothing more than a fancy condom.

The only real use case for VPNs is to bypass geo blocking on streaming sites, and the VPN providers know this. They also know that if they lean too hard into that, eventually someone will sue them and their business model will evaporate - so they add the "iT MaKEs yOu mORe SeCurE" nonsense as a fig leaf so they can say with a straight face that they operate a product with legitimate uses
- I can’t say VPNs are great for bypassing geo restrictions in 2024, unless you’re talking about tunneling through your home network.
- That is definitely what 90% of people use them for.
  I think Tom Scott is the only person who's ever done an honest VPN sponsor read.
  
  Ryan George too, he's very clear in his VPN ad reads that he uses them to access streaming that isn't available to him in outer space (his shtick is that he's an ADstronaut).

Dude is completely right. VPNs are good against geoblocking but thats it. All VPN providers that claim not to log stuff are lying and if there are logs it doesnt make a difference privacy wise
- You know, from a business standpoint, it makes financial sense NOT to log user traffic.
  Reason one: plausible deniability. You can't give what you don't have.
  Reason two: storage. Why the fuck would you keep logs, when it costs money to?
  Reason three: these boots taste fantastic! (People generally don't enjoy licking boots).