The Washington Post Says There's 'No Real Reason' to Use a VPN

Some people try to hide parts of their email address from online scrapers by spelling out "at" and "dot," notes a Washington Post technology newsletter. But unfortunately, "This spam-fighting trick doesn't work. At all." They warn that it's not just a "piece of anti-spam fiction," but "an example of the digital self-protection myths that drain your time and energy and make you less safe.

"Today, let's kill off four privacy and security bogus beliefs, including that you need a VPN to stay safe online. (No, you probably don't.) Myth No. 3: You need a VPN to stay safe online.

...for most people in the United States and other democracies, "There is no real reason why you should use a VPN," said Frédéric Rivain, chief technology officer of Dashlane, a password management service that also offers a VPN.... If you're researching sensitive subjects like depression and don't want family members to know or corporations to keep records of your activities, Rivain said you might be better off using a privacy-focused web browser such as Brave or the search engine DuckDuckGo. If you use a VPN, that company has records of what you're doing. And advertisers will still figure out how to pitch ads based on your online activities.

P.S. If you're concerned about crooks stealing your info when you use WiFi networks in coffee shops or airports and want to use a VPN to disguise what you're doing, you probably don't need to. Using public WiFi is safe now in most circumstances, my colleague Tatum Hunter has reported.
"Many VPNs are also dodgy and may do far more harm than good," their myth-busting continues, referring readers to an earlier analysis by the Washington Post (with some safe recommendations).

On a more sympathetic note, they acknowledge that "It's exhausting to be a human on the internet. Companies and public officials could be doing far more to protect you."

But as it is, "the internet is a nonstop scam machine and a little paranoia is healthy."

let me think about this

[FudRucker]

so should i take networking advice from some random newspaper article??? no thanks!!!

Re:let me think about this

[Anonymous Coward]

Yeah, I'll take advice from someone who doesn't understand capital letters instead.

Re: let me think about this

[Waccoon]

Reading this comment reminds me why documentation either often doesn't exist or is worthless. Geeks will only put effort into things that personally interest them, and to hell with everything else.

The irony is that the first line of your comment begins with, "let me think about this". Thinking implies effort, dude.

Re:

[vyvepe]

Geeks will only put effort into things that personally interest them, and to hell with everything else.

Geeks put effort into things which matter. You obviously understood his post even without the proper capitalization.
Do you care about slightly lower readability that much or is it just an attempt to start a flame war?

Re:

[Hasaf]

The funny thing is that I like writing documentation.

I enjoy thinking about a problem and presenting a process, something that I can do in a few intuitive steps, as a series of "you can not fail" steps.

Re: let me think about this

[CaseCrash]

But it doesn't take any effort. And mistakes like the lack of capitalization, misspellings (like "thia article"), and misusage of words ("carry the posterity" is vaguely understandable in context but does not actually mean what is intended) all count against whatever argument you are attempting to make in the reader's mind. You basically declared you don't care about the rest of us, rendering your comment instantly discardable regardless of its intrinsic merit.

Re: let me think about this

[jeremyp]

i just don't care

You accidentally cut that short. You should have written "I don't care about my readers". Capitalisation and punctuation are there to help us read your sentences. It's not the writer or submitter of the article you are sending a big FU to, it's us.

Re:

[jeremyp]

Oh, and if you really didn't care, you wouldn't have bothered with the original comment, never mind the response to people criticising your English skills.

Re:

[vyvepe]

And yes, I know that you don't give a shit if you end up on someone's shit-list.

Why should he care about ending on a shit-list of an Anonymous Coward?

Re:

[ravenshrike]

The real question is why would you take networking advice from an outlet owned by the guy who owns the largest english online marketplace on the planet.

Re:let me think about this

[fahrbot-bot]

so should i take networking advice from some random newspaper article??? no thanks!!!

Good point. Better to wait until someone posts it on Twitter. :-)

[ You can also get medical advise there. :-) ]

Re:

[Osgeld]

no you should take it from a ad spewing snake oil salesmen claiming a silver bullet

what are you? fuckin retarded?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:let me think about this

[ravenshrike]

No, you're changing who has access to your privacy. Your ISP vs your VPN and DNS providers. The former for the most part won't get in trouble no matter who they let see your shit. The latter, depending on your country and the terms of service of the specific providers, can generally be sued except for if warrants from the government are involved.

Re:let me think about this

[AmiMoJo]

VPNs allow you to select a legal jurisdiction that suits your needs, and also bypasses laws affecting ISPs in most countries.

For example, in the UK all the major ISPs voluntarily run the Cleanfeed system that blocks "illegal content", and they all log your internet activity and make it available with little oversight to the police. The police make hundreds of thousands of requests for data every year, and their own people rubber stamp them.

By using a VPN run by say a Norwegian company, you both bypass any UK based censorship, and make it much less likely you will get caught up in a police dragnet.

Another good reason to use a VPN is to avoid copyright trolls. They also help get around geoblocking. If you are in the US you might not realize how annoying it is to see a trailer advertised but not be able to watch it in your country, or to have to pay more for a service you could subscribe to for 1/5th the price with a VPN (looking at you, YouTube).

Re:let me think about this

[ArmoredDragon]

I'm an InfoSec professional and I don't use a VPN.

So am I, and I do. Mainly because it's already included in my proton subscription, but also because if it's used correctly, then it's pretty hard even for the VPN provider to glean what you're doing. First, DNS traffic goes to a separate tunnel (DNS over TLS), while almost everything else is going over TLS. And yes, that's not a silver bullet, though TLS 1.3 helps.

But, that's only a small gain. The much bigger gain is to have a NAT'd IP address shared with ideally hundreds of others. Then in addition to that, I use firefox with the temporary container tab extension. Some sites, mainly banking ones that are basically useless without being logged in, get their own dedicated tabs that are allowed to persist certain subsets of data. Everything else, literally each time I open a new tab, it's as if I started with a completely brand new web browser. Yes, it does need an extra step to log in when you want to, but that's what bitwarden is already for.

The only websites where this presents a problem is basically google search and google maps. Google is very anti-VPN with these, basically throwing up a captcha for every single search, where google maps just outright refuses to load, so I switched to ddg and bing maps, They're both a bit second rate, but still tolerable. Though to bing maps's credit, it actually renders a LOT smoother/faster than google maps, just the local data it carries is basically crap that relies heavily on stupid fecebook. Speak of them, fecebook recently started becoming hostile to this setup as well, as when I tried to log in for the first time in months, fecebook told me that it couldn't verify my identity and that I should get one of my fecebook friends to help authenticate me. Not only no, but FUCK NO. Because of that, I'll probably never log into it again. I only logged in because somebody asked me to, so I just had them email me the bits instead. Good fucking riddance.

Amazon gave me shit by asking me to do SMS verification, which is ultimately pointless, so I fixed that by deleting my phone number from their service. Fortunately they don't bother with nearly as useless email verification crap.

Re:

[Bert64]

Google is anti NAT, you get the captcha because they see lots of users from the same address so they can't tell the difference between lots of unique users behind a single address or a single malicious user. Once you have an active session and they can track you the captcha will go away, and if you originate from a unique address not used by anyone else you'll never see the captcha in the first place.

Re:

[thegarbz]

Google is anti NAT

No they aren't. They are anti-public VPNs and quite specific as to the selected endpoint. If they were anti-NAT you'd get dinged on literally every mobile search since NAT is prolific on mobile devices which basically never have a unique IP.

Re:

[Meneth]

Have you tried OpenStreetMap [openstreetmap.org]?

Re:

[grahamsz]

There are probably niche situations where it benefits you, but because of the way cookie-based tracking works it'd be really hard to not just leave a chain that connects right back to your home IP. Using a dedicated virtual machine with a VPN installed for those situations and making sure it can never connect from your unprotected IP and also making sure you never share any account credentials seems like it'd be nearly perfect (if the VPN provider can be trusted) but shit like that is hard. Perhaps if you

And they are right.

[CaptainJeff]

VPNs were very important when sites did not use SSL/TLS with certificate pinning, and when devices relied upon network-provided DNS.
Now, all major browses do enforced SSL/TLS with certificate pinning, and many rely on private DNS settings.

Re:And they are right.

[Anonymous Coward]

and they would be wrong. the MIAA still actively hunt down torrent users. SSL/TLS does not protect you from them, a VPN can.

Re:

[Opportunist]

All a VPN does is to replace your ISP as the single point that can rat you out to anyone with the VPN provider. All it does is to move the company you have to trust to keep your information safe.

Re:And they are right.

[Anonymous Coward]

which gives us A LOT more chcoices on which compnay we get to trust

Re: And they are right.

[Opportunist]

Oh, that personal slight alone earns you the sleepless nights you get from me telling you that I'm probably the one who is responsible for the security of your online banking.

And they are wrong.

[rapjr]

VPN's are still important for preventing ISP's from spying on you. They can't see the details of the URL's but they still get the base of the URL and can make inferences based on that. In the wild people will run fake WiFi hotspots off their phone that are named like the real thing and if you connect to them all your traffic will be collected and your device attacked. The NSA has been shown to collect data via ISP's like Google, which a VPN can help prevent to some extent. It is completely obvious from the spread of malware and ransomware that computers on networks can not be protected using current security measures and a VPN raises the barriers a little bit higher. Many web sites still do not use SSL/TLS.

Re:

[theshowmecanuck]

And VPN providers don't spy on you? Sure.

Re:And they are wrong.

[Ocker3]

Free VPNs gotta make their money somehow. Paid ones have varying quality, but at least their business model relies more directly on the user, who they're more motivated to look after. A good VPN provider keeps as few records as possible, and market themselves as such.

Re:And they are wrong.

[Kernel Kurtz]

And VPN providers don't spy on you? Sure.

They may, but they don't seem to be sharing it with the MPAA, RIAA, or their associated shakedown services.

Re:

[blahabl]

And VPN providers don't spy on you? Sure.

I don't care. What can a VPN provider do to me? Show me a profiled ad next time I log in to the management website? ISPs pretty much funnel the data to whichever 3-letter agency wants them. Those can put me in jail, make me unemployable, or even vanish me if they see something sufficiently worrisome, like questioning the Dear Leader. VPNs in foreign countries (you are using a foreign country VPN, right?) can do the targeted ads at most. Or pass the data to *their* intelligence agencies, but those... first,

Re: And they are wrong.

[djp2204]

You think the 3 letter agencies in a western democracy wont share all of their data with the 3 letter agencies in every other western democracy? If so you dont understand the five eyes and how they function

Re:

[blahabl]

You think the 3 letter agencies in a western democracy wont share all of their data with the 3 letter agencies in every other western democracy? If so you dont understand the five eyes and how they function

Geez, do you need everything explicitly spelled out? Yes, you do need to get your VPN somewhere where they won't be too keen to share the data with your country. That means USA if you're Russian, Brazil or China if you're in USA, and so on. One would think it's obvious...

Re:

[RUs1729]

You think the 3 letter agencies in a western democracy wont share all of their data with the 3 letter agencies in every other western democracy? If so you dont understand the five eyes and how they function

You are the one who does not understand how they function. In the USA, three-letter agencies are kingdoms in themselves, suspicious of other USA three-letter agencies. Sharing data is something they may do on occasion, but not as a rule.

Re: And they are wrong.

[ToasterMonkey]

I don't care. What can a VPN provider do to me? Show me a profiled ad next time I log in to the management website? ISPs pretty much funnel the data to whichever 3-letter agency wants them.

But VPNs are immune to 3-letter agency interference?

lol, nice one :)

Re:

[lsllll]

Depends on what you mean by "spying". If you're connecting to your destination via SSL and the client, the server key, or the certificate issuer hasn't been compromised, all the info they'll have on you is via DNS and thus just where you're going (not even URLs). That is, if you haven't trusted the VPN company's CA. So what information do you propose they have on you? That you visited ibm.com?

Re:

[Bert64]

SSL also leaks the hostname in the clear, unless you are using TLS1.3 with ESNI - which is rare. So a MITM will still get the hostnames even if you're using DNS over SSL.

SSL is not a magic bullet, you have to ensure proper validation of the certificates too. When faced with certificate warnings, a lot of users just ignore them and click through and that's in a browser, other software may behave differently depending how it's configured - some will even be configured to ignore the cert without warning users.

Re:And they are right.

[93 Escort Wagon]

It's a basic misinterpretation of why people in the US use a VPN. For most, it's mainly about getting around content access restrictions.

Re:

[mark-t]

Not to mention a basic misinterpretation that many people also have that the ability to get away with something without being caught that gets one something they desire, is an adequate reason to just go and do it.

Any means of bypassing content restrictions can be a terms of usage violation

Re:

[Bert64]

For me it's because a lot of the resources i need to access are only available via IPv6, while a lot of random wifi networks (hotels etc) don't provide full modern connectivity forcing me to use VPN instead.

Re:

[fitzie]

TLS sends the hostname you are trying to connect to in plain text (the SNI field). this was so that they could do virtual hosting with same IP address. There is a solution to encrypt that (ESNI), but I don't think it's widely used.

Re:

[Creepy]

Yes, I just had this discussion with my family. If it has a padlock in the upper left of your browser, it probably is secure. The problem is do you trust the trusted authorities? If I was the CIA, I'd put a man in the middle in every trusted authority to spy on every thing everyone sent. On one hand, I think everyone would know if the CIA ILLEGALLY did that (or FBI, given the CIA can't operate in the US), on the other, those f**king bastards can blow me. The real problem is the US has routed traffic to the

Re:

[SchroedingersCat]

VPN is only useful to get around IP-level restrictions and blocks. For example, watching US content on Netflix from abroad. It is useless against tracking since your browser and even you activity leaves tons of fingerprints. Achieving true privacy and anonymity is extremely hard. VPN is just one of many factors.

WTF where is the linked article?

[garyisabusyguy]

Just went to WAPO.com and searched on VPN, got this result

Your VPN may be snake oil. These three are trustworthy. [washingtonpost.com]
Mullvad, Mozilla VPN and IVPN are worthy of your trust today. But a virtual private network may not actually be what you need to stay safe online.
Review by Geoffrey A. Fowler
July 15, 2022 at 7:00 a.m. EDT

Saying that some VPNs are snake oil, and then listing those that work is a far cry from what the summary is trying to prove

Oh, my apologies, here is the article [washingtonpost.com], not even WAPO seems to want to put it out front

VPNs are commonly used in countries where governments censor the internet or surveil people online. Many companies make their employees use VPNs to protect their computer networks from intruders. That’s reasonable

IMO, the author ignores what the DMCA can do to perfectly normal people, in many cases a VPN would have saved them tens of thousands of dollars

Re:

[garyisabusyguy]

Um sure, Anonymous Coward, I certainly will trust you over a company that I can easily research for reliability, as I do at work when making software purchasing decisions (hint it won't be operated by ex-kgb)

Re: WTF where is the linked article?

[MysteriousPreacher]

Sure, which is why you do research before choosing a provider. VPN providers are actively incentivised to provide privacy because that's their sales pitch. A VPN provider who drops the ball on privacy takes a far larger hit than an ISP. It'd be the difference between Facebook being caught selling your personal data versus Apple doing the same. The latter makes privacy a reason for buying the product meaning they have more to lose.

Re:

[GBH]

Horseshit. Show me your evidence.

There are certainly a tiny number of very high profile historic examples of specific VPN's being caught providing law enforcement with information under court order but if you're peddling kiddie porn or you're perpetuating mass fraud on innocent civilians I'm OK with that kind of exception. There is very little evidence that most VPN's are in any way "leaky" or in any way don't provide first line safety as they describe.

On the contrary many go to great lengths to provide som

If you've done nothing wrong...

[blahabl]

you have nothing to hide, eh, upstanding citizen? Of a western democracy?

No. F*ck them, an f*ck whichever 3-letter agnecy sponsored this bullshit.

Re:

[gillbates]

In a world where the police in the UK arrested 3300+ individuals last year for wrongthink , having a VPN is absolutely essential for a citizen to express themselves freely. Just last year a 19 year old woman [bbc.com] was arrested and prosecuted for posting Snoop Dog lyrics in memoriam of a deceased friend.

Using a VPN these days is practically a requirement for anyone posting anything online.

Tatum who?

[battingly]

If he has a colleague who told him public wifi networks are secure, then, sure, we should trust that advice.

Re:

[Ocker3]

The number of times I've seen legit WiFi networks listed next to a Very slightly mis-spelled version, and then I think about how many times I've mis-spelled a URL... Yup, VPNs when out and about can be an Excellent idea.

Re:

[Jarik C-Bol]

Or, hear me out; instead of paying for a (questionable?) vpn so you can avoid the dangers of free wifi, pay for unlimited data on your device, and skip the wifi entirely.

Re:

[real_nickname]

They link to another article where the colleague had its network traffic sniffed on a public wifi but not man in the middle attack. I wonder what the colleague would do if they get a warning when they access their htts site: stop or ignore and continue?

Go to a free wifi hotspot or library far away

[tekram]

And use a disposable mobile device that has no identity on it and no SIM, no Google, no Apple. How are they going to know who you are?

Re: Go to a free wifi hotspot or library far away

[chrisgotin]

This is why I have Amazon set to autoship me a MacBook every 20 days. Foolproof.

Security for travelling

[Drethon]

I just don't trust hotels to properly setup their wifi securely, so I have VPN for any wifi I connect to that isn't my own.

Re:

[Ocker3]

Or to have anyone check that they haven't been compromised, or to pay someone who actually has the skills to check and isn't going to just harvest user data themselves.

Region restrictions

[radaos]

Using a streaming service without region restrictions is a real reason to use a VPN. In fact it is *the* real reason.

Re:

[Kernel Kurtz]

Using a streaming service without region restrictions is a real reason to use a VPN.
In fact it is *the* real reason.

Most people I know use them for torrenting.

Re:

[Kernel Kurtz]

Most people I know use them for torrenting.

A seedbox service is another option for that. It also has the added benefit that you're not sucking up your upstream bandwidth (which is usually quite limited with most broadband providers in the USA). Basically, it's just a virtual server running a torrent client that you're renting from a business located in a country which has a DGAF attitude towards the DMCA.

Many countries that have a DGAF attitude about the DMCA are rather sketchy in their own right. DMCA-like legislation has infected most democratic western countries as a result of international treaties and domestic lobbying.

Re:

[PPH]

On-line banking. Keeps me (or more accurately my foreign banker) out of hot water with FATCA.

Protection from direct monitoring

[Monstieur]

VPNs offer no protection against browser-based tracking. Typical websites you visit instantly know who you are based on cookies, ad-tracking pixels from social media sites, browser fingerprint, etc. They don't care about your IP address. VPNs do prevent external parties from *directly* observing which destinations your IP address connects to. The external party usually identifies you by monitoring all connections to the destination, and correlating them with your ISP's customer IP address log. With a VPN, the external party will see only the VPN IP address and can't find out who your ISP is. There are specific use cases where this protection is useful. However, if you ever open a regular browser on the VPN and visit, say, a social media website, there is now a link between your identify and the VPN IP address. The external party can ask for that information, which the social media website will gladly hand out unlike the VPN provider. If the VPN is your default outbound interface, the operating system and a bunch of non-browser programs are likely phoning home with identifying information linking you to the VPN IP address. This is why you should never use a VPN in as the default and must always configure conditional routing to use it only for secure applications.

well duh

[aldousd666]

Unless it's your VPN, and you own and configure it, it's just another single span port on your life.

The real reason for VPN

[GuB-42]

Most people I know use VPNs to circumvent restrictions. It can be nationwide restrictions, like in China, or on a smaller scale like in campuses. It can also be used to access content that is not available in your region in streaming platforms, or more generally take advantage of other regions conditions.

No one I know uses a VPN to "stay safe". Some people might do, but that's probably a small market share for mainstream VPN services like NordVPN, ExpressVPN and the likes. They advertise for safety because the alternative of telling people to break the terms of service of streaming platforms or even the law would get them into trouble.

Re:

[MikeDataLink]

They advertise for safety because the alternative of telling people to break the terms of service of streaming platforms or even the law would get them into trouble.

Exactly this. "Hey, use our service to download free movies from the Pirate Bay!" isn't something they can say without a lawsuit the very next day.

Re:

[jwhyche]

People that say you don't need a vpn don't know how to use a vpn. I use mine for real world security. If someone gets a hold of your IP address, something really simple, they can use a Geo IP tracking site to find you in. My last ipaddress, if you looked it up, it would put you almost in my front yard.

This used to not be a problem, but now the world has gone crazy. You say post something online and you can never tell what crazy will track you down.

Re:

[evil_aaronm]

My last ipaddress, if you looked it up, it would put you almost in my front yard.

That's strange. Whenever I see a reference to where the remote host thinks I'm from, it's usually 60 to 180 miles away. Or even further. I'm not using a hardwired-to-the-house kind of internet connection, though. Maybe that's the difference.

Re:

[ShakaUVM]

My former ISP (AT&T) would spy on my connections and send me nastygrams if they didn't approve of me doing things they didn't like, and threatened me with disconnection. So I used a VPN for a while so they couldn't spy on me. That's certainly a valid use case.

I eventually cancelled them, since I also wanted to send a message I don't approve of ISPs spying on their customers.

VPNs are annoying to use on a daily basis, though, with a lot of major web sites just failing to load if you connect from an exit n

Re:

[Weirsbaski]

Most people I know use VPNs to circumvent restrictions. It can be nationwide restrictions, like in China, or on a smaller scale like in campuses.

Or in mid-scale areas, like U.S. states:
https://tech.slashdot.org/stor... [slashdot.org]

I mostly agree.

[Petersko]

A VPN is a good way to put a gastric bypass cinch around my gigabit connection. If my VPN provider suddenly vanished, I probably wouldn't sign up for another one. In fact, my VPN is only turned on when I launch a configured Ubuntu instance in VirtualBox, and it's only used for extremely specific purposes. I certainly don't use it day to day.

Switching regions is less and less important as companies have been getting their IP concerns in order. I used to use it for that, but the amount of decent material avai

Re:

[Ed Tice]

Yeah. Why access a geographically close resource at high speed when you can, instead, send your data around the world twice for no apparent purpose.

They employ Taylor Lorenz as a tech reporter?

[Crashmarik]

And they want to give you advice on how to protect yourself online?
Well if they really wanted to help people have a better online experience they could render one of the worlds most notorious cyber bullies unemployed. It's a small step but at least it would be a positive. They could also change up their editorial policies to stop inciting hatred and violence but I won't hold my breath for that one either.

Anyway you're a fool if take any scientific or technical reporting/tutorials/advice from a newspaper. Ignoring the fact that they have a nearly impossible to pierce liability shield when it comes to getting it wrong and causing actual harm, most of what you see is bought and paid for by their advertisers who really don't have your interests as even a secondary concern. At best you getting value from the story or the products they push is a tertiary if that concern.

Speaking of Taylor Lorenz and cyberbullying, they do completely miss just how much more important anonymity has become in the era of cancel culture. Not surprising seeing as they are people doing the cancelling.

No real reason? I beg to differ...

[tech10171968]

I have one real-life use case for a VPN: there's one particular c-store at which I stop on the way to work for a quick breakfast and I like to check my email while I gobble down my meal. Problem is, whomever handles their IT is lazy asf: pretty much ALL IP's which are out-of-country are blocked for some reason - and that includes my email provider (sorry, not a fan of Gmail). The ONLY way I can access the email server while using my notebook is through a VPN, period.

Not "more secure"

[Rockoon]

VPN's don't make you "more secure" but they do change which threats to be concerned about.

I trust my local ISP more than I do a VPN when I bank.
I trust a VPN more than I do my local ISP when I partake in possible violations of copyright law.

The local ISP offers law and legal enforcement snooping.
The VPN offers a honey pot that I am not the target of.

Tech companies disagree

[null etc.]

Every tech company I've worked at for that past decade insists on enforcing mandatory VPN usage on all corporate-issued laptops. Like, the machines are locked down to the point of native networking not working properly without VPN enabled. I guess all those IT guys can just let us use non-protected cafe wifi access points now, and wifi points that spoof them too!

Re:

[rta]

Well, in this case i'd say it's two parts:

1) is inertia. Corporate IT has been using VPNs for a long time and just like they make you change passwords ever 30 or 90 days ... they still do this. Maybe it still provides some security against those nasty hotel and cafe WiFi's or maybe it's superfluous, but they don't really know or care.

2) The super locked down ones that force everything through the VPN (vs. split horizon) force all your traffic through the corporate network and firewalls to protect the comp

Re:

[Deal In One]

Yeah I wonder if WaPo requires VPN connections to the office when their staff is not in the office. If they don't use VPNs to the office and have a better system in place, let them state what it is, and then they may have a leg to stand on when they suggest not using VPNs.

As for office VPNs, I know many (even small) companies which are not tech companies also use VPNs to access the office file server, etc. And this has been going on before covid itself. I know, cos I helped to set up some of them for differ

Bein a Venezuelan Living in Venezuela...

[williamyf]

I can tell you that there are still many reasons to use a VPN in 2023...

Yes, there are plenty of miths and hype about VPNs, and yes, I can understand why an USoAn living in DC (of all places) may feel like there are no reasons to use a VPN in 2023.

But in a country where the Govt digitally censors disenting sites, where the biggest ISP of the country rutinely spies (doubly so if you are a PIP*), where data plans are so expensive comnpared to salaries that people are looking for free WiFi with complete disregard for digital safety, where phones and laptops are so expensive that they grow old and patchless for motst of the population, and where the content of the streaming libraries is limited, or worse yet, simply not available (even if you have the money), is a good idea to have a VPN handy...

By the way, this is not the first time someone has said this, and slashdot picks it up:
https://it.slashdot.org/story/... [slashdot.org]

So we shoul dispell a fifth mith:
While there may be many miths and less reasons for an USoAn living in the USoA to use a VPN, the USoA is not the world... So, USoAns abroad, and people in other parts may in fact NEED VPNs

* Persona de Interes Politico, "Politically Interesting Person". Lucky for me, I am not a PIP

Old news

[Turkinolith]

Sure, "things are safe these days" is what they want you to think. Granted, if you were REALLY privacy focused you'd be using a VPN ALONG with other means to avoid being tracked anyway. No single thing will make you safe, you have to have multiple layers.

Re: Old news

[ToasterMonkey]

... if you live in Moscow.

Re: Old news

[pope1]

So very true:

https://en.m.wikipedia.org/wiki/Device_fingerprint

It is amazing the number of ways we are tracked that don't require an IP address at all. Attacks higher up the protocol stack, applied together, provide a more accurate tracking tool. Even TAILS in a VM (https://tails.boum.org/install/) is no guarantee: https://coveryourtracks.eff.org/ The lack of the usual fingerprints, makes your connection stand out like a car with no plates. A router that routinely randomized your device fingerprint from

VPN use cases

[bloodhawk]

"democracies" like the US are some of the main reasons for western society to use a VPN if you don't want to find yourself in trouble with the various media mafia. Add in the plethora of legal demands the average forum has for user identity or IP address details for various perceived infringements, insults etc. A poorly worded post could see you bankrupt from legal costs. If anything our great western Democracies are EXACTLY the people you want to hide your information from.

Whom CAN you trust

[gavron]

The Washington Post is a content of source, but editorials and opinion pieces are just somebody talking out of their ass.

VPNs serve a lot of purposes and "hiding something from your family so use a different browser" isn't one of them.

I try to take advice from experts in the field in whatever I'm looking to. The WashPo is not an expert in the field of InfoSEC, ITSEC, or OpSEC.

I've made a career out of those fields, and I use a VPN every time I'm not home. (Thanks, Mango router for making it easier now.)
Al

Re: Whom CAN you trust

[ToasterMonkey]

I've made a career out of those fields, and I use a VPN every time I'm not home. (Thanks, Mango router for making it easier now.)

You're a professional, and you use your own VPN.

So non-IT-professionals should pay some sketchy foreign company to use theirs right? Or do you actually agree with the article and can't see it.

Re:

[JasterBobaMereel]

If you are not setting up your own VPN then you need to be sure you can trust the company running it ...
If the VPN is USA based than it's pointless as they will effectively the same as your ISP - and is subject to the same Federal monitoring
If the VPN is based in another western democracy then you need to check it's privacy policies
If the VPN is based in a country who's government you do not trust, you shouldn't be using the VPN ...

Fake news

[gosso920]

That paper isn't fit to be used to wrap fish.

onion

[e**(i pi)-1]

these days,one really does not know, whether one reads an Onion article or the Washington Post. It used to be different a couple of years ago. it appears more and more that articles are just voicing what their sponsors or advertisers want them to say.

Typical Deep State Mouthpiece

[haunebu]

WaPo has long been the 3-letter agencies' favorite outlet to steer the narrative. Of course the government doesn't want you to secure your privacy. They enjoy seeing everything you do and reading everything you write online. That knowledge is power, and keeps them in power.

Secure your privacy. Fuck the all seeing eye of the NSA/CIA/FBI and the rest of the so called "intelligence community." They can all eat a dick.

Re: Typical Deep State Mouthpiece

[ToasterMonkey]

Ok, do the opposite then. Use a VPN to protect yourself from the CIA, preferably one in a country with a weak government, the CIA hates it because foreign owned companies in countries with weak governments is totally a blind spot our foreign intelligence service never thought of. /facepalm

That's not a myth!

[sentiblue]

I said it's not a myth because it's actually a lie. Non-work related VPNs are to provide anonymity, not to provide protection. The VPN providers are scams. They make their customers believe that it's safe to use their VPN. Their real customers, people who use VPN to hide their true internet identity, use it to harm others on the internet without leaving a truthful footprint.

VPNs aren't for security silly

[Rosco P. Coltrane]

VPNs are for defeating geolocking.

If you use VPNs for security, TFA is right: instead of entrusting your privacy to your ISP and the remote server you're contacting, now on top of that, the VPN provider too is in on the privacy invading action. Not to mention, if the VPN provider is in the US, it's another potential snitch that will tell on you at the request of any of the US TLAs, if you use the VPN to hide your tracks online if you do illegal things.

Roll your own VPN

[Nocturrne]

Stop being weenies and setup your own WireGuard server on a cheap cloud instance.

Re:

[Bert64]

You have no guarantee that the cloud provider isn't logging your traffic either. You're just shifting your trust from one place to another.

I partially agree...

[doragasu]

... with the "you don't need one to hide your activity when at home". But not using one when connecting through public WiFi is a no no for me...

"doing far more to protect you"

[Alworx]

"Companies and public officials could be doing far more to protect you.": they provide a free service at their expense, why should they?

More and more site offer viewers the option: pay the subscription or disable ad-block and allow cookies. Seems fair enough!!

Washington Post says people shouldn't watch BBC

[iamacat]

It just so happens BBC agrees because of whatever content licensing issues. The fact remains that consumers with access to Washington Post, BBC and many other services are better informed than people who go along with market segmentation. What is the greater good in realistic circumstances?

Privacy

[TJHook3r]

I guess this is an attempt to erode Internet freedom? When anonymity is impossible it makes it much easier to stifle dissent

"real reason"

[VeryFluffyBunny]

Please define what they mean by "real reason." The Catholic church says there's no real reason to wear condoms. Maybe that's true for Catholic clergy (thinking of the sexual activities they're most famous for) but for most people condoms are generally a good idea in lots of every day situations. Are VPNs a good idea when you don't want your ISP to sell you personal web history to whoever without any kind of background checks on the buyers? Does that count as a "real reason"?

Home users .....

[JasterBobaMereel]

Home users have little reason, it is mostly just shifting which company can see your traffic
      Un-Geolocking contents is the only reasonable reason

But for business users it is near mandatory - especially when working from home ...

Missing the point

[Ed Avis]

Digital security experts told me that bad guys can use software to easily translate your âoeatâ and âoedotâ into a regular old email address.

Well, duh. It's trivial. But the question is not whether they can, it's whether they do. The evidence, as far as I can tell, is that generally they do not. It's hardly worth it for them as anyone with the moderate level of intelligence needed to obfuscate their email address is too intelligent to respond to spam. The exception would be if so

Re:

[real_nickname]

You can enable crypted dns queries.