Technology

Yup. You can grab any unencrypted data passed between the user's browser and a server literally out of thin air when they're connected to an open access point. You sit happily at the Starbucks with your laptop, sniffing them WiFi packets and grabbing things off of them.

Oh and you have no idea what the myriad of apps you're using are connecting to and whether that endpoint is encrypted. Do not underestimate the ability of firms to produce software at the absolute lowest cost with corners and walls missing.

If I was someone who was to make money off of scamming people, one thing I'd have tried to do is to rig portable sniffers at public locations with large foot traffic and open WiFi like train stations, airports, etc. Throw em around then filter for interesting stuff. Oh here's some personal info. Oh there's a session token for some app. Let me see what else I can get from that app for that person.

How is DPI a problem if it's encrypted? That would only work if the attacker had installed their CA cert on your client machine, right?

Dpi only works if they install a cert on your phone. Else they can't crack it (in real time) or you would receive HTTPS errors

Yeah, while it is true, lots of VPN companies are grifts just buying VPS's and installing OpenVPN, this "Cyber security expert" puts far too much faith in HTTPS and probably never seen a lecture from the Black Hat conference

I feel bad for her, honestly. She was open about her sexuality and she's conventionally attractive, so now she has all these leering old men on TV slobbering all over her.

Bill Maher practically tried to talk her into bed on his show with his creepy shit about mentoring her.

They need to advertise a legitimate use for their service.

If they don't have a threat from public wifi or other security concerns to remedy, then the only purpose for their service is to bypass region limits and block infringement notices. They would be considered complicit in such infringement.

That their service also hinders efforts to stop pirates needs to be an "unintended" and "unavoidable" side effect.

On public WiFi I just vpn into my home network. The issue with public WiFi is that it can be sniffed by anyone in range since there is generally no encryption.

Although pretty much everything we do is over tls these days, and DoH helps protect against even dns sniffing. There's still at least some risk to working in the clear over a public WiFi network. At least in information gathering, what bank you use, etc.

But, there's no real benefit in using a paid vpn over one you own unless you're downloading illegal content, want to watch another Netflix region, or are in a country with heavy Internet monitoring/filtering.

Not all applications on your computer may be encrypting their packet traffic properly, though. That goes especially for the applications that might be trying to reach out for resources on your local home network (like printers, file shares, and other home servers) as well as DNS requests which are usually still made in the open. I would not recommend eschewing an entire security layer willy-nilly like that. On public Wi-Fi, I would definitely still suggest either a VPN or using your cell phone as a tether or secure hotspot instead if possible.

Yeah, the days of your local coffee shops Wi-Fi being a problem or mostly gone. Not the VPN doesn't have a place anymore though. If you're trying to hide your downloading of ISOs from your ISP it's still a perfectly reasonable method. Or temporarily relocating yourself to another country to make a purchase or watch some streaming content both perfectly reasonable.

Of course some of the streaming providers are getting wise to this.

Hailey "Hawk Tuah" Welch is an influencer that gained a lot of popularity from her nickname (the sound of spitting, with HEAVY implications of performing fellacio). She used her platform to voice a very reasonable and intelligent opinion, which surprised a lot of people because her nickname is essentially blowjob queen.

One of her opinions is that it's important to spread cyber security and used her fame to try to educate the public (potentially a fake story from the image? Idk this drama). And some xit-head claiming to be a cyber security expert ate the onion and offered some shitty advice. Proton fact checked them, because there are a ton of fake news stories about her right now.

Most VPNs sell themselves on encrypting your traffic to an endpoint that either is in a different locale to get around region locks or to put it out of the grasp of the RIAA so they can’t send your ISP copyright notices.

While remote access to a local network is a good use case for a self-hosted VPN it’s totally unrelated to the use case for commercial VPNs

For less technical people or just don't want to deal with public-facing open port: Tailscale or Zerotier are both great option (use Tailscale if former)!

The VPNs you characterise as "shitty" aren't necessarily a bad choice; they're cheaper than the legitimate privacy VPNs. Mullvad is famously 5€ per month, Proton is 4.49€ per month, but NordVPN is 3.09€, Surfshark is 2.19€, and PIA is 1.79€ per month.

If you're really just here to pretend you're in another country (rather than privatemaxing) or hide your torrenting activity from your ISP, the cheaper options can be a perfectly legitimate choice.

I have VPN so I can look at porn.

https://xcancel.com/ProtonVPN you can find it here

Nobody has a Xitter account.

There are some attacks you are vulnerable to on public WiFi that a VPN can help with.

More generally, whoever is transporting your data knows who you are talking to. If you don’t use a VPN, your ISP and whoever owns the router know what websites you are visiting (although they don’t know the specific content). If you use a VPN, your ISP and router know you are using that VPN, but not what websites you are visiting. Now your VPN knows what websites you are visiting, but they still don’t know what the content is.

I hope that helps.

Networking stuff IS my strong suit, and I'm confused about what points most people here, including OP, are trying to make here. Maybe I'm just not awake enough yet.

Wtf proton what? What do people think Proton is saying and what's the WTF part...?

No, the context is that for many years, shady commercial VPNs would sponsor YouTubers and the scripts they were given were full of lies and half truths about the dangers of public WiFi, with the implication being that if you purchase their VPN service they will “protect you”. But the problems these VPN companies were claiming to solve have already been solved by HTTPS and it’s perfectly fine to use public WiFi without a VPN. They are using scare tactics to sell you a product.

What this poster is saying is that they’re disappointed to see this same fear mongering misinformation from Proton, who have an otherwise good reputation for being consumer friendly.