this post was submitted on 06 Oct 2024
735 points (90.8% liked)

Technology

59087 readers
3563 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

top 50 comments
sorted by: hot top controversial new old
[–] moon@lemmy.cafe 381 points 1 month ago (36 children)

What is he talking about, public WiFi can easily poison and monitor your DNS requests (most people don't know or use encrypted DNS), and there's still tons of non-https traffic leaks all over the place that are plain text. Even if encrypted, there's still deep packet inspection. VPNs can mitigate DPI techniques and shift the trust from an easily snoopable public WiFi to the VPN's more trustworthy exit servers.

This guy really needs to elaborate on what he's trying to say when the cyber security field very much disagrees with this stance. I'm not a huge fan of Proton, but they aren't doing anything wrong here. You should use it for public Wi-Fi.

[–] avidamoeba@lemmy.ca 72 points 1 month ago* (last edited 1 month ago) (7 children)

Yup. You can grab any unencrypted data passed between the user's browser and a server literally out of thin air when they're connected to an open access point. You sit happily at the Starbucks with your laptop, sniffing them WiFi packets and grabbing things off of them.

Oh and you have no idea what the myriad of apps you're using are connecting to and whether that endpoint is encrypted. Do not underestimate the ability of firms to produce software at the absolute lowest cost with corners and walls missing.

If I was someone who was to make money off of scamming people, one thing I'd have tried to do is to rig portable sniffers at public locations with large foot traffic and open WiFi like train stations, airports, etc. Throw em around then filter for interesting stuff. Oh here's some personal info. Oh there's a session token for some app. Let me see what else I can get from that app for that person.

[–] sudneo@lemm.ee 25 points 4 weeks ago (2 children)

Just FYI https://shop.hak5.org/products/wifi-pineapple. There are ready-made devices that can do basically what you are describing!

load more comments (2 replies)
load more comments (6 replies)
[–] asdfasdfasdf@lemmy.world 43 points 1 month ago* (last edited 1 month ago) (3 children)

How is DPI a problem if it's encrypted? That would only work if the attacker had installed their CA cert on your client machine, right?

[–] henfredemars@infosec.pub 48 points 1 month ago (1 children)

I’m doing DPI on my own network and I can still view TLS certificate fingerprints and some metadata that provides a good educated guess as to what a traffic flow contains. It certainly better that it’s encrypted, but there is a little information that leaks in metadata. I think that’s what was meant.

[–] catloaf@lemm.ee 30 points 1 month ago* (last edited 1 month ago) (1 children)

True, but this is generally not useful information to anyone. They can see you're visiting bank.com, but they still can't see your bank details.

It might be useful if they're trying to target you for phishing, but a targeted attack is extremely unlikely.

Also, any wireless equipment from the past 15 years or so supports client isolation.

load more comments (1 replies)
load more comments (2 replies)
[–] Appoxo@lemmy.dbzer0.com 32 points 1 month ago (3 children)

Dpi only works if they install a cert on your phone. Else they can't crack it (in real time) or you would receive HTTPS errors

load more comments (3 replies)
[–] Fontasia@feddit.nl 28 points 1 month ago (3 children)

Yeah, while it is true, lots of VPN companies are grifts just buying VPS's and installing OpenVPN, this "Cyber security expert" puts far too much faith in HTTPS and probably never seen a lecture from the Black Hat conference

load more comments (3 replies)
load more comments (32 replies)
[–] EnderMB@lemmy.world 147 points 1 month ago (8 children)

When I first saw this I thought it was funny. The fact that so many people are falling for it has only made it even funnier.

FWIW, Haley Welch might seem dumb as bricks, but she also seems quite sweet - doing charity stuff, keeping her other friend from "that" vid for the ride, etc. As far as people becoming famous for bullshit reasons goes, she seems to be handling it well.

[–] FlyingSquid@lemmy.world 95 points 4 weeks ago (3 children)

I feel bad for her, honestly. She was open about her sexuality and she's conventionally attractive, so now she has all these leering old men on TV slobbering all over her.

Bill Maher practically tried to talk her into bed on his show with his creepy shit about mentoring her.

[–] Urist@lemmy.ml 32 points 4 weeks ago (1 children)

Oof. What is up with these creepy, sweaty dudes on talkshows? I know they somewhat reflect the general populace, but to pull shit like this on air is just boggling.

load more comments (1 replies)
[–] TheGrandNagus@lemmy.world 19 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

You know, you're the first person I've seen that's shared the same view as me (not that I've spoken about the topic much! lol)

Woman admits that she has performed an extremely benign sexual act before - ghasp! A girl has given someone a blowjob before!

And more than that, she has a "dumb" accent! Let's make endless memes about her online basically calling her a slutty moron whose only life skill is sucking cock.

Honestly no wonder women feel pressured to pretend they have no sexual desires

load more comments (1 replies)
load more comments (1 replies)
load more comments (7 replies)
[–] FlyingSquid@lemmy.world 133 points 4 weeks ago (7 children)

I don't know how effective VPNs are over a public WiFi network, but I do know it stopped Spectrum from sending me "you are downloading copyrighted material, stop it" emails once I started using one. Fuck Spectrum, I don't have them anymore, but that seems like a good enough reason to keep using one in certain circumstances.

[–] Rivalarrival 52 points 4 weeks ago (10 children)

They need to advertise a legitimate use for their service.

If they don't have a threat from public wifi or other security concerns to remedy, then the only purpose for their service is to bypass region limits and block infringement notices. They would be considered complicit in such infringement.

That their service also hinders efforts to stop pirates needs to be an "unintended" and "unavoidable" side effect.

load more comments (10 replies)
[–] r00ty@kbin.life 35 points 4 weeks ago (9 children)

On public WiFi I just vpn into my home network. The issue with public WiFi is that it can be sniffed by anyone in range since there is generally no encryption.

Although pretty much everything we do is over tls these days, and DoH helps protect against even dns sniffing. There's still at least some risk to working in the clear over a public WiFi network. At least in information gathering, what bank you use, etc.

But, there's no real benefit in using a paid vpn over one you own unless you're downloading illegal content, want to watch another Netflix region, or are in a country with heavy Internet monitoring/filtering.

load more comments (9 replies)
load more comments (5 replies)
[–] mp3@lemmy.ca 93 points 1 month ago* (last edited 1 month ago) (4 children)

Considering how most of the Internet is encrypted with TLS, if you add DNSSEC+DoH/DoT on top, trying to MITM someone on a public WiFi is way harder than it was, unless you're a state-level adversary and you're able to craft valid certificate for a domain you don't control from a globally trusted (root) certificate autority (which will lose its trusted status quite fast once discovered, ex: CNNIC)

[–] hamsterkill@lemmy.sdf.org 52 points 1 month ago (5 children)

Not all applications on your computer may be encrypting their packet traffic properly, though. That goes especially for the applications that might be trying to reach out for resources on your local home network (like printers, file shares, and other home servers) as well as DNS requests which are usually still made in the open. I would not recommend eschewing an entire security layer willy-nilly like that. On public Wi-Fi, I would definitely still suggest either a VPN or using your cell phone as a tether or secure hotspot instead if possible.

load more comments (5 replies)
[–] linearchaos@lemmy.world 39 points 1 month ago (9 children)

Yeah, the days of your local coffee shops Wi-Fi being a problem or mostly gone. Not the VPN doesn't have a place anymore though. If you're trying to hide your downloading of ISOs from your ISP it's still a perfectly reasonable method. Or temporarily relocating yourself to another country to make a purchase or watch some streaming content both perfectly reasonable.

Of course some of the streaming providers are getting wise to this.

[–] metaStatic@kbin.earth 30 points 1 month ago (4 children)

why would I need to hide my terabytes of Linux ISO downloads?

[–] linearchaos@lemmy.world 24 points 1 month ago (2 children)

Bill Gates, man, Bill Gates

load more comments (2 replies)
load more comments (3 replies)
load more comments (8 replies)
load more comments (2 replies)
[–] MisterMoo@lemmy.world 88 points 1 month ago (7 children)

I’m not online enough to understand this.

[–] thirteene@lemmy.world 47 points 1 month ago (6 children)

Hailey "Hawk Tuah" Welch is an influencer that gained a lot of popularity from her nickname (the sound of spitting, with HEAVY implications of performing fellacio). She used her platform to voice a very reasonable and intelligent opinion, which surprised a lot of people because her nickname is essentially blowjob queen.

One of her opinions is that it's important to spread cyber security and used her fame to try to educate the public (potentially a fake story from the image? Idk this drama). And some xit-head claiming to be a cyber security expert ate the onion and offered some shitty advice. Proton fact checked them, because there are a ton of fake news stories about her right now.

[–] catloaf@lemm.ee 27 points 1 month ago (1 children)

I'm pretty sure that Proton quoting her in the first place is fake. I know she's milking her 15 minutes of fame for all she can, but this seems outside her experience.

load more comments (1 replies)
load more comments (5 replies)
load more comments (6 replies)
[–] RiQuY@lemm.ee 74 points 1 month ago (12 children)

I don't understand why everyone assumes using a VPN means paying for a third party. I have Wireguard deployed in my NAS and I always have that VPN connection active on my phone to be able to access my LAN deployed services remotely, Jellyfin for example.

[–] TORFdot0@lemmy.world 25 points 4 weeks ago (10 children)

Most VPNs sell themselves on encrypting your traffic to an endpoint that either is in a different locale to get around region locks or to put it out of the grasp of the RIAA so they can’t send your ISP copyright notices.

While remote access to a local network is a good use case for a self-hosted VPN it’s totally unrelated to the use case for commercial VPNs

load more comments (10 replies)
[–] praise_idleness@sh.itjust.works 19 points 4 weeks ago (4 children)

For less technical people or just don't want to deal with public-facing open port: Tailscale or Zerotier are both great option (use Tailscale if former)!

load more comments (4 replies)
load more comments (10 replies)
[–] priapus@sh.itjust.works 68 points 1 month ago (3 children)

This was nothing more than a poorly executed joke from Proton. Some people are massively overreacting.

load more comments (3 replies)
[–] EmperorHenry@discuss.tchncs.de 59 points 4 weeks ago (6 children)

obviously the shitty VPNs like NordSurshark, TorGuard, Tunnelbear, cyberghost and PrivateInternetExpress suck...pretty much every VPN that's part of some giant conglomerate sucks ass in terms of privacy and security

But then there's iVPN, Mullvad and ProtonVPN and even Adguard VPN which do very little to no advertising at all and allow their products to speak for themselves. I mean...Kitboga and RionaPoison are sponsored by Proton, but Proton is a good company that takes their security and the security of their swiss-law-abiding users very seriously.

Don't be a scumbag and Proton won't snitch on you.

[–] NateNate60@lemmy.world 29 points 4 weeks ago* (last edited 4 weeks ago) (7 children)

The VPNs you characterise as "shitty" aren't necessarily a bad choice; they're cheaper than the legitimate privacy VPNs. Mullvad is famously 5€ per month, Proton is 4.49€ per month, but NordVPN is 3.09€, Surfshark is 2.19€, and PIA is 1.79€ per month.

If you're really just here to pretend you're in another country (rather than privatemaxing) or hide your torrenting activity from your ISP, the cheaper options can be a perfectly legitimate choice.

load more comments (7 replies)
load more comments (5 replies)
[–] Sorgan71@lemmy.world 52 points 4 weeks ago (1 children)

I have a vpn for... reasons... 🏴‍☠️⚓️🏴‍☠️

[–] slurpeesoforion@startrek.website 18 points 4 weeks ago (16 children)

I have VPN so I can look at porn.

load more comments (16 replies)
[–] jetsetdorito@lemm.ee 44 points 4 weeks ago (1 children)

I assumed it was a joke. My feed has been full of jokes about her talking about urban planning and transit oriented development.

load more comments (1 replies)
[–] flashgnash@lemm.ee 37 points 4 weeks ago (1 children)

I'm sure as shit trusting proton over some random public network in a cafe setup by some random open reach engineer or something

load more comments (1 replies)
[–] FarFarAway@lemmy.world 34 points 4 weeks ago (3 children)

Thank goodness someone explained that to me. I was startong to wonder if she was some sort of technology expert, or something.

load more comments (3 replies)
[–] BeatTakeshi@lemmy.world 34 points 4 weeks ago (2 children)

Can someone share proton's response? I don't have a xitter account

[–] Mwa@lemm.ee 22 points 4 weeks ago (3 children)
[–] ByteOnBikes@slrpnk.net 30 points 4 weeks ago

Appreciate the alternative!

Grabbed this screenshot because I don't trust anything on Twitter to stay visible (or the platform to even be stable)

https://protonvpn.com/blog/public-wifi-safety/#:~:text=5%20ways%20to%20stay%20safe%20on%20public%20WiFi

load more comments (2 replies)
[–] Rivalarrival 18 points 4 weeks ago (1 children)

Nobody has a Xitter account.

[–] ripcord@lemmy.world 16 points 4 weeks ago (2 children)

Millions and millions of idiots do.

Is this some highly-voted pedantry about the site not technically being called "Xitter"? Or wtf is going on in this thread....?

load more comments (2 replies)
[–] jagged_circle@feddit.nl 33 points 4 weeks ago

Don't hire that contractor lol

[–] chagall@lemmy.world 32 points 1 month ago

This was poorly executed. The National Park Service twitter account does jokes well.

[–] chrischryse@lemmy.world 16 points 4 weeks ago (8 children)

So I'm confused networking stuff has never been my strong suit, is this saying you can still be fucked on public WiFi even if you connect through a VPN?

[–] WolfLink@sh.itjust.works 50 points 4 weeks ago (10 children)

There are some attacks you are vulnerable to on public WiFi that a VPN can help with.

More generally, whoever is transporting your data knows who you are talking to. If you don’t use a VPN, your ISP and whoever owns the router know what websites you are visiting (although they don’t know the specific content). If you use a VPN, your ISP and router know you are using that VPN, but not what websites you are visiting. Now your VPN knows what websites you are visiting, but they still don’t know what the content is.

I hope that helps.

load more comments (10 replies)
[–] ripcord@lemmy.world 20 points 4 weeks ago (2 children)

Networking stuff IS my strong suit, and I'm confused about what points most people here, including OP, are trying to make here. Maybe I'm just not awake enough yet.

Wtf proton what? What do people think Proton is saying and what's the WTF part...?

load more comments (2 replies)
[–] EncryptKeeper@lemmy.world 20 points 4 weeks ago (1 children)

No, the context is that for many years, shady commercial VPNs would sponsor YouTubers and the scripts they were given were full of lies and half truths about the dangers of public WiFi, with the implication being that if you purchase their VPN service they will “protect you”. But the problems these VPN companies were claiming to solve have already been solved by HTTPS and it’s perfectly fine to use public WiFi without a VPN. They are using scare tactics to sell you a product.

What this poster is saying is that they’re disappointed to see this same fear mongering misinformation from Proton, who have an otherwise good reputation for being consumer friendly.

load more comments (1 replies)
load more comments (5 replies)
load more comments
view more: next ›