Privacy

31690 readers

376 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Am I okay without a VPN on public networks if I use HTTPS? (lemmy.world)

submitted 1 year ago by [email protected] to c/[email protected]

53 comments fedilink hide all child comments

I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 31 points 1 year ago* (last edited 1 year ago) (6 children)

Non-Internet analogy:

You communicate via snail mail with someone. Both ends know the address of each other. So does the postal service delivering your mail. Everyone opening your letter can read (and with some work even manipulate) the content. That's HTTP.

Now you do the same, but write in code. Now the addresses are still known to every involved party but the content is secured from being read and thus from being manipulated, too. That's HTTPS.

And now you pay someone to pick up your mail, send it from their own address and also get the answers there that are then delivered back to you. The content is exactly as secure as before. But now you also hide your address from the postal service (that information has the guy you pay extra now though...) and from the one you are communicating with. That's a VPN.

So using a VPN doesn't actually make your communication more secure. It just hides who you are communicating with from your ISP (or the public network you are using). Question here is: do you have reasons to not trust someone with that information and do you trust a VPN provider more for some reason? And it hides your address from the guy you are communicating with (that's the actual benefit of a VPN for some, as this can circumvent network blocks or geo-blocking).

Long story short: Do you want to hide who you are communicating with from the network you are using to access the internet? Then get a VPN. The actual data you send (and receive) is sufficiently secured by HTTPS already.

[–] [email protected] 0 points 1 year ago (1 children)

@Ooops @tester1121 just scrolling through some of your responses

why would you leave out the role encryption plays in the VPN tunnels? And that VPN providers are independently audited and subsequently rated for their data log retention rates?

[–] [email protected] 1 points 1 year ago

Then you should probably point out to OP which VPNs are independently audited and not keeping data or not operating in any country requiring access by law enforcement. As everything else would totally defeat your "but government actors"-argument from above.

load more comments (4 replies)