Is a VPN service really worth it?

LPD7

Hello all, I have a quick question I am sure will lead to future more in depth discussion but want to get feedback before I decide next steps if any. Within my local network I have a mix of devices and users, at any given time some are accessing chats, social media, video streaming, banking, email, work and online shopping accounts and so on. I am thinking of integrating a VPN service into PFS so I can mask identity from prying eyes like internet service providers, big tech, government etc but since the implementation of TLS 3.x and HTTPS being the standard for all or 99% of all internet connections I am questioning whether or not VPNs provide the benefits they once did. FYI: I have the VPN setup on my PFS box so that when on the go we can establish a secure private connection when in public spaces. So for the questions: 1) Do you feel a VPN service still provides the once touted benefits of privacy and security given the implementation of TLS/HTTPS? 2) Under what use cases do you feel a VPN would be worth the time, money and in most cases reduced throughput (bandwidth issues seem to be common complaint)? Thank you in advance for your feedback.

johnpoz

@LPD7 you are correct that most of the internet is https these days.. Apps also use their own encryption if not actually https, etc.

While a vpn does hide where your going.. Does it matter to you that your isp knows your going to amazon.com ?

I don't give two shits that my isp knows where I am going, I just don't.. They can't actually see what I am ordering on amazon.com for example.

If your isp is blocking access to stuff, ok vpn can come in handy then. Depending on what part of the world your in, your isp does that sort of thing? If your trying to make it look like your coming from place X vs Y for some sort of geoip restriction, again vpn can come in handy..

LPD7

@johnpoz Hey John happy new year to you and thanks for the comment. My rogue side wants to hide everything but my practical side doesnt want to have to add the overhead if any to implementing and maintaining a VPN service if I dont have to and my frugal side doesnt want the expense and degraded performance unless its going to be worth the cost.

One potential benefit is that I cant always know what sites users will visit so if a user visits a site that streams or downloads questionable copyrighted content or makes poor choices when using social media or other public forum then the VPN will hide my IP and I can avoid any criminal threat or legal issues (for the purposes of this discussion assume using a VPN that has zero logs, is located in a country with strict privacy and hates to give info to the man, thats if any still exist).

As for the ISP knowing where you are going unless they are doing a man in the middle setup since the url is encrypted at the browser can they actually make the connection (figuratively) between my IP and the destination? This is where my experience gets fuzzy, need to do a bit of educating myself. I also dont use my providers DNS I have it setup for servers that claim to be setup for privacy.

I am trying to come up with a scenario where having one makes sense but it is a struggle. However after the Jan 6th debacle, banks, big tech and others just handing over info to the government or selling it or other stuff they do without our knowledge or consent I have come back to the question is a VPN service is something to consider.

johnpoz

@LPD7 said in Is a VPN service really worth it?:

since the url is encrypted at the browser

The url is not encrypted, until such time that esni (dead), or now the new name ech is widespread the domain name your connecting to via your https handshake is in the clear..

https://blog.cloudflare.com/encrypted-client-hello

Until such time that ech is everywhere, its quite easy anyone that has access to the dataflow, ie your isp for example to see the sni, since its in the clear.. now that can't see that you want to say www.amazon.com/something, but they can see you went to www.amazon.com or whatever the domain portion your going to that is in the https handshake.

You can believe what you want that vpn is not handing over info, most isp not just going to freely hand over this info anyway, unless there is court order.. That might all depend on what part of the world your in..

But personally I don't care if the isp or even the guys in the black helicopters know that I go to netgate.com and or amazon.com, etc.. Not sure what your expecting they are going to do with this data?

Comes down who do you trust more, your isp - or the vpn your paying 2 bucks a month too slow down your internet that you pay bigger bucks to your isp to make sure you are fast ;)

If the "gov" or the man wants to know what your doing.. Do you really think going to your isp is where they go? If its the gov that is tracking you.. For all you know they are doing mitm at the backbone level between all the isp, with their big boxes.. If state run surveillance is your concern, do you really think that vpn service your sending 3$ a month is going to stop them from seeing where your going? Really?

Sure it might keep your isp from knowing your downloading something that lets say is not a linux distro via p2p.. But if your going to put on the gov is spying on me hat.. I don't really see how that x$ a month vpn service is going to stop them, for all you know they are all in cahoots with with the big bad "gov"..

If you think the only way say something like nsa can keep tabs on you is your isp handing over their logs? I think you are under estimating the abilities of a state controlled service that goal is surveillance of the internet.. Who's concern is national security, and really most likely has carte blanche to make sure they can do that. They could give 2 shits about billy downloading some movie, etc.. They are concerned with national security.. Now the movie industry might want to know your ip that your downloading the latest blockbuster from.. And hiding that from your isp might have some value.. But it sure is not going to prevent surveillance at the gov/state sponsored level that is for damn sure.. ;)

Also don't forget your "IP" and where it goes is not by any means the get all to end all way to track someone..

edit:
I have a buddy that every time we would get into his car it would announce that e911 service is disabled - I ask him why, because they are "tracking" him.. Ok ;) but what about the cell phone you keep in your pocket wherever you go, what about the ezpass to pay your tolls there stuck to your window? What about all the camera's everywhere that can see your license plate on your car, and the gov knows hey that car is registered to you ;) Let alone most camera's that can see your face and walk/drive by them..

I don't get it, but if it makes you feel less "tracked" ok..

LPD7

@johnpoz Thanks for the detailed summary, very helpful and appreciated. As for the "why" I expect we are from different generations and view privacy, freedoms and the role of government differently. Regardless I would hope that we can all agree that the right to privacy is to be cherished, not chiseled away and government overreach and big tech collusion permanently dismantled. Thanks again for your feedback.

SteveITS

@LPD7 DNS is not encrypted either, though many browsers use DoH by default to get around that (and bypass configured DNS servers…using theirs/the one they want you to use).

Not some sites block VPN access for licensing reasons, like streaming video or sports sites.

marcg

I'm with @johnpoz on consumer VPNs such as NordVPN (and not singling them out).

Opinions will differ, but mine is that their value is hugely overhyped. The traffic travels without additional encryption between the VPN provider and the ultimate Internet destination. I don't distrust my ISP any more than I do some random VPN provider (US-centric view here, may not be valid elsewhere). And anything sensitive that I send over the Internet is already encrypted (HTTPS for web, TLS for mail, etc.).

There's a throughput hit, too. The magnitude will depend on the particular VPN technology.

The place-shifting afforded by VPNs may have some value. Your traffic can still be snooped but if someone wants to target you in particular -- and most of us frankly aren't that interesting -- the attacker has to snoop the traffic upstream of the VPN server rather than your Internet connection. It can also be useful for services locked to a particular geography that you need to access from elsewhere.

johnpoz

@LPD7 said in Is a VPN service really worth it?:

all agree that the right to privacy is to be cherished, not chiseled away and government overreach and big tech collusion permanently dismantled

Your right and I agree - but you using a vpn isn't going to accomplish that. The gov staying out of your business.. The genie has been let out of the bottle.. It impossible to put him back in.. And you sure aren't going to do it paying a few bucks to a company that says they don't log ;)

But hey if it makes you feel better, as you go pay for your six pack and condems with your CC, and at the same time give them your rewards card for 10% off, wave to the camera as you exit the building, etc. etc.. But hey my isp doesn't know I went to amazon.com to order something.

JonathanLee

I have my VPN set up so that I have access to my private cloud (NAS) while not at home. I can remote into my VPN and access my files. It’s amazing share files with my wife and photos etc and it’s safe. I got sick of saving files on this computer and that one for code projects, I was forgetting what revision had the bugs worked out. Now I just save it in one spot it’s accessible on any device and it’s the same file.

Mine is not used to hide stuff from ISP it’s only for accessing my files and making sure they are secure. Honestly even use of a VPN is not really going to hide everything you do, some big tech company firewalls decode all the vpn tunnels, also some VPN providers are snake oil sale based.

johnpoz

@JonathanLee that is not what he was asking about.. But yeah running a vpn to securely access your stuff while your remote is a very valuable tool.. Not so much about hiding traffic in that direction, as mentioned pretty much everything is encrypted these days anyway.

A vpn into your own network while your remote is more about the auth mechanism to validate yeah its you that is allowed to have access.

LPD7

@JonathanLee I have my local vpn setup and when on the road I use it so I dont need one for mobile purposes. I like this setup because I can get the most out of my resources and still access my local files and be secure in the public wifi. I am going to see about hosting my own text server, just as a proof of concept.

LPD7

@johnpoz I am compiling a short list as to why I would want to have access to a commercial VPN. There is a reason why ECH and other protocols are being crafted/updated to encrypt all end to end communication from url onward and its either consumer demand or industry need, my guess is that its industry driven to address hacking and such so it has to have some value and safety...right?

LPD7

@johnpoz Yes since getting my vpn working I can access my files and see my surveillance system while not exposing it to the internet what a great benefit.

LPD7

@marcg Yes I agree the throughput is a potential issue which is why if I should go this route the next conversation would be about setting up my PFS box to route certain ports, ip's, etc over the vpn circuit while leaving the rest to move in the open. I may see if I can get a free limited account or free trial and see what happens.

JKnott

@JonathanLee said in Is a VPN service really worth it?:

I have my VPN set up so that I have access to my private cloud (NAS) while not at home. I can remote into my VPN and access my files.

Same here. I've had my own VPN going back over 20 years, to when I was using a CIPE VPN.

manu13

This post is deleted!