What is he talking about, public WiFi can easily poison and monitor your DNS requests (most people don’t know or use encrypted DNS), and there’s still tons of non-https traffic leaks all over the place that are plain text. Even if encrypted, there’s still deep packet inspection. VPNs can mitigate DPI techniques and shift the trust from an easily snoopable public WiFi to the VPN’s more trustworthy exit servers.
This guy really needs to elaborate on what he’s trying to say when the cyber security field very much disagrees with this stance. I’m not a huge fan of Proton, but they aren’t doing anything wrong here. You should use it for public Wi-Fi.
How is DPI a problem if it’s encrypted? That would only work if the attacker had installed their CA cert on your client machine, right?
I think it might be confusion between inspecting plaintext metadata like SNI vs actually inspecting encrypted contents (e.g. HTTPS content, headers, etc.).
I’m doing DPI on my own network and I can still view TLS certificate fingerprints and some metadata that provides a good educated guess as to what a traffic flow contains. It certainly better that it’s encrypted, but there is a little information that leaks in metadata. I think that’s what was meant.
Yeah, deep packet inspection really doesn’t work without breaking https security via man in the middling everything.
I’m not online enough to understand this.
how do I reboot my computer?
This was nothing more than a poorly executed joke from Proton. Some people are massively overreacting.
Considering how most of the Internet is encrypted with TLS, if you add DNSSEC+DoH/DoT on top, trying to MITM someone on a public WiFi is way harder than it was, unless you’re a state-level adversary and you’re able to craft valid certificate for a domain you don’t control from a globally trusted (root) certificate autority (which will lose its trusted status quite fast once discovered, ex: CNNIC)
Not all applications on your computer may be encrypting their packet traffic properly, though. That goes especially for the applications that might be trying to reach out for resources on your local home network (like printers, file shares, and other home servers) as well as DNS requests which are usually still made in the open. I would not recommend eschewing an entire security layer willy-nilly like that. On public Wi-Fi, I would definitely still suggest either a VPN or using your cell phone as a tether or secure hotspot instead if possible.
Sure, but it’s also like, if you’re stepping away from your laptop for a few minutes should you lock the screen or shut it down completely.
The most secure option is to shut it down completely, but also it’s fine to just lock your screen.
If you’ve already got a VPN and it’s as easy as locking your screen to enable, go for it, use it. But if you don’t, you don’t need to go out and get one. You’ll generally be ok without one.
The most secure option is bringing the laptop with you.
Yeah, the days of your local coffee shops Wi-Fi being a problem or mostly gone. Not the VPN doesn’t have a place anymore though. If you’re trying to hide your downloading of ISOs from your ISP it’s still a perfectly reasonable method. Or temporarily relocating yourself to another country to make a purchase or watch some streaming content both perfectly reasonable.
Of course some of the streaming providers are getting wise to this.
why would I need to hide my terabytes of Linux ISO downloads?
Bill Gates, man, Bill Gates
It’s all fun and games until a Microsoft Purity Enforcement squad is kicking in your door.
Nah, it’s all good I subscribe to Linus Torvalds protection services. When the Microsoft vans get within four blocks of my address, They’ll drop ship in dozens of fully-armed penguin paratroopers. After the incursion they even send in a penguin based cleaner team to help get rid of the remains.
I have a VPN so I can securely access my home network when I’m away
Yeah, pptp will always have a strong purpose and home. I’m more speaking to the viability of commercial anonymization VPN.
Or the tld is .mobi
The only real use case for VPNs is to bypass geo blocking on streaming sites, and the VPN providers know this. They also know that if they lean too hard into that, eventually someone will sue them and their business model will evaporate - so they add the “iT MaKEs yOu mORe SeCurE” nonsense as a fig leaf so they can say with a straight face that they operate a product with legitimate uses
This was poorly executed. The National Park Service twitter account does jokes well.
Taking cybersecurity advice from someone called Hawk Tuah is modern day version of clicking banner that says find 40+ single women in your zip code
Mulvad.
