With ever more Supreme Court fuckery going on I’d like to help comrades in my local org be better secured against potential breaches.

Ideally I’d like to recommend 1-3 options that meet these needs:

  • Easy to use
  • Can be used on phones as well as mobile devices
  • Doesn’t retain any network traffic data

Any ideas on what options we have?

  • hello_hello [comrade/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    19
    ·
    edit-2
    5 months ago

    A lot of VPNs are owned or connected to Israeli intelligence agencies or other assorted shell companies.

    Mullvad is your best bet but VPNs don’t make you private. In fact they should just be called Virtual LAN networks. Most of your traffic on the clearnet is encrypted already via HTTPS and VPNs only obfuscate your IP address from the website you’re connecting to. A lot of the fuckery comes from the nonfree clientside JS code that is executed on a lot of websites that can track you as well as nonfree web browsers.

    VPNs won’t protect you against bad digital practices.

    A much better approach to digital privacy is to make sure that your org can function entirely on free software that respects your freedoms. Example: instead of organizing via Discord, Social Media, etc. you can organize via XMPP or Matrix which can be deployed by your org if needed. Instead of creating documents via M$ Office or Google Docs you can use a office suite like LibreOffice and store everything locally and only share copies when needed. Instead of meeting over Zoom you can meet over Jitsi Meet.

    This in my opinion, is far more impressive and worthwhile task than asking your members to pay for a VPN. It actually educates your org on good computing practices rather than security theatre that you’ll have to pay into.

    There’s a big fucking reason why YouTubers can sponsor VPNs but no one seems to be aware of FOSS.

    • sovietknuckles [they/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      11
      ·
      5 months ago

      and VPNs only obfuscate your IP address from the website you’re connecting to.

      If you’re in the US, ISPs can legally sell your data since 2017, so another purpose of VPNs is to obfuscate what sites you are visiting from your ISP.

      • silent_water [she/her]@hexbear.net
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        5 months ago

        under most cases, they only have this data via DNS. it’s encrypted once the actual https request is made - only the destination ip address is available at that point. so encrypting DNS and securing that is probably more important than the protection a VPN provides. if you use a VPN without some form of DNS encryption, you’re trading one ISP you don’t trust for a second you shouldn’t trust but inappropriately are. DNS anonymization is an extra step you can and should take to ensure you’re not trusting your DNS provider, either - it works by tunneling encrypted DNS requests through shared, public relays.

        what you actually need a VPN for is to mask your ip address to the website you’re visiting and to mask the ip address you’re visiting from your ISP. these are important considerations but it’s useless if you don’t first protect DNS, ensure you can’t be tracked via cookies/be fingerprinted, and ensure you’re only connecting to websites over https.

        VPNs are an important and useful tool but they’re not the first or best tool for digital hygiene. you have to tackle each layer, one at a time. start at the top and work down the hierarchy.

        • sovietknuckles [they/them]@hexbear.net
          link
          fedilink
          English
          arrow-up
          5
          ·
          5 months ago

          it’s encrypted once the actual https request is made - only the destination ip address is available at that point.

          HTTPS includes the domain of the site you’re visiting in plaintext, and your ISP will get that information about every request you make unless you’re using a VPN/a proxy/Tor, DNS aside.