Hacker News new | comments | ask | show | jobs | submit login
VPNs won't save save you from Congress' internet privacy giveaway (wired.com)
47 points by nsnick on Mar 28, 2017 | hide | past | web | favorite | 26 comments

Headline is a bit misleading. While there are other factors and concerns in choosing and using a VPN, using one will absolutely save you from your ISP snooping on your web activity.

Well, it will stop your local ISP. It does nothing to stop the ISP servicing your VPN provider from snooping on your web activity.

Oh, not to mention the possibility of them blocking well known VPNs "to prevent piracy." Many open WiFi providers already do this.

Generally VPN providers don't use residential ISPs, they buy transit from a transit provider. I can't remember ever hearing of a transit agreement that permits the transit provider to sell connection information.

The following links are usually obligatory when discussing VPNs and online privacy:

Detailed, up-to-date comparison chart of hundreds of VPN services: https://thatoneprivacysite.net/vpn-comparison-chart/

Detailed list of mostly open source, private/secure replacements for popular products and services: https://privacytoolsio.github.io/privacytools.io/

What is the HN community going to do to protect their privacy from ISPs? VPNs? Tor? Disconnect? Looking for thoughts and ideas.

This article is about rescinding a set of rules that hasn't even taken effect yet. Almost nothing will have changed as a matter of practice. Some fence sitting providers may decide it's okay to sell your information now, and it may be harder to get these rules in place in the future.

I'm looking to drop a pfsense router in front of my network so I don't have to deal with VPN on a per-device level. Other than that, selecting a top tier VPN is also on my to-do list. HN recommendations for VPNs would be helpful here!

Private Internet Access is supposed to be one of the better ones that doesn't save logs. I've had it on a machine for months and it hasn't ever disconnected. YMMV.

I can vouch for PIA working well. Speeds are quite good and connection is rock solid. 2+ years with it. The main problem with it I suppose is that it is based in the U.S.

But most of their connection locations are not.

I spent a lot of time researching VPNs and trying to find one I felt like I could trust. Unfortunately, if you're being truly paranoid (which I feel everyone whose considering a VPN should be) there's nobody out there you can trust.

If you feel you can trust a datacenter, the most trustworthy approach would be running your own OpenVPN instance in another country.

Although if you don't want to go through the hassle and do decide to put some amount of trust in a VPN service, I have found That One Privacy Site [0] to be a great resource for researching VPNs.

[0] https://thatoneprivacysite.net/vpn-section/

getcloak.com is the Dropbox of VPNs. The most polished service out there.

Anyone have any experience with flashrouters - https://www.flashrouters.com? While I think you still need a VPN like PIA, IPVanish, ExpressVPN etc, it appears they offer help with device by device VPN connectivity and some plug and play pre-configuration for VPN router?

I recently purchased a subscription to NordVPN in light of this new legislation. They claim not to keep any logs, and I've found their servers to be quick with low latency. A speed-test right now shows 41mb/sec down and 15ms ping. They also don't throttle specific kinds of traffic, like torrents.

No affiliation, just a happy customer.

The whole "we don't keep logs" statement is snake oil.

Picking a US server at random, (US20) it seems to be hosted here[0]

In what appears to be their NJ datacenter located at:

DuPont Fabros, 101 Possumtown Road, Piscataway, NJ 08854

Per their own privacy policy available here[1], they mention the following

  > Internet Protocol (IP) Addresses
  > DigitalFyre uses your unique network address and SessionID
  > to help diagnose potential problems with equipment, to help
  > tailor content to match your preferred interests and to
  > otherwise administer the Site.
So while NordVPN (and frankly, any VPN service that colocates or rents servers) may claim not to keep logs, their service provider most certainly does. Even though your ingress traffic is encrypted, it would still be trivial to match it to egress flows based off packet counts, sizes, and flow durations.

  [0] https://www.digitalfyre.com
  [1] https://www.digitalfyre.com/privacy-policy/

Great point. Do you know of any VPNs that dodge this with reasonable ping times in the US?

Honestly, I never understood the interest people had in companies providing VPN for personal use. The way I always saw it is if I was traveling and needed VPN while on public/unencrypted Wi-Fi, I would just VPN back to my home. Of course this means I trust my ISP not to do anything nefarious.

This topic has the opportunity to become a huge discussion, so for the sake of brevity I'll summarize with my personal, opinionated solutions for various use cases.

  1. You don't trust your ISP
  1.1 Switch ISPs (not always practical)
  1.2 Setup a VPN on a $2.50/mo or $5/mo VPS (this could incur bandwidth costs
      if you're pushing multiple TB per month across the VPS. Note you're still
      at the mercy of the VPS and their colo, but no different than today with
      a VPN provider.)
  2. You don't trust the public network you're on
  2.1 VPN back to your home. This would be free.
  2.2 See 1.2
  3. You don't trust the site operator of the site you're visiting
  3.1 Use Tails linux and Tor
I can't think of any other use cases.

> 1.1 Switch ISPs (not always practical)

That's the use case. For many Americans there is literally no viable option here.

Take Albuquerque for example: if you want a solid 20mbit connection or better, your only option is Xfinity (Comcast).

Don't even get me started on mobile data.

"6. Yes, we allow P2P traffic. We have optimized a number of our servers specifically for file-sharing; ensuring other servers, which are meant for streaming and other purposes, have uninterrupted speeds. In any case, we do not engage in bandwidth throttling for P2P users."

- https://torrentfreak.com/vpn-services-anonymous-review-2017-...

My privacy setup for a while (which I have relaxed somewhat) included:

- Ubuntu on my desktop and laptop

- CyanogenMod on Android [0]

- VPN to a non-14 eyes country [1]

- uBlock Origin, PrivacyBadger, Disconnect

- Null-routed most CDNs (e.g. Google APIs)

- Gaff tape over device's cameras if I couldn't physically disable them

Now obviously those measures go far beyond protecting you from just ISPs, but it was designed to take into consideration every method ISPs, big tech (Google, Facebook), and governments could track you.

[0] https://en.wikipedia.org/wiki/CyanogenMod [1] https://en.wikipedia.org/wiki/UKUSA_Agreement

Doesn't null routing CDNs cause problems? It would make more sense to run your own caching proxy so you rarely make the request to the CDNs and they can't track you. Although doesn't your browser do that already? It's not like you request jquery on every page linking to it via google cdn. You only do it once and then it's cached.

One way to access the article without getting blocked by their adblock blocker is to wait for the page to load, press <F12>, go to the debugger (in Chromium, it's the tab called "Sources") and stop JavaScript (a pause button). Then you can scroll down safely and read it.

Also, Firefox's "Reader View" (book icon on the inside-right of the address bar) renders the full article.

A VPN is a GREAT solution to keep ISPs from spying on you - along with using the Tor browser.

https://torproject.org/ for the Tor browser https://top10vpns.com/compare for a good VPN

Flagged for inaccurate headline. In fact, VPNs CAN save your online privacy. But so can DNSCurve and HTTPS.

But what can't save your online privacy is non-ISPs like Amazon/Netflix/Google from selling your data, which was out of scope of the FCC ruling anyway. So a lot of the excitement over this ruling is overblown, when in fact, your information is likely or could be for sale elsewhere.

> a lot of the excitement over this ruling is overblown, when in fact, your information is likely or could be for sale elsewhere.

That does not mean it is overblown. Sure particular websites sell your traffic. That is only traffic with that particular website. This ruling is about three traffic with your ISP, which is literally all of your traffic.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact