This is a most excellent place for technology news and articles.
Sure. It is a user data collection funnel, developed with love and care, as to maxize MS shareholdee value, and increase the size of Bill Cates's bank accounts.
No one should use it.
Also to maximize copilot
Yeah, sure, semantics: when laydudes think about "vpns", they expect exactly a set of features provided by a proxy, so it's pretty much a marketing term nowadays. Nobody really cares whether the packets between their PC and the endpoint are wrapped in wireguard or socks5, unless some protocol happens to be blocked.
It's also not a web browser.
The security researcher is an employee for Brave, a competitor that makes a browser too, and sells a white-label VPN that you also purchase and enable from the browser.
I would touch neither Edge "VPN",
nor "Brave" VPN.
the problem with edge's (allegedly) is not just it's white-label, though. that would make it a VPN.
Touche; the two things aren't similar under the hood, but the user interface (being controlled directly from the browser) definitely is. And while Microsoft's sales pitch is deceptive, it's clearly a competitor to offerings from companies like Brave, Opera, DuckDuckGo, every Android app that offers a "free VPN" baked into a Chrome shell.
If they're words and they came from Microslop, they're lies. No exceptions.
Sorry, we meant to say VVPN but ~~Cortana~~ Copilot autocorrected it. It's a virtual VPN, you get to feel like your browsing is private without wasting processor cycles on silly little things like added layers of encryption.
Enough of this nerd talk though, let's get Edging(tm)!
I'm already edging prematurely
edging prematurely
That's not how any of this works!
You guys gotta stop talking like that or I'm going to bing.
Time to DD-go.
Hey Jeeves! Come clean up this mess.
You guys are so great for a dreary Monday.
The original use case for this stuff was unencrypted HTTP with a public WiFi connection, in which case your ISP is the owners of whatever shop you're in and yeah they could see everything.
If you're at home or whatever it offers effectively no benefits, doesn't "block trackers" or whatever nonsense like Nord claims, but I don't think Microsoft ever claimed that it did.
I use a VPN to get access to my home remotely and privately.
I also use it from my home to access content that is region locked or censored in my country.
No benefits? The way things are going, you won't be able to fart on the internet without a VPN.
If you're at home or whatever it offers effectively no benefits
Porn.
Also my ISP sniffs packets enough to send copyright complaints, so I’d rather outsource that exposure to a country with privacy laws.
This isn't sending your packets anywhere but their closest datacenter, not sure I'd trust MS (Or rather, Cloudflare) with your porn rather than your ISP who you're actually paying.
For porn (in most of the us), the goal is geolocation spoofing to avoid ID requirements, not anonymity.
That said, I doubt edge achieves even that, since they likely keep their servers in the states. I was more talking about VPNs broadly.
Are you talking torrents? Or downloading off the web? If youre talking torrents it's not your ISP, it's usually whoever "owns" the content you torrented. Well not them directly but companies and shit that will go and download all the torrents of said content off public trackers, monitoring the IPs the connect. They will then spam the ISP with IPs, at no time does the rights holder know who you are they just have the IPs, however your ISP is required to take those and send a boilerplate letter to notify you that you did it and shouldn't do it again.
Atleast for Shaw up in here Canada. One of the few positives with our shitty telecoms
Mine only sends those for torrenting, that doesn't need much scrutiny to detect
I use one for Usenet, but maybe I’m too cautious.
With https I don't but I'm not really at risk so I might make other choices otherwise, idk. But def use vpn when torrenting bc your ISP *will* send a letter
Some VPNs can block trackers in a very narrow sense. If they are set up to prevent DNS leaks and provide an internal DNS service, that can blackhole ads and trackers just like PiHole, Adguard Home, et al.
There's still a bunch of other ways to fingerprint people online, but I wouldn't say using a VPN at home offers no benefits.
From what I can tell... that is actually what most people WANT in their VPN. They don't care about privacy or anonymizing data. They just want to hide information from the LAN admin and/or appear to be in a different region for the purposes of content (used to be so they could watch European Netflix. Now it is so they can watch Colorado Pornhub...).
I dunno. I've been in far too many Internet Arguments (TM) with people over what they ACTUALLY think a VPN is. People watch ltt's ads and figure they just pay for a VPN and leave it on 24/7 and that will solve all their problems. When the reality is that they are actively ignoring their actual cookie and activity based footprints and it just means that Google et al have a note that says "John Doe of 123 Fake Street in Bumfuck Wisconsin connects via an endpoint in Denmark".
And while I wouldn't trust microsoft at all for... anything? Do y'all really think those black box companies paying youtubers to lie to you about what VPNs do aren't collecting your data?
“I need a vpn”
Why?
“Privacy”
You trust SuperNeatVPN headquartered in $unregulatedCountry more than your own ISP? It’s all TLS now anyways.
“I run a VPN because Joe Rogan says I need to in order to be secure”
Man, do you know how much of a pain in the ass it is when people run VPNs on their BYOD or work device (hey I don’t manage it, I’m just the MSP), have an established history of popping up all around the world, and then eagerly click the phishing links?
Heh.
Our IT department is so incompetent that... let's just say I have made it a point to leave a paper trail in my inbox of me highlighting issues and complaining because I can't rule out a full investigation.
Last year we had a "technical all hands" which basically means IT have fucked up to the point that engineering/platform are now responsible for untangling the mess from first principles. And we actually were allowed to look at the logs and were seeing "attacks" from all over Western Europe. I suspect IT would still be trying to call the FBI for help if one of our PSEs hadn't sighed and said "how much of our staff are running VPNs?". And then we had to explain what those are... to the people who actually manage the VPN we use to remote in.
STILL not sure if I am more horrified that they didn't understand that VPNs exist or that they had just not noticed that much mystery traffic until that day.
And why would you trust your own ISP more than reputable VPNs?
Sure, this statement is very valid for (free) VPNs which are not reputable, and act as data mines instead of providing true privacy; but your statement reads very much like we do not need VPNs at all.
ISPs know what sites you are visiting and when, and they are ready to comply with the government. Also, we have acts like Online Safety Act (UK), which incentivizes more data collection. Combine that with age verification on every site, and you are basically giving away your browsing history.
I agree that a VPN alone is not going to protect you, and you need to authenticate less into websites, and clear your cookies after every browser session (basically good OpSec). However, I also think that reputable providers like Mullvad and Proton are a must.
ISPs know what sites you are visiting and when..
and your name. address, credit card number. You're 100% right, just wanted to make sure this isn't skipped over.
Librewolf is my goto browser + vpn + ublock. If they get through that it's my fault imo
And why would you trust your own ISP more than reputable VPNs?
The point is that people just say "linus rogan had a promo code and this solves all my problems".
You trust SuperNeatVPN headquartered in $unregulatedCountry more than your own ISP?
if SuperNeat hasn't been caught with their hand in the cookie jar, at least a little bit. it really depends on what and who. If you're worried about being called up on anti-regime charges when it becomes illegal, it would be at least prudent to try not to post that from an IP in a country where the regime doesn't have search and seizure rights. At this point, Google/Apple/Verizon/Comcast have been asked to comply with handing over people doing X things. It wouldn't take a whole lot to at least obfuscate that a little. You'd still have to be careful through, even Proton is turning over activists.
https://gist.github.com/joepie91/5a9909939e6ce7d09e29
EDIT: If you do absolutely need privacy, then use Tor.
Tor exit nodes are vulnerable to various levels of attacks.
But it also doesn't change the underlying problem. If you put ALL of your traffic through Tor? Cool. You have accomplished nothing (other than flagging yourself because of what exit nodes you are accessing from) because your cookies and even behavior are still being correlated.
Like... it doesn't take much to question why FightThePower_6969 looks at both /r/antifa101 AND /r/denver, for example. Ooh, and they also look at /r/warhammer40k and have a cookie from this website listing bus schedules and...
I do agree that tor is an amazing (if problematic) tool and it is generally the gold standard for when you need to obfuscate traffic in a way that doesn't involve giving mullivad your credit card number. But people still need to understand what traffic they are putting into each different port. And even realize that there are some truly nasty tracking methods out there that can do nasty stuff with even OS level DNS caching between browsers.
You don't have to give mullvad your credit card number though.
You guys are using SuperNeatVPN? Would you recommend it? I am using SuperShadyVPN and looking to switch.
That it doesn’t handle DNS requests is DUM. It’s a VPN-lite, but just for your browser, okay, that could be useful. But without DNS it’s giving a false sense of security.
Isnt it a security bonus, if not all data is sent throught the edge "VPN"?
Within the browser, it'll work to "protect" your traffic (including DNS) from prying eyes locally. As in, someone on the same network as you or your ISP or whatever networks your traffic passes through to its destination.
Instead, it sends it all to Microsoft Central Data Collection™! By passing all your traffic through Microsoft's central servers, you can rest easy, knowing precisely who is inspecting everything you do (including the US government and the other countries in the Five Eyes network).
Let's be honest: It's yet another unfair transfer of power from local criminals to international ones, increasing the wealth of billionaire pedophiles. Give the locals a chance to rise up, would ya?
unfair transfer of power from local criminals to international ones
I prefer local, heritage, free range criminals.
Support your local Street Pharmacist, not Big Pharma!
😄aka iCloud private relay clone
