If they’re words and they came from Microslop, they’re lies. No exceptions.
The original use case for this stuff was unencrypted HTTP with a public WiFi connection, in which case your ISP is the owners of whatever shop you’re in and yeah they could see everything.
If you’re at home or whatever it offers effectively no benefits, doesn’t “block trackers” or whatever nonsense like Nord claims, but I don’t think Microsoft ever claimed that it did.
The security researcher is an employee for Brave, a competitor that makes a browser too, and sells a white-label VPN that you also purchase and enable from the browser.
I would touch neither Edge “VPN”,
nor “Brave” VPN.the problem with edge’s (allegedly) is not just it’s white-label, though. that would make it a VPN.
Touche; the two things aren’t similar under the hood, but the user interface (being controlled directly from the browser) definitely is. And while Microsoft’s sales pitch is deceptive, it’s clearly a competitor to offerings from companies like Brave, Opera, DuckDuckGo, every Android app that offers a “free VPN” baked into a Chrome shell.
Sorry, we meant to say VVPN but
CortanaCopilot autocorrected it. It’s a virtual VPN, you get to feel like your browsing is private without wasting processor cycles on silly little things like added layers of encryption.Enough of this nerd talk though, let’s get Edging™!
I’m already edging prematurely
edging prematurely
That’s not how any of this works!
You guys gotta stop talking like that or I’m going to bing.
Time to DD-go.
Hey Jeeves! Come clean up this mess.
From what I can tell… that is actually what most people WANT in their VPN. They don’t care about privacy or anonymizing data. They just want to hide information from the LAN admin and/or appear to be in a different region for the purposes of content (used to be so they could watch European Netflix. Now it is so they can watch Colorado Pornhub…).
I dunno. I’ve been in far too many Internet Arguments ™ with people over what they ACTUALLY think a VPN is. People watch ltt’s ads and figure they just pay for a VPN and leave it on 24/7 and that will solve all their problems. When the reality is that they are actively ignoring their actual cookie and activity based footprints and it just means that Google et al have a note that says “John Doe of 123 Fake Street in Bumfuck Wisconsin connects via an endpoint in Denmark”.
And while I wouldn’t trust microsoft at all for… anything? Do y’all really think those black box companies paying youtubers to lie to you about what VPNs do aren’t collecting your data?
“I need a vpn”
Why?
“Privacy”
You trust SuperNeatVPN headquartered in $unregulatedCountry more than your own ISP? It’s all TLS now anyways.
“I run a VPN because Joe Rogan says I need to in order to be secure”
Man, do you know how much of a pain in the ass it is when people run VPNs on their BYOD or work device (hey I don’t manage it, I’m just the MSP), have an established history of popping up all around the world, and then eagerly click the phishing links?
You trust SuperNeatVPN headquartered in $unregulatedCountry more than your own ISP?
if SuperNeat hasn’t been caught with their hand in the cookie jar, at least a little bit. it really depends on what and who. If you’re worried about being called up on anti-regime charges when it becomes illegal, it would be at least prudent to try not to post that from an IP in a country where the regime doesn’t have search and seizure rights. At this point, Google/Apple/Verizon/Comcast have been asked to comply with handing over people doing X things. It wouldn’t take a whole lot to at least obfuscate that a little. You’d still have to be careful through, even Proton is turning over activists.
You guys are using SuperNeatVPN? Would you recommend it? I am using SuperShadyVPN and looking to switch.
Heh.
Our IT department is so incompetent that… let’s just say I have made it a point to leave a paper trail in my inbox of me highlighting issues and complaining because I can’t rule out a full investigation.
Last year we had a “technical all hands” which basically means IT have fucked up to the point that engineering/platform are now responsible for untangling the mess from first principles. And we actually were allowed to look at the logs and were seeing “attacks” from all over Western Europe. I suspect IT would still be trying to call the FBI for help if one of our PSEs hadn’t sighed and said “how much of our staff are running VPNs?”. And then we had to explain what those are… to the people who actually manage the VPN we use to remote in.
STILL not sure if I am more horrified that they didn’t understand that VPNs exist or that they had just not noticed that much mystery traffic until that day.
And why would you trust your own ISP more than reputable VPNs?
Sure, this statement is very valid for (free) VPNs which are not reputable, and act as data mines instead of providing true privacy; but your statement reads very much like we do not need VPNs at all.
ISPs know what sites you are visiting and when, and they are ready to comply with the government. Also, we have acts like Online Safety Act (UK), which incentivizes more data collection. Combine that with age verification on every site, and you are basically giving away your browsing history.
I agree that a VPN alone is not going to protect you, and you need to authenticate less into websites, and clear your cookies after every browser session (basically good OpSec). However, I also think that reputable providers like Mullvad and Proton are a must.
And why would you trust your own ISP more than reputable VPNs?
- Define “reputable VPN”? There is little to no meaningful third party auditing and mostly all we have to go on is if they are on the record for having “cooperated with law enforcement”
- The point is you need to actually understand what you are trusting who with. You want to watch AEW for cheap? Cool, whatever. You want to masturbate to porn without providing your ID? Maybe think about who is more likely to get a call from what orgs. And if you are doing something truly sensitive? That is when you need to learn a WHOLE lot more about what privacy and personal security actually are.
The point is that people just say “linus rogan had a promo code and this solves all my problems”.
ISPs know what sites you are visiting and when…
and your name. address, credit card number. You’re 100% right, just wanted to make sure this isn’t skipped over.
Librewolf is my goto browser + vpn + ublock. If they get through that it’s my fault imo
https://gist.github.com/joepie91/5a9909939e6ce7d09e29
EDIT: If you do absolutely need privacy, then use Tor.
Tor exit nodes are vulnerable to various levels of attacks.
But it also doesn’t change the underlying problem. If you put ALL of your traffic through Tor? Cool. You have accomplished nothing (other than flagging yourself because of what exit nodes you are accessing from) because your cookies and even behavior are still being correlated.
Like… it doesn’t take much to question why FightThePower_6969 looks at both /r/antifa101 AND /r/denver, for example. Ooh, and they also look at /r/warhammer40k and have a cookie from this website listing bus schedules and…
I do agree that tor is an amazing (if problematic) tool and it is generally the gold standard for when you need to obfuscate traffic in a way that doesn’t involve giving mullivad your credit card number. But people still need to understand what traffic they are putting into each different port. And even realize that there are some truly nasty tracking methods out there that can do nasty stuff with even OS level DNS caching between browsers.
That it doesn’t handle DNS requests is DUM. It’s a VPN-lite, but just for your browser, okay, that could be useful. But without DNS it’s giving a false sense of security.
Isnt it a security bonus, if not all data is sent throught the edge “VPN”?
Within the browser, it’ll work to “protect” your traffic (including DNS) from prying eyes locally. As in, someone on the same network as you or your ISP or whatever networks your traffic passes through to its destination.
Instead, it sends it all to Microsoft Central Data Collection™! By passing all your traffic through Microsoft’s central servers, you can rest easy, knowing precisely who is inspecting everything you do (including the US government and the other countries in the Five Eyes network).
Let’s be honest: It’s yet another unfair transfer of power from local criminals to international ones, increasing the wealth of billionaire pedophiles. Give the locals a chance to rise up, would ya?
unfair transfer of power from local criminals to international ones
I prefer local, heritage, free range criminals.
Support your local Street Pharmacist, not Big Pharma!
😄aka iCloud private relay clone
