dfyx

dfyx , 4 days ago (edited 4 days ago)

Commercial VPNs as a security measure are pretty much a scam, at least in the way they are marketed.

These days, basically any web traffic is encrypted through HTTPS. Even on an untrusted network, nobody will be able to see the actual content (passwords, personal data) of what you're doing. DNS spoofing isn't viable either as any fake site they would send you to would lack the right certificates to establish a convincing HTTPS connection. So all someone can see is what servers you're connecting to, either by logging your DNS requests (can be prevented by using some form of encrypted DNS like DNS over HTTPS) or the IP addresses you connect to. And honestly, how much value does one get out of knowing that there's someone on their network who browses beehaw.org, supergreatbank.com and bigtiddygothgfs.to with no information to connect that to an actual person?

Unless you routinely use shady open Wi-Fi networks - and I'm talking about something that may have been setup on purpose by a malicious actor, not your local supermarket - to do security-critical stuff, you don't need a VPN. Also, if you trust your mobile data provider less than a company that tricks people into thinking you absolutely need their product to secure your data, you should get a different mobile data provider.

Now, there are use cases for VPNs but those are more along the lines of accessing stuff that's not available in whatever region you're currently in.

See also Tom Scott's video on the topic. It's a few years old but still relevant.

Edit: there is of course also the use case of hiding illegal stuff. In that case, I will not give any advice. Put some onions on top of your router or something, that's probably cheaper and more reliable.

Edit 2: just to make this entirely clear, I'm talking about commercial VPNs like NordVPN, Surfshark and whoever else pays YouTubers to advertise for them. If you host your own VPN, some of the downsides may not be as relevant. Though I would assume that anyone who even considers hosting their own VPN has enough technical knowledge about how networking works to know about the pros and cons.

dfyx , 4 days ago

Or don't. Unless you know that your provider is working against your best interests, a VPN provider is just as likely to be compromised as your cable or mobile ISP.

dfyx , 4 days ago

Your provider will just see encrypted traffic (mostly) anyway, so no it will not provide protection. The only thing that you're now hiding from your provider is which servers you're connecting to. Instead you're showing that info to a VPN company whose main business practice is scaring people into buying a product they probably don't need. Think about who you would trust more.

dfyx , 4 days ago

Please note that the comment you're replying to is leaving out a crucial piece of information: if your VPN provider is legally allowed to operate where you live, your government or law enforcement can get your data from them just as easily as they can get it from your ISP.

(Sorry for repeating myself but security is an important topic so I'd rather correct incomplete or misleading information in multiple comments than have someone miss the crucial part because they read only one sub-thread)

dfyx , 4 days ago

While my threat model is not universal, it comes close, at least for the average user which OP seems to be from their question. In practice, there is very little unencrypted traffic these days and in the case of that traffic you will have to ask yourself if your (commercial) VPN provider is more trustworthy than your ISP.

If you need to ask if you need a VPN there's a 99% chance that you don't. There are certainly a few use cases for both commercial VPNs and TOR (see my other comment) but to even be aware that those apply to you, you probably already have enough technical knowledge to approach the question from the direction "I want to do XYZ, how can I be more secure?" and not "I've heard of VPNs, do I need one?"

dfyx , 4 days ago

If you're using a commercial VPN from a provider who can legally operate in your country, your national government can just as easily get that information from them as from your ISP.

dfyx , 4 days ago

A commercial VPN provider is just another random third party.

dfyx , 4 days ago

Sure, if you know that your ISP abuses your data, go ahead and do something. Though I would recommend changing ISPs before you give even more money to some other company who may or may not do the exact same thing to your data. I'm specifically not talking about TOR or some VPN that you host on your own. I'm talking about companies like NordVPN and Surfshark.

The analogy of locking your door doesn't quite fit. Locking your door doesn't cost you 10 dollars per month and doesn't require you to hand your keys to the guy who sold you the lock.

dfyx , 4 days ago

Oh I most certainly don't have much faith in my local ISP. But I have even less faith in some VPN startup funded by venture capitalists who may or may not be cutting corners on security to save a few bucks on their ends even if they're not actively malicious. At least my local ISP has been around for decades and is closely monitored by both a government agency and independent customer protection groups.

And yes, I do live in a place with a very strong regulatory framework. Our ISPs are bound by the EU GDPR and our highest federal court has confirmed multiple times that even saving connection metadata without a case-specific court order is illegal. Sure, they could break those laws but a commercial VPN provider can do just the same with the difference that not as many people would notice.

dfyx , 4 days ago (edited 4 days ago)

I checked and there is only a single comment that mentions Mullvad (other than yours that I'm replying to right now) that's visible on my instance with no specific explanation why it's better than other offers other than that you can pay with cash. If I've missed something, I promise you that it's not in bad faith, it's just that this distinction didn't come through clearly.

I hadn't heard about Mullvad before today and a quick look at their website made it look not very different from the fear-mongering you see with the others. Only after your comment I noticed the Why Mullvad VPN link at the very bottom that explains what they do differently. I'm still skeptical about some of the claims and especially of audits that they themselves requested but I'm happy to see that there are providers that seem to be more trustworthy than the ones that are constantly shoved down our throats and I'm definitely happy to have learned something new.

May I suggest that you write a top level comment that explains in detail why Mullvad is better than other services so OP (and others who stumble over this thread) has an easier time finding it?

Edit: minor typos and grammar

dfyx , 4 days ago

I came into this discussion from the technical perspective (of which I've done plenty of research, both in university and in my job) that commercial VPNs don't do what most ads want you to think they do. Your ISP sees a lot less than they want you to think, VPNs use just the same encryption algorithms as everyone else and while public WiFi isn't great security-wise it's not as if anyone will read your bank password the second you connect. I still stand by those claims.

Then, the discussion drifted towards who you'd rather trust with the things that aren't encrypted (mostly DNS and connection metadata. Someone has claimed that many messengers are unencrypted but I think they have confused a lack of user-to-user encryption with user-to-server encryption), your ISP or some VPN provider. That's the point where we diverged: as I had no need for a VPN myself (because of the reasons mentioned above), I had not researched individual VPN providers and was not aware that Mullvad apparently has a strong track record. For that I apologize. Still, in a thread that started out with someone not knowing if they need a VPN at all and most discussion has been very general, I would not assume that anyone who comments is familiar with a specific provider without them being named explicitly. Also, I've stated in at least three places that I was explicitly talking about VPN providers like NordVPN and Surfshark that are prominently (mis-)advertised. Those I still would not trust further than I can throw them.

But I guess that's online discussions. We've talked about two different things and took a while to notice. I'm thankful for the correction and I hope you can understand where I came from.

dfyx , 5 days ago

Not sure why you get Apple into this. Apps on iOS have been natively compiled from the beginning and they are amazing at running stuff on older hardware. My current iPhone 12 Mini is over three years old and smoothly runs everything I throw at it. Before that I had a 2016 iPhone SE for about four years and only replaced it because I wanted something with a better camera (I'm a semi-professional photographer so I want something decent for when I see something cool and don't have my big camera with me). I gave the SE to my mom and she used it for another two years until she decided she needed a bigger screen. It probably still works and it got its last OS update just two months ago.

As long as you don't run something super hardware hungry, you can easily use an iPhone for at least five years without any problems. Even if the battery dies halfway through, there are lots of repair shops around that will replace it for a reasonable price in case you're not comfortable with opening up the phone on your own.

dfyx , 5 days ago

There's a chance that framework might build something. Lately they've been asking what to build next and modular phones were one of the most frequent answers. While their parts are not fully open source, their interfaces between the modules and the firmware are. For the laptops, you can already replace basically anything with a custom version.

dfyx , 5 days ago

That‘s correct and indeed unfortunate but not what we were talking about.

dfyx , 10 days ago (edited 10 days ago)

In case you're serious with the sphinx question: in ancient Greek myth the entrance to the city of Thebes was guarded by a sphinx who would only let you through if you could solve a riddle, otherwise the sphinx would eat you. Which riddle that would be changes from story to story but the most famous one is along the lines of "What creature walks on four legs in the morning, two at noon and three in the evening?". This was eventually solved by king Oedipus who realized it was a human who crawls as a baby, walks on two legs as an adult and needs a walking stick as a third leg when they're old. Depending on which version you read, the sphinx was either so shocked by him solving the riddle that it threw itself from a cliff or was simply slain by him.

dfyx , 10 days ago (edited 10 days ago)

Well, you could consider the solution to the riddle a pun though that's quite a stretch. Though there is at least one modern rendition (in German) that directly uses a more pun-ny solution. It does't quite translate to English but I'll try. Basically, Oedipus thinks and thinks until he starts to complain "Ach Mensch..." which is roughly equal to English "Oh boy..." but "Mensch" is literally the German for "human" so it's the right solution and the sphinx has to accept it. If you understand German, I highly recommend checking out this version. It's "König Ödipus" by Bodo Wartke. He plays all roles himself on a mostly empty stage with only a couple of props and it's absolutely hilarious. The sphinx is a lion hand puppet.

Edit: for anyone interested, here's a youtube clip of the scene: https://www.youtube.com/watch?v=DogC57ZJuY8 (German with German subtitles)

dfyx , 10 days ago

Oh right, that would work.

dfyx , 10 days ago

Yeah, as I said in response to exocrinous, that would work. No idea why it slipped my mind when I typed my comment. I think I even thought of something similar, it sounded wrong in some way and so I went a different route.

dfyx , 10 days ago

I see what you did there...

dfyx , 12 days ago

English:

• Lateral
• Darknet Diaries
• Artifexian
• Exolore
• The White Vault (caught up on old episodes)
• World's Greatest Con

German:

• Geschichten aus der Geschichte
• Geschichten aus dem Altbau
• Darwin gefällt das
• Mord auf Ex
• Bayern 3 True Crime
• Weird Crimes

All in no particular order.

dfyx , 13 days ago

Publishers have massively overspent the last few years, hoping the gaming hype that started during the Covid lockdowns would stay or even grow indefinitely. Investors are only happy when numbers are higher than the year before and the only way to achieve this is to cut expenses. Problem is, cutting expenses almost always leads to worse output in the near future causing these companies to starve themselves to death. But by that time, those responsible will have cashed out and moved on to become C-level execs at some other company that they can milk for a few years before running them into the ground as well.

dfyx , 13 days ago

So pretty much what you would do with regular swords. Arms and to some extent legs are closer to you than the rest of the body so they are often the easiest targets.

dfyx , 14 days ago

I wouldn’t be so sure. They were probably scared the Russians might sabotage it.

dfyx , 14 days ago

Or in short: we need more things that were made because someone wanted to tell that particular story, not because someone needed to fill a slot in a release schedule.

dfyx , 17 days ago

This may be in Google Maps pretty soon: https://hard-drive.net/hd/entertainment/google-maps-introduces-new-fog-of-war-feature/

dfyx , 18 days ago

I would have bought it day one if there was a physical release for PS5. With it being digital only, I will wait until it’s in a sale (and probably until it’s on Steam).

dfyx , 25 days ago

Literally the plot twist in...

spoiler

Soma

dfyx , 25 days ago (edited 25 days ago)

This whole thing is a major political problem that has been brewing pretty much since World War II. I'm by far not an expert so I might get some details wrong but I'll try.

During the war, millions of Jews fled from the Nazis and the Allies were wondering what to do with all those refugees. One option was British-occupied Palestine. The reasoning was that it geographically coincided with ancient Isreael, the Jewish homeland. The problem is that it had been inhabited by Muslims for over 1300 years so obviously the Arab population wasn't too happy about giving up the region their families had lived in for generations just because some western colonial power had decided to give it to some refugees.

The plan was to split Palestine into two states - Palestine and Israel - with Jerusalem as a neutral zone under control of the United Nations. Because of the unstable situation - including terrorist attacks against the British administration - this was never fully implemented. The state of Isreael was officially founded in 1948 but there was never any formal agreement on who controls which parts of the region. The Arabs got driven from their homes and only kept the West Bank and the Gaza Strip but were obviously never happy about that. (Edit: please see correction by @Sprawlie below. The situation is even more complicated) While the general population would probably be okay with just being left in peace, there are radical groups like Hamas who want to take back what was taken from them by the British and Israel.

On the other hand, nobody who lives in Israel today was involved 80 years ago when the British decided on their plan. These people were born in Israel and have lived there all their lives. So in a way, both sides just want to keep their homes. There have been several proposals for how we could solve this, including an official two states solution that would regulate the borders (obviously not favored by Palestine), a single state solution (forcing two groups who have been fighting each other for 80 years could be tricky) and reverting everything the British decided and kicking out the Jewish population (obviously not favored by Israel). There just is no good solution and so the situation in the area is heating up more and more. From their own perspectives, both sides have good reasons for what they're doing though the way they're doing it is obviously not acceptable.

(Edit: corrected 1400 to 1300. Math is hard)

dfyx , 25 days ago

Thank you for the nice words. I just felt like with all the discussion of who did what in the last few years, people are forgetting why Israel and Palestine are fighting in the first place.

Of course there is a lot more to this. For example the fact that Jerusalem is considered a sacred place by three different major religions and so the question who controls it is not only political but also symbolic. It was literally the (official) reason for the crusades during the middle ages. In that way, a neutral Jerusalem might have actually been a good idea. Though of course we don't know what other problems that would have caused.

dfyx , 25 days ago

That sounds... weird. And ignores a lot of history behind why they are fighting. Do you have any sources for your claims or is that just your personal opinion?

dfyx , 25 days ago

Jordan shooting down drones that pass over their country doesn't make them an ally of Israel. It just means they don't like being caught in the middle of a war that others are fighting.

dfyx , 25 days ago

Okay, that explains why you're so far off the mark on some points. Framing progressives as "anti West" or even "anti White" is honestly insulting and sounds a lot like far right propaganda. Most left / progressive people I know that support Palestine do so because of a couple of reasons:

• Killing civilians is bad. While both sides have been guilty of that over the last few decades, Israel is currently taking it to a whole new level.
• Palestine has arguably the better claim to the region. Arabs have lived there from the 7th to the mid 20th century. On the other hand, Israel's claim amounts to "It was ours in ancient times" and "The British said so during WW2"
• Israeli aggression comes from the government while Palestinian aggression comes mostly from Hamas, an extremist group who does not officially represent the country as a whole (yes, I know there are some members of Hamas in the government but their pseudo-military actions don't seem to be officially sanctioned to the point where the president has urged them to adhere to the 1967 ceasefire since at least 2006)

I would argue that almost nobody involved in the overall discussion actually supports Hamas' plan of eradicating all Jews from the area, not even the far right. Most people would be fine with a peaceful solution, be it two states or one. But because of the way Israel was founded (by a colonial power giving land that has belonged to Arabs for 1300 years to a bunch of refugees with no personal connection to the place), reaching a peaceful solution extremely hard if not impossible.

In conclusion: everybody sucks but at least right now, Israel sucks more.

dfyx , 25 days ago

Oh and as for why people talk about this and not as much about many other wars:

• This is the continuation of a conflict that has been in western news for decades and has been flaring up every now and then.
• Israel and Palestine are geographically and in parts culturally close to Europe which makes them seem a lot more relevant to Europeans than what happens on the other side of the world.
• Israel is directly targeting civilians which is by all definitions a war crime
• Israel has traditionally been allied with the West but has always been controversial for the various reasons listed in all the other posts in this thread
• This is yet another conflict in an already unstable region (Syrian civil war since 2011, the Arab Spring in general, Iraq still hasn't fully recovered from its war between 2003 and 2011, ...)
• Israel has access to nuclear warheads, Iran may have some as well and is just one bad day away from fully engaging in the conflict on the Palestinian side
• The overall situation is very complex which means there is a lot to talk and argue about.
• This is stuff happening right now. People have been talking just as much about Ukraine and Syria and would have been talking more about many other conflicts if social media had been more present when they broke out.

dfyx , 25 days ago

It is genocide by the definition that they are directly targeting a whole lot of civilians who are not directly aligned with Hamas. By directly shooting them, bombing hospitals, preventing them from leaving Gaza and actively blocking foreign aid even though the UN has told them to stop multiple times. That's not "attempting to destroy Hamas", that's an active "attempt to destroy a protected group [Muslim religion, Arab ethnicity, Palestinian nationality, probably a mix of all three] in whole or in part".

dfyx , 25 days ago

Progressives generally don't hate Jews, Muslims, Christians, Hindus or any religion or ethnicity in particular. They hate people who think it's okay to harm innocents. Just happens that thinking it's okay to harm innocents currently has a strong overlap with certain groups. Is that so hard to understand?

I'll happily let you pray to whatever god(s) you like. If you want, you can do that right in my back yard. As long as we can agree that "Do not harm others" is kind of important. You know, that thing that is all over the Torah and the Bible. "Thou shalt not kill", "Do unto others as you would have them do unto you" and all that?

No, progressives, leftists, however you want to call them do not want to overthrow western society, abolish conservative thoughts or anything like that. They just want to be left in fucking piece and believe that anyone who doesn't harm others has a right to live their lives. Doesn't matter if they are black, white, brown, Christian, Muslim, Jewish, straight, gay, cis, trans, Star Wars fans or Star Trek fans...

dfyx , 25 days ago

Thanks for the corrections. My knowledge about early Israel is fuzzy at best.

dfyx , 26 days ago

It's the IT department's job to make sure you have all the hardware you need to do your job. While not being able to track your time is something that affects you more than it affects the company, it's still part of the job.

It is certainly not your job to buy new devices with your own money. Also, I would highly advise your IT department against letting you use a private device that you carry around in your free time and even on vacation as your second factor. Anything that can be used to access your work data should never be with you when you're getting drunk in a bar.

If you're financially stable enough that getting paid a few days late doesn't hurt you too much, I would recommend you ask IT for a new phone (that you will only use for work!) and hand in your time sheets in whatever form is the least convenient for HR until the problem is resolved.

dfyx , 1 month ago

I can at least answer the last one. According to German gaming magazine Gamestar, there will be two separate open world maps. One is Kuttenberg (Kutná Hora) and its surroundings, the other is the "Bohemian Paradise", a more mountainous region north of Prague. Apparently, the developers left out Prague on purpose because back in the 15th century it was less important than Kuttenberg, at least in regards to what's in the game's story.

dfyx , 2 months ago

I feel like a lot of answers here are dancing around why people find it offensive without really addressing it.

As an adjective "female" is completely fine to distinguish between genders when applied to humans. As in "a female athlete" or when a form asks you to select "male" or "female" (ideally with additional options "diverse" and "prefer not to answer").

Where it's problematic is when it's used as a noun. In English "a male" and "a female" is almost exclusively reserved for animals. For humans we have "a man" and "a woman". Calling a person "a female" is often considered offensive because it carries the implication of women being either animals, property or at least so extremely different from the speaker that they don't consider them equal. This impression is reinforced by the fact that the trend of calling women "females" is popular with self-proclaimed "nice guys" who blame women for not wanting to date them when in reality it's their own behavior (for example calling women "females") that drives potential partners away.

So in itself, the word "female" is just as valid as "male" and in some contexts definitely the right word to use but the way it has been used gives it a certain negative connotation.