deleted by creator

deleted by creator

Yeah wireguard is really nice, but it drains my battery pretty quick on Android.

encrypted over https

The TLS handshake will generally – through there are some ways to avoid this, and people are banging on it – expose hostnames in the clear. So even if the IP address that you’re talking to serves multiple virtual hosts, your ISP is likely to know who it is that you’re talking to.

https://en.wikipedia.org/wiki/Server_Name_Indication

Even if your browser is using DNS-over-HTTP, which it may or may not be doing, most software doesn’t, so outside of your browser, DNS is generally visible.

Some protocols still are not encrypted; I was looking at MUDs the other day, and few of them support encrypted connections. The networks that I’m most worried about are random WiFi access points, and VPNs solve that well.

The network provider can still see which addresses and ports someone is connecting to and to where the traffic goes, and how much traffic is sent.

Some network providers blacklist material – as is the case in OP’s article. For example, one of my first experiences on the Threadiverse was kbin sending me to a random discussion on policy that Ada (the lemmy.blahaj.zone admin) was having with some gay user who lived somewhere in the Middle East. Lemmy.blahaj.zone had been blocked in that country – the country presumably didn’t like something related to the server having LGBT content. The Threadiverse is semi-resillient to that – they could still connect to a federated server and see comments. But it meant that images on lemmy.blahaj.zone were blocked in that country.

For another contemporary example, Russia has cracked down on politics online. Can’t block access to content without killing off VPNs, and they went after those too.

For people who maintain a long-running IP address, it’s possible to cross-correlate logs from various services. So, okay, let’s say that a given IP address has been logged downloading BitTorrent content. That same IP address is linked to, at various times, use of an app where a particular unique phone ID has shown up, or maybe that a user has logged into some account service on, which is linked to personal information. Even a party who is not someone’s ISP can cross-correlate logs using the IP. A VPN doesn’t absolutely avoid that, but it makes it harder.

Without a VPN, anyone can get at least a rough geographical location of a user by geolocating their IP address. IPv4 scarcity has made this harder than it once was, reduced geography/address correlation, but I expect that IPv6 will make it easier.

People don’t need to write their network software securely. Your cool multiplayer network game may-or-may not be encrypted and may-or-may-not be resillient to modified network traffic. If there are buffer overflows in how Quake or whatever handles network traffic, I’d rather not let the network provider be an attack vector. This has been exploited before, and while a typical ISP probably isn’t generally a real risk, I’d trust random WiFi networks a lot less. A VPN will get cleartext traffic off their network.

Probably more, but that’s some off-the-cuff.

You’ve got a lot more options by way of selecting a VPN provider than an ISP. Your ISP options are those who have physical infrastructure at your location. You can get VPN service from anyone.

You have to trust your VPN provider to about the degree that you do your ISP in a VPN-less environment, true enough, but VPN providers are in a more-competitive market. It’s a lot easier to switch away from a VPN provider that you don’t like.

For example, I would trust an EFF-provided VPN service to a pretty considerable extent; I already trust the EFF on a lot of privacy matters.

I mean, it is?