What steps do you feel like are before a VPN?

Imprint9816 , 2 months ago (edited 2 months ago)

I think you and your girlfriend should read about "threat modeling". You need to figure out what you and her are trying to keep private and from whom. Without knowing that, its impossible to say if a VPN is a good solution.

For example if she is trying to hide her web traffic from her ISP then a VPN is a great solution, if she is trying to be annoymous on the web then a VPN won't do much as you are still easily fingerprintable amongst other things.

People all to often act like privacy is some sort of list of sub items that you can check off like completing a quest in a MMO.

Each individual's privacy goals are different, privacy is not a one size fits all problem or solution. Your girlfriends needs may be drastically different then your own.

wiLD0 , 2 months ago (edited 2 months ago)

Yep. For example, if your ISP is in the advertising business, I would definitely use a VPN, even after opting out w/ the ISP/cellular provider. IMO a lot of times when you opt out, it doesn't mean they stop collecting information, it means they paused using that information for ad targeting.

ex: https://www.verizon.com/about/privacy/customer-proprietary-network-information

wiLD0 , 2 months ago (edited 1 month ago)

Here are some things you can do, roughly ranked:

• Use a password manager
• Assume anything you post/do online/financially can and will be used to build an advertising profile on you/train AI/be shared with government authorities
• Disable ad personalization/history/sharing of information via privacy settings of mobile phone, mobile apps, Google, Facebook, banks, credit cards, ISP, cellular service, everything
• Turn off third-party cookies.
• Use an ad-blocker on desktop and mobile. They also help prevent a lot of tracking.
• Don’t use Chrome. Consider Firefox/Brave/whatever else
• Avoid using ad-supported services/companies. Consider using paid alternatives. This means using alternatives to Google Search, GMail, Facebook for photos, etc etc.
• Use a profile deleting service like https://monitor.mozilla.org/
• Different browser profiles: general use, Facebook, personal (GMail / Google Docs), and maybe more
• Use a VPN w/ secured DNS
• Many Google accounts: one for general, YouTube, Google Docs/personal, and maybe more
• Use a different email address to sign up for every account. I use StartMail’s aliases
• Don’t use your personal phone number for most things (finance/healthcare excepted). Get another number via a call and SMS forwarding service

msage , 2 months ago

Use Firefox, don't use Chrome or any of its forks.

dojan , 2 months ago

I concur with this. Any Chromium based browser is still under the chokehold of Google. A great example is Manifest V3 being forced on all Chromium browsers. Honestly, Google controlling such a significant browser marketshare should be a worry to more peoople. To a lot of people they are people's access to the internet, via Google Search, and they also control people's window to the internet, via Chromium.

In short; Google by and large is the internet, meaning they can do whatever hell they please and there's not much in the way to stop them.

TCB13 , 2 months ago (edited 2 months ago)

For a lot of people, encrypted and signed DNS, has around 75% of the benefits of a VPN without actually using a VPN.

This is often overlooked but the thing is that most ISPs / countries block websites, log user activity and run traffic interception by changing DNS queries to redirect people to a server they control. Just by using a DNS provider that is capable of DoH / DoT you'll be safer (and yes, enable domain and certificate validations).

Using vpn to avoid Geo blocking and censorship I see as incredibly valid for those that need it.

So, no this might not even be a valid use-case for a lot of people.

ericbomb OP , 2 months ago

Oh man see I knew i was missing stuff! My gf wanted more if an explanation of why I didn't love a vpn but I couldn't really explain more than "if you leave sign pots everywhere that you live here, probably don't need to worry about bread crumbs"

TCB13 , 2 months ago

Oh well, who doesn't. This thing with DNS is like the dark secret of the VPN industry because if you think about it all those VPN providers run their own DNS servers and tunnel the DNS traffic via their tunnel and when they don't you know what happens - if the ISP can still redirect your DNS queries it will still get your traffic.

Either way, this is more of a people problem than a tech problem. You did right by telling her not to use so much social media and share less data, but it's all about a mindset. It's about the person that sees a cookie popup and goes in all options and disables everything. That never clicks on an offer for a "free service" and looks for the almost indivisible "skip setup" option.

Besides the convenience aspects I believe there's something fundamentally wrong with people's education when it comes to cybersecurity and privacy. People should think of applications, services and websites like strangers on a street: if a random person ask you where you are going will you tell him? No you won't, then why would you share your location with any app by default? If someone on the street asks your for your address will you give it up? No! Then why would you provide your e-mail address to any website?

ericbomb OP , 2 months ago

You're so right and never thought of it like that! If you Google and find a new service you've never heard of, we're expected to give up our soul in a heartbeat! Even for a new email so many are like:
First name
Last name
Phone number for dual authentication
Install this app for dual auth
Birthdate!

Like dude, there are a lot of services that just that information alone is enough to call in and take my account. It's so scary how common that is.

A game I play uses PayPal as the payment processor, and pay pal decided to pay this specific company I had to upload the front and back of my ID.

Just... ugh.

shreddy_scientist , 2 months ago

Running as much open-sourced privacy oriented software as possible. This includes on computers, routers, and phones. While this is 100% a marathon, not just a quick change, it's well worth the time. Utilizing an encrypted DNS would be another solid move. NextDNS is a fantastic choice as it has a free option which still provides granular control of what is filtered online. A trusted VPN mixing your internet traffic with others is great, but like you said, it's not a magic bullet whatsoever.

barbara , 2 months ago

Imo, router is a very very big step for a normal person.

Lemongrab , 2 months ago

Yes, but learning about tech is a necessary step to understanding how it is used to undermine our freedom and privacy.

shreddy_scientist , 2 months ago

If you're talking OpenWRT, then I totally agree. But something like Asus Merlin is a relatively easy change and still provides additional protection. While part of the Asus code is closed-source, most is open-sourced and Asus has implemented improvements developed by the Merlin team. This shows Merlin knows what they're doing and are trustworthy too.

TheAnonymouseJoker , 2 months ago

I do not think trusting closed source for networking/mobile devices is a very smart idea. This is why I never recommend Pixels or iPhones either. Go OpenWRT or bust. The lesser and more common closed source hardware/software layers are, the safer, but still not safer than open sourcing.

chicken , 2 months ago

It really depends on what you want to be private and who you don't want seeing it. If you are torrenting pirated movies a VPN is great for privacy. What are her main worries about privacy?

lemmyreader , 2 months ago

Both of you make valid points. The trouble is that the Internet is getting more complicated and also getting more exploited by corporations, e.g. with the recent addition of the A.I. hype. And all kind of people think that they know the answer but later it turns out that they were wrong (Take for example all the Apple fans years ago thinking that Apple + privacy was a really good way of life). The other trouble is that maybe only a few VPN providers are really trustworthy. And then your browser fingerprint can be unique if you add too many extensions or fiddle with certain settings, which means you are track-able and user profiles can be created. And so on and so forth.

It makes sense to think about what you want to protect and avoid.
Here some generic suggestion :

• Get yourself a pi-hole at home for your devices to connect to.
• Limit the amount of Java-Script in your web browsers. Lots of websites will do fine.
• Limit the amount of phone apps usage (like you wrote)
• Use Tor browser (slow) or Mullvad VPN in some cases you want to hide your IP address
• Be weary about default settings of Firefox, take a look at LibreWolf
• Use different browsers for different tasks

rar , 2 months ago

Just my two cents here to mention that it's necessary to see this as a journey and a mindset, not a single-step or one-size-fits-all panacea.

If she's annoyed of advertisements creeping up, introduce her to adblockers and slowly make her get used to it. If she has shared concerns after seeing her friends or colleagues receive abusive comments on their social media accounts, comment on the dangers of oversharing one's private life and its potential consequences and tangible threats, like medical insurance companies abusing the info, and so on.

Ginger666 , 2 months ago

Don't use any social media, anything google, apple or Microsoft related.

Good luck.

shortwavesurfer , 2 months ago

I wouldn't say you can't use any social media. You just can't use big tech social media such as X, Facebook, Instagram, TikTok, etc. Open source social media like this or Mastodon is at least a step in the right direction.

Ginger666 , 2 months ago

Yeah I guess I hadn't really considered this social media...

foremanguy92_ , 2 months ago

You have first to be the most degoogled you can, you have to abandoned the most of the big companies services as google, Facebook... Delete Instagram, do not use WhatsApp and Messenger, watch YouTube through Piped or Individious, uninstall bloatware on your phone (maybe install a custom rom, like /e/ os, a go-to for privacy). Be aware of what you post and your personal identity.
The only case when VPNs are the first thing to do is when you have to spoof your IP because of restrictions or any others..

morgin , 2 months ago

First big step I took was going through all my emails and deleting inactive accounts/making deletion requests. It was a major hassle but made me feel a lot more secure about my email and digital footprint. Plus built a real basic understanding about taking a more minimalist approach to the internet, suddenly I wasn’t getting emails every hour and random notifications, it was nice.

Other then that ublock origin and your password manager of choice that hopefully isn’t attached to the browser, oh and 2fa

kbal , 2 months ago

Nobody mentioned JShelter yet. It may not make browser fingerprinting impossible, but it's the easiest way to make it harder. It's easy to use, just turn it down for any sites that it breaks which you'd prefer to be not broken.

Also, use firefox and clear out all your cookies and site data regularly. Make exceptions for sites you actually want to identify yourself to. Noscript is another thing to consider, though I haven't used it recently myself. Use Tor Browser if there's something you want a little more privacy than usual for.

ericbomb OP , 2 months ago

True! Lots of wonderful comments here.

SandbagTiara2816 , 2 months ago (edited 2 months ago)

Switch your browser (Firefox or Librewolf) and use uBlock Origin. Tweak settings for privacy and security (check the guide on /c/piracy). Use DuckDuckGo as your default search engine. Remove personal details from social media, especially anything public-facing.

TheAnonymouseJoker , 2 months ago

Separate web browser or browser profile with no logins, just uBO medium mode, and no Big Tech bullshit. This means any Chromium browser is ruled out.

Extrasvhx9he , 2 months ago

The first major step is a tracker and ad blocker (DNS based, software or even both) a VPN could help with this since some do offer to block trackers and ads. Everything else is pretty secondary imo and depends on your threat model