Do you use a VPN ? Do they really help ?

[KhunHeineken]

On 6/4/2021 at 2:30 AM, gargamon said:

Sorry, not as secure as you think. The 'man in the middle' attack will be done when setting  up your VPN connection, which gives the attacker access to everything you do when connected to your VPN...

 

That's possible.  Obviously one has to have some confidence in their network.  Using your 4G phone mobile data is quite secure for what you describe. 

 

I don't use public Wifi like Starbucks, or in airports, for banking and other important things.  

 

My home network alerts me when another device tries to connect, and I have to approve the connection, I also don't broadcast my WiFi SSID, and same thing, when a new MAC address tries to join, I have to approve it. 

 

Will it stop a government agency listening in to my network traffic, no.  Will it keep out a fair portion of hackers, probably yes.   

[Thomas J]

I use Nord VPN.  VPN's have both good and bad to them.  I have to use a VPN to get certain web sites back in the USA.  If those sites see a Thailand server they block access to it.  Also, I have the VPN on my smart TV.  I use internet based TV and again, if the stations see a Thailand address, I can not get those stations.  Also, you get far fewer annoying advertisements from companies who see what you are searching on the internet.  So if you search lets say a Toyota you are not besieged with unsolicited ads from Toyota and Toyota dealers.  

The bad news is that the VPN dramatically slows the upload/download speeds.  Not too important on upload since I upload very little, but things like streaming TV can cause the TV to freeze or pixelate. 

[cubism001]

On 6/3/2021 at 8:49 AM, IvorBiggun2 said:

 

'Privacy' 

& accuracy of the information one gets, safety when it's sent.  

 

[cubism001]

19 minutes ago, KhunHeineken said:

 

That's possible.  Obviously one has to have some confidence in their network.  Using your 4G phone mobile data is quite secure for what you describe. 

 

I don't use public Wifi like Starbucks, or in airports, for banking and other important things.  

 

My home network alerts me when another device tries to connect, and I have to approve the connection, I also don't broadcast my WiFi SSID, and same thing, when a new MAC address tries to join, I have to approve it. 

 

Will it stop a government agency listening in to my network traffic, no.  Will it keep out a fair portion of hackers, probably yes.   

Then why does google shut me down every single time I use a vpn?  Why are they threatened?  Have I interfered?

[KhunHeineken]

10 minutes ago, cubism001 said:

Then why does google shut me down every single time I use a vpn?  Why are they threatened?  Have I interfered?

 

I have no problem using Google when my VPN is turned on.  

 

What problem are you experiencing?  What type of device? 

 

What happens if you type in "google'com" in the search bar of the google browser that shuts down on you?  

[KhunHeineken]

28 minutes ago, Thomas J said:

The bad news is that the VPN dramatically slows the upload/download speeds. 

True, but you tend to get what you pay for with VPN's.  

[Thomas J]

3 minutes ago, KhunHeineken said:

True, but you tend to get what you pay for with

Are you saying that other VPN networks are faster? 

I only looked at the reviews and Nord was consistently at the top of the reviews.  That is if you can believe any reviews on the internet. 

[fdsa]

3 hours ago, KhunHeineken said:

Yes, the session is HTTPS, but now a hacker can simply make his own HTTPS session with your bank, or whatever website, because they now have your log in details.

this is wrong, httpS was created exactly to protect from easy MITM attacks. A hacker could not "simply make his own HTTPS session", because he could not create a valid SSL certificate for bank's domain.

Only authorities could do easy HTTPS MITM attacks because they could automatically issue valid SSL certificates. Or "not that simple" hackers who managed to get access to certificate authorities' servers.

 

further read:

 

 

to sum up:

- a random neighbour Somchai could not intercept your bank login credentials

- this is true even without using the VPN, given that you use httpS instead of plain http

- VPN does not protect from plain http traffic interception, it just moves the "point of interception" from your local McDonald's public WiFi to some datacenter in Netherlands. Thus a hacker Somchai sitting at the next table will not be able to see your plain http traffic, but a dutch hacker Lucas will.

 

 

Edited July 1, 2021 by fdsa

[KhunHeineken]

4 hours ago, Thomas J said:

Are you saying that other VPN networks are faster? 

I only looked at the reviews and Nord was consistently at the top of the reviews.  That is if you can believe any reviews on the internet. 

I don't have Nord, but from the reviews I have seen, they are very good.  

 

Some VPN's are faster than others. 

 

https://www.vpnmentor.com/blog/the-fastest-vpns-we-actually-tested-them/

 

Several online reviews I have seen have shown Express to be the fastest, they are also one of the more expensive VPN's.  Nord didn't make the cut on this list.  

 

[KhunHeineken]

2 hours ago, fdsa said:

A hacker could not "simply make his own HTTPS session",

There's seems to be a misunderstanding.

 

If I do a man in the middle attack and get your email log in details, for example, then I can just simply log into your email account, which is a HTTPS session.  Correct?  

 

In this example, how has HTTPS protected you?  

 

See where he says in 2016 around 95% of HTTPS servers were vulnerable.

 

There's plenty on the internet about it.  Here's a basic explanation on the first page of a google search.  

 

 

I am not in IT, and always happy to learn about it. If I'm wrong about it, I have no problem being corrected.

 

My basic research showed me that if someone sets up a fake WiFi network in say a Starbucks, by rebroadcasting Starbuck's WiFi with their own SSID, maybe calling it "Starbucks Super Fast WiFi" and a customer connects to that person's fake network, then they get to act as a pass through of the internet traffic.  I would think depending on how good their hardware and software is, they could get to see everything.  

 

Edited July 1, 2021 by KhunHeineken

[fdsa]

1 hour ago, KhunHeineken said:

If I do a man in the middle attack and get your email log in details, for example, then I can just simply log into your email account, which is a HTTPS session.  Correct?  

 

In this example, how has HTTPS protected you? 

web browsers and email clients usually display the information about the SSL certificate, either in the address bar (browsers) or on the first connection (email clients). If a dumb user intentionally clicks "ignore" on the "invalid certificate" error page, or clicks "trust this certificate and continue" to SSL certificate issued by "Totally Not A Hacker Ltd" to access his Gmail account, then nothing will protect him.

 

1 hour ago, KhunHeineken said:

My basic research showed me that if someone sets up a fake WiFi network in say a Starbucks, by rebroadcasting Starbuck's WiFi with their own SSID, maybe calling it "Starbucks Super Fast WiFi" and a customer connects to that person's fake network, then they get to act as a pass through of the internet traffic.  I would think depending on how good their hardware and software is, they could get to see everything.  

this is correct - you will see all plain text traffic, be it HTTP web pages or unencrypted email access. But most websites and email clients tend to use SSL nowadays.

[gargamon]

2 hours ago, KhunHeineken said:

I don't have Nord, but from the reviews I have seen, they are very good.  

 

I fell for the good reviews and purchased a multi-year subscription to NordVPN. While it is OK for getting around geo-blocked issues, it is horrid doing file sharing. They actually have a bunch of servers they call P2P (peer to peer) that should do file sharing but don't do it properly.

 

P2P requires port forwarding to work properly. NordVPN servers do not do port forwarding. What this means is that for a highly populated file, you will easily be able to download it. The problem is when there are very few sources for the files you are looking for. It is essentially impossible to download these when using NordVPN. I have had downloads pending for days with NordVPN turned on, but after turning it off, the downloads start right up.

 

I will not renew my NordVPN contract when it expires. This is also a warning to not believe the reviews.  The people who write them are generally not the most technically savvy.

[Roger That]

One of the main reasons you will see a lot of good “reviews” for the likes of Nord and Express VPN is because they have a very generous affiliate program.

 

You can’t really trust VPN “review” sites - they’ll just plug whoever pays them the most.

[KhunHeineken]

On 7/1/2021 at 11:16 PM, fdsa said:

web browsers and email clients usually display the information about the SSL certificate, either in the address bar (browsers) or on the first connection (email clients). If a dumb user intentionally clicks "ignore" on the "invalid certificate" error page, or clicks "trust this certificate and continue" to SSL certificate issued by "Totally Not A Hacker Ltd" to access his Gmail account, then nothing will protect him.

 

this is correct - you will see all plain text traffic, be it HTTP web pages or unencrypted email access. But most websites and email clients tend to use SSL nowadays.

 

Always happy to learn.  IT is not my field of expertise. 

 

Maybe I have misunderstood about using VPN's for a secure connection.   

 

I was under the impression that a man in the middle attacker would simply have a key logger, so could see everything you type, including usernames and passwords.  I thought a VPN encrypted the data entry at upload, so a man in the middle just gets a random mess of data input.  

 

I'll have to do some more research.  I mainly use VPN's to get around geo-blocking.  

[KhunHeineken]

On 7/1/2021 at 11:24 PM, gargamon said:

I fell for the good reviews and purchased a multi-year subscription to NordVPN. While it is OK for getting around geo-blocked issues, it is horrid doing file sharing. They actually have a bunch of servers they call P2P (peer to peer) that should do file sharing but don't do it properly.

 

P2P requires port forwarding to work properly. NordVPN servers do not do port forwarding. What this means is that for a highly populated file, you will easily be able to download it. The problem is when there are very few sources for the files you are looking for. It is essentially impossible to download these when using NordVPN. I have had downloads pending for days with NordVPN turned on, but after turning it off, the downloads start right up.

 

I will not renew my NordVPN contract when it expires. This is also a warning to not believe the reviews.  The people who write them are generally not the most technically savvy.

 

Thanks. 

 

My current VPN provider can't unblock the Foxtel Go app.  A member here said he can get it with Nord.  This was the only reason I was looking at them.  

 

I'll PM that member.  

[1948wjm]

Also my VPN "Express VPN" is unable to access Foxtel Go however is able to access Kayo Sports of which is owned by Foxtel ???