Short term solution: Well VPNs for all, Ghostery [1] was running a deal on their paid version with a VPN built into their add-on [1].
Long term: The State is making their panopticon ambitions overt now in the public eye, thus spurring on the need to re-design the Internet entirely to avoid this.
Anyone know what Starlink is offering in terms of privacy? Details are sparse for the most part right now, but given their ties to DoD I'm not sure how this will play out. Sounds like a product release presentation is needed to clarify some things.
Edit: I plan on buying Ghostery Midnight but it's Windows/Mac only, so no Linux! I guess these Bitcoin accepting ones will have to do [2].
Most traffic is over HTTPS, so VPNs aren't as useful as they once were. The advice of "don't go to your bank's website on coffee shop wifi" is 10-15 years out-of-date. Yes, HTTPS has some holes, but HSTS and certificate pinning help.
If you're this level of worried, you should make sure you're either signed out go Google/Gmail or have your search history turned off. A VPN offers zero added protection. there. IIRC, Google claims your history is anonymized. Wouldn't hurt to use DDG if you're paranoid.
VPNs are hit-or-miss on how they handle DNS requests. Even using a VPN, you might leak that you're a Hacker News reader.
I guess a VPN that doesn't log might protect you against going to an IP known to host bad things.
A lot of traffic is over HTTPS, and that does help a lot. But a lot of that traffic isn't doing an adequate job of protecting the domain names, there are general attacks around page size that can be used to identify static resources, and people underestimate the vocal subgroups of developers that refuse to use HTTPS in the first place.
Encrypting DNS is a good reason to use a VPN. DNS over HTTPS theoretically solves those problems, but last time I checked unless you configure it right it would fall back to normal DNS whenever it couldn't find a domain, and that still doesn't solve the problem that SNI isn't universally adopted yet.
> If you're this level of worried, you should make sure you're either signed out go Google/Gmail or have your search history turned off.
Strongly agreed. For most people, using Firefox containers and/or uMatrix would result in a bigger privacy gain than a VPN. That's not to say a VPN wouldn't help on top of that, but if you're using a VPN and not using uMatrix to block cross-site cookies from sites like Google, your priorities are probably wrong.
Have you disabled Chrome sync for your browsing history? You should be worried about stuff like that long before you consider either subscribing to or running your own VPN.
You have to consider the threat through the whole request.
You start on your computer and jump to the VPN instead of the destination website. Is the VPN hosted in a different country that refuses to work the US? Do you trust them to not do anything else shady? Do you trust that the encryption you are using will not be broken before your death, because the NSA is logging traffic to other countries, especially ones that won't cooperate with the US.
Then you have to hop from the VPN to the destination website anyway, is that jump really more secure than the jump from your device directly to the destination? Is the destination site tracking you?
VPNs are for moving your traffic off the airport network or Starbucks wifi, not defeating a nation state.
But most ISPs will have DNS lookup records. Most users aren’t savvy enough to set their own DNS servers. I’m not sure on the current status of DNS over HTTPS, but I’d imagine .gov could just compel cloudflare or whoever to provide logs.
Do ISPs generally have DNS lookup past records? That seems like something that would be costly with little benefit. I run small ISP and only enable DNS logging when tracing some problem.
How could Google see the content of a browsing history?
They can see searching history, but generally not browsing history (unless someone uses something like synchronizing browser history through Google account).
Most users sync browsing history when using Chrome, but Google also both tracks the links you click on the search page, and tracks the pages you visit that load Ads (will show in myactivity.google.com).
This is dubious. While I agree VPNs oversell themselves, who do you trust more? Comcast or your VPN (Mullvad,PIA,whatever)? I think many of us have no trust for Comcast.
I use it for P2P and I work from home so I don’t want to be on any “naughty” P2P lists may employer might check on their VPN log (since they distribute media). That’s another use case of the VPN.
Starlink is a product of a U.S. company. That's great if you're in China and want to get around the Great Firewall, but it's no use if you're in the U.S. and want to evade the panopticon. Not that there are many countries whose Starlink alternatives (if they had them, which they don't) could be trusted by anyone in the U.S.
Long term: The State is making their panopticon ambitions overt now in the public eye, thus spurring on the need to re-design the Internet entirely to avoid this.
Anyone know what Starlink is offering in terms of privacy? Details are sparse for the most part right now, but given their ties to DoD I'm not sure how this will play out. Sounds like a product release presentation is needed to clarify some things.
Edit: I plan on buying Ghostery Midnight but it's Windows/Mac only, so no Linux! I guess these Bitcoin accepting ones will have to do [2].
1: https://www.ghostery.com/midnight/
2: https://www.comparitech.com/blog/vpn-privacy/vpn-bitcoin/