rand Bringing minimalism and sanity to real life

False Sense of Privacy

Had some conversations about privacy and so called security a few days ago, even though most people who visit this site would have known this information already, I still feel like writing about it.

I've noticed that almost none of the current generation of computer users know what VPN is actually for and what they're making it do for them, and I'm absolutely baffled by how effective deceptive advertisements are. So to put it simple, a VPN is for spanning a private network across multiple networks via something like the Internet, that's all there is to it. There are multiple implementations, but nowadays companies are using it to achieve what is supposed to be achieved by an internet proxy. Why? Probably because it has the word private in its name.

So, VPN is now used as glorified internet proxy now, what next? Well, they can apparently protect your privacy now. Don't get me wrong, if you set up a proxy server correctly on a trusted host and connect to the internet through it in a hostile environment, it could protect you to some degree, but servers of VPN providers is in no way trusted. Yes they say they don't log anything, yes so called military-grade encryption and all that gibberish, there's no way for you to actually verify that. What's worse is, almost all these vendors require you to install a proprietary software to use their service which can use a technique similar to this to decrypt your SSL traffic. Even if that wasn't the case, you're still handing them all your Internet traffic, which is a pretty bad thing to do. Other than that, their encryption usually has such a small key size that it could be defeated by a decent computer in days, or even hours. Oh, and if you're relying on that sort of thing to defeat censorship, you'll probably have a pretty bad time.

Another problem is proprietary software. I came across this topic during a discussion about phones but it really applies everywhere. It seems like a lot of lusers are doing this so called DeGoogle thing to software they use, for example Android. Even though they are kind of removing some part of proprietary software from their operating system, they're still running proprietary HALs from the manufacturer, a kernel usually containing proprietary code (against the GPLv2) added by manufacturer and a signed proprietary bootloader that is verified by the CPU on boot so you cannot replace it with a trusted one even if available. Oh also, this thing is also ran alongside Android and you cannot replace it just like the bootloader. At this point you probably see how pointless it is. Other than that there's also this ungoogled-chromium thing despite the original chromium being entirely open source. There's also proprietary browser software that claims they don't "track" you, and there's Microsoft Windows and macOS, entire proprietary operating systems. I wonder what makes users believe. But my point is, if you don't know what's in the box, you don't know if it's bad or not, simple as that.

Don't really have much else to say really, if you actually care about privacy, the best and only defense is your own sanity. I'll probably write more about that some day but no advice can be comprehensive and it's important to actually understand what you're doing before doing it, and always remember, just because a company promises something, doesn't mean it's true.