VPN services are incredibly unsafe. They are putting programs on your computer to redirect all your traffic to one specific place. You have no idea who the receiving end is. None of the VPN companies are reputable and I guarantee you 100% of them have been compromised. VPN technology can protect you from bad actors but you would be better off buying a VPN router for your home internet and connecting to that from public wifi to secure your connections than you would be sending all the packets from your computers network adapter to some bullshit shadowy company.
You have a better chance of being anonymized with TOR at least because the VPN service not anonymous at all. In order to operate an either an ipsec of sslvpn style connection both endpoints have to be aware of eachothers IP address and security protocols.
For downloading movies and stuff I wouldn't worry about either. Use cryptocurrency or a prepaid debit card to buy hosting at a company like feralhosting that run seedboxes. From this seed box you can use https or sftp to upload torrents or send magnet links and this remote computer will do the uploading and downloading. The only connection you ever make from your home is a single sftp connection to a random server to download files then terminate. You aren't browsing the internet through it, you aren't sending all your DNS queries through it. Just a one way stream, down. It is not actually illegal in most places to download content and there is no way your isp can be aware of sftp traffic unless they are doing advanced tls packet inspection and man in the middle. The illegal part of this is seeding the torrents which is handled elsewhere in the seedbox companies data center often times in places that have no enforcement.
I'm not too worried about downloading movies tbh, we're not heavy on that and the popular ones are easy to find without even using torrenting services. I just generally am getting the sense that to do anything that would need real security, more than just downloading content, neither (even with a live usb on a public wifi) is really going to cut it.
This is a fact that neither will cut it. Like every shitty answer to a complex problem it is more about adopting a security methodology and analyzing what you are doing and keeping to the facts moreso than thinking there is a single solution or a magic bullet. Every piece of your computer should really be analyzed and it honestly unreasonable for people who are not professional systems administrators to really be able to do it but that doesn't mean it doesn't need to be done. I suppose the first step is to understand what the zero-trust model is then start to adopt zero-trust technologies and worklows into your normal life. Over time you can come up with secure solutions to each problem.
One thing that gets me is that you don't know what you don't know. For example most people don't know about DNS servers and how your network adapters communicate to them. Every time you type a domain name it communicates to a dns server tells them what you are trying to do. This data is aggregated and is extremely effective at tracking and profiling and this is far more important to secure than using TOR or proxying through some shady VPN service yet most people aren't even aware of its existence so how are you going to explain to them the necessity of DNSSEC and being aware who your DNS provider even is.
relevant: https://hexbear.net/post/1326
She stopped posting after part 2 :sadness:
One of the links in there suggested Tor was safer than VPNs for some stuff, now I don't know who to believe
Yes, TOR is generally safer, but incredibly slow.
depends on the stuff. pirating movies is not dangerous enough to pay the performance hit of TOR
VPN services are incredibly unsafe. They are putting programs on your computer to redirect all your traffic to one specific place. You have no idea who the receiving end is. None of the VPN companies are reputable and I guarantee you 100% of them have been compromised. VPN technology can protect you from bad actors but you would be better off buying a VPN router for your home internet and connecting to that from public wifi to secure your connections than you would be sending all the packets from your computers network adapter to some bullshit shadowy company.
Thanks for the reply. What about Tor? Googling suggests that it can be pretty easily compromised by controlling just a couple nodes.
You have a better chance of being anonymized with TOR at least because the VPN service not anonymous at all. In order to operate an either an ipsec of sslvpn style connection both endpoints have to be aware of eachothers IP address and security protocols.
For downloading movies and stuff I wouldn't worry about either. Use cryptocurrency or a prepaid debit card to buy hosting at a company like feralhosting that run seedboxes. From this seed box you can use https or sftp to upload torrents or send magnet links and this remote computer will do the uploading and downloading. The only connection you ever make from your home is a single sftp connection to a random server to download files then terminate. You aren't browsing the internet through it, you aren't sending all your DNS queries through it. Just a one way stream, down. It is not actually illegal in most places to download content and there is no way your isp can be aware of sftp traffic unless they are doing advanced tls packet inspection and man in the middle. The illegal part of this is seeding the torrents which is handled elsewhere in the seedbox companies data center often times in places that have no enforcement.
I'm not too worried about downloading movies tbh, we're not heavy on that and the popular ones are easy to find without even using torrenting services. I just generally am getting the sense that to do anything that would need real security, more than just downloading content, neither (even with a live usb on a public wifi) is really going to cut it.
This is a fact that neither will cut it. Like every shitty answer to a complex problem it is more about adopting a security methodology and analyzing what you are doing and keeping to the facts moreso than thinking there is a single solution or a magic bullet. Every piece of your computer should really be analyzed and it honestly unreasonable for people who are not professional systems administrators to really be able to do it but that doesn't mean it doesn't need to be done. I suppose the first step is to understand what the zero-trust model is then start to adopt zero-trust technologies and worklows into your normal life. Over time you can come up with secure solutions to each problem.
One thing that gets me is that you don't know what you don't know. For example most people don't know about DNS servers and how your network adapters communicate to them. Every time you type a domain name it communicates to a dns server tells them what you are trying to do. This data is aggregated and is extremely effective at tracking and profiling and this is far more important to secure than using TOR or proxying through some shady VPN service yet most people aren't even aware of its existence so how are you going to explain to them the necessity of DNSSEC and being aware who your DNS provider even is.