- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Most people turn to a VPN for one reason: privacy. And with its verified badge, featured placement, and 100k+ installs, FreeVPN.One looked like a safe choice. But once it’s in your browser, it’s not working to keep you safe, it’s continuously watching you.
While this has been swallowed as a fact for a few years, it happens to be both not intrinsically true, and can be potentially very dangerous.
It assumes that non-profits and collaborative endeavors don’t exist, where there is no “product”. And it’s like saying networks like TOR are unsafe because they are free.
Someone else already covered the danger of the reverse assumption that “paid” equates “safer”, regardless of what service we are referring to.
People will look for and use “free” VPNs no matter what, unfortunately. So while we can’t guarantee safety for anyone, the least dangerous course of action is to guide people to the least suspect options. e.g. using Proton’s free tier, or Bitmask (Riseup, Calyx) via known open-source clients with known permissions/modes of operation.
As is often the case, clever-sounding generalizations usually end up being shit for advice.
I think what makes “free” and a vpn contradictory is that the infrastructure required to provide a reliable, public vpn is expensive to buy, run and maintain. Even a non profit or other benevolent entity needs to at least cover its costs and that means some sort of income.
And if that income is not from a monetary usage fee there really must be some other catch, be it data harvesting, user side crypto mining, ad injection, or some other, similarly shady thing. Maybe it’s donations by some rich person, but that just puts the organization under their sway indirectly.
This is such a weird outlook that can apply to many many things, including the lemmy instances we are using to communicate this very exchange. I actually would like to see how you’re going to argue that these instances are different, or perhaps not different, in this case.
Running public VPN servers is easier (and cheaper) than you seem to think btw, as long as you don’t promise/guarantee very high speeds for tens of thousands of users.
I mean yeah, i could dig up my old computer and set it up as a vpn. That doesn’t make it helpful though, it is still in my name / using my home connection.
When i say vpn i mean a realistic alternative to existing offers, including a variety of locations and acceptable speeds, as well as the reasonable expectation that my data stays private as long as i don’t engage in wildly illegal activities.
Now for lemmy, the instances are either funded through donations such as the one i use, or are so small that the proprietors can afford to pay for running one themselves. A lemmy instance also doesn’t need to provide broadband speeds and global locations to its users.
the reverse assumption was never claimed to be true though, but yes research is the important step, and often if something is free. Using a tor network for piracy for example is passing off any corporate liability to whoever end tunnel you end up using (disregarding any potential speed penalties you might get hit by). and of course you as a user are only protected as long as the chain of TOR doesn’t for some reason snitch on you.
privacy is a general term but depending on who you want privacy from can differ in usecase
Off-topic, but how come you don’t know that the whole point of TOR is that, theoretically, the chain can’t (trivially) snitch on you even if it wanted to?
What you describe incidentally can be done trivially with three servers from three good free VPNs, by creating chained tunnels yourself with network namespaces. Which means, taking the opposite of your point, that you can use good free VPNs with very good confidence about your safety/privacy, as long as there is no end-to-end collusion going on.