[HN Gopher] Microsoft bakes a VPN into Edge and turns it on ___________________________________________________________________ Microsoft bakes a VPN into Edge and turns it on Author : elashri Score : 364 points Date : 2022-09-30 16:44 UTC (6 hours ago) (HTM) web link (adguard-vpn.com) (TXT) w3m dump (adguard-vpn.com) | eatonphil wrote: | I think Pixel phones (or maybe it's all Google Fi phones) also do | this. | andrewstuart2 wrote: | Why do I always get a bad feeling about the motivations behind | stuff like this? I want to believe it's for better privacy and | security, but it's being driven by a corporation or two, and that | makes me 100% suspicious. Like, for example, suddenly Edge is no | longer respecting local DNS options and my pihole protects one | fewer device from the real dangers to privacy. I don't want to be | cynical so often, but this really doesn't feel like a benevolent | move. Yeah, it's conditional at the moment, but as with Chrome | and manifest v3, among many other examples, I'm losing my faith | that anything with the potential to increase ad revenue will | remain turned off for long. | jahewson wrote: | The motivation here is surely reducing ad tracking. | legitster wrote: | I mean, if you have an attitude that anything an organization | does must be for an ulterior motive, you're always going to get | what you are looking for. Heck, people too for that matter. | Maybe my dog just pretends to love me to get food. | | But in this case, Microsoft is looking for any competitive | advantage against Google. They won't win on targeting, and they | still make more money selling software than ads. So this does | seem like an easy win for them. | hamburglar wrote: | > if you have an attitude that anything an organization does | must be for an ulterior motive ... | | Well in the case where they are spending a lot of money to | implement and operate a feature that nobody asked for and | which has obvious privacy downsides, it does seem worthwhile | to examine their motives. It's not like we're responding to | the announcement for the next model of the Microsoft | ergonomic keyboard with "hmmm, what are they _up to_?" | nearbuy wrote: | > obvious privacy downsides | | What is the obvious privacy downside of selectively | enabling a Cloudflare VPN when browsing on public Wifi or | unsecured sites (which is when it enables)? That Cloudflare | can see what sites you visit? | | On public Wifi and unsecured sites, anyone could | potentially see and modify the data anyway. | marcosdumay wrote: | If it was good for you, Microsoft would the the one announcing | it. Loudly and repeatedly. They would do it even if it was | harmful, but there existed some artificial narrative where it | sounds good. | | You are hearing it from a third party exactly because they | couldn't construct any explanation minimally realistic that | sounded good. | ratg13 wrote: | They haven't announced it yet because it hasn't been | released. Reading the article, it does sound pretty decent. | | Partnership with cloudflare, selectively enables when you are | connected to untrusted networks like public wifi. | | Pretty much the only downside is that they turn it on by | default... which is always tricky when most of your target | audience is not computer savvy in the least. | | How to give people security features that they have to figure | out themselves when they can barely open the browser .. a | dilemma for the ages. | uup wrote: | VPNs don't help privacy at all. They allow you to substitute | trust in your ISP for trust in a different entity. For some, | that may be good, but for most others it's a wash. | riedel wrote: | In Germany (according to TTDSG) an ISP does not have to claim | that. They need explicit permission to track you. It is | pretty much as the post does not have to claim that they open | your envelopes. | yjftsjthsd-h wrote: | > VPNs don't help privacy at all. | | > For some, that may be good, but for most others it's a | wash. | | That sounds less like "VPNs don't help privacy at all" and | more like "VPNs are helpful some of the time". | nine_k wrote: | VPNs help against geolocation and geofencing though. | jimmydorry wrote: | I would reverse that assertion under the one condition that | you don't use a VPN provider from your own country. In | Australia at least, ISPs are legally required to maintain | logs of everything you access for several years. By choosing | to trust a VPN provider outside of Australia, you defacto | have better privacy than you otherwise would have. | AnimalMuppet wrote: | Does the VPN company have a business presence in Australia? | If so, then maybe you haven't gained as much as you | think... | andrewstuart2 wrote: | I'd say they're still a net win, generally. The ISP vs VPN | service tracking who does cancel out (if you ignore privacy | claims of VPN providers, vs ISPs generally not guaranteeing | that at all), but for every other service I might consume, | when I'm on VPN I'm no longer connecting from a unique IP | that can have other identifying information tagged to it. | simon1573 wrote: | To add to that: in Sweden (which is generally pretty ok in | regards to privacy and rights) ISPs are required to store | traffic for 6 months, while VPN providers are not. | lokedhs wrote: | Wasn't this struck down by the EU recently? | Double_a_92 wrote: | They help in public WiFi. | jacobsenscott wrote: | Public wifi, assuming you don't send any personal info to | "sign in" to the public wifi is more anonymous than a vpn | that has your name/address/etc. | babypuncher wrote: | So I can pay $10/mo for a VPN for use when I'm on public | wifi, or I can run WireGuard on my Raspberry Pi at home and | get one for free | wbsss4412 wrote: | Not sure what services you've looked at, but it | definitely doesn't cost $10/month. | | Your personal solution seems pretty good though. | wintermutestwin wrote: | Unless you are a network security expert, aren't you | greatly increasing your risk by running that WireGuard | server? | fjfbsufhdvfy wrote: | Why would you? Nobody can connect to it without your | private key. Or is there something I am not aware of? | Genuine question, as I am running wireguard in a few | places and thought it was secure by default. | bilkow wrote: | WireGuard is pretty minimalist and has great defaults, | AFAIK if you manage to set it up you're good. | | Unless your credentials leak, of course, but a security | expert would have that same risk. | elashri wrote: | It might be cheaper but still not free. Cost of | electricity + time to maintain + Raspberry Pi itself. Not | to mention that you don't get the variety of servers (for | geo-location or more diverse networks not tracked to you | by websites themselves). | babypuncher wrote: | Well the Raspberry Pi is already on 24/7 running a few | other services for my home network. But even then, the | energy consumption per month costs pennies. I update the | device once a quarter and it takes me 5 minutes. These | costs are so negligible as to have no impact on my | decision making process. | zekica wrote: | Modern TLS is enough to prevent others from eavesdropping | everything except domain names when on public WiFi. Domain | names are sent in clear text if your client supports SNI. | doubled112 wrote: | A trail of DNS names is more than enough to know what | somebody is up to. | uup wrote: | You could use DoH, which you should do anyway. No reason | to leak DNS lookups to anyone. | madars wrote: | DoH alone is not enough due to | https://en.wikipedia.org/wiki/Server_Name_Indication | being sent in plain text. Some day ECH (formerly, eSNI) | should help with that. | erinnh wrote: | I thought TLSv1.3 already encrypted the SNI? | [deleted] | ranger_danger wrote: | you'll always be leaking it to whoever you are sending | your query to. | Forge36 wrote: | While traveling I've used my own VPN hosted at home to | provide additional security. | | It allows me to trust only my ISP instead of every ISP in | various coffee shops. | 7952 wrote: | It is not just about your ISP though. Your IP is getting sent | to whatever website you are connecting to. People won't | always trust that website. | P5fRxh5kUvp2th wrote: | > VPNs don't help privacy at all | | Or course they do, I'm so tired of seeing posts like this | when really what you mean is that it's not perfect privacy | and therefore you don't like it. | shubb wrote: | One of the main use cases today for VPNs is to pirate | movies or access geo-blocked content. That and dodgy hotel | wifi. | | The adversary is netflix or a IP rights enforcement | company, and the user doesn't care what their ISP or a | state could observe. | | For what they are used for, they are fine. If you are | worried about state or megacorp spying, the solution is | less technical and more political. | sascha_sl wrote: | No as a rule. | | They just replace your ISP with a VPN company. Which is the | two is more shady is something you have to figure out, | keeping in mind that a subsection of the internet just | stops working or turns the aggressiveness of their anti-bot | protections up to the maximum on a VPN. | pkulak wrote: | Of course they do? They are a tool that routes traffic | through a third party. That can be anywhere from terrible | to fantastic for privacy, with everything in between. | There's nothing "of course" about it. | inetknght wrote: | > _Or course they do_ | | Let me compare an ISP spying vs a VPN spying: | | 1. You make DNS request about example.com. Your ISP sees | this. Your ISP can see what websites you "might" visit. | | 2. You connect to 1.2.3.4. Your ISP sees this. Your ISP can | see what websites you "did" visit. | | 3. You request some data and receive some data. Your ISP | sees the size of the data. If it's not encrypted, it can | also see the content. Your ISP can see (at least) the size | of objects that you requested -- which is enough to | fingerprint many specific contents. | | Okay so not using a VPN gives effectively zero privacy. | Let's look at a VPN: | | 1. You connect to a VPN (and let's assume your connection | doesn't "leak" insomuch as now _all_ network traffic goes | through the VPN). Your ISP can see this. | | 2. You make DNS request about example.com. Your VPN sees | this and your ISP can see a network packet. Your VPN can | see what websites you "might" visit, your ISP can't. | | 2. You connect to 1.2.3.4. Your VPN sees this. Your VPN can | see what websites you "did" visit. Your ISP still sees | traffic to the VPN. | | 3. You request some data and receive some data. Your VPN | sees the size of the data, and your ISP only sees the | aggregate-size of data across all of your sessions. If it's | not encrypted, your VPN can also see the content but your | ISP should still only see aggregate size. Your VPN can see | (at least) the size of objects that you requested -- which | is enough to fingerprint many specific contents. Your ISP | will have a tough time fingerprinting content from specific | websites. | | 4. Your ISP can note that you have a high amount of | traffic, possibly note that the traffic is going to a known | VPN destination, and that your "normal" traffic is now | gone. | | Now, your VPN can see all the stuff that your ISP used to | see. In addition, your ISP can now determine that you might | be doing something illegal, suspicious, or at the very | least "enterprise grade" and demand more money. | | Have you really gained more privacy? | colinmhayes wrote: | VPNs entire business revolves around not giving up your | data, that's why you pay them. ISP business revolves | around protecting their monopoly which means making the | government happy. Massively different incentives which | means they will act differently. If VPN leaks data and | people find out they're done. If ISP does nothing changes | for them. | ascar wrote: | As others have mentioned you gained privacy from your | government that has easy access to whatever information | your ISP has but not towards a VPN provider. | | But the information you leak towards your ISP or VPN | isn't the only variable. With a VPN you leak less | information to the services you interact with (e.g. your | IP is hidden) which undoubtedly increases privacy. | miloignis wrote: | Based on that analysis, I say clearly yes! Privacy is | about choosing who to share with, be it a specific group | or no-one. Being able to share with a VPN of my choice | (who, if reputable, shouldn't further disseminate my | information) is likely a privacy gain compared to being | forced to share with my ISP (many of whom would gladly | sell my data). | | Being able to choose to reveal data to Mullvad over | Comcast or Verizon seems like a clear win to me. | lijogdfljk wrote: | Yea i really don't get these people. Frustratingly. | Perfect is the enemy of good here. Yes, full privacy is | the goal, but i _know_ certain actors are spying on me. | If i can bypass them, i can at least attempt to improve | it. | | At the very least i rob Comcast of my data. Which is my | goal, after all. Not full privacy. | Aaargh20318 wrote: | > Yes, full privacy is the goal, but i know certain | actors are spying on me. If i can bypass them, i can at | least attempt to improve it. | | The problem is that it doesn't actually change anything | while giving a false sense of security. | | Your VPN's 'improved' privacy is just as worthless as the | privacy you get with just your ISP. If something requires | privacy, neither can be used, and if it doesn't then why | should it matter which one you use ? | | Privacy is an on/off thing. Either you have it or you | don't. There is no in-between. | nirvdrum wrote: | My VPN provider (Mullvad) doesn't have my full name, | address, and social security number. They could build a | profile off my account number, sure, so I have to trust | that they're not. If they actually aren't, fantastic, I | win. If they actually are, I still win, because they have | less data to build a profile on me from. I know for | certain that my ISP is selling my data, so I'm certainly | no worse off. | | On top of that, I get the benefit of not being tracked | everywhere on the web. Or if they are tracking me, they | have bogus data. And I can set my exit server to a | jurisdiction with more user-friendly privacy laws. | Aaargh20318 wrote: | Mullvad is just the first link in the chain of untrusted | systems between you and whatever server you're connecting | to. | | Also, what better place to tap traffic than the | connection of a VPN provider. | P5fRxh5kUvp2th wrote: | One wonders if you consider your bedroom to be private | despite the fact that a peeping tom can still look | through the window. | hamburglar wrote: | This is quite a concrete illustration of the concept of | the perfect being the enemy of the good. Thank you. | salawat wrote: | No... It's a demonstration of adherence the axiom "Don't | let perfect be the enemy of good" being misapplied. | | The "Good" (VPN) is exactly as imperfect as it's complete | abscence. There has been no improvement whatsoever. | Literally, as far as Privacy is concerned, nothing short | of "No one actor has the capability to sit on a full | stream of traffic", will suffice. | | Either you're MITM'd or you aren't. Use malicious postmen | if it makes it easier. | | If you have the same guy come, and all of your mail goes | through him, he can reconstruct all conversational state. | | Now imagine you get a different malicious postman at | random every day. He eacesdrops on every packet, but he's | not privy to which of his fellows is scheduled to get the | next packet. Therefore, it's not practicable to MITM in | any practical way. This all goes out the window when | someone controls the malicious postman scheduler, of | course, because then they can figure out a map of who to | go to to reconstruct your conversation. | | The above is the concept behind Tor, and why the only | effective counter to it is to run a hell of a lot of | entry/exit nodes so you can conceivably time correlate | given enough consecutive probe points are hit. | P5fRxh5kUvp2th wrote: | Russia has the ability to drop a nuke in the region you | currently live in, so there's no such thing as safety and | therefore why do you have locks on your doors? | genewitch wrote: | i find this extremely doubtful. I see the point of your | statement, but i'm willing to bet 99% of all the already | built nuclear devices wouldn't work today. There's no way | that they're all stored in such a way that the delicate | mechanisms are protected from the environment and | oxidization, moisture ingress, insects, heat and cold | expansion and contraction. | | That a nation could make a _new_ device is arguable, that | a nation could make a device that could be delivered | without flying planes over another country is less | arguable. Even nukes as they stand would only pose | significant threats to certain parts of a country (there | was a map floating around the web a few days back of | areas of the US most susceptible to the - pardon the pun | - fallout from a tactical strike.) | P5fRxh5kUvp2th wrote: | Especially when you consider that what they're really | saying is that a VPN won't hide you from a state level | actor. | | Yeah, of course not, that's not nearly the only reason to | use a VPN. | postalrat wrote: | You increased the number of choices you can make | regarding your privacy. | piaste wrote: | VPN and ISP are similar in term of middlemen, but there | is an important difference downstream of said middlemen. | | With your ISP, you appear on the internet as a | residential IP that provides your approximate location | and most likely doesn't change very often. The requests | you make can be easily correlated by PRISM or any other | middleman, or by any CDN running the websites you visit. | | With a VPN, your exit IP is unrelated to your geographic | location, changes very often, and hopefully it is shared | among many more users. | DesiLurker wrote: | Also you could use double VPN config from different VPN | providers in separate geo locations with openDNS thrown | in one of them. then it would be much harder to correlate | your traffic out of the mix. its not about perfect | secrecy its about becoming hard enough target. | vel0city wrote: | GeoIP services are trash. My current IP on most GeoIP | services gives a location >900 miles away. My last IP had | a location in another country. I don't think I've ever | had a GeoIP lookup resolve within 100 miles for any IP | I've had. | inetknght wrote: | > _GeoIP services are trash._ | | GeoIP is only necessary when seeing a new IP. But once | the IP starts to build a reputation, then the specific | location can be determined. It's _especially_ true if you | buy something online. | zmmmmm wrote: | My single data point observation is that it gets my city | correct nearly 100% of the time and sometimes is able to | resolve to a nearby suburb. | yjftsjthsd-h wrote: | > Now, your VPN can see all the stuff that your ISP used | to see. | | > Have you really gained more privacy? | | Absolutely, 100%, unambiguously, yes; my ISP openly says | that they monetize my data, my VPN says they don't. I'm | _very_ happy to gamble that the VPN is telling the truth | when faced with the expectation that the ISP is telling | the truth. | squeaky-clean wrote: | My VPN was unable to give the British government any logs | or IPs relating to someone who emailed a series of bomb | threats using them. | | As terrible as that is, yeah I feel pretty safe pirating | movies using it. | | But you're right that blindly trusting a VPN without | doing any research might be worse than blindly trusting | your ISP. | Dayshine wrote: | Your isp is legally resident in the country most likely | to want to spy on you. There are also very few isps per | country, so it's less work for the attacker to cover | everyone they care about. | | There are vast numbers of vpns, so total coverage is | impossible. They are also very likely to be in a | different legal jurisdiction so it's non trivial to do. | | So, yes, you have, by making yourself a harder target | despite having the same amount of centralisation on your | part | simplyinfinity wrote: | my country has between 3 and 20 isp's per city. of a | country of 7 million. | xani_ wrote: | Same with most VPN providers. Just expands the search | from "ask ISP" to "ask ISP, they tell government its a | VPN company, ask VPN company". | | Now, sure, they could "just" delete logs, but their | government can "just" tell them not to, or even tell them | to live send the logs to them directly. | | So it's really "which country's government you trust". | zepearl wrote: | Adding that in general a country's law (data | protection/privacy in this context) usually targets its | own citizens; traffic related to foreign citizens (as in | the case of VPNs) would for sure have a lower degree of | protection. | Wxc2jjJmST9XWWL wrote: | https://www.ivpn.net/ see "Do you really need a VPN?" - not | affiliated with them, but tell me any other VPN-service that | is actually this upfront... most are marketing the hell out | of their apparent magic effects... | | since we're on the topic: how is it still a thing that vpn | services are actively pitching content-block/copyright | circumvention? Seems weird to pitch something as shady this | loud and publicly? Reminds me of how weird I find it that | trackers and illegal hosting sites have twitter accounts... | wintermutestwin wrote: | >VPNs don't help privacy at all. | | 1. They keep your data safe from your ISP. 2. They keep your | IP hidden to the sites you browse. | | Those two clearly "help" privacy. | rcxdude wrote: | They also expose your data to the VPN operator. That's a | negative on privacy. Whether it's a net negative or | positive depends on the VPN operator and ISP involved. | ipaddr wrote: | The VPN provider could be you hosted somewhere using | bitcoin. | [deleted] | swayvil wrote: | VPNs don't anonymize, they just route you through an | anonymizing service. Lol. | voxic11 wrote: | ISPs generally don't claim to protect your privacy at all | [0]. So it would be foolish to trust them to do something | they never claimed they would do. VPNs generally do claim | they will protect your privacy so at least trusting them | makes some amount of sense. | | Going from "trusting" an entity that explicitly requires you | to consent to spying when you sign up to trusting one which | explicitly promises to protect your privacy when you sign up | does seem like it would "help privacy" in most cases. | | [0] https://www.privacypolicies.com/blog/isp-tracking-you/ | dagenix wrote: | A major difference between your ISP and a VPN is that your | ISP is generally an established company based in the same | jurisdiction as you are. So, if they do something terrible, | in theory at least, they can be brought to court. A non- | trivial number of VPNs that claim to protect your privacy, | however, are based all around the world with unclear | corporate structures. If they do something terrible, you | likely have no recourse at all. How much faith you want to | put in a promise made by such a company is up to you - but | I would push back on the idea that simply making a promise | really provides much value by itself. | actuallyalys wrote: | ISPs don't emphasize privacy in their marketing, but some | large ISPs claim they protect it [0], although their claims | are pretty dubious[0][1]. | | I think your logic holds up, but it's not quite as | definitive as you say. VPNs are not the straightforward | privacy upgrade that HTTPS is. (I don't think you were | trying to imply otherwise.) | | I think the picture improves if you choose more carefully. | Choosing an established VPN that has a no-log policy and | has been audited seems much better, because now multiple | companies are putting their reputation on the line. On the | other hand, I think a relatively unknown company that's | reselling someone else's VPN and hoping to cash in on the | "VPN = privacy" is only a slight upgrade over a major ISP. | | [0]: | https://www.latimes.com/business/story/2021-11-12/column- | int... [1]: | https://www.ftc.gov/system/files/documents/reports/look- | what... | cowmix wrote: | You are actually being too kind IMHO. | nerdawson wrote: | Probably because Facebook already tried the free VPN and it was | every bit the privacy nightmare you'd expect it to be. Given | Microsoft's track record, there's no reason to expect that to | be any different. | mgraczyk wrote: | If you have never worked at a large tech company like | Microsoft, you'll probably have a bad feeling because there's a | lot you don't know about the business process of shipping | features like this. It's reasonable to be cynical and confused | if you have never seen it from the other side. | | For the most part, product features like this are shipped for | boring and completely non-nefarious reasons. It's just hard to | believe that if you've never worked on one. | [deleted] | aeturnum wrote: | I am 100% with you in general, but this feels more like the | Windows Defender launch than some fully cynical power grab. | That is to say - Microsoft gets a lot of grief and work from | windows installs getting taken over / viruses / etc. For users | who don't pick up their own protection (and don't choose to | turn off the default windows protection) this feels like a | better default. I don't trust Microsoft, but you are already | exposed to their manipulations when you are using their OS - | and this will help protect you from other manipulations. | spicybright wrote: | Anything that decides to wrap around your internet traffic | without telling you should definitely raise your antennas. | | Even if they had the best intentions, it's pretty easy to botch | these things which erode your privacy even more. | numpad0 wrote: | Block UDP port 53(DNS). | samstave wrote: | IMO its so they can keep the data-usage metric in their hose | and not leak it to other companies which are competing for ad | attention...? | kirillzubovsky wrote: | Check out the book "Hard Drive" about the early days of | Microsoft, and you will never be able to see anything that | corporate does without suspicion, and for a good reason. | kirillzubovsky wrote: | And apparently we now get downvoted on Hacker News for a book | recommendation. Amazing. | r00fus wrote: | When trying to ascertain the intents of large organizations, I | find it useful to examine previous actions. In the case of | Microsoft, their willingness/intent to add ads and telemetry | (including keylogging) into their OS seem to indicate they are | doing this for serving ads better to their larger (paying) | customers. | | If you're not paying for the (specific) service, you are the | product. | deviantbit wrote: | The reason you have a bad feeling is it gives the FBI/FEDS a | single point to collect your data, with a man-in-the-middle | attack that you will have no idea is there. | | This is absolute BS they're implementing this. | bakuninsbart wrote: | Maybe a dumb question, but isn't that already a given when | using a browser? To me it always seemed a bit absurd to use | VPN as it basically just gives another person all your info, | but just assumed browsers and the big 5 just got most of the | data anyway. | frankfrankfrank wrote: | The only thing I can see working is pollution, pollution of | our data. There are some current extensions that do some of | that, but they are likely not enough and what we really | need is a kind stream of data and requests that your own | requests are simply merged into. | | The thing is that it would need to be smart enough to | prevent pattern recognition, e.g., it cannot just be random | data because your specific searches and string of searches | or actions will stand out quite obviously. | | Yes, it would place a severe tax on the internet and a few | things could be done to minimize that, but I currently do | not see any other better option. | | I could see it implemented where your activities online are | merged with and threaded into those of related or similar | communities, e.g., be it family and friends, the YC | community, or a combination of different groups. The effect | would come from the proximity to similar but not exact | activities. To use a common example, if your legal free | speech activities could make you a target, those online | activities are muddled and polluted by being merged with | other people's legal free speech activities, and your | activities would be merged with those of others. | | Consider it a kind of mutual compromise of society in order | to provide protection/obfuscation in numbers ... the zebra | in a herd, if you will. They can't arrest/target everyone | if everyone has activity data that looks like they defy the | ruling powers. | autoexec wrote: | > The only thing I can see working is pollution, | pollution of our data. | | this is a terrible and dangerous idea. Nobody cares about | the accuracy of the data they collect on you. Stuffing | your dossier with random things won't cause anyone to | throw it away just because there might be errors in it. | Instead all of that data, random/accurate or not, will be | used against you all the same. | | Your clever browser extension might have been responsible | for browsing to a bunch of fast food websites, but your | health insurance provider won't care. They'll just see | that in your internet history and quietly raise your | health insurance premiums anyway. | | If your legal free speech activities make you a target, | adding more free speech activities to your permanent | record just means you'll also now be targeted for those | activities on top of your own. | | You can't know what will prejudice someone else against | you. You might not be gay, or Muslim, or a heavy drinker, | or an Andrew Yang supporter, but your browser extension | pulls in the wrong data that gets you flagged as being | one and it could cost you your job, get you denied | housing, etc. | | You might not be looking into getting an abortion, but | anti-abortion activists who buy up the data of anyone who | appears to be trying to get one, or looking for support | after getting one, will still see you listed and you will | still get harassed by them or dragged into a texas court | room. | | You might not be rich, but data brokers and consumer | reputation services will see that you've been interested | in expensive vacation spots and online stores will start | charging you more than your neighbors for the same items | on the assumption that you are. | | If you want to try to hide in the crowd look into a VPN | or TOR (although be aware device/browser fingerprinting | can still get your traffic associated with you). Just | please understand that giving others more ammo to use | against you isn't helping yourself or anyone else. Adding | more and more data to your internet history just | increases your risks substantially because no matter if | you deserve it or not your life will be impacted in | countless ways by the data you surrender and none of that | data, "pollution" or genuine, ever goes away. | 867-5309 wrote: | >what we really need is a kind stream of data and | requests that your own requests are simply merged into | | having a wife and kids helps with this. or any shared | wifi with a guaranteed shitstream for your tunnel to wade | through | stavros wrote: | How are the browsers and the big 5 getting the data? It's | not like you can't see what your browser is sending where. | sheerun wrote: | From my experience, non-tech people just leave browser | defaults. I'd argue this is better than letting them to use | public wifi without VPN. If you really care about security | you won't use it, of course | dataflow wrote: | Public Wi-Fi in the world of HTTPS is not exactly | terrifying. | mjevans wrote: | You forget exactly how much the government felt they got | out of just knowing whom was talking to whom, not even | bothering to collect the data of the conversation itself. | NegativeLatency wrote: | Now they only have to subpoena/hack/partner with | microsoft for that | snickerbockers wrote: | yeah but im pretty sure 99% of the population just clicks | past those SSL certificate warnings, in part because they | don't understand what that means, and in part because | there are way too many sites that let their certificates | expire. | samstave wrote: | Public wifi and bluetooth detectors all over is whats | scary, as most public wifi is used by phones, not | machines and who the hell is running edge on their phone? | | but this just reminded me of the failed FB phone and the | failed microsoft phone... | gambiting wrote: | HTTPS is trivial to break with a man in the middle | attack, yes you get a scary warning in your browser about | an invalid certificate, but I'd bet that 90% of people | will just click through it and ignore it. | ShinTakuya wrote: | I'd argue the invalid certificate would only get the | middle segment of semi-tech literate but security | illiterate people. So maybe a lot of people on this site | . The average user, based on my observations, tends to | take these warnings very seriously. | jiayo wrote: | Have you looked at what the UX is for invalid | certificates in 2022? It's not like ten years ago where | you just click enough times and "visit anyway". | | Here, try this link in Chrome: https://untrusted- | root.badssl.com/. When you click Advanced, it tells you | "the website sent scrambled credentials that Chrome | cannot process". And beyond that there's just no button | to bypass it. You can't visit the site. (Sure, there's | probably a chrome://flags or --disable-web-security way | to bypass this, but that's well beyond the average user's | comfort zone, as well it should be.) | gambiting wrote: | I clicked that link - in Chrome on Android all I had to | do was click "advanced" then "proceed anyway". I have | never changed any flags or default settings in this | browser. | 988747 wrote: | I just tried to open the site in Safari, and there's no | "Continue anyway" button, only "Go Back". I did not | change any default settings, because I use Firefox as my | daily driver ( and Firefox does have "Accept risk and | continue" button, but I think the word "risk" on it is | scary enough for many people to not click it). | | EDIT: It turns out there is a "visit this website anyway" | option in Safari, but it is not a button, it's a link | which you only notice when you click "Show details" | button and read the warning. | chrnola wrote: | A slight digression, but I read[1] recently that typing | "thisisunsafe" while the tab has focus is sufficient for | bypassing the warning. | | [1]: https://twitter.com/cyb3rops/status/1561995926666985 | 472?s=20... | shepherdjerred wrote: | I highly doubt this prediction is accurate. Most people | will think something is broken and call tech support. | | Aside from that, this isn't possible for HSTS sites. | 1vuio0pswjnm7 wrote: | "Aside from that, this isn't possible for HSTS sites." | | Isn't it possible for the user to disable HSTS. A simple | web search produces detailed instructions, from a CA. | | https://sectigostore.com/blog/how-to-disable-hsts-in- | chrome-... | | Also, what does "HSTS sites" mean. Does it mean (a) | "official" HSTS via HTTP header alone, (b) "unofficial" | HSTS via preload list (see RFC 6797 section 12.3), i.e., | the list maintained by Google, hardcoded into a browser, | or (c) both. The "unofficial" approach only seems | feasible for a limited number of domainnames and | unworkable for every domainname in existence. | | In tests I have done on Chrome (YMMV), executing "Clear | site data" via Developer Tools, or including | Clear-Site-Data: * | | in an HTTP response header, e.g., added via a user- | deployed proxy, will clear an "official" HSTS block, | allowing the "MITM" to proceed. | | Besides being generally annoying, HSTS allows for setting | "supercookies" that persist even in "Incognito" mode | | https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a- | bro... | | The RFC for HSTS even admits how it can be used for web | tracking. Not too concerning for the advertising company | sponsoring the RFC. | | 14.9. Creative Manipulation of HSTS Policy Store | | Since an HSTS Host may select its own host name and | subdomains thereof, and this information is cached in the | HSTS Policy store of conforming UAs, it is possible for | those who control one or more HSTS Hosts to encode | information into domain names they control and cause such | UAs to cache this information as a matter of course in | the process of noting the HSTS Host. This information can | be retrieved by other hosts through cleverly constructed | and loaded web resources, causing the UA to send queries | to (variations of) the encoded domain names. Such queries | can reveal whether the UA had previously visited the | original HSTS Host (and subdomains). | | I use a loopback-bound forward proxy to enforce zero | tolerance for HTTP across all programs, not just the web | browser. Everything is sent via HTTPS. The proxy is | configured to to check certificates, and deny | connections, according to rules I set. I use a text-only | browser for noncommercial, recreational web use so I need | a forward proxy, if for nothing other than to deal with | the spread of TLS. But I also use it for a whole laundry | list of tasks. | | Maybe it is just me, but HSTS, like much of Google's | rhetoric, comes across as unfriendly if not hostile to | proxies, regardless of who is running them. Consider this | line from the RFC | | "The rationale behind this is that if there is a "man in | the middle" (MITM) -- _whether a legitimately deployed | proxy_ or an illegitimate entity -- it could cause | various mischief (see also Appendix A ( "Design Decision | Notes") item 3, as well as Section 14.6 ("Bootstrap MITM | Vulnerability"));" | | "Mischief." Does that include inspecting one's own HTTP | traffic on one's own network. How about blocking certain | methods of tracking, data collection and advertising. | Apparently it includes disabling HSTS. | | Let's be honest. Google is an undisputed king of | "mischief". The stakes for Google mischief are much | higher and there have been too many fines to count. | Consider the latest. How many people deploying their own | proxies get fined $4B. (Arguably, an issue of "control" | was at the heart of that decision.) | | https://www.theregister.com/2022/09/14/european_court_fin | es_... | | If the proxy is "legitimately deployed" then why not stay | out of the network operator's way. Let them have control. | Give the option to cede control to Google instead of | making it a default. | | I use HSTS for commercial, nonrecreational web use, when | I have to use a "modern" browser. That is a small | fraction of total web use for me. | gambiting wrote: | Really? Most people? I cannot think of anyone from my | family who would even think about it for a second - they | would just get annoyed they can't get to their bank | website or whatever and just click continue. Also what | tech support? Me? | elcomet wrote: | But now there is no button "continue", you have to click | multiple buttons, which are not clearly labelled, in | order to see the page. I'm sure 90% of people would not | even be aware that you are able to continue. | | Even more, for self-signed certificate on chrome, there | is _no_ button to continue for example. Check | https://self-signed.badssl.com/ | gambiting wrote: | In your example, all I had to do was click advanced then | proceed(Chrome on Android) | elcomet wrote: | Ok, on chrome desktop there is no way to bypass the | security | shepherdjerred wrote: | From my experience working as on-campus tech support in | college, most people who aren't tech savvy will quickly | give up or look to someone else for help. They will | likely not think to click Advanced -> Continue Anyway | (unless they have been taught to do that before). | | Tech support comes in many forms. The owner of the | website, a friend who knows about computers, someone else | in the workplace, the vendor they purchased their laptop | from. | sbierwagen wrote: | HSTS cannot be overridden. Which bank domain names are | you thinking of that are not one of the twelve thousand | names on the HSTS preload list? https://source.chromium.o | rg/chromium/chromium/src/+/main:net... | hsbauauvhabzb wrote: | Hsts solves sslstrip, I do not believe it enforces cert | pinning. Iirc browsers deprecated cert pinning some time | ago. | shepherdjerred wrote: | I've seen HSTS not let me continue without the server | having the expected certificate recently, so I think | that's still a thing. | CommitSyn wrote: | Plus, Firefox is soon implementing HTTPS-Only by default | if I remember correctly. What was it, maybe 2016 there | was a big push for SSL and the majority of the web, even | login and payment pages, were HTTP? Now only a small | percentage of the web isn't HTTPS. I have HTTPS-Only | enabled in Firefox and rarely do I have to click the | 'Continue Anyway' button to browse an HTTP page. For most | general users that only use popular services, I'm sure | it's even more rare. | ct0 wrote: | Its so easy, even a dummy like myself can grab a cert for | my self hosted services. I dont give any HTTP only sites | any slack | bbarnett wrote: | I have a site from 1997, pure html, with drivers, install | disks, documentation for computers from the 80s/90s. | | It works. It's fine. No, it does not need ssl. What, | someone is going to hack a floppy driver for a computer, | which doesn't even have a built in network stack?! | | No, I am not going to do work on it, any work, at all. | | Millions of such sites exist, are fine, are safe. | hcrean wrote: | It is all fun and games until one of the downloads from | your site picks up malware in transit and the user goes | "why did this web admin infect my computer? Sue!" | | This genuinely happens a lot in the 2020s. | [deleted] | nradov wrote: | Please provide citations for those lawsuits. | mgbmtl wrote: | I think of you say "genuinely happens a lot" you should | give some examples, because this seems odd to me. | | More likely sites get cloned, improve their SEO over the | original, and distribute malware. | aliqot wrote: | I've never heard of this happening ever. | viraptor wrote: | > with drivers, install disks | | Depending on what the drivers are for, you may be a prime | candidate for MitM. People already go to your site to | download software they're going to run in the most | privileged mode. This is a perfect candidate for a type | of watering hole attack. | | Considering you're providing those for 90s machines, you | could be the last resort website for a few interesting | industry computers with no security restrictions around | them. | sfink wrote: | The site contents don't necessarily matter. | | You're at a coffee shop or library using their WiFi. Your | computer sends a plaintext HTTP message. The attacker | just needs to be able to see that message and get a | response back to you before the real site does, and the | real site is a lot further away than the guy sitting at | the table next to you (or the hacked router, if he | doesn't want to be there in person). Then they can feed | your browser whatever they want. | | A login form to phish you, perhaps? | | They can even start replying, then go off and fetch from | the actual site before finishing the response, if it | helps to incorporate the real data. | memen wrote: | You could host hashes of the downloads on an https page. | Should be quite simple. Malware can still work on a | computer without a built-in network stack and if users | are getting downloads onto that computer, then data can | leave through the same means. | sbierwagen wrote: | What percentage do you think of all network traffic that | Edge handles is 1) Over wifi? 2) Over unencrypted wifi? | itake wrote: | From my experience, tech people with non-default browsers | can't use the internet :( | supernovae wrote: | why is it ok if firefox and opera do this but no one else? | princevegeta89 wrote: | Besides the unremovable junk they fill on the homepage, now | this. Uninstalled and will be moving to Brave | cheschire wrote: | the only unremovable thing that bothers me is the stupid | bing points thing that i dont care about. It doesnt | encourage me to use bing, it just makes me question how | they continue to manage to swipe my queries enough to | increase that score. | ectopod wrote: | Edge is a pretty good local pdf reader so I added a | firewall rule to stop it connecting to the internet. | gotoeleven wrote: | Oh you sweet summer child. | _V_ wrote: | Damn you, I just spit out my drink! :-D | mc32 wrote: | Also Epic. | darig wrote: | smoldesu wrote: | Using a browser that monetizes itself in _any_ way seems | like a slippery slope to me. I 'd rather use Ungoogled | Chromium/Bromite or even LibreWolf if it came down to it. | Saying "that's it, I'm moving to Brave!" is basically | declaring that you're moving your data from Microsoft(1) to | Microsoft(2). | _emacsomancer_ wrote: | How is Brave Microsoft(2)? | [deleted] | colechristensen wrote: | I still have a CD of Netscape Navigator Gold I purchased | in a box in a store... long ago enough that was a thing. | | Those were the days. | forgotmypw17 wrote: | I still test and validate my websites with Netscape 2.x | and up. | | Any Browser can be a reality. | colechristensen wrote: | If I had my billion dollars I would fund a modern | intentionally crippled hypertext browser with hard limits | on programmability and style complexity. | Karunamon wrote: | It sounds like you are describing Gemini. | https://gemini.circumlunar.space/ | pdntspa wrote: | Why not just bring back the 486? | Thiez wrote: | A shame that you would waste your money on a browser that | nobody would use. | ramesh31 wrote: | > Using a browser that monetizes itself in any way seems | like a slippery slope to me. I'd rather use Ungoogled | Chromium/Bromite or even LibreWolf if it came down to it. | | The problem with this approach is that it's impossible to | get a safe binary that isn't downloaded from | "libfree.cxcc.gg" or whatever. The other option being to | build from source, which is an absolute nightmare for | Chromium. | smoldesu wrote: | All of those browsers have signatures available if you | question the integrity of your binary. Otherwise this | argument isn't any different for the likes of Brave or | Chrome even. | ramesh31 wrote: | > All of those browsers have signatures available if you | question the integrity of your binary | | Signatures available from whom? | | The point being that a web browser is a very special case | of software that has to _absolutely_ 100% trustworthy | from a reputable commercial entity (that is, someone that | can be sued). The only other thing with that level of | trust is your operating system. | Entinel wrote: | This line of thinking is why Chrome owns most of the | internet. No one else can hope to compete because they | just get screeched down. | smoldesu wrote: | Chrome owns the internet because people like Brave don't | develop their own browser engine. | Am4TIfIsER0ppos wrote: | Companies like google keep expanding the effort needed to | write a browser engine to ensure everyone uses their | spyware. | smoldesu wrote: | Then companies like Apple should stop shrinking their API | targets and contribute to the general wellness of | computing, for a change. | rytis wrote: | Can you please give a concrete example of what Apple | should do, in your opinion, to expand their API targets? | And how is that related to web standards complexity? | mozey wrote: | Few people attempt this... Here is one: Ladybird | https://awesomekling.github.io/Ladybird-a-new-cross- | platform... | Entinel wrote: | 99% of a web browsers end users do not care if their | browser uses Servo, Webkit, etc. | andirk wrote: | Yes but being able to use all of Chrome's extensions in | Brave is a huge win to me. And most Chrome documentation, | Q and A, tutorials are mostly relevant to Brave as well. | I see Google and other behemoths contributing to an open | source project as a good thing. The product may not be | where it is today without their help, including paying | people to work on a free product. Still, yeah don't trust | them. | autoexec wrote: | I'd guess pretty close to that number don't even know | what those are in the first place. | marshray wrote: | Chrome owns the internet because web standards have | become so complex that not even Microsoft can afford to | maintain their own browser engine. | supernovae wrote: | Microsoft edge non chromium was fine, but no one used it. | So they went chromium based. | q-big wrote: | > Microsoft edge non chromium was fine, but no one used | it. So they went chromium based. | | Are people now using Edge because of this change? | int_19h wrote: | Edge has made substantial gains in market share in the | past few years. But it's hard to definitively ascribe it | to any specific change. | smoldesu wrote: | So what's the solution? I hate this status quo as much as | you do, and standing here in a Mexican Standoff is not | viable forever. You're right. "The web" as a platform has | been twisted and perverted beyond real usability at this | point. There is no path forward where we undo Google's | damage and preserve the qualities of the web we enjoy | today. So, how do we fix this? | | The solution (to me) is simple - fix native app | distribution. Make platform targets operate the same as | they used to, and give people control over their computer | again. The only ones preventing us from a platform- | agnostic utopia is Apple and Google, both of whom profit | off the artificial difficulty of distributing | applications. | | So, here we are. Google is poisoning the web while Apple | refuses to swallow their pride. Everyone is hurting, and | nobody stands to gain anything but the shareholders. A | hopeless situation, but let's not pretend like | _everything_ here is morally grey. | int_19h wrote: | For starters, if a company makes a web browser with | market share exceeding 50%, and also produces web sites | and web apps, if those web sites and web apps to do any | sort of user agent testing or require non-standard | features of the aforementioned browser, it should be | treated as ipso facto monopoly abuse. | xani_ wrote: | The solution is already impossible. When Mozilla had | browser domination they had a chance to dictate | _something_. The moment Chrome became popular, now | another company, just as MS and IE did before, could just | do the feature creep of "add feature, subtly break/slow | down opposition, get more users that just want browser | that works" | hollerith wrote: | >not even Microsoft can afford to maintain their own | browser engine | | We don't know that. Maybe Microsoft could maintain their | own browser engine if Google hadn't provided one on | permissive open-source licensing terms that met their | needs. | bfung wrote: | >not even Microsoft can afford to maintain their own | browser engine | | MS can afford it financially. The desire to put in the | effort to is not there. | IncRnd wrote: | It's the other way around. Brave uses the Chrome browser | engine, because Chrome already developed their own | browser engine. | NotPractical wrote: | Exactly. Brave just takes Chromium (from Google) and adds | weird crypto stuff to it. None of the Chromium forks are | "different browsers" in my eyes. They all depend on | upstream for everything important. They couldn't develop | the browser on their own. | | Just use Firefox. It works just as well as Chrome (*), | but it's based on a completely different engine which was | built from the ground up. | | (*) On desktop at least (on Android I still use a | Chromium fork for now) | Ylpertnodi wrote: | >Just use Firefox. No. Well, I'm not so rude, so "No, | thank you". | | >It works just as well as Chrome ( _) Not on_ anything* I | use, it doesn't, so "No....thank you". | | Tbf, I do keep trying ff, but...clunky, jeepers! 'Fraid | I'll hang on until my Brave jumps it's particular shark | and then maybe I'll hop over to something else, but for | now, and as long as I can still use UblockO, Brave it is. | | Even Opera is looking interesting again.... | silisili wrote: | > Brave just takes Chromium (from Google) and adds weird | crypto stuff to it | | That's a really unfair(and untrue) statement. Brave also | removes some code they find privacy violating, built in a | best in class adblocker, built a full cross-device sync | system that works perfectly, some UI tweaks and | enhancements, built Tor connectivity in, etc. Probably a | lot more that I'm leaving out. | | I am def not a fan of crypto or BATs or whatever they | were pushing, but you can use it fine ignoring all of | that. | [deleted] | autoexec wrote: | Firefox is pretty nice once you beat it into submission. | I'd put my money there before Brave. | mhardcastle wrote: | I'm very glad you mentioned the homepage spam. It's | increasingly difficult (and valuable) to live without | information overload these days; Edge's forced "news" spam | has pushed me away as well. | SimoneSleek wrote: | blocking msn.com via hosts will give you a blank new tab | page in Edge, only including an Edge background image, | and a search bar leading to your chosen search engine. | princevegeta89 wrote: | What is shocking is the content is so low quality it's | appalling it came from a big, respected company as | Microsoft. A lot of the posts are often clickbaits, and | there are ads carelessly interspersed between the posts | all over the page. | | I know it makes a lot of money for Microsoft but the fact | they chose to keep the quality so low really looks bad. | w0m wrote: | I'm all for pushing for more privacy/etc; but is Brave what | we want to advocate for as an alternative? They did some | pretty heinous link jacking relatively recently. I'm not | sure FF/(/chromium) have been caught doing anything worse | than that yet. | at-fates-hands wrote: | I work for a very large corporation who has decided the | default browser will be Edge. Getting another browser | installed on your machine takes an act of congress and | several upper level approvals. | | Does this mean they will also have the ability to collect | corporate data from the browser in companies like mine? | meltedcapacitor wrote: | Just compile Firefox or chromium to WebAssembly and run it | inside Edge. :-) | cyanydeez wrote: | Corporations have shown worse proclivities than the US | government these days. | muricula wrote: | Like your internet service provider you already have?? | xboxnolifes wrote: | An ISP is not a single point for all Windows users. | bisby wrote: | While I agree with the sentiment that ultimately we have to | have some level of trust somewhere on the stack, there are | a few minor differences. | | In theory anyway, I pick my ISP. If this was "support for | using a VPN" instead of "we're injecting OUR VPN" I would | feel a lot better. | | I'm aware Im using my ISP. Even someone who doesn't know | much about computers knows their traffic is going | somewhere. They might not know the repercussions of that, | but if this is just transparently on in the background, | effectively a keylogger, a user might never know this is | happening. | | I give my ISP money. Back to the choice option. Some ISPs | are bad and are trying to nickel and dime you to maximize | profits. Some ISPs are actually good (I'm not swiss so I | don't know for sure, but Init7 looks amazing | https://www.init7.net/en/support/faq/privatsphaere/). I | don't have to question with my ISP "how are they profiting | off of me" because I give them money every month. They | might be, but they don't intrinsically NEED to be scraping | my data. I am not sure how Microsoft benefits from giving | me a free VPN unless they are scraping my data. | | I can use a VPN to bypass my ISP monitoring if they do | monitor. I have no idea how Microsoft's stuff is set up | here. If the end result is that it gets routed through | their VPN after my VPN, or instead of my VPN, or even | through their stuff at all, but with stamped metadata, then | there's not necessarily a great way to get around it other | than "don't use Edge" | | In general, yes, your ISP isn't your friend. But an ISP is | something I asked for, have a use for, and need. A | Microsoft stealth VPN is none of those things. | dheera wrote: | It's because they are shareholder-driven, not customer- | driven. | | Clueless shareholders on the 59th floor of JP Morgan who | don't even use Edge see "oooh VPN, me like buzzwords" and | upvote the stock. | api wrote: | It's also a way to front run ISPs in the data market. Then | these vendors can sell the data on the data broker market and | pocket the cash the ISPs are getting by selling whatever | browsing history data they can infer (from DNS and traffic). | | I suspect this is the corporate motivation. The increased | state surveillance and control is a side effect. | mejutoco wrote: | Isn't this what they did with Skype (centralize it)? | salawat wrote: | Yup. | d0mine wrote: | "bad feeling" is too generous. Microsoft is famous for its | ubiquitous telemetry. It is not a suspicion, data collection is | a fact. today. already. | cm2187 wrote: | Because every recent development in the evolution of Windows | has been hostile to privacy. | pricci wrote: | About the pihole problem, redirect all calls to port 53 to your | pihole. | | If Edge is using DoH, you're out of luck. | numpad0 wrote: | Does something like `source 0.0.0.0 dest 8.8.8.8 dport 443 | action drop` work for DoH? | aborsy wrote: | The move benefits foreign companies, weakening the domestic | industry. | | Let's see how fast EU can move and regulate the traffic access. | For instance, demanding that the servers should be accessible | only to the local governments. | sedatk wrote: | > and turns it on | | for CANARY users which is a completely normal thing. This kind of | sensationalism really hurts everyone. | graypegg wrote: | When did the world start trusting any company with a VPN more | than their ISP? I still find the privacy pitch to be flakey at | best, where at least I can choose who's aware of my traffic, but | getting past geo-blocks really seems to be the most obvious | consumer value, which this Cloudflare vpn lacks. | zapataband1 wrote: | I thought it was when all the ISPs started basically giving | away your private info to the government and repeatedly lied | about it | seabrookmx wrote: | I swear VPN privacy is a red herring. | | Everyone I know who has a VPN subscription simply uses it to | prevent DMCA letters from their ISP when torrenting. | | VPN providers with a "no logs" policy simply shrug these off. | BuckRogers wrote: | I know people that use VPNs 24/7 just for privacy. I would | assume there's many more that use them for the reason you | described though. Torrents are less useful than ever, piracy | is down in general thanks to streaming services and products | having moved to SaaS. From what I can tell, the number of | people using VPNs merely for privacy alone is growing and a | good sign that people feel that strongly about it. | nvllsvm wrote: | For some - it was when their ISP started sending their | customers scary sounding letters regarding certain downloaded | movies and shows. | | Some ISPs also needlessly block certain sites (ex. Verizon | blocks nyaa.si) | TheFattestNinja wrote: | ISP injecting content into your connection is a known story | (google "ISP injecting ads" for many results). | | For better or worse Microsoft (or other corps) have not done | that in recent memory afaik. They might do equally dodgy stuff | in other aspects, but they don't tamper with the integrity of | your connection (they might sniff it a bit). | math_dandy wrote: | And often you're paying a nontrivial amount of money to the | ISP for the "privilege" of getting injecting ads and tracking | injected. This really rubs people the wrong way, justifiably | so I think. | wintermutestwin wrote: | My ISP actively lobbied to be able to harvest (steal) my data. | Who do I trust more: the guy who says that they aren't selling | my data, or the guy who corrupted my government so that they | can actively sell me out (not to mention their monopoly)? | | Sure, the first guy could be a liar, but I _know_ that the | second guy is a thief. | | I don't care about geo-blocking - my only threat model is to | keep a scumbag ISP at bay. | | Edit: I should add that keeping sites I browse from knowing my | IP is also part of my threat model. | MichaelCollins wrote: | VPN also has my credit card number, real name, etc. VPN | doesn't have that; their data is worth less than the data my | ISP could sell. | dizhn wrote: | Article says the VPN gets activated in public networks. Wifi | etc. That's one decent use case. | NoGravitas wrote: | It's not true of the whole world, but in the US, you generally | know that your ISP is untrustworthy, while your VPN is a leap | of faith. | shuntress wrote: | This is why net neutrality and easy accessible encryption are | important. | collaborative wrote: | Strangely enough Opera's VPN has suddenly started working after a | long period of not being "available" and pushing their paid | version | jll29 wrote: | Microsoft as any company must abide by federal laws, including US | FISA court orders. | bborud wrote: | Second time today Hacker News makes Firefox look good. | saiya-jin wrote: | Seriously, I can't grok why people here don't use it more | often. Web is 100% usable, what doesn't work in it doesn't work | in latest chrome neither. Web development is fine too, just | different, not worse. But whatever, use chrome for dev work if | you love it, and Firefox for _everything_ else, especially | Internet proper (plus you get another full testing browser, not | just spoofing user-agent) | | Its a great product, and ublock origin make it by far the best | on the market for internet not only for me, across any devices | ever made, period. | bborud wrote: | _I_ can't grok why _I_ haven't switched. :-) | | So this weekend I'll make an effort to switch from Chrome. | pessimizer wrote: | https://github.com/aris-t2/customcssforfx | | Here's something to use if the UI makes you really upset. | | Also you will probably miss translation: | https://addons.mozilla.org/en-US/firefox/addon/traduzir- | pagi... | ohbtvz wrote: | ...in a "canary" (basically a nightly build), for some users, for | some specific cases (unsecure http, public wifi). | omgomgomgomg wrote: | Did anyone test this? Is it better than operas "vpn"? | | Can the user configure various geolocations? | marshray wrote: | I wonder how it respects legal web censorship orders imposed on | ISPs like those of China and UK. | perlgeek wrote: | I hear the Great Chinese Firewall is pretty good at blocking | VPNs, they'll likely be able to block this one pretty quickly. | marshray wrote: | Sounds like this one is going to appear on the network like | https connections to Cloudflare. | edpichler wrote: | > "...it lacks one important feature users seek in a virtual | private network: an ability to bypass geo-block. In the case of | Edge's VPN, you won't be able to choose any server location..." | legrande wrote: | Edge is a reskinned Chromium browser with Microsoft tracking and | telemetry baked in. Just because they have a VPN now, it doesn't | make it any more private/secure. Why do people use Edge? If | you're any way privacy conscious you wouldn't use Microsoft | products. | seabriez wrote: | Based on what source exactly? Microsoft is about equivalent to | privacy protections as Apple, if not more so. | mtgx wrote: | isoprophlex wrote: | I beg to differ. | | Please compare the severity and extent of | | https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Privacy. | .. | | with | | https://en.wikipedia.org/wiki/Criticism_of_Apple_Inc. | | Depending on how you weigh the issues MSFT is _far_ from | equivalent on privacy | woojoo666 wrote: | It seems that both had alleged collaborations with PRISM. | The main difference I see between the two wiki articles, is | that people complain about Microsoft's telemetry but not | Apple's (even though they do have a lot of telemetry [1]). | | In general it feels like Apple has won the trust of the | public, partially through good products, partially through | good marketing. | | [1]: https://mspoweruser.com/macos-big-sur-has-its-own- | telemetry-... | A4ET8a8uTh0 wrote: | In my case, it is the default browser at my current company. I | don't know the reasoning behind it, but we are also forced into | Teams. Corporate requirements is my reason. | | FWIW, it is not bad performance-wise. | rejectfinite wrote: | So, I do use Firefox. | | But for a windows domain environment Edge makes sense. | | - Comes builtin, no need to patch browsers separately and | worry about outdated Google Chrome installs in a 1000+ | computer fleet. | | - Integrates with Office 365 that the company already use/pay | for. | | - Can be managed with policy over Office 365 or Intune | | - Has IE Enterprise Mode for the old apps that need IE11 | | For Teams, the alternative is this: | | - Pay for Zoom AND Slack AND Office 365 AND have IT personell | manage all 3 | | - Pay for Gsuite and use... hangouts? | | or | | - Just pay for Office 365 and get email, fileshare, office | suite and chat/fileshare/video tool all in one that works | "fine" and can be managed all in admin.microsoft.com (that | goes into 500 different portals that all change each month | but I digress...) | | Oh, and you can use whatever browser, even if its not the | default. I use Firefox but Edge is the default one. | Kwpolska wrote: | My primary browser is Firefox. I have Edge as my backup browser | for sites that don't work with Firefox, and sometimes for | watching stuff. There is no reason for me to install Chrome. | (And Microsoft isn't that bad, even if Edge sometimes does | weird things.) | Koshkin wrote: | > _for watching stuff_ | | ... while the browser is watching you [1]. | | > _Microsoft isn't that bad_ | | Yes it is. That bad. | | [1] https://en.wikipedia.org/wiki/In_Soviet_Russia | tester756 wrote: | If you're using Windows, what's the point of using Chrome if | you already have Edge? | | You're already sending data to MS anyway | MichaelCollins wrote: | What's the point of using either of those when you could use | an ungoogled chromium build? | | (I use Firefox, but if I were to use a chromium browser it | wouldn't be Edge _or_ Chrome...) | sascha_sl wrote: | In case you want a real answer: battery life. | MichaelCollins wrote: | Googled Chromium has better battery life than Ungoogled | Chromium? That seems like a dubious claim. | rejectfinite wrote: | No, Edge does. It actually is the best performing and | battery life browser on Windows. | tester756 wrote: | Because you gotta trust people behind ungoogled Chromium | | I don't know them, so I don't trust them. | bilekas wrote: | Chromium is open source, and so you can see what the | changelog is etc.. You don't need to trust the people | when you can read the source yourself ? | | also "ungoogled Chromium" - The process is Chrome is | Googled Chromium. | | Chromium was a thing before Google-Chrome.. | | Edit: My mistake: Chrome and Chromium were release the | same time. | judge2020 wrote: | > also "ungoogled Chromium" - The process is Chrome is | Googled Chromium. | | You can download Chromium[0], but people tend to be | referring to the project called "Ungoogled Chromium"[1] | to remove any calls to Google domains, eg. safe browsing, | which are still present in Chromium. | | 0: https://www.chromium.org/getting-involved/download- | chromium/ | | 1: https://github.com/ungoogled-software/ungoogled- | chromium | tester756 wrote: | Yes, I'm definitely going to audit some giant as hell CPP | code base (diffs) every four weeks. | | I'd rather write my own browser from scratch | bilekas wrote: | > Yes, I'm definitely going to audit some giant as hell | CPP code base (diffs) every four weeks. | | I've had this discussion with other people too, just | because you don't want to doesn't mean you can't. So your | point of suspecting something nefarious is moot for me | until you can back it up. | tester756 wrote: | If I do already use Windows, then I'm already relying on | MS | | Using Edge doesn't change much, meanwhile using ungoogled | Chromium means that I have to trust additional actors | | Additionally MS inserting e.g "backdoor" into Edge could | cost them a lot of in PR damages meanwhile what if | ungoogled chromium inserted some kind of "backdoor"? | | I don't even know people who maintain it, so I wouldn't | even be able to break their windows or throw eggs at them | detaro wrote: | > _Chromium was a thing before Google-Chrome_ | | no it wasn't. | bilekas wrote: | Sorry that's actually my mistake, I was thinking of | something else. (Android) | | They were both launched the same period, but chromium was | the 'trimmed' down open source version. | fsflover wrote: | But we do know people behind Microsoft are _not_ to be | trusted with our privacy... See PRISM and their data | collection practices. | tester756 wrote: | The thing is about what data MS wants and what bad actor | in ungoogled chromium would want | | e.g MS doesn't want to steal money from my card | BiteCode_dev wrote: | Indeed, they will lock you in to get it legally. | poopnugget wrote: | timbit42 wrote: | I'd choose Edge over Chrome if I didn't have better options. | dodgerdan wrote: | I don't think Adguard, the Russian tech company registered in | cyprus, but with mostly Russian employees living in Russia has | our best interests at heart. | aussiesnack wrote: | Your evidence seems to be repetition of the word 'Russia'. | Seems a tad thin. | imbnwa wrote: | What bothers me about Adguard is offering HTTPS cert spoofing | as a means to duplicate uBo's dynamic filtering behavior | lizardactivist wrote: | What makes you say that? And this is not really about Adguard, | it's about Microsoft, Cloudflare, and Edge. | wintermutestwin wrote: | While I would never use a VPN service fronted by a data thieving | company, I really hope that VPN usage goes more mainstream so | that companies can't have "no access from VPN" as a security | strategy. | | Ally bank recently did this and many others have intermittent | issues due to flagging, etc. | VoodooJuJu wrote: | I can see this evolving into something worse. | | >try to connect to ally | | >vpn not allowed - try connecting through on of our authorized | vpn partners: microsoft, nordvpn!, etc. | ascar wrote: | Is Cloudflare known as a data thieving company? I didn't have | that association with them yet. They're not really in the data | selling business, are they? | wintermutestwin wrote: | I said "a VPN service fronted by a data thieving company" and | I misspoke - I should have said "backed" instead of | "fronted." | | AFAIK Cloudflare isn't a data thief (yet). If (when) they | decide to be, they will have access to quite a lot at the | rate they are going. At this point, how can we trust that any | public company won't eventually monetize user data? | hansel_der wrote: | they are in the business of collecting data and selling | insights. cdn is just a means to an end | scrollaway wrote: | Oh stop, already. Cloudflare isn't in the "business of | selling insights". They make their money from enterprise | sales of their various network products. | | They're in the business of competing with AWS and are | pretty damn good at it, too. | hibikir wrote: | Security teams don't block certain VPN traffic for fun.When a | certain IP block has been running credential stuffing attacks | all month long, It's very reasonable to see any request from | said block with a lot of suspicion. In many cases, 99.9% of | login attempts from certain IP blocks are just fraudulent, and | there might be more requests from one of said blocks than | legitimate requests from the rest of the world combined. | | Completely blocking a VPN is often too blunt an instrument, but | even the best alternatives are unfriendly to legitimate | traffic. The most user-friendly thing you can do is to rely on | bonus security controls, like asking for two factor | authentication for everything. No, you will not be able to log | into anything from a new device, even, without the two factor. | A very understandable tradeoff for a bank, but we'll end up | seeing that for any account protecting anything of relatively | low value. | | If your second factor is tied to, say, a phone, it's not going | to be fun to wait to replace it if it's lost. But in a world | where most traffic is coming from a VPN, there aren't many good | alternatives. | btown wrote: | From the article, this is powered by a partnership with | Cloudflare. It's worth noting that until August 6 of this year, | Cloudflare's WARP VPN would leak your IP address - but only to | sites using the Cloudflare network. | | https://web.archive.org/web/20220609160341/https://developer... | | And when Cloudflare released their new SOPs for Warp, they did so | in a blog post titled "More features, still private" - | https://blog.cloudflare.com/geoexit-improving-warp-user-expe... | as referenced in https://developers.cloudflare.com/warp- | client/known-issues-a... | | Microsoft's initial announcement for the feature touted that IP | addresses would be masked, and one imagines that they did their | diligence with Cloudflare and are enforcing the strong practices | that WARP has now rolled out more broadly. | | But it's worth noting that you're routing through a company to | whom the words "still private" encompassed leaking client IP | address information to Cloudflare's hosting customers as recently | as two months ago. | judge2020 wrote: | Warp/1.1.1.1[0] is a product, not a VPN, despite the fact that | it tunnels your traffic. Even after the IP address change, the | current documentation and promotions for Warp do not call it a | VPN. It was never meant to keep your IP hidden from the | websites you visit. | | 0: https://1.1.1.1/ | btown wrote: | I wish that were how it had been presented, but they indeed | did advertise it as a VPN. From | https://blog.cloudflare.com/1111-warp-better-vpn/ : | | "Technically, WARP is a VPN.... We built WARP because we've | had those conversations with our loved ones too and they've | not gone well. So we knew that we had to start with turning | the weaknesses of other VPN solutions into strengths. Under | the covers, WARP acts as a VPN. But now in the 1.1.1.1 App, | if users decide to enable WARP, instead of just DNS queries | being secured and optimized, all Internet traffic is secured | and optimized. In other words, WARP is the VPN for people who | don't know what V.P.N. stands for." | judge2020 wrote: | I don't think this holds much weight given the regular | users of this product are likely referred to | https://1.1.1.1 and are unlikely to read through all of | this 3000 word blog post with tech jargon. However, indeed, | many people might've heard about it from other blog posts | saying it's a VPN or word-of-mouth from more technical | users also calling it a VPN - but it's obvious Cloudflare | made a concerted effort not to use that term. | genewitch wrote: | it's used _five_ times in that single paragraph. That 's | cloudflare calling it a VPN. you can't unring the bell. | jdgoesmarching wrote: | I think it holds weight when I'm staring at a Cloudflare | blog URL that explicitly says "Warp better VPN." I don't | doubt that this has been scrubbed from current | documentation, but this is fair evidence for the above | comment's claim that CF has advertised it as a VPN. | | I don't have a dog in this fight, but it was especially | odd in this context to claim that this misconception was | entirely driven from outside of Cloudflare when the URL | is sitting right there. | sproketboy wrote: | smm11 wrote: | I'm going to run my VPN on Edge running a VPN. | rmason wrote: | I am not saying that they'd do it but what would prevent | Microsoft from 'theoretically' collecting your information | themselves and then selling it back to your ISP? | cphoover wrote: | Hmmm interesting another reason for me to avoid microsoft | browsers. | AlexandrB wrote: | Interesting to see this on the front page along with | https://news.ycombinator.com/item?id=33036748 | | I wonder how long until Microsoft starts blocking sites on their | VPN for "your protection". | mikaelsouza wrote: | I think they already do. Just like chrome and firefox block | sites that are considered insecure. | | I don't think they need a VPN for this. | xnx wrote: | Sounds pretty handy for data-scraping! | witrak wrote: | If this "VPN" is under the control of an entity collecting | information about users wherever it can what's the sense of the | service. "VPN" (in fact the term should be "virtual internet | access network") make sense only when it is independent of any | entity controlling internet traffic... | crazygringo wrote: | > _the VPN will automatically connect when you're using public | Wi-Fi or browsing unsecured networks and sites lacking a valid | HTTP certificate._ | | OK, that's actually a pretty decent idea. It's not going to be | always-on, but it's providing security specifically for things | like coffeeshops/libraries and for sites that don't provide their | own security. In other words, it's "backup security", not | rerouting all of your "normal" secure traffic at work/home. | | This mainly protects sites you visit from having JavaScript | injected into them by networks when there aren't any other | protections, and the VPN is run by Cloudflare so it will be | performant, so I don't really see any problems here? Seems like a | positive development actually. | timmb wrote: | Just curious but is there really a risk on public WiFi if | you're using DNS-over-HTTPS and connecting to a site over | https? | kibwen wrote: | No, though DNS-over-HTTPS is already basically a proxy. | CogitoCogito wrote: | > This mainly protects sites you visit from having JavaScript | injected into them by networks when there aren't any other | protections, and the VPN is run by Cloudflare so it will be | performant, so I don't really see any problems here? Seems like | a positive development actually. | | How does this protect from having JavaScript injected? Why | couldn't the VPN do that? | simsla wrote: | MITM protection on public networks maybe? | CogitoCogito wrote: | > MITM protection on public networks maybe? | | How does this address the fact that the operators of the | VPN can certainly modify any content they access over http | on your behalf? | kevingadd wrote: | It's reducing the number of parties you have to trust | from 'every hop along the path from the public wifi | operator to the host' to 'cloudflare', and many site | operators already trust cloudflare not to MITM them. | yed wrote: | The operators of the VPN in this case are also the | developers of the browser. If they want to inject content | they can do that without the VPN. | soulofmischief wrote: | It's security by consolidation. | hypertele-Xii wrote: | Security by consolidation to single point of failure, I | might add. | kevmo314 wrote: | Better than every public wifi access point being able to. | acdha wrote: | It's a question of how many entities you have to trust. | There are many thousands of public networks around the | world and millions of people using ISPs which tamper with | traffic (especially on mobile networks). With the VPN, | you only have to trust the VPN provider; without it, you | have to review each network you use and its ISP. That | doesn't mean that the VPN is automatically trustworthy, | of course, but it's a single entity. | ViViDboarder wrote: | The assumption is that the VPN operator is more trustworthy | than an unsecured network. | reactspa wrote: | A crazy thing happened to me on a recent trip to Mexico city. I | thought my AT&T mobile plan covered Mexico, but after 2 days it | stopped working. So I tried to log into my account online with | AT&T. It would keep redirecting me to the Mexico AT&T website | instead of the US website. The first time I realized I needed a | VPN. | Justin_K wrote: | Why don't we just call it what it is: "Microsoft redirects all | browser traffic through their servers". At first it sounds great | but in two years when the start selling the data or start | injecting ads, what will the privacy advocates think then? How | long until Microsoft decides they don't like your site, so | they're going to block it? Yet another move towards | centralization of the internet, NO THANKS. | SavageBeast wrote: | So Edge users are going to be impacted by this - whats that like | 35 people outside the development team who made it? | oefrha wrote: | As a generally happy Cloudflare customer, a Cloudflare VPN makes | me deeply uneasy. (Yes, I know Warp has been around for a while.) | Using it means Cloudflare owns a huge chunk of your Internet | traffic _end to end_ and _decrypted_ , a uniquely powerful | position to be in. And this is going to be default on in Edge | according to TFA, even though it's only applied to plain HTTP | sites by default at the moment. | xani_ wrote: | Browsers already want to send every domain you visit to | cloudflare via DoH. | | Other options of securing DNS included "just" encrypting | traffic to DNS server. But no, they decided to centralize | sending DNS records via HTTPS | sascha_sl wrote: | While I agree that it is concerning, WARP doesn't decrypt your | traffic unless you sign in to ZeroTrust, enable it in your | dashboard and install their CA. | | Not much you can do about them having decrypted traffic for | sites that use them. | oefrha wrote: | > having decrypted traffic for sites that use them | | Yes, that's the huge chunk I'm talking about, and when you | use them as your VPN they can effortlessly trace that | decrypted traffic to you. | sascha_sl wrote: | How is that different from not using a VPN? | xboxnolifes wrote: | Its not, that's the point. | ViViDboarder wrote: | It's not _for one party_. The VPN protects your traffic | from any party other than Cloudflare. Exactly as it would | with any VPN. | AtNightWeCode wrote: | Https is among the most broken ideas in the history of CS. I | remember the first time I really learned about it and I went | like it can't be this stupid. | | Most Internet traffic today between A and B is decrypted by C | because of this. | jimlongton wrote: | People are fools if think there isn't a Room 641A in | Cloudflare, except it's a lot better since web service | operators willingly handed over all their private keys and | therefore user data. | chiefalchemist wrote: | > "However, the VPN will not run while you're streaming or | watching videos -- so that you can save up on traffic which is | capped at a modest 1 GB per month." | | OK? And what happens after that? After you go over your 1 GB cap? | You're cut off from the internet? | ridgered4 wrote: | How they even id the user for the cap? Some kind of system | signature? Requirement of a MS account? | shmde wrote: | They just turn the VPN off ? | mdaniel wrote: | Heh, I wonder if they just quietly do that in the middle of a | session | | * GET bank.example.com/accounts | | * GET bank.example.com/accounts/1 | | _vpn disconnect_ | | * GET bank.example.com/accounts/1/details <- 403 new IP, who | dis? | 1langisbad wrote: | drexlspivey wrote: | Pretty cool to see Wireguard, a protocol that is only a few years | old, making it so fast into the linux kernel and now into Edge. | Literally shipping into billions of devices in such a small | amount of time. | cphoover wrote: | I don't like this. When I add a URL to the address bar I want | TCP/IP traffic to be directed to only the remote address I | requested, and not have traffic relayed through some third party. | criddell wrote: | Do a traceroute and see how many third parties your traffic is | going through. You probably don't get many point-to-point | connections. | hbrn wrote: | I have bad news for you. traceroute | news.ycombinator.com | doublerabbit wrote: | Besides the point, 18 hops to get to HN via my colo server in | London, UK; what is cogentco doing with the excessive | routing? 1 24 ms 24 ms 25 ms | 10.0.0.1 2 32 ms 25 ms 24 ms x.x.x.x 3 | 28 ms 28 ms 27 ms core-router-b-nlc.netwise.co.uk | [185.17.175.246] 4 29 ms 25 ms 25 ms core- | router-hex.netwise.co.uk [185.17.175.240] 5 29 ms | 25 ms 26 ms | te0-7-0-17.505.rcr21.b015534-1.lon01.atlas.cogentco.com | [216.168.64.16] 6 27 ms 25 ms 25 ms | be2186.ccr22.lon01.atlas.cogentco.com [154.54.61.70] 7 | 27 ms 25 ms 28 ms | be2870.ccr41.lon13.atlas.cogentco.com [154.54.58.173] 8 | 94 ms 93 ms 94 ms | be2317.ccr41.jfk02.atlas.cogentco.com [154.54.30.185] 9 | 103 ms 100 ms 100 ms | be2806.ccr41.dca01.atlas.cogentco.com [154.54.40.106] 10 | 118 ms 117 ms 117 ms | be2112.ccr41.atl01.atlas.cogentco.com [154.54.7.158] 11 | 130 ms 130 ms 134 ms | be2687.ccr41.iah01.atlas.cogentco.com [154.54.28.70] 12 | 147 ms 146 ms 181 ms | be2927.ccr21.elp01.atlas.cogentco.com [154.54.29.222] 13 | 155 ms 155 ms 156 ms | be2930.ccr32.phx01.atlas.cogentco.com [154.54.42.77] 14 | 172 ms 348 ms 192 ms | be2941.rcr52.san01.atlas.cogentco.com [154.54.41.33] 15 | 198 ms 202 ms 205 ms | te0-0-2-0.rcr12.san03.atlas.cogentco.com [154.54.82.70] | 16 209 ms 165 ms 165 ms | te0-0-2-3.nr11.b006590-1.san03.atlas.cogentco.com | [154.24.18.194] 17 166 ms 171 ms 203 ms | 38.96.10.250 18 165 ms 162 ms 162 ms | news.ycombinator.com [209.216.230.240] | jdthedisciple wrote: | only 8 hops for me from Europe | pGuitar wrote: | I got 30 hops from Atlanta/Comcast | | but hops from 9 to 30 are "blank" like this: 30 * * * | | the last non-blank hop is this: 8 | M5-HOSTING.bar1.SanDiego1.Level3.net (4.16.110.170) 69.921 | ms GIGLINX-INC.bar1.SanDiego1.Level3.net (4.16.105.98) | 60.600 ms M5-HOSTING.bar1.SanDiego1.Level3.net | (4.16.110.170) 69.882 ms | dhaavi wrote: | Cogent is the third biggest network on the Internet by | CAIDA AS Rank. Your connection used it for pretty much all | the distance. | RcouF1uZ4gsC wrote: | > Also, we must be aware of the risks associated with using the | built-in VPN services of Microsoft, Apple, and the like. The | tools they so generously offer might protect you from being | tracked by your Internet Service Provider (ISP), | | It seems using a VPN from your browser vendor does not increase | your risk. I don't think a VPN would have any information that | your browser did not. | oefrha wrote: | People generally don't tolerate browsers that phone home with | any and all accessible information. But if you claim to also | run a built-in VPN service... | vladvasiliu wrote: | What do you mean? | | I oftentimes see people using Chrome (not Chromium) while | logged into a profile. Are you telling me that either those | people are actually a minority, or that Chrome doesn't phone | home? | lxgr wrote: | Not really: Your browser vendor _might_ push out a malicious | update or enable dormant functionality that sends them | telemetry on your browsing, or even your entire web traffic, | but a VPN definitively _does_ receive all of you traffic | (including, at least, the host name of almost all sites you | visit). | | I can observe who my browser/OS talk to (beyond the sites I | already visit) - but what happens inside a VPN provider is | impossible to tell. | mkl95 wrote: | Serious question - is there a legitimate use case for Edge when a | Chrome Stable build is available? | mrweasel wrote: | I'm thinking Microsoft is hoping for the reverse: Why download | Chrome when you have a perfectly good Blink based browser | already installed. | vladvasiliu wrote: | It's already installed and it works well enough. Plus, if I'm | using Windows, I'm already sending a bunch of telemetry to MS, | so I don't see a reason to go out of my way to send some to | goog, too. Also, I'm not a Netflix customer, but I understand | that on PC you need Edge to get high-definition (>=1080p) | video. Chrome doesn't work (neither does it work on Mac). So | the question becomes: is there a legimate use case for Chrome | when Edge is available (and is mostly the same thing)? | | I, personally, am quite against using a Google browser (or | derivative), but for my gaming PC where I only launch the | browser once in a blue moon, I just can't be bothered to | download anything else since Edge works. On my work PC I use | Firefox, and am quite happy with it. | wintermutestwin wrote: | Edge is the only Chromium-based browser that allows for | Vertical Tabs. | netsharc wrote: | Vivaldi has it, and it's a Chromium-based browser made by | people who left Opera after it was sold to the Chinese. Opera | had vertical tabs even a decade or so ago, back when it was | still using its own Presto engine (they switched to Chromium | and seems to have lost this feature). | wintermutestwin wrote: | Thanks for that. Unfortunately, it looks like Vivaldi is | closed source. Do you know how it is monetized? | rejectfinite wrote: | Search engines, bookmarks and they offer email services. | | https://vivaldi.com/blog/vivaldi-business-model/ | radicaldreamer wrote: | There are significant changes in Edge compared to Chrome stable | and perf and efficiency improvements on Windows (not to mention | deeper system integration). | jabroni_salad wrote: | From a business perspective, IE mode and onedrive userstate | sync for o365 customers | | From a personal perspective, goog and microsoft are basically | equivalent and I don't want either of their browsers. | BLO716 wrote: | The trend towards 0-configuration VPNs though make it totally | compelling to just port your traffic home. I'm not trying to be a | fan-boi, but I want ALL my traffic off the network of snoop. I'm | just going to go out there and say Ubuiti and Teleport with | WifiMan on phone/tablets/computers and 0 config bar codes, I mean | its ALMOST frictionless for my family to do this setup once its | going. | | I least try to do this while we travel and are out of network | range. How do people feel about this? | gzer0 wrote: | how about a tailscale exit node running on a computer at home | | takes 10 seconds to setup and I can use my home IP from | anywhere on earth | hopfog wrote: | I run a free browser game where you can start playing | immediately, no registration required. The game has a big sandbox | element where you can build and paint on the world map. | | Naturally I've attracted trolls doing everything in their power | to grief and ruin it for other players. This has lead me to | reluctantly implement moderation tools such as IP bans and proxy | detection. | | I'm currently using a couple of services where I can supply an IP | and get a risk score back but I'm worried about false positives. | I'm afraid this initiative, while great for privacy, will make my | defense measures futile. | | What should I do? I just want to run a game with as few intrusive | barriers as possible. I have no interest in collecting any | private data from users whatsoever. | xani_ wrote: | You will just have a bunch of random false positives that get | blocked and never come back. Even before VPN a lot of ISPs gave | you dynamic IP that changed anywhere from every few weeks to | daily, to each reconnect. Same with any public access point | | Same with carrier grade NAT, IP stopped being good way to block | things long time ago. About the only use is "this IP is DoSing | me now, block it for few hours". | | There are few other methods, all of them intrusive on privacy. | Generating fingerprint of browser and blocking based on that | might work for the clueless users but dedicated ones will go | around it. Making using one of the popular SSO logins is one | option (at least banning-wise) but that's a lot of work | aaronax wrote: | You have to have intrusive barriers. This is true in real life | and it is true online. | | The world is not a graffiti free-for-all because there are | barriers: the government (police) is able to apprehend | individuals, link that physical individual to an identity | (which it issued at birth), and effectively implement | consequences to that identity/individual. | | If you want your site to not be a graffiti free-for-all, you | will need a durable way to identify actual people. Twitter, for | example, essentially requires a phone number to use their site. | Phone numbers are fairly difficult to get anonymously. | Therefore, Twitter has a useful link between their users and a | physical individual. Other services use other things. | | The government should implement cryptographic certificate based | identities to citizens. Ideally there would be a way to "sign" | something that says you are a real citizen without revealing | which citizen you are, but is durably unique (subsequent | signings identify you as the same citizen). | | Facebook, Google, etc. are effectively filling this function | right now but they leave much to be desired. | hopfog wrote: | > Ideally there would be a way to "sign" something that says | you are a real citizen without revealing which citizen you | are, but is durably unique (subsequent signings identify you | as the same citizen). | | This is a truly interesting and groundbreaking idea that | would solve all my problems. Do you know if there are any | initiatives like that or is it science-fiction? | aaronax wrote: | Actually issued by a government? Not sure. | | How to implement? Also not sure. I am not an expert in this | field. "Anonymous credentials" seems like the closest thing | maybe. Basically you need to somehow prove you have a valid | signed certificate without disclosing the public key. | | https://crypto.stackexchange.com/questions/83412/how-to- | achi... | https://crypto.stackexchange.com/questions/52189/zero- | knowle... | | Since you seem open to putting up barriers...in the process | of looking into this I discovered Idena and checked it out | a little. You could required verified Idena something or | other, just as an example. I'm sure there are scores of | these types of things being built, most or all of which | will fail to gain traction. | BrainVirus wrote: | Redesign the rules so that trolling is not rewarding. Yes, I | know, it's hard. | hopfog wrote: | Yeah, I thought I could pull that off but in the end I was | naive thinking I could solve it with mechanics. The idea was | that I would never need to ban anyone, ever. However, even | with thousands of players playing the game as intended just | one troll can wreck havoc by creating hundreds of accounts | through proxies. | | I have implemented measures where you can't chat until you've | finished the tutorial, 5 minutes decay on stuff built/painted | outside plots and upkeep on claimed plots but it's not | enough. The trolls are extremely dedicated and devote their | life to ruining my game. | dathinab wrote: | Hm, | | I think this is mainly an form of advertisement move to compel | more users to use edge/not switch away from it. Reason: By now | many non-technical people think a VPN is necessary (or at least | recommendable) for "safety". Through how a VPN actually | helps/works most non-technical people do not understand at all. | For Microsoft providing a VPN which by default is only enabled on | public WiFi and similar isn't too expensive. | | They also need to compete with Apples Privacy Relay feature. | | So putting bias aside it seems a good thing. | | But there are some gotchas: | | 1. a VPN is not per-se privacy protecting, it is only that if the | VPN provider legally binding agrees to not sell out the users | data. | | 2. a major browser which tries to force itself on all windows | users providing a VPN for free hurt the VPN market due to the | unfair competitive advantage this VPN has. | | 3. It could normalize for many people that VPNs do not necessary | have a feature to avoid geo-blocking => make it easier for | legislation targeting such features to pass | | 4. also more centralization for cloudflair | | Through if you ignore all this from a pure "common peoples | security" perspective (i.e. not state actor attacks) this is an | neat improvement. There are still to many things which allow | attacks due to not using HTTPS and for non state-level attackers | the best attack vector are public hotspots and similar where this | VPN automatically is enabled. E.g. common security problem is | HTTP(not s) redirect links in e.g. mails, which an attacker could | trivially rewrite to point you to their site which automatically | proxies the site you originally wanted to go to. Worst offender I | saw was a FIN-tec site using emailing http(not s) redirect links | containing the auth token for the initial account setup... | strictfp wrote: | Cue VPNs being banned | rntksi wrote: | I remember this being done back when Opera 7 was used. I think it | had a feature for mobile OS, where it would route requests to | Opera's servers and serve clients a minified, smaller version of | the page, so people on 2G at the time could still use the web. I | don't remember people being outraged at the time at the prospect | of a browser having a baked-in VPN option though. | laundermaf wrote: | Don't forget about Google's own "optimizer" | | https://en.wikipedia.org/wiki/Google_Web_Accelerator | bityard wrote: | I remember this as well and thought it was a neat service. One | that I would have liked to emulate using my own proxy in order | to save bandwidth on my mobile data but never got around to | actually doing. | | These days with widespread HTTPS, the only way to do this is to | bake it into the browser itself. | | And of course, this was back when you could trust Opera to do | what they said they were (or weren't) doing. | sergiotapia wrote: | God I miss Presto and Dragonfly. :'( | Nextgrid wrote: | At the time, spyware was not yet a mainstream business model so | there was no outrage because respectable, established companies | didn't yet become spyware operators. There was still mutual | trust back in the day. | noja wrote: | Yes that was mainly because mobile internet was really slow and | using it without Opera's proxy was an exercise in frustration. | | But do not forget that Opera 7 was release TWENTY YEARS AGO. | Things are a bit different now. Think eternal september. | pGuitar wrote: | Why do they even need this? With all the spying/telemetry they | already do, they probably already know the sites that you | visit.... | lucasmullens wrote: | Some users might want this feature, which gets them more users. | I think outside HN most users would appreciate a free VPN for | when they're on public Wi-Fi. | timbit42 wrote: | They want to keep everyone else from tracking you so their data | is more valuable. | jeroen79 wrote: | cloudflare is nasty, its worse giving them all your data then | spreading it around. | counttheforks wrote: | bilekas wrote: | > you can save up on traffic which is capped at a modest 1 GB per | month. | | These days that probably wont even manage the tracking requests | being sent from the machine a month. | kebman wrote: | If I'm not mistaken Skype used to be called the most secure video | calling app back in the day. Until this: | https://lists.randombit.net/pipermail/cryptography/2013-May/... | kazinator wrote: | "Let's use our browser to herd users into our walled network, | where our competitors cannot track them as easily as we are able | to." | donmcronald wrote: | I think this is the real reason for the "VPN in a browser" | trend. It's about getting exclusive access to browsing data. | | Imagine Facebook data collection, but without being able to | ignore it. That's where we're headed. Watch for Google to | release a "security" product that does something similar. | | IMO Apple, Microsoft, and (eventually) Google are going to use | their platform dominance to usurp Facebook's ad business. | That's why Facebook is making a big bet on VR. It's not that | they see VR as a naturally popular platform. It's simply one of | the last platforms that _could_ be popular (for the near | future), isn 't already dominated by a major player, and has | network effects that make it a critical mass platform similar | to how Facebook works. If they can buy their way in, they own | the whole market. | | This kind of thing should get these companies obliterated by | regulators. It's shameless, blatant, anti-competitive behavior | where they're using their dominance in one market to gain an | extremely unfair advantage in another. | | The goal is to move the entire ad market away from the open web | and into closed platforms like OSes and browsers. | pmarreck wrote: | Imagine still tolerating Windows in 2022 | seabrookmx wrote: | Some people play video games. | | Some people want to use the Adobe suite on user upgradable | hardware. | | If you come out of your bubble you'll see there's plenty of | reasons to still use Windows (typing this in Firefox running on | Fedora, FWIW). | rejectfinite wrote: | The great thing about Windows is that you can install another | browser and set it to default. You don't have to use Edge. | blibble wrote: | and then every other update it "accidentally" gets set back | to Edge | rodolphoarruda wrote: | Not even god knows what's going on inside that (not so very much) | private network. | tonymet wrote: | Microsoft obviously benefits from the ability to collect more | tracking signals. Even over HTTPS they will have many traffic | signals to use for ads targeting. | | Just be mindful of any feature and who it benefits. These | companies aren't charities. | MikeYasnev007 wrote: | netsharc wrote: | > The VPN feature, known as "Microsoft Edge Secure Network," has | rolled out to a limited selection of users in the latest Edge | Canary version. | | Now why didn't they call it Microsoft Secure Network! And MSN in | short. | | And next they should start a VPN'ed messaging service, they can | name it "MSN Messenger". | kingaillas wrote: | Everybody is suspicious of Microsoft's motives but I think in | this, you gotta consider how many windows systems are out there | used by security novices. | | Lots of people are computer savvy but want to use a computer to | do something else not under the umbrella of hobbyist sysadmin | work. | | I don't see the downside here, again, considering the multi- | millions average users Windows/Edge has. If you are savvy enough | to roll your own VPN using algo from Trail of Bits, then do that. | If you are able to weigh the pros and cons of VPNs from having | one or not, or which one to use, you are ahead of 99.99% of the | people this will help. | sylens wrote: | Had to move off of Edge to Brave a few weeks back after sticking | it out longer than I should have. I really liked Edge on both | Windows and macOS but they keep adding stuff that I don't want to | the browser. | 0xbadcafebee wrote: | Isn't this basically just Chrome's data saver? They never called | it a VPN but they did send all your traffic to Google. ___________________________________________________________________ (page generated 2022-09-30 23:00 UTC)