DNS they know you use Apple Music unless you’re using encrypted DNS, even better oblivious DNS.
They know that just from the IP ranges you’re connecting to.
Also, encrypted DNS won’t really hide much until Encrypted Client Hello for TLS gets widespread support (which should be happening soon, Chrome is about to roll it out in the next few versions).
They don’t provide more security or privacy by default…
Mind explaining this more? If your data is concealed from your ISP, and your IP and other identifying info concealed from the websites you visit, isn’t that more secure and private by default?
nah, most of the people when traveling are gonna be wearing some sort of bluetooth device.
im listening to music while all the shit is going on around me, i don’t want my airpods to disconnect and then have to fiddle around with the settings and yada yada. It’s a great feature that improves the experience.
i do think they should have an option to change the behavior tho.
We finally need a good mobile OS. But there is not anything to see for now. Maybe Win12?
No, that’s not the reason either. I just recently changed to Google Nest which uses 192.168.86.0/24 by default. I used OpenWRT before where I both used 192.168.0.0/24 and 192.168.1.0/24 which my parents also use.
It works perfectly fine and there is something wrong with your setup.
That doesn’t change the fact that it’s not what the intention is behind a VPN and they therefore does a bad job at providing any meaningful privacy.
Your traffic is already encrypted via HTTPS. HSTS block HTTP downgrade attacks on popular sites and the browser throws a big fat warning for sites downgraded that doesn’t support HSTS.
VPNs are for accessing local network when you’re outside. If using it for privacy, you’re purely paying for nothing.
Yeah. VPNs for “privacy” is a relatively new thing - spurred on by all these aggressively-advertising companies like NerdVPN or Smurfshark (name mangling intentional to avoid helping their SEO/organic traffic growth) or whatever. A lot of the ads I see for them are straight up misleading, and they’re designed to convince normal people that they need a VPN when odds are they don’t. They prey on the idea of “people can track your IP address” that people get from movies and TV, which is only a little bit based in reality.
People today just see the word “private” in “virtual private network” and basically assume it’s a privacy tool for general end-user/consumer.
And to secure data in transit, you want all connections to go over the VPN. Some floating outside IS a problem, obviously.
> unsecured WiFi
Means anyone near the radio can capture packets from the network, even if the wifi was password protected, you can still capture traffic and depending on password strength, decrypt it. HTTPS mitigates this regardless, encrypted DNS mitigates DNS poisoning.
> VPN help?
Sure, the issue is you’re still having to trust the VPN, which has the resources and financial interest to collect your data. You’re putting all your data in one place for government requests as well.
The ideal solution is again, iCloud Private relay since it’s not a VPN, rather architected in a way where Apple and the partners can’t confound who requested the data and where it’s going.
If iCloud private relay isn’t a possibility, use an encrypted dns profile https://encrypted-dns.party, it will prevent DNS poising from attackers on the network as well as hide queries, otherwise HTTPS works fine, all of your data is secured by default anyways.
If your VPN is providing their own DNS, it’s already encrypted over the connection anyways.
The key point here is you’re just moving your attack surface. You have to really trust your VPN not to be malicious even though they have incentive and resources to collect your data.
There’s a fundamental misunderstanding of these technologies, networked systems already have protections in place namely HTTPS and DOH. Sure a VPN *could* work, but it was never designed for this and you’re just giving the data over to someone else perhaps less trustworthy than the hotel occupants.
Blocking 3rd party trackers (default in safari) would mitigate ad tracking.
Using 3rd party Reddit clients would limit ad tracking as well since they don’t load ads and aren’t concerned with engagement metrics recorded client side in their first party app.
Amazon, Google, are cloud providers for lots of websites, they probably don’t track based on this, but your data passes through their networks regardless.
iCloud private relay is still the best option, also reading the websites privacy policy and not using the services while logged in.
This issue is very complex so you have to be willing to compromise if you use these services. Browser fingerprints is another confounding variable.
Amazon, Google do track you and build profiles even when not logged in, however this data is used internally, it’s not being shared with 3rd parties. You can turn off certain aspects of tracking in your account. Advertisers submit their ads to google/Amazon then serve them to you based on relevancy, the advertiser doesn’t get your information specifically, some metadata for analytics. You can read more about their respective privacy policies, but your data is private with them and perhaps law enforcement.
Weather: stick to the stock weather app on iOS, good privacy policy.
Health: Stick to stock health app, Apple takes health privacy very seriously and keeps as much as possible on your device because they don’t want liability.
You will be tracked some regardless for analytics, the key is to not use these services if it’s a concern.
Let’s say you use a VPN, these services know it’s a VPN since it’s typically a data center IP. You only have to mess up once for them to know your residential IP. Residential IPv4 is typically ephemeral, so unless there is other metadata it can’t be linked to a specific person.
These services aren’t really spying on you, you do agree to give this information when you signup for them. There’s plenty of opsec you can do, like perhaps only using tor, but generally if not committing crimes, iCloud private relay is sufficient.
Encrypted dns would have prevented it as well. If they were compromising the website to give up IPs then maybe a VPN, but they could also just go after the provider. iCloud private relay would be the only safe option.
The police must have had a solid case to go after people, there’s little you can do if you’re the target of a government advisory.