Anyone use a VPN service?

[mpeirce]

Yeah... Like a lot of privacy claims by Apple, I guess we just have to take their word on this.

Ultimately you have to trust the vender to some degree. Also true for VPNs. Also true of all technology.

Still the technical details look sound. They also provide documentation explaining how it works. There’s a good overview here:

https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF

If you want to explore the details of Apple’s approach to security (both hardware and software), they publish an excellent Platform Security guide here:

https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

It is updated each year as hardware and software advances.

 

[SecondAttempt]

So does anyone really believe your VPN service provided doesn't know (log) where you are going once they terminate your VPN session and send your traffic on to it's intended destination?

Well, it really does come down to trust. But yeah, I believe ProtonVPN does not keep logs. They say they do not in their terms of service which become part of the contract. If they kept logs it would be fraud in Switzerland. Would I be in a position to do anything about it? No. But if I were doing something illegal, the fact that US law enforcement obtained information from a foreign agent engaging in fraud would seriously complicate any case they may have.

Fortunately for me, I am law abiding and this is not a concern for me. I'm not even that concerned what Amazon and Google know about me. I am pretty good at not falling for ads. They can show me whatever they want.

But I am somewhat concerned about hackers. They are getting very good. I am not sure I can completely express what Ithink I gain from a VPN but I look at it as part of a "swiss cheese model" where you have layer upon layer of porous security measures that together are reasonably effective.

But like I said in my original post, being blocked is becoming increasingly annoying so I may throw out this particular slice of swiss cheese.

 

[tulak]

I don’t bother with a VPN at home. I don’t see the point.

When I travel, I connect to a VPN I have at home. A lot of home routers support it, even though it does take a little bit of work to configure, mostly finding your home router. For that, I use dynamic DNS, also supported by most (all?) routers.

 

[camfused]

... I avoid financial transactions on my phone except for credit cards...

I have been thinking about this. I am not sure about the reason to do this. Someone correct me here if I am wrong, but I think that all data transmitted between a phone and the carrier is encrypted and practically un-tappable, and then the data in the https session you have between you and your financial institution is encrypted. So, I fail to see the security risk of using your phone. Am I correct/naive?

 

[explanade]

Sometimes, VPN services let you choose different protocols and some work better with certain websites than others.

That was the case for me with SurfShark and a few websites.

I also have an OpenVPN configured on my router so I can broadcast my US IP address to use to get around content restrictions.

 

[BooBoo]

I having been using NordVPN for several years. Occasionally run into websites that will not accept a VPN. I have have seen speeds throttled due to VPN.

 

[Jerry1]

I also have an OpenVPN configured on my router so I can broadcast my US IP address to use to get around content restrictions.

I wonder if this could solve an issue I have with my cable provider. They have a streaming app for the cable (tv) channels. If I’m home, I get access to all my channels. However, if I’m not home (not on my wifi), I only get certain channels. Mostly, I want access to my local channels when I’m not home (using my phone), but it knows I’m not home and blocks access to those channels. Seems liked I’d be able to get all my channels from anywhere, but no. If I had a vpn, could I make the app think that I was home?

 

[tulak]

The problem is some apps will look to see if you’re connected over vpn. It can be a pain.

The only way around that is to use a travel
wifi router that connects to your vpn. Since you’re only connecting to local wifi hotspot on the travel router, the app has no idea vpn is in use.

That’s the problem with tech. There’s usually always a solution, but at times it’s not easy.

 

[explanade]

I wonder if this could solve an issue I have with my cable provider. They have a streaming app for the cable (tv) channels. If I’m home, I get access to all my channels. However, if I’m not home (not on my wifi), I only get certain channels. Mostly, I want access to my local channels when I’m not home (using my phone), but it knows I’m not home and blocks access to those channels. Seems liked I’d be able to get all my channels from anywhere, but no. If I had a vpn, could I make the app think that I was home?

No because a third-party VPN server would give you a different IP address than what your ISP gives you at home.

My Comcast Xfinity Stream app also has channels which are restricted for "At-Home" streaming as well.

Seems random, like NBA TV is At Home only but ESPN isn't?

So I set up a VPN server on my home router. What that does is when I connect via OpenVPN, my device gets the IP address that I would at home.

Then I can stream those At Home channels.

One of the downside is that it slows down the performance to your upload speed.

So say you had a 100 Mbps connection but at home your upload speeds is only 10 Mbps. When you connect via VPN server in your home, then your download speed through the VPN is only 10 Mbps, because you're routing all the traffic through the VPN server.

Commercial VPN servers can be faster, since they have to service hundreds or thousands of people at a time.

 

[Yipper]

In my case SSL/TLS is good enough for my needs/concerns.

I might re-consider if I regularly used my PC's from hotels or public hot spots, etc. But SSL/TLS still covers most of my concerns in such an environment.

This.

 

[Jerry1]

No because a third-party VPN server would give you a different IP address than what your ISP gives you at home.

My Comcast Xfinity Stream app also has channels which are restricted for "At-Home" streaming as well.

Seems random, like NBA TV is At Home only but ESPN isn't?

So I set up a VPN server on my home router. What that does is when I connect via OpenVPN, my device gets the IP address that I would at home.

Then I can stream those At Home channels.

One of the downside is that it slows down the performance to your upload speed.

So say you had a 100 Mbps connection but at home your upload speeds is only 10 Mbps. When you connect via VPN server in your home, then your download speed through the VPN is only 10 Mbps, because you're routing all the traffic through the VPN server.

Commercial VPN servers can be faster, since they have to service hundreds or thousands of people at a time.

Thanks for the explanation. FWIW, I think their policy sucks. I pay for their service and feel like I should be able to watch any channel no matter where I’m at. I’ll have to put that in the pet peeve thread.

 

[explanade]

I think when they cut deals for streaming rights on these channels, we didn't have OTT streaming services like those we have now.

So some cable channels were restrictive.

Now, services like Netflix will let you stream anywhere within a given country.

 

[wdberry62]

NordVPN. I've used it for a few years and it works great. Secure, inexpensive, fast and reliable options to connect via several locations in NA and Europe. Also features multi-factor authentication as an option.

 

[gauss]

I have been thinking about this. I am not sure about the reason to do this. Someone correct me here if I am wrong, but I think that all data transmitted between a phone and the carrier is encrypted and practically un-tappable, and then the data in the https session you have between you and your financial institution is encrypted. So, I fail to see the security risk of using your phone. Am I correct/naive?

Not sure about EastWest Gal, but my take on the topic of using a phone for financial transaction has nothing to do with the encryption.

My concern is all about loosing the phone (even temporarily) in a public space and the threats that would imply.

My laptop, where I do almost all my financial transactions at home, only occasionally is taken outside the home.

Maybe if I had a plan in place to immediately change all financial passwords upon loosing the phone than this risk could be mitigated, but I was raised on PCs and prefer them.

-gauss

 

[explanade]

Not sure about EastWest Gal, but my take on the topic of using a phone for financial transaction has nothing to do with the encryption.

My concern is all about loosing the phone (even temporarily) in a public space and the threats that would imply.

My laptop, where I do almost all my financial transactions at home, only occasionally is taken outside the home.

Maybe if I had a plan in place to immediately change all financial passwords upon loosing the phone than this risk could be mitigated, but I was raised on PCs and prefer them.

-gauss

Depending on the phone and laptop, a phone is more likely to be securing your data with whole device encryption.

Laptop may have whole disk encryption as well.

A phone is more likely go get lost though.

However, many phones have remote wipe capabilities.

Now what's common with late model iPhones is that after you lose one, the owners often get phished, trying to get them to give up their iCloud passwords or log in, because without it, the phone can't be used at all by another, or even wiped for someone else's use.

 

[The Cosmic Avenger]

Thanks for the explanation. FWIW, I think their policy sucks. I pay for their service and feel like I should be able to watch any channel no matter where I’m at. I’ll have to put that in the pet peeve thread.

I have the same thing as explanade, an OpenVPN setup on my ASUS router. You should check if you can set that up, Jerry, because when I'm in NYC or Chicago at a hotel and I VPN into my home router, as far as anyone is concerned my internet traffic is coming from my home network, so that might work for you. Feel free to PM me if you have questions and don't want to post certain details.

 

[Gotadimple]

Maybe if I had a plan in place to immediately change all financial passwords upon loosing the phone than this risk could be mitigated, but I was raised on PCs and prefer them.

-gauss

The thing with using a phone to handle financial transactions is that the banking app has you login the first time and then you stay logged into the app. You can always log out of financial apps after using them. And, hopefully you have a strong password on your phone (or use biometric data, if supported).

 

[gauss]

The thing with using a phone to handle financial transactions is that the banking app has you login the first time and then you stay logged into the app. You can always log out of financial apps after using them. And, hopefully you have a strong password on your phone (or use biometric data, if supported).

And that is the problem for me personally.

I do not wish to have a lock on my phone. Too much of a pain to constantly unlock it -- not to mention the barriers introduced to having a good Samaritan return the lost phone to me.

As such, I try not to have any trusted info on the phone such as financial info etc.

If I didn't have ready access to a laptop, I might see this differently.

-gauss

 

[W2R]

Not sure about EastWest Gal, but my take on the topic of using a phone for financial transaction has nothing to do with the encryption.

My concern is all about loosing the phone (even temporarily) in a public space and the threats that would imply.

My laptop, where I do almost all my financial transactions at home, only occasionally is taken outside the home.

Maybe if I had a plan in place to immediately change all financial passwords upon loosing the phone than this risk could be mitigated, but I was raised on PCs and prefer them.

-gauss

I don't feel comfortable doing financial transactions from my phone, either. I have my PC well protected, but not my phone. So far I see no reason why I can't just do my (very few) financial transactions from my PC.

 

[mpeirce]

And that is the problem for me personally.

I do not wish to have a lock on my phone. Too much of a pain to constantly unlock it -- not to mention the barriers introduced to having a good Samaritan return the lost phone to me.

As such, I try not to have any trusted info on the phone such as financial info etc.

If you have an unlocked phone, keeping all personal data off it makes sense.

For me, Face ID makes unlocking my phone so trivial that I don’t even give it a thought when it happens.

(Someone could certainly return my phone to me. There is emergency contact information available when the phone is locked. This is also very useful should I become unconscious and emergency personal need information about me.)

 

[plex]

VPN's will cause some hiccups with some sites, because they are usually on well known server IP's, which are automatically flagged as questionable by some sites, requiring either an "are you human" test, or rarely, just locks you out (only saw this when I was using Pandora, which I dumped for the now many less obnoxious alternatives).

I still certainly have one though, many services region lock you, show you different services, or spam you with certain ads if you do not use a VPN. So they are certainly still quite useful despite them being awkward to keep on at all times.

 

[explanade]

And that is the problem for me personally.

I do not wish to have a lock on my phone. Too much of a pain to constantly unlock it -- not to mention the barriers introduced to having a good Samaritan return the lost phone to me.

As such, I try not to have any trusted info on the phone such as financial info etc.

If I didn't have ready access to a laptop, I might see this differently.

-gauss

Only transactions that I do on the phone are all the Apple Pay transactions, much more secure than using the physical card.

And I've done some mobile deposits, where I take pictures of the endorsed check and my credit union app will upload and deposit it for me. I've done it with high dollar amount cashier checks without incident.

I have all the credit card bank apps on my phone, mostly to monitor transactions before a billing cycle ends. I also have it set to notify me if a transaction is over a certain amount or my remaining credit drops below a threshold.

All protected biometrically.

Have absolutely no qualms or concerns.

If my iPhone gets lost or stolen, I don't see that data being broken into. Many of my accounts have 2FA and I know that the bank apps can't be opened without biometric or login password.

I can either wipe the phone if it has any kind of connection or I can track it.

But without my iCloud password, nobody else is getting into that phone. Remember, the FBI has been complaining that they can't break into these phones. I wouldn't be surprised however if the NSA and other intelligence agencies have ways to get in. Well they can hack it, not necessarily crack the encryption.

 

[gauss]

Only transactions that I do on the phone are all the Apple Pay transactions, much more secure than using the physical card.

And I've done some mobile deposits, where I take pictures of the endorsed check and my credit union app will upload and deposit it for me. I've done it with high dollar amount cashier checks without incident.

I have all the credit card bank apps on my phone, mostly to monitor transactions before a billing cycle ends. I also have it set to notify me if a transaction is over a certain amount or my remaining credit drops below a threshold.

All protected biometrically.

Have absolutely no qualms or concerns.

If my iPhone gets lost or stolen, I don't see that data being broken into. Many of my accounts have 2FA and I know that the bank apps can't be opened without biometric or login password.

I can either wipe the phone if it has any kind of connection or I can track it.

But without my iCloud password, nobody else is getting into that phone. Remember, the FBI has been complaining that they can't break into these phones. I wouldn't be surprised however if the NSA and other intelligence agencies have ways to get in. Well they can hack it, not necessarily crack the encryption.

That all sounds resonable. I have also done mobile bank check deposits on the phone. I have even tried Google Pay for a month but grew tired when transactions were declined about as often as they were approved.

My concern really is based on logging in to high balance brokerage/IRA accounts -- which don't share the same Federal protections that bank accounts and credit cards do.

-gauss

 

[SecondAttempt]

The thing with using a phone to handle financial transactions is that the banking app has you login the first time and then you stay logged into the app. You can always log out of financial apps after using them. And, hopefully you have a strong password on your phone (or use biometric data, if supported).

I do a lot with home automation. Some devices have apps they require you to use. These apps use encrypted tokens for security just like banking apps. There is (free) software out there that lets you capture the traffic from the app so you can use other software to control your device. Once I started hacking my devices I stopped using banking apps on my phone. I do bank online though. Maybe phone app banking is safe but I'm not taking any chances.

 

[rayvt]

I have been told that if you reserve a rental car at an airport, you will get one rate -- high-- if your IP address is in the US, but a lower rate if your IP address is from a foreign country. If that is indeed true, that's a good reason to use a VPN.

I suspect that you'd get a better rate if you appeared to be coming from, say, Morocco.

I have been using PIA for years. Still at $31/yr from the reference from Popular Science magazine.

Without a VPN your ISP can see everything you see, and can send you letters accusing you of pirating movies. That won't happen with a VPN. AT&T can't see what sites you are accessing.