• PhilipTheBucket@ponder.catOP
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    20 hours ago

    I think you should share this way of looking at security with some security professionals, and see what they say about it.

    I know some people who recently wrote an article, for example, which said among some other things:

    The simple answer is that you can’t and shouldn’t trust either free or paid VPN providers. … For some, using a VPN can be as dangerous as not using one.

    And your government can seek grounds to demand access to your browsing data anytime it wants — including retroactively — which can also include demands to access data from VPN providers, defeating the very point of the privacy you sought.

    Security experts consider the Tor network the gold standard of private browsing because it allows you to access the internet without censorship or surveillance.

    Instead of relying on a single tunnel to hide your internet traffic, Tor works by encrypting and routing users’ internet traffic through thousands of servers around the world, shielding their activity from other servers and the outside world. Because of Tor’s implementation, no single Tor server can see your browsing data. That means even if a Tor server is compromised, the attacker still cannot access the users’ browsing data within.

    Because Tor is open source, anyone can inspect its source code to ensure that it’s safe to run.

    And so on.

    You’re not wrong that a VPN will shield your non-web traffic, and if you’re doing something sensitive outside of HTTPS and the associated DNS, then Tor won’t help. It also won’t prevent someone from stealing your car or breaking into your house. And, the same very serious vulnerabilities that apply to free or commercial VPN providers will apply to all of that non-web traffic.

    The same article with the above useful tidbits of information also includes a guide to setting up your own VPN, which can be made actually extremely secure against some threats, if you do want to secure non-web traffic. Tor is still much better at protecting your web traffic, assuming that you’re doing something for which it is suitable.

    Hope this helps. Let me know if you have any questions.

    • pineapple@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      11 hours ago

      There are ways to send all of your internet traffic over tor. For example tails os does it by default.

      And tor is definitely more secure than a vpn. Any VPN company can just log all your internet traffic and sell it if they want to. Compared to tor you will need to gain access to at least 2 nodes that the internet traffic goes through in order to get any mildly useful information, that is significantly harder than with a VPN.

      Also I just wanna say arguments like these are so fun to read