I guess you dont know how browsers work on iOS then, do ya?
That's "only" the web rendering engine - things like this (safe browsing checks), password sync, history (and sync, if the browser supports it), ad blocking, bookmark sync, UI are different between browsers.
Those APIs they call are baked into the OS. Besides, Firefox blows next to Safari in recent releases. Safari is faster, and its features are fantastic. Reading view is bad ass, and works way better than the reader view in Firefox. Keychain integration (I know, this is an apple-only thing so not really fair), share dialogs, moving tabs between devices intuitively, and pulling pin codes from text messages for auto-filling 2FA checks is just bad ass (I know you have to have Messages / iPhone for this to work).
A lot of it has to do with iOS API design flaws. iOS doesn't allow seamlessly adding new passwords via third party managers, only retrieving ones which are already there. This means that tools like LastPass and Keepassium are crippled relative to iCloud Keychain. Even if you want to use Apple's solution with Safari, you'll find that iCloud Keychain itself is a broken mess on macOS, not being able to export your passwords back out of it in a seamless fashion (Keychain Access won't export any more), with hacks based on AppleScript needed to do a dump of all passwords via Safari's UI instead.
Content Filtering API is also crippled in third party browsers, preventing Firefox from utilising the same filters which you can implement for Safari by downloading appropriate apps. This same issue applies to Edge, where its uBlock Origin integration blows as a result of flawed APIs. I'm all in favour of preventing the use of third party rendering engines to keep the OS lean and efficient but these deliberately coded flaws don't make Firefox a worse browser, they just make iOS a worse OS.
Would you also be against allowing the user to use different browser engines in PC OS?
I'm tired of Google and Apple making the smartphone OS less flexible than PC OSs. Want to keep most people secure? Just set the default to the safe option but also users to toggle that. That's what Google does with the option of installing apps from outside Google Play in Android and I think it's a good compromise
Here are the number of web browsing engines running on my Windows PC because developers, developers, developers:
EdgeHTML - powers my Start Menu search facilities, Microsoft Store, OOBE wizards and UWP software
Trident (IE) - used by Windows Help, PowerShell, Word, MS Outlook and many other apps indirectly
Blink - used by the new Microsoft Edge as it is a fork of Chromium, tracking Google Chrome
QtWebEngine - many Qt apps use this to pull website contents. Powers parts of TeamViewer and OneDrive apps
Webk
Great point. Not supporting a half dozen concurrent web browsing engines is probably something that contributes to iOS's ability to run well in much less RAM than Android.
I dread the impact of Snap / Flatpack / etc. packages on Linux, all bundling random unsupported unaudited unshared versions of dependencies.
Don't know about iOS, but Firefox is my daily driver on Android. Among other things, it supports webextensions [mozilla.org]. As a matter of policy, Apple forbids any web browser from doing that, or doing anything else that would make safari look like the new IE6 piece of shit that it really is.
Although there are extensions out there for password managers, I tend to find that native android password manager apps integrate fine with firefox. Either way, you aren't stuck with any one password manager. Though personally I r
I like Mullvad. They post a document listing which servers they own and physically control. Pick a country that doesn't cooperate with the US and where they own their own servers.
A free AWS instance and your own VPN software is much better than anything anyone else can provide you. Even better if you go get a cheep virtual server from any number of providers out there. I do that, and take a small router that integrates with it with me when I travel abroad so I don't have to lose streaming app content over seas.
A free AWS instance and your own VPN software is much better than anything anyone else can provide you. Even better if you go get a cheep virtual server from any number of providers out there. I do that, and take a small router that integrates with it with me when I travel abroad so I don't have to lose streaming app content over seas.
Goodness...what a cool suggestion.
Would you have any links on how to set this all up?
I think the trouble is that a VPN doesn't really provide you with much additional privacy, if you log into any website anywhere or use the same browser without a VPN then you're immediately de-anonymized. Plus the VPN provider themselves may be snoops.
Upon looking deeper, it seems they are currently transitioning their VPN from old tech to new, better tech, and merging with their DNS tech, as it makes no sense running them separately with so much overlap.
Also, their old name, ipredator.se, was a fitting inside joke at the time when they were new (see blog), but clearly wasn't the best choice.:D
I spend a surprisingly large amount of time 100% disconnected, i.e., without electronic devices of any sort, let alone a phone or laptop, off the grid.
All it takes is putting down the phone and walking away. There *are* other things in life. But how many other people do that, particularly people younger than ancient?
That shouldn't be the case. Chrome first ends the url you're trying to visit to its safe browsing API to determine if the site's been reported as unsafe. This request will be proxied via Apple so that Google can't associate all the urls you're trying to visit against your IP. Apple's concern is that every url visited by every Chrome browser can be logged against the user's source IP via the safe browsing api.
If the site is deemed safe by the API or if you decide to proceed anyways if the site was reported a
Safe browsing lookups are done locally. Chrome has a local database of known bad URLs, and updates them periodically. Lookups are done entirely locally.
They already control the browser, the OS, and have an always-on connection enabled for the delivery of push notifications. They already know your IP, they are already syncing bookmarks (and history?) for most users, and there’s really no need for them to proxy this traffic if what they’re after is that info.
If you’re already in that ecosystem, a shift like this is actually nothing but good, given that you’re cutting one more company out of that data.
Certainly not mine. This just makes Apple that much larger a target, or perhaps, more conveniently, provides a centralized location against which government agencies can direct their effort.
Must we learn the same lesson again and again, that centralized services provide neither safety nor security?
Basically this is Apple expecting Google to do all the actual work and not get paid for it, while Apple just reaps the benefits. Hopefully Google will just block Apple from using the service.
Basically this is Apple expecting Google to do all the actual work and not get paid for it, while Apple just reaps the benefits. Hopefully Google will just block Apple from using the service.
You mean the commercial service Google charges for?
The Safe Browsing API has the browser send a partial hash which returns a list for full matching in private on the client-side. Google doesn't get any useful info to monetise here. Also, since dynamic IPs are a thing on IPv4 residential lines and IPv6 randomises addresses on a regular basis anyway through Privacy Extensions, home users are fine anyway.
This looks like a PR move and nothing more. Who wants to bet the Apple-owned proxy server is hosted using Google Cloud?
I love what Apple is doing to stand up for the rights of ordinary users who know no better but I'm not sure what they gain from this?
IP addresses don’t necessarily change as often as you might think. Without even paying for an IP address, I’ve seen my home address retain the same WAN IPv4 address for years at a time.
Moreover, even if they were changing each night, you can easily link IP address back to device identifiers like cookies or IDFAs, including doing so retroactively, at which point they know who you are. And while you are correct about the final hash resolution being done client-side, if your address isn’t cha
So instead of Google monetizing you, you get apl monetizing you. How is this any better?
Oh? Did you not expect them to use the advertising id with their advertising service?
Also, since dynamic IPs are a thing on IPv4 residential lines and IPv6 randomises addresses on a regular basis anyway through Privacy Extensions, home users are fine anyway.
The IPv6 Privacy Extensions only randomizes the part of the IP address which would otherwise be determined by the Ethernet MAC, so it is no more private than using IPv4 NAT. What this does accomplish is hide which IPv6 addresses on the subnet are populated preventing searches.
Instead of "safe browsing", maybe Apple could just harden their browser against security vulnerabilities. It would be a bit less effort than playing whack-a-mole with every possible piece of malware out there. I know, I know, they'd have to disable Flash (the horror!) and JavaScript (which apparently no website can live without these days... but that's a different rant).
The fact that Apple is doing this is significant: they've effectively given up on the security of their platform, and have outsourced i
Don't know under which rock you've been living for the past 14 years, but iOS has *never* supported Flash, and it's never been available on Safari for iOS since the iPhone introduction.
That alone makes all you rant completely worthless.
Oh, by the way, did anyone told you that javascript is enabled by default by *every* single browser out there, on *every* single platform ?
What fantasy world do you live in that Apple does not monetise your privacy? They have been repeatedly caught out over the last 5 years doing exactly that. Sure Google may be worse but your are in la la land if you think Apple isn't doing the same despite all the evidence to the contrary.
Certainly not mine. This just makes Apple that much larger a target, or perhaps, more conveniently, provides a centralized location against which government agencies can direct their effort.
Must we learn the same lesson again and again, that centralized services provide neither safety nor security?
Here's a lesson for you.
Government vs. [company].
Let me know which [one], has the best track record when it comes to arguments for your privacy.
Oh, and do you have a better idea, on how to overcome this particular issue? This is one company, literally fighting against another company trying to do the very thing you appear to hate. You should probably figure out who's side you want to be on before ignorantly pointing fingers. This battle, will be fought by many going forward. Hate on all of them, and you
Apple wouldn't be storing your requests, just forwarding them on.... Google is.
How exactly would you "Target Apple' more than you would Google? It doesn't increase targeting ability at all, and in fact reduces the footprint of potential targeting since the data that Google stores about the request, is now unrelated to you and also can't be tied back to you through other browsing.
Not relative to Google, per se, but anyone who wants to snoop on any given Apple user can just hack Apple's servers, rather than having to target each Apple user individually. It also means that law enforcement can more easily perform "fishing expeditions" because all Apple user traffic goes through a single entity. If it was decentralized, they'd have to get warrants in every single jurisdiction, rather than just one. Worse, Apple could sell the data itself to law enforcement, circumventing the need fo
While I do trust Apple more than Google, it's a problem that switching to Safe Browsing Mode routes all my requests through Apple. What about people using a VPN? There has to be a switch to disable the Apple proxy setting even when using Safe Browsing Mode.
What about them? You still need to trust the VPN provider, who is handling a lot more of your traffic than what we are talking about here. You could, of course, roll your own VPN, but unless you are a) routing a ton of traffic that isn't yours through it, or b) swapping the outbound interface IP very frequently, you really don't solve the problem.
Funny you mention VPN, because Chrome under Ubuntu is broken, because the browser wont pickup and honour local dns lookups updated by the VPN upon connection.
I use a separate system to handle DNS and the VPN. DNS lookups are done over Tor, through a local dnsmasq instance, and any other network access is done over the VPN.
You sure about that? Are you using their VPN app on your phone? You know the one that they all have that lets you choose the VPN outbound destination, sets up the tunnel for you with the phone OS, etc? Because if the answer is yes, they they COULD, if they wanted, have exactly that info.
You sure about that? Are you using their VPN app on your phone? You know the one that they all have that lets you choose the VPN outbound destination, sets up the tunnel for you with the phone OS, etc? Because if the answer is yes, they they COULD, if they wanted, have exactly that info.
And this is why you use OpenVPN on your phone, as well.
Simply not something that the maker of the device should have control of, no matter what the reason. Because it's a walled garden and the owner of the device doesn't have that level of control of their own device it falls on the manufacturer to "protect" the user. If a device is not in control of its OWNER, then device has malware on it.
I guess you'll be shocked to learn that Android has had similar functionality for years then (not sure which flavors of Android have it enabled though, but its certainly something available on stock Android using a Pixel device). Connecting to an unknown accesspoint will VPN your traffic through Google to "protect" you from the baddies!
Perhaps not actively but behavious wise Chrome is very much broken. If you connect to a VPN, all dns from the connection will fail to resolve, because C fails to "reload" the updated dns servers.
Well, it's a Google feature, so you either have to trust Google or trust a third party that is going to proxy the traffic for you if you want to use it, which you are of course not required to do.
Because the consumer market decided so. Is there a non android non Apple option for mobile devices? Old blackberries? Old windows phones? There are some Linux distros there but the app support is unknown or nonexistent.
Because it's not possible to communicate with trusting no one.
Things like TLS? Relies on certs issued by trusted companies. Roll your own certs or your own keys? Still requires trusting your OS, hardware, and the other device's hardware and OS to set up. As well as the path between them.
Truly "trust no one" isn't possible if you still want to communicate. Someone will always end up as the root of trust, and unless you have your own chip fab, it isn't you.
It's not even necessarily retaliation. One of the few legitimate uses for tracking is to verify users aren't bots. If you disable cookies - for example - you will start seeing "I'm not a robot" forms all over the Internet.
So giant corporation Apple (who charges me lots more for their hardware) will get all my info instead of giant corporation Google that relies upon my data for its advertising revenue?
Pay upfront and go with Apple OR PAYG and let Google know about that present for your mistress that you browsed for?
So you're saying Apl has no advertising revenue?
You might want to look at their balance sheet again. Classic case of misdirection which they're a master of. 'Getting rid of iads' simply meant they're getting rid of the name. They're still selling advertising. So unless you think apl is inferior to Google, you can bet they're using your information
I've not seen any ads on my iPhone or iPad other than those presented by the likes of YouTube. I block all ads on my MacBook Pro so there, the issue is moot.
So-called 'targetted Ads' are ATM a total waste of time. I get emails from Amazon with [cough][cough] suggestions for my reading. Currently, they seem to think that I am having a baby or living with someone who is having a baby. My Eldest son is 30 this year and I've never looked for anything related to babies on Amazon yet... Oh... and I have not bought
Hasnt anybody learnt that Google doesnt care about long term things. A short session is more than enough for them to build a profile (even if its rather poor) to sell ads. Thats why they popularised incognito. Thats their business, nothing is long term its allways short, just like Stadia will die soon.
Are you not tired of this BS ?
If a user want to hide their IP, they can use a VPN. We do not need to bend over and provide all our personal information and meta data to apple ? What in the actual f... is this ? When will the intrusion of Apple, trying to snatch people's identity and control it like Facebook does will STOP ? They aren't any better than Google or Facebook, they just do the same, the difference people will say is that apple supposedly is not reselling the data ; Of course it isn't, it doesn'
Think about what may happen when the apple sales-numbers are crumbling down (what i do hope will happen, i have a major dislike for their ultra-closed-vendor-lock-in-system).
It's not unthinkable that mail, the data from the software-store, from Apple-TV, from this proxy may be "harvested" and resold.
We know about Palantir, but we also realize that this isn't the only company harvesting data...
So be afraid - be very afraid - and don't use this feature. Turn it off. When it cannot turn it off - sell you
Our business is run on trust. We trust you will pay in advance.
No worries (Score:1)
Re: (Score:2)
I guess you dont know how browsers work on iOS then, do ya?
Re: (Score:2)
I guess you dont know how browsers work on iOS then, do ya?
That's "only" the web rendering engine - things like this (safe browsing checks), password sync, history (and sync, if the browser supports it), ad blocking, bookmark sync, UI are different between browsers.
Re: (Score:1, Offtopic)
Re:No worries (Score:5, Interesting)
Content Filtering API is also crippled in third party browsers, preventing Firefox from utilising the same filters which you can implement for Safari by downloading appropriate apps. This same issue applies to Edge, where its uBlock Origin integration blows as a result of flawed APIs. I'm all in favour of preventing the use of third party rendering engines to keep the OS lean and efficient but these deliberately coded flaws don't make Firefox a worse browser, they just make iOS a worse OS.
Re: (Score:2)
I'm tired of Google and Apple making the smartphone OS less flexible than PC OSs. Want to keep most people secure? Just set the default to the safe option but also users to toggle that. That's what Google does with the option of installing apps from outside Google Play in Android and I think it's a good compromise
Re: (Score:2)
EdgeHTML - powers my Start Menu search facilities, Microsoft Store, OOBE wizards and UWP software
Trident (IE) - used by Windows Help, PowerShell, Word, MS Outlook and many other apps indirectly
Blink - used by the new Microsoft Edge as it is a fork of Chromium, tracking Google Chrome
QtWebEngine - many Qt apps use this to pull website contents. Powers parts of TeamViewer and OneDrive apps
Webk
Re: (Score:0)
Parent comment is informative!
Great point. Not supporting a half dozen concurrent web browsing engines is probably something that contributes to iOS's ability to run well in much less RAM than Android.
I dread the impact of Snap / Flatpack / etc. packages on Linux, all bundling random unsupported unaudited unshared versions of dependencies.
Re: (Score:2)
Don't know about iOS, but Firefox is my daily driver on Android. Among other things, it supports webextensions [mozilla.org]. As a matter of policy, Apple forbids any web browser from doing that, or doing anything else that would make safari look like the new IE6 piece of shit that it really is.
Although there are extensions out there for password managers, I tend to find that native android password manager apps integrate fine with firefox. Either way, you aren't stuck with any one password manager. Though personally I r
Re: (Score:2)
Preserve your privacy! (Score:5, Insightful)
By telling US everything you do, not that other slob!
Re: (Score:2)
What's one of the better VPN's available out there these days?
How is ExpressVPN in your opinion?
Looking for advice pro/con on the available ones out there for privacy from, well....everyone.
Re: (Score:0)
I like Mullvad. They post a document listing which servers they own and physically control. Pick a country that doesn't cooperate with the US and where they own their own servers.
Re: (Score:0)
Re: (Score:0)
So, you trust Amazon?
Re: (Score:2)
Goodness...what a cool suggestion.
Would you have any links on how to set this all up?
Thank you in advance!!
Re: Preserve your privacy! (Score:2)
https://www.comparitech.com/bl... [comparitech.com]
Re: (Score:2)
Re: Preserve your privacy! (Score:2)
Try the PirateBay guys' VPN:
https://njal.la/ [njal.la]
For them it's not just a business. It's personal! :)
I think you'd be hard-pressed to find any VPN that you can be more confident in.
Re: (Score:0)
Oh hell yes. +1, Informative. VPS and DNS "registrar" too... oo la la.
Re: Preserve your privacy! (Score:1)
Upon looking deeper, it seems they are currently transitioning their VPN from old tech to new, better tech, and merging with their DNS tech, as it makes no sense running them separately with so much overlap.
Also, their old name, ipredator.se, was a fitting inside joke at the time when they were new (see blog), but clearly wasn't the best choice. :D
Re: (Score:2)
at least when you're dealing with one of the guys that isn't in jail.
Or already cooperating.
Or . . .
Re: (Score:2)
"How is ExpressVPN in your opinion?"
I use it on 5 machines and it works flawlessly. I download a couple of hundred gigs of torrents each month, fast as hell.
Re: (Score:0)
What's one of the better VPN's available out there these days?
No-one knows. It's likely that many (even paid ones) are data mining projects (see the tesonet VPN conspiracies).
Tor is probably your best bet from a privacy point of view.
Re:Preserve your privacy! (Score:5, Insightful)
By telling US everything you do, not that other slob!
If you wish to trust no one, you know where the power button is.
Turn it off, to match your trust level.
Re: (Score:0)
I spend a surprisingly large amount of time 100% disconnected, i.e., without electronic devices of any sort, let alone a phone or laptop, off the grid.
All it takes is putting down the phone and walking away. There *are* other things in life. But how many other people do that, particularly people younger than ancient?
Re: (Score:2)
Why not ...
https://gizmodo.com/give-your-... [gizmodo.com]
What could possibly go wrong?
Re: (Score:3)
You also get to enjoy solving many more captchas, thanks to sharing an IP address with thousands of other people.
Re: (Score:2)
That shouldn't be the case. Chrome first ends the url you're trying to visit to its safe browsing API to determine if the site's been reported as unsafe. This request will be proxied via Apple so that Google can't associate all the urls you're trying to visit against your IP. Apple's concern is that every url visited by every Chrome browser can be logged against the user's source IP via the safe browsing api.
If the site is deemed safe by the API or if you decide to proceed anyways if the site was reported a
Re: (Score:2)
Safe browsing lookups are done locally. Chrome has a local database of known bad URLs, and updates them periodically. Lookups are done entirely locally.
Re: (Score:2)
They already control the browser, the OS, and have an always-on connection enabled for the delivery of push notifications. They already know your IP, they are already syncing bookmarks (and history?) for most users, and there’s really no need for them to proxy this traffic if what they’re after is that info.
If you’re already in that ecosystem, a shift like this is actually nothing but good, given that you’re cutting one more company out of that data.
Whose privacy? (Score:4, Insightful)
Certainly not mine. This just makes Apple that much larger a target, or perhaps, more conveniently, provides a centralized location against which government agencies can direct their effort.
Must we learn the same lesson again and again, that centralized services provide neither safety nor security?
Re: Whose privacy? (Score:5, Insightful)
Which centralized service do you prefer - Google which monetizes your activity or Apple which does not? Or do you have some other alternative?
Re: (Score:-1, Troll)
People here sound so dumb trying to sound so smart.
Re: (Score:-1)
Wow. Please go back to Digg. You are too stupid to live.
Re: (Score:0)
Re: (Score:2)
Basically this is Apple expecting Google to do all the actual work and not get paid for it, while Apple just reaps the benefits. Hopefully Google will just block Apple from using the service.
Re: (Score:2)
Basically this is Apple expecting Google to do all the actual work and not get paid for it, while Apple just reaps the benefits. Hopefully Google will just block Apple from using the service.
You mean the commercial service Google charges for?
https://cloud.google.com/web-r... [google.com]
Re: Whose privacy? (Score:-1)
Re: Whose privacy? (Score:5, Insightful)
Who cares? (Score:4, Informative)
This looks like a PR move and nothing more. Who wants to bet the Apple-owned proxy server is hosted using Google Cloud?
I love what Apple is doing to stand up for the rights of ordinary users who know no better but I'm not sure what they gain from this?
Re: (Score:2)
IP addresses don’t necessarily change as often as you might think. Without even paying for an IP address, I’ve seen my home address retain the same WAN IPv4 address for years at a time.
Moreover, even if they were changing each night, you can easily link IP address back to device identifiers like cookies or IDFAs, including doing so retroactively, at which point they know who you are. And while you are correct about the final hash resolution being done client-side, if your address isn’t cha
Re: Who cares? (Score:1)
Re: (Score:2)
Also, since dynamic IPs are a thing on IPv4 residential lines and IPv6 randomises addresses on a regular basis anyway through Privacy Extensions, home users are fine anyway.
The IPv6 Privacy Extensions only randomizes the part of the IP address which would otherwise be determined by the Ethernet MAC, so it is no more private than using IPv4 NAT. What this does accomplish is hide which IPv6 addresses on the subnet are populated preventing searches.
Re: (Score:3)
Instead of "safe browsing", maybe Apple could just harden their browser against security vulnerabilities. It would be a bit less effort than playing whack-a-mole with every possible piece of malware out there. I know, I know, they'd have to disable Flash (the horror!) and JavaScript (which apparently no website can live without these days... but that's a different rant).
The fact that Apple is doing this is significant: they've effectively given up on the security of their platform, and have outsourced i
Re: (Score:1)
Don't know under which rock you've been living for the past 14 years, but iOS has *never* supported Flash, and it's never been available on Safari for iOS since the iPhone introduction.
That alone makes all you rant completely worthless.
Oh, by the way, did anyone told you that javascript is enabled by default by *every* single browser out there, on *every* single platform ?
Re: (Score:-1)
Re: (Score:0)
Certainly not mine. This just makes Apple that much larger a target, or perhaps, more conveniently, provides a centralized location against which government agencies can direct their effort.
Must we learn the same lesson again and again, that centralized services provide neither safety nor security?
Here's a lesson for you.
Government vs. [company].
Let me know which [one], has the best track record when it comes to arguments for your privacy.
Oh, and do you have a better idea, on how to overcome this particular issue? This is one company, literally fighting against another company trying to do the very thing you appear to hate. You should probably figure out who's side you want to be on before ignorantly pointing fingers. This battle, will be fought by many going forward. Hate on all of them, and you
Re: (Score:2)
Government
How is Apple a target? (Score:2)
his just makes Apple that much larger a target
Apple wouldn't be storing your requests, just forwarding them on.... Google is.
How exactly would you "Target Apple' more than you would Google? It doesn't increase targeting ability at all, and in fact reduces the footprint of potential targeting since the data that Google stores about the request, is now unrelated to you and also can't be tied back to you through other browsing.
Re: (Score:2, Insightful)
Not relative to Google, per se, but anyone who wants to snoop on any given Apple user can just hack Apple's servers, rather than having to target each Apple user individually. It also means that law enforcement can more easily perform "fishing expeditions" because all Apple user traffic goes through a single entity. If it was decentralized, they'd have to get warrants in every single jurisdiction, rather than just one. Worse, Apple could sell the data itself to law enforcement, circumventing the need fo
Re: (Score:2)
anyone who wants to snoop on any given Apple user can just hack Apple's servers
They can also "just hack Google's servers" which have approx the same level of security (Apple's probably somewhat better).
It also means that law enforcement can more easily perform "fishing expeditions" because all Apple user traffic goes through a single entity.
And the same is true for Google so....
On the other hand, if local contractors were willing to sell their customer lists,
No.
So it has come to this (xkcd 1022) (Score:2)
While I do trust Apple more than Google, it's a problem that switching to Safe Browsing Mode routes all my requests through Apple. What about people using a VPN? There has to be a switch to disable the Apple proxy setting even when using Safe Browsing Mode.
Re: (Score:3)
What about people using a VPN?
What about them? You still need to trust the VPN provider, who is handling a lot more of your traffic than what we are talking about here. You could, of course, roll your own VPN, but unless you are a) routing a ton of traffic that isn't yours through it, or b) swapping the outbound interface IP very frequently, you really don't solve the problem.
Re: (Score:2)
Except the VPN provider doesn't know which device I'm using, doesn't have direct access to device IDs, etc.
Re: (Score:2)
And you know that because...?
Re: (Score:2)
Because OpenVPN is a thing? Wireguard is a thing? Source code is a thing?
Don't use closed, proprietary clients. Use the open source clients. Configure them as needed.
Re: (Score:2)
Re: (Score:0)
I use a separate system to handle DNS and the VPN. DNS lookups are done over Tor, through a local dnsmasq instance, and any other network access is done over the VPN.
Re: So it has come to this (xkcd 1022) (Score:1)
Seriouly, what are you doing here if you have never even set up your own VPN?
Re: (Score:2)
Re: (Score:2)
You sure about that? Are you using their VPN app on your phone? You know the one that they all have that lets you choose the VPN outbound destination, sets up the tunnel for you with the phone OS, etc? Because if the answer is yes, they they COULD, if they wanted, have exactly that info.
And this is why you use OpenVPN on your phone, as well.
Re: (Score:2)
It's amazing that they're able to get the packets back to you without knowing anything about you.
Oh wait...
Sounds good but no (Score:2)
Simply not something that the maker of the device should have control of, no matter what the reason. Because it's a walled garden and the owner of the device doesn't have that level of control of their own device it falls on the manufacturer to "protect" the user. If a device is not in control of its OWNER, then device has malware on it.
Re: (Score:3)
So I take it you're using a PinePhone after having audited all the OS sources along with the SIM and LTE modem firmware.
Re: (Score:2)
Almost forgot about auditing the die masks used on all the silicon.
Re: Sounds good but no (Score:2)
This is a feature that users can turn on and off.
Re: (Score:2)
I guess you'll be shocked to learn that Android has had similar functionality for years then (not sure which flavors of Android have it enabled though, but its certainly something available on stock Android using a Pixel device). Connecting to an unknown accesspoint will VPN your traffic through Google to "protect" you from the baddies!
Re: (Score:2)
Re: (Score:2)
And you might start to realise: the browser does not know if you are using a VPN or not. ...
Does not matter if it is Chrome, IE or what ever
Re: (Score:2)
Re: (Score:2)
Could be that Chrome insists to use the google ones. 4.4.4.4 and 8.8.8.8 I think.
Why is the choice to trust apple or trust google? (Score:3)
Surely we should be at a stage of trust no-one, and our computing to be structured in such a way that we don't have to.
but oh.... surveillance and advertising go hand in hand.
Re: (Score:2)
The disciples of Fox Mulder have known this for nearly three decades now.
Re: Why is the choice to trust apple or trust goog (Score:1)
Doesn't that imply that they trust Mulder and thereby break their own rule? :D
Re: (Score:2)
The lone gunmen trusted Mulder only to the extent they'd let Frohike hang around that hot redhead, Scully.
Re: (Score:2)
Why is the choice to trust apple or trust google?
Well, it's a Google feature, so you either have to trust Google or trust a third party that is going to proxy the traffic for you if you want to use it, which you are of course not required to do.
Re: Why is the choice to trust apple or trust goog (Score:2)
Because the consumer market decided so. Is there a non android non Apple option for mobile devices? Old blackberries? Old windows phones? There are some Linux distros there but the app support is unknown or nonexistent.
Re: (Score:2)
Because it's not possible to communicate with trusting no one.
Things like TLS? Relies on certs issued by trusted companies.
Roll your own certs or your own keys? Still requires trusting your OS, hardware, and the other device's hardware and OS to set up. As well as the path between them.
Truly "trust no one" isn't possible if you still want to communicate. Someone will always end up as the root of trust, and unless you have your own chip fab, it isn't you.
meet the new boss (Score:2)
OK so security today is to just trust that (Score:2)
Apple says... (Score:2)
All your data are belong to us.
what is old is new again (Score:2)
Google retaliates 3...2..1 (Score:0)
Every apple safari user will probably now get annoying multiple solve this captcha with every page browse
Re: Google retaliates 3...2..1 (Score:2)
It's not even necessarily retaliation. One of the few legitimate uses for tracking is to verify users aren't bots. If you disable cookies - for example - you will start seeing "I'm not a robot" forms all over the Internet.
I feel much safer! (Score:2)
Re: (Score:2)
So giant corporation Apple (who charges me lots more for their hardware) will get all my info instead of giant corporation Google that relies upon my data for its advertising revenue?
Pay upfront and go with Apple
OR
PAYG and let Google know about that present for your mistress that you browsed for?
Which is it to be eh?
Your choice.
Re: I feel much safer! (Score:1)
Re: (Score:2)
I've not seen any ads on my iPhone or iPad other than those presented by the likes of YouTube. I block all ads on my MacBook Pro so there, the issue is moot.
So-called 'targetted Ads' are ATM a total waste of time. I get emails from Amazon with [cough][cough] suggestions for my reading. Currently, they seem to think that I am having a baby or living with someone who is having a baby. My Eldest son is 30 this year and I've never looked for anything related to babies on Amazon yet...
Oh... and I have not bought
Irrelevant (Score:2)
Re: (Score:1)
Re: (Score:2)
Think about what we're trying to do (Score:2)
"Is hot bitches 69 a safe site?"
"Is hot bitches 70 a safe site?"
"Is hot bitches 71 a safe site?"
"Hey, you're not telling anyone I'm into hot bitches, are you?"
Another attempt at "deciding" what good. (Score:2)
Re: (Score:2)
Ordinary ppl do not know what a VPN is - hence they can not use one.
I like it. (Score:1)
What 'll hapen when Apple's results tumble? (Score:0)
It's not unthinkable that mail, the data from the software-store, from Apple-TV, from this proxy may be "harvested" and resold. We know about Palantir, but we also realize that this isn't the only company harvesting data...
So be afraid - be very afraid - and don't use this feature. Turn it off. When it cannot turn it off - sell you