727
submitted 1 month ago by King@r.nf to c/technology@lemmy.world

you are viewing a single comment's thread
view the rest of the comments
[-] mp3@lemmy.ca 93 points 1 month ago* (last edited 1 month ago)

Considering how most of the Internet is encrypted with TLS, if you add DNSSEC+DoH/DoT on top, trying to MITM someone on a public WiFi is way harder than it was, unless you're a state-level adversary and you're able to craft valid certificate for a domain you don't control from a globally trusted (root) certificate autority (which will lose its trusted status quite fast once discovered, ex: CNNIC)

[-] hamsterkill@lemmy.sdf.org 52 points 1 month ago

Not all applications on your computer may be encrypting their packet traffic properly, though. That goes especially for the applications that might be trying to reach out for resources on your local home network (like printers, file shares, and other home servers) as well as DNS requests which are usually still made in the open. I would not recommend eschewing an entire security layer willy-nilly like that. On public Wi-Fi, I would definitely still suggest either a VPN or using your cell phone as a tether or secure hotspot instead if possible.

[-] MimicJar@lemmy.world 3 points 1 month ago

Sure, but it's also like, if you're stepping away from your laptop for a few minutes should you lock the screen or shut it down completely.

The most secure option is to shut it down completely, but also it's fine to just lock your screen.

If you've already got a VPN and it's as easy as locking your screen to enable, go for it, use it. But if you don't, you don't need to go out and get one. You'll generally be ok without one.

[-] Wild_Mastic@lemmy.world 7 points 1 month ago

The most secure option is bringing the laptop with you.

[-] discount_door_garlic@lemmy.world 4 points 1 month ago

I mean, technically - the most secure option is irrevocably destroying the laptop everytime you have a break.

[-] idunnololz@lemmy.world 1 points 1 month ago

Oh so a one time pad

[-] grandkaiser@lemmy.world 1 points 1 month ago* (last edited 1 month ago)

The most secure & economical option is to never go outside

As a network security expert, I've got that on LOCK

[-] linearchaos@lemmy.world 39 points 1 month ago

Yeah, the days of your local coffee shops Wi-Fi being a problem or mostly gone. Not the VPN doesn't have a place anymore though. If you're trying to hide your downloading of ISOs from your ISP it's still a perfectly reasonable method. Or temporarily relocating yourself to another country to make a purchase or watch some streaming content both perfectly reasonable.

Of course some of the streaming providers are getting wise to this.

[-] metaStatic@kbin.earth 30 points 1 month ago

why would I need to hide my terabytes of Linux ISO downloads?

[-] linearchaos@lemmy.world 24 points 1 month ago
[-] Warl0k3@lemmy.world 11 points 1 month ago

It's all fun and games until a Microsoft Purity Enforcement squad is kicking in your door.

[-] linearchaos@lemmy.world 9 points 1 month ago

Nah, it's all good I subscribe to Linus Torvalds protection services. When the Microsoft vans get within four blocks of my address, They'll drop ship in dozens of fully-armed penguin paratroopers. After the incursion they even send in a penguin based cleaner team to help get rid of the remains.

[-] jonne@infosec.pub 5 points 1 month ago

You don't want their admin to contact you about how you're a n00b for not using Arch.

[-] catloaf@lemm.ee 3 points 1 month ago

Because we see which distros you're using, and we judge you for it.

Gentoo, in 2024? Really? You should be using Arch if that's your thing. It's not the 90s any more.

[-] kameecoding@lemmy.world 1 points 1 month ago

Arch? I prefer EndeavorOS as it lets me easily install an arch distro using a nice GUi, I really don't care about the nitty gritty of setting up my own network manually, i am like 99.9% of people in that regard

[-] Semi_Hemi_Demigod@lemmy.world 9 points 1 month ago

I have a VPN so I can securely access my home network when I’m away

[-] linearchaos@lemmy.world 4 points 1 month ago

Yeah, pptp will always have a strong purpose and home. I'm more speaking to the viability of commercial anonymization VPN.

[-] anamethatisnt@lemmy.world 5 points 1 month ago

I have a feeling you are using pptp as shorthand for Point to Point disregarding protocol and already knows what I'm about to say. To anyone else reading this - PPTP is obsolete and unsafe. Use an alternative such as OpenVPN, WireGuard or SSTP.

[-] linearchaos@lemmy.world 2 points 1 month ago

Tailscale FTW. I honestly haven't looked at the underlying protocols in years. Was using ubiquiti's implementation of openVPN but it seemed to get grumpy when you connect one user multiple times.

Poking around at available products, I had settled on zero tier and tailscale, I went ahead and tried tail scalefirst because it was basically free for my house. One month in, I had a few decent detectable guys at work join me on a trial there. Full licenses for everybody at work cost less than my Cisco refresh. And makes it so that the office is no longer a critical hosting site.

[-] anamethatisnt@lemmy.world 2 points 1 month ago

OpenVPN allows multiple connections if you enable duplicate-cn:
--duplicate-cn
Allow multiple clients with the same common name to concurrently connect.
In the absence of this option, OpenVPN will disconnect a client instance upon connection of a new client having the same common name.
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

There's also headscale if you wanna selfhost the tailscale control server:
https://github.com/juanfont/headscale

[-] linearchaos@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

It was allowing me to make multiple connections but they were unpredictable, I assumed it was a unifi problem back in the day thanks for the information!

[-] TexasDrunk@lemmy.world 3 points 1 month ago

I use a VPN for the same reason I use the Internet. Porn.

[-] EncryptKeeper@lemmy.world 1 points 1 month ago

That’s not what these commercial VPNs are for.

[-] Willem@kutsuya.dev 7 points 1 month ago
[-] jbk@discuss.tchncs.de 3 points 1 month ago

Interesting read, thanks!

this post was submitted on 06 Oct 2024
727 points (90.7% liked)

Technology

59438 readers
4322 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS