PIA and their "advertising"

[piratemonkey]

6 minutes ago, Vitamanic said:

You're wrong.

 

You're conflating review samples with revenue streams. LTT sponsor money keeps them afloat, review samples do not. In addition, LTT likes to mix sponsorship business sectors with their "reviews". Any YouTuber that cares about being impartial doesn't take sponsors that blur into their area of review. 

You seem to be missing the fact that when LTT (or any other of it's channels) makes a sponsored video, They make it clear that it is. For that specific Lenovo video, not even a second in, there's a lower third that says 'sponsored by Lenovo Legion', the top of the description says the same thing. 

With the blurring thing, if you mean the company sponsors one video for it, but then LTT makes a review of it, that has never happened. 

You are also missing the point of why LTT has never been called out by anyone of importance before. Linus or anyone on his team, have never made a positive review for a bad product, or a bad review for a good product. For me, There has been no misinformation in reviews, and that has led me to not care if Linus reviews a product a tad bit more positively than most. If I will buy a product, I'll do research on it. For most, I think that's what they'll think too.

 

Also, I'm going to withdraw from this discussion, as you seem to think what you believe is absolutely right and not wrong whatsoever, and this isn't benefiting me or anyone else

[Kilrah]

7 hours ago, Vitamanic said:

Because you can't be impartial sometimes when other times you take money from hardware manufacturers forcing you to say nice things.

LTT wouldn't be that successful if that was the case. They are perfectly able to separate the 2 completely.

 

You've got the sponsored pieces you know are recited marketing talking points that you only take as "oh, this exists", and you've got the reviews that in the many years I've been watching LTT have always been honest.

 

The manufacturers also know that people are going to turn against them if they encourage/force people to bias actual reviews, so they don't. They're not going to down/block the full review of a product that was also showcased since it would be way too risky, they instead welcome the dual exposure...

[AngryBeaver]

18 hours ago, piratemonkey said:

Actually, most people will recommend that when using TOR you should use a VPN. Otherwise your traffic is less secure. Please always use a VPN when using TOR. It's pretty much dangerous otherwise

You can use the two in tandem for a little extra layer of security, but unless you are using plaintext the connections will already been encrypted by something like SSL.

 

You have a similar chance of someone sniffing plaintext traffic on normal, vpn, or TOR. So depending on what type of information it was also tells us how effective anonymity is. TOR and a VPN make it harder to identify you and also provide a secure channel when on something like an insecure wifi. Though anything encrypted would still be safe in that scenario. Now once that traffic (again if plaintext) exits TOR or a VPN it is again just as succeptical to being seen.

 

We are at a point where most connections either already use 100% or flip over to a SSL connection. So your random Google search might not be safe from prying eyes, but your login, email , files, etc all will be.

[piratemonkey]

5 hours ago, AngryBeaver said:

Though anything encrypted would still be safe in that scenario.

Once it leaves the public wifi's ISP provider. Having an open wifi means no encryption, which means that a packet sniffer (or something similar) could be used effectively, even if HTTPS/SSL/any other encryption standard is used. A VPN solves that problem. 

5 hours ago, AngryBeaver said:

Now once that traffic (again if plaintext) exits TOR or a VPN it is again just as succeptical to being seen.

A VPN encrypts traffic before it gets routed through the TOR network. It's actually really easy to pick up unencrypted traffic (TOR provides no encryption). Because TOR re-routes traffic before it hits the internet (Traffic goes from you, to your ISP, to the VPN server [if being used], to TOR, then the search engine retrieves results from the internet), it doesn't get encrypted by HTTPS/SSL. 

The first big WikiLeaks leak happened because the U.S government didn't take precautions to use something like a VPN (or an encrypted proxy) when using TOR. The founder [of WikiLeaks] just recorded traffic going through the TOR node he set up. 

5 hours ago, AngryBeaver said:

TOR and a VPN make it harder to identify you

As long as both are used. When TOR is used by itself, you stand out like a glow stick to whoever can see usage, etc. for the network. There's a story that a student at a college used TOR to make bomb threats, but because he didn't use a VPN (and only connected to TOR when he made the threats) it was really easy to know that that student made the threats. 

 

All this isn't to say that TOR and a VPN is a magic bullet. If, like your saying, you're using plain text connections (or without proper encryption in browser), people can see your traffic on the internet. That's one of the ways the NSA or CIA can track people.

[nonamesm3]

2 hours ago, piratemonkey said:

Once it leaves the public wifi's ISP provider. Having an open wifi means no encryption, which means that a packet sniffer (or something similar) could be used effectively, even if HTTPS/SSL/any other encryption standard is used. A VPN solves that problem. 

A VPN encrypts traffic before it gets routed through the TOR network. It's actually really easy to pick up unencrypted traffic (TOR provides no encryption). Because TOR re-routes traffic before it hits the internet (Traffic goes from you, to your ISP, to the VPN server [if being used], to TOR, then the search engine retrieves results from the internet), it doesn't get encrypted by HTTPS/SSL. 

The first big WikiLeaks leak happened because the U.S government didn't take precautions to use something like a VPN (or an encrypted proxy) when using TOR. The founder [of WikiLeaks] just recorded traffic going through the TOR node he set up. 

As long as both are used. When TOR is used by itself, you stand out like a glow stick to whoever can see usage, etc. for the network. There's a story that a student at a college used TOR to make bomb threats, but because he didn't use a VPN (and only connected to TOR when he made the threats) it was really easy to know that that student made the threats. 

 

All this isn't to say that TOR and a VPN is a magic bullet. If, like your saying, you're using plain text connections (or without proper encryption in browser), people can see your traffic on the internet. That's one of the ways the NSA or CIA can track people.

As I said previously. Encyption, https, Tor whatever happens IN your browser INSIDE your computer BEFORE it leaves your computer. You are still trying to claim that the encryption happens outside of your computer.

 

You are even saying that Tor does not provide encryption. Are you kidding me.

[piratemonkey]

15 minutes ago, nonamesm3 said:

You are even saying that Tor does not provide encryption. Are you kidding me.

I didn't double check that claim, because I thought I was right. The TOR documentation does say that information is encrypted when going through nodes. Sorry about that, and thank you for correcting me. 

 

20 minutes ago, nonamesm3 said:

As I said previously. Encyption, https, Tor whatever happens IN your browser INSIDE your computer BEFORE it leaves your computer. You are still trying to claim that the encryption happens outside of your computer.

Where did you get this information (serious question, not being passive aggressive, I want to learn)?

I'm under the impression that, even with encryption, my ISP (for example) can see whatever info/data that goes out to the internet (provided you don't have a VPN). Is this wrong?

If you could learn me some facts, that's be great. I have no problem eating humble pie.

(to reiterate, this isn't rhetorical, if you have actually true information, I would love to learn as I'm passionate about privacy)

[nonamesm3]

No, when you use Https all your traffic is already encrypted when it leaves your computer and your ISP is not seeing it. They may see the title of the website like linustechtips.com but that's it. They don't see the rest of the address like topic or any information on this site or any other site that uses Https. Just the main address.

[AngryBeaver]

1 hour ago, piratemonkey said:

I didn't double check that claim, because I thought I was right. The TOR documentation does say that information is encrypted when going through nodes. Sorry about that, and thank you for correcting me. 

 

Where did you get this information (serious question, not being passive aggressive, I want to learn)?

I'm under the impression that, even with encryption, my ISP (for example) can see whatever info/data that goes out to the internet (provided you don't have a VPN). Is this wrong?

If you could learn me some facts, that's be great. I have no problem eating humble pie.

(to reiterate, this isn't rhetorical, if you have actually true information, I would love to learn as I'm passionate about privacy)

Encryption is point to point. I won't go into too much detail on public and private keys, but basically your machine and thr end machine establish a secure connection that only the end machine can decrypt (outside of a few scenarios). You also have certificates issued by a cert authority to establish identity for a server. Which is why a mitm attack throws a certificatd error because it isn't an official signed cert for the end connection you are trying to establish.

 

 

 

So being on an unsecured wifi or even connection only affects clear text communications. Now it does open your machine up to some different vulnerabilities on that segment or even web wide if the firewall rules are too liberal. Also by clear text I mean any type of obfuscation an computer can read like plaintext a good example of this would be base64.

[Sylvie]

On 7/7/2020 at 10:55 AM, Mad153 said:

Sorry if this has been posted before or if I'm in the wrong subsection.

 

Ltt has had a PIA sponsorship for years now, and they've been trying (imo) to mislead the public. The thing that really annoyed me, in today's techlinked, is this:

 

Two things annoyed me here: 

First, the visible search term. It's almost impossible to go to a modern day search engine and get a result via http. If you manually change the URL, it sends you back to the encrypted version. There is no way, unless you get out of your way to do so,  to send a search query using http.

 

Sure, if you are using IE 6 or something ridiculous, you may be able to. But VPNs are just a tunnel, and at the end of the tunnel, your data leaves to the rest of the internet, unencrypted. 

 

Secondly, the Gmail part of the "unencrypted" version. Unless the worry here is your school or work or ISP etc seeing that you are using Gmail, for some reason, this seems to also be misleading.

 

(And before you say what about places such as China, if they are watching from China, they first already have a VPN and secondly know that having a paid VPN is illegal there.)

 

 

This is because, since 2014, there has been no way to receive, view or send emails with Gmail over http. 

Source: https://gmail.googleblog.com/2014/03/staying-at-forefront-of-email-security.html?m=1

 

I don't think scaring people is a good way to go about business at all, especially as they run these ads towards less tech savvy people too on their website.

 

Oh, and wasn't pia bought by a massive advertising company a while back?

there's a lot you're right about, as well as some info you're missing.

 

- your data has, for the most part, been sent and receieved using a secure tunnel (HTTPS) since 2016-2018.

So yes, while you're connecting to a network, which has an encrypted tunnel, your data isn't then just unencrypted the rest of the way any more. Not unless you're specifically using unsecure HTTP.

 

- using a VPN is still useful for shared and public networks, as while ARP spoofing and man-in-the-middle attacks are rarer now, a person with enough knowledge could still technically view certain content you might not want them snooping on. It also helps against snoopy governments and ISPs, and helps you get around blocks, both locally and nationally.

 

- people on the network can see what sites you're connecting to, and they could see the contents of websites with no security tunnel, where the browser now tells you it's unsecure, but that's all, unless they're specifically very knowledgable about compsec. most skiddie attacks won't work anymore, and a VPN company actually had their ad banned by a UK regulator because of the misleading claims.

 

-some networks and ISPs prioritise certain types of traffic over others, and a VPN means that they can't do that to you.

 

-metadata gives away a fair amount of information and wanting to keep that private isn't necessarily a bad thing.

 

there's probably a lot more i could go into detail on if you're interested. because i think it's important that we don't let ads mislead us, and big companies make misleading ads all the time. VPNs are something i love talking about, so please respond if you want to know more, or want to point out something i said. i welcome feedback and discussion.

 

[AngryBeaver]

1 hour ago, Sylvie said:

there's a lot you're right about, as well as some info you're missing.

 

- your data has, for the most part, been sent and receieved using a secure tunnel (HTTPS) since 2016-2018.

So yes, while you're connecting to a network, which has an encrypted tunnel, your data isn't then just unencrypted the rest of the way any more. Not unless you're specifically using unsecure HTTP.

 

- using a VPN is still useful for shared and public networks, as while ARP spoofing and man-in-the-middle attacks are rarer now, a person with enough knowledge could still technically view certain content you might not want them snooping on. It also helps against snoopy governments and ISPs, and helps you get around blocks, both locally and nationally.

 

- people on the network can see what sites you're connecting to, and they could see the contents of websites with no security tunnel, where the browser now tells you it's unsecure, but that's all, unless they're specifically very knowledgable about compsec. most skiddie attacks won't work anymore, and a VPN company actually had their ad banned by a UK regulator because of the misleading claims.

 

-some networks and ISPs prioritise certain types of traffic over others, and a VPN means that they can't do that to you.

 

-metadata gives away a fair amount of information and wanting to keep that private isn't necessarily a bad thing.

 

there's probably a lot more i could go into detail on if you're interested. because i think it's important that we don't let ads mislead us, and big companies make misleading ads all the time. VPNs are something i love talking about, so please respond if you want to know more, or want to point out something i said. i welcome feedback and discussion.

 

If we look at vpns from a business stance they are almost a legacy thing. I am sure it will take another 5-10 years before it is dead, but SDP and zero trust are the new hotness.

 

I mean 10-15 years ago this would be a completely different argument, but now (even more so after the Snowden leak) secure communication is enforced by most places, tools, and apps.

 

It was mentioned earlier that your isp or the government can see your dns request when visiting a website, but even that can he encrypted now via various means like DOT ( dns over tls), DOH (dns over https), and dnscrypt.

 

The biggest tracking mechanism now is cookies.