The security researcher is an employee for Brave, a competitor that makes a browser too, and sells a white-label VPN that you also purchase and enable from the browser.
I would touch neither Edge “VPN”,
nor “Brave” VPN.the problem with edge’s (allegedly) is not just it’s white-label, though. that would make it a VPN.
Touche; the two things aren’t similar under the hood, but the user interface (being controlled directly from the browser) definitely is. And while Microsoft’s sales pitch is deceptive, it’s clearly a competitor to offerings from companies like Brave, Opera, DuckDuckGo, every Android app that offers a “free VPN” baked into a Chrome shell.
Sorry, we meant to say VVPN but
CortanaCopilot autocorrected it. It’s a virtual VPN, you get to feel like your browsing is private without wasting processor cycles on silly little things like added layers of encryption.Enough of this nerd talk though, let’s get Edging™!
I’m already edging prematurely
You guys gotta stop talking like that or I’m going to bing.
Time to DD-go.
Hey Jeeves! Come clean up this mess.
You guys are so great for a dreary Monday.
The original use case for this stuff was unencrypted HTTP with a public WiFi connection, in which case your ISP is the owners of whatever shop you’re in and yeah they could see everything.
If you’re at home or whatever it offers effectively no benefits, doesn’t “block trackers” or whatever nonsense like Nord claims, but I don’t think Microsoft ever claimed that it did.
If you’re at home or whatever it offers effectively no benefits
Porn.
Also my ISP sniffs packets enough to send copyright complaints, so I’d rather outsource that exposure to a country with privacy laws.
This isn’t sending your packets anywhere but their closest datacenter, not sure I’d trust MS (Or rather, Cloudflare) with your porn rather than your ISP who you’re actually paying.
For porn (in most of the us), the goal is geolocation spoofing to avoid ID requirements, not anonymity.
That said, I doubt edge achieves even that, since they likely keep their servers in the states. I was more talking about VPNs broadly.
Sure. It is a user data collection funnel, developed with love and care, as to maxize MS shareholdee value, and increase the size of Bill Cates’s bank accounts.
No one should use it.
It’s like Opera VPN: they change your location and call it a VPN, but it works like a proxy in their browser. In this case, it’s powered by Cloudflare and works like a limited proxy version of WARP, connecting to the nearest server available instead of changing your country. I think a built-in VPN for the OS with an option to disable it in certain apps would be better.
From what I can tell… that is actually what most people WANT in their VPN. They don’t care about privacy or anonymizing data. They just want to hide information from the LAN admin and/or appear to be in a different region for the purposes of content (used to be so they could watch European Netflix. Now it is so they can watch Colorado Pornhub…).
I dunno. I’ve been in far too many Internet Arguments ™ with people over what they ACTUALLY think a VPN is. People watch ltt’s ads and figure they just pay for a VPN and leave it on 24/7 and that will solve all their problems. When the reality is that they are actively ignoring their actual cookie and activity based footprints and it just means that Google et al have a note that says “John Doe of 123 Fake Street in Bumfuck Wisconsin connects via an endpoint in Denmark”.
And while I wouldn’t trust microsoft at all for… anything? Do y’all really think those black box companies paying youtubers to lie to you about what VPNs do aren’t collecting your data?
“I need a vpn”
Why?
“Privacy”
You trust SuperNeatVPN headquartered in $unregulatedCountry more than your own ISP? It’s all TLS now anyways.
“I run a VPN because Joe Rogan says I need to in order to be secure”
Man, do you know how much of a pain in the ass it is when people run VPNs on their BYOD or work device (hey I don’t manage it, I’m just the MSP), have an established history of popping up all around the world, and then eagerly click the phishing links?
https://gist.github.com/joepie91/5a9909939e6ce7d09e29
EDIT: If you do absolutely need privacy, then use Tor.
Tor exit nodes are vulnerable to various levels of attacks.
But it also doesn’t change the underlying problem. If you put ALL of your traffic through Tor? Cool. You have accomplished nothing (other than flagging yourself because of what exit nodes you are accessing from) because your cookies and even behavior are still being correlated.
Like… it doesn’t take much to question why FightThePower_6969 looks at both /r/antifa101 AND /r/denver, for example. Ooh, and they also look at /r/warhammer40k and have a cookie from this website listing bus schedules and…
I do agree that tor is an amazing (if problematic) tool and it is generally the gold standard for when you need to obfuscate traffic in a way that doesn’t involve giving mullivad your credit card number. But people still need to understand what traffic they are putting into each different port. And even realize that there are some truly nasty tracking methods out there that can do nasty stuff with even OS level DNS caching between browsers.
Isnt it a security bonus, if not all data is sent throught the edge “VPN”?
Within the browser, it’ll work to “protect” your traffic (including DNS) from prying eyes locally. As in, someone on the same network as you or your ISP or whatever networks your traffic passes through to its destination.
Instead, it sends it all to Microsoft Central Data Collection™! By passing all your traffic through Microsoft’s central servers, you can rest easy, knowing precisely who is inspecting everything you do (including the US government and the other countries in the Five Eyes network).
Let’s be honest: It’s yet another unfair transfer of power from local criminals to international ones, increasing the wealth of billionaire pedophiles. Give the locals a chance to rise up, would ya?
