VPNs, proxies and privacy

QuHno

@steffie There is a difference between private and incognito.

If you are in a meeting and then go to another room without other people in, you are in private, but not incognito. Everybody still knows that it was you who went to that room (your data collecting ISP will for sure, as will everybody who can correlate IP addresses). People outside of the building will not know that you have entered the room.

If you enter the meeting wearing a mask, you are incognito, not private, because everybody still sees that someone entered the room (our ISP will even know who you are). If you talk to another person in that meeting, everybody will still be able to listen what you are talking about. Everybody can do some educated guess who you are by e.g. the way you walk, your body height, get information about if you are male or female, etc unless you wear a full body Pikachu costume - which of course makes you still stick out like a sore thumb. People outside of the building will not know who that Pikachu is too, provided you did not put on that costume in public.

The only way to do what you want is by wearing a mask and going to that other room without passing the meeting room. Oh - and make sure nobody saw you when you put on that mask and nobody can trace where you came from before you have put on that mask. You will stick out like a sore thumb to all who saw you entering the building but people in the meeting will not know that some Pikachu entered the private room (e.g. your ISP will see that you have connected to a real VPN, but that's it) .

Not the best analogy (but still beats cars )and by no means complete, I know. It is still early morning here and I had only 2 cups of coffee, so feel free to add better scenarios involving more Pokémon.

I had some discussion about the "Private/Incognito Window" term when those "private" Windows were first introduced and suggested "forgetful window" - so that term is taken, you need to invent a new one

So what is your suggestion for a better name?
(Honest question because I don't know a fitting one, all feel awkward)

luetage

@quhno How about ignorant window?

Pesala

@quhno said in VPNs, proxies and privacy:

So what is your suggestion for a better name?

Clandestine?

Steffie

@quhno I know nothing about Pokémon, but have no problem concurring with the majority of your metaphorical riposte. I do not deny for a moment that online privacy+anonymity+safety+security, is tricky, damn tricky, & these days might well be all but impossible. It's specifically that i do agree with you that always makes me bristle each time i hear or read someone mentioning that they use Private Windows / Incognito Mode / Thing Wot Evades Our Best Naming Endeavours & opines that in any meaningful way it is protecting them. Lots of people lean more heavily on a fuzzy rather than acute nomenclature interpretation [i'm not justifying such intellectual laziness, just mentioning it], hence IMO using any imprecise term for a part of the privacy+anonymity+safety+security morass is likely to make such users falsely assume that when using this mode they're now The Invisible Man/Woman/GenderTBAEntity.

Naming Possibilities? Oh i dunno:

1. Transient Mode
2. Ephemeral Mode
3. Cookieless Mode
4. Spouse/Partner/Significant-Other Mode
5. Not Really Safe But Ask Yourself Just One Question Punk Do You Feel Lucky Mode

Why not hold an official poll on a putative better name?

QuHno

@pesala:

• "disconnected" because you are logged out of everything (unless you log in in the private window)?
• "isolated" because it has (almost) nothing to do with other windows?

(I am no native English speaker, so I don't know if those have the right ring to them)

QuHno

@steffie said:

Spouse/Partner/Significant-Other Mode

I'd like that, especially if you'd add some /too-young-to-see-which-pr0n-sites-I-visited to it

... but the "private" mode indeed protects from some of the simpler tracking methods because cookies and some other local data are not shared with normal windows, i.e. you are logged off from F and G in that kind of window - but it is not cookieless - cookies can be set in that window during the "private" session.

Steffie

@quhno Whilst this would be incomprehensible to anyone not a fan of Monty Python, another possible name is

Nudge nudge, wink wink, say no more Mode

QuHno

@steffie "You know nothing" (Fawlty Towers) would be nice too

Steffie

@quhno Or, from a couple of decades earlier, the Sargeant Schultz line;

I know narthink, naaaaaaarthink.

https://www.youtube.com/watch?v=UmzsWxPLIOo

TbGbe

@steffie said in VPNs, proxies and privacy:

Why not hold an official poll on a putative better name?

Why not call it "Forgetful Mode", as (only) your PC remembers nothing about the session when it's finished.

Steffie

@tbgbe Amnesiacs Anonymous?

Oops, no obviously that's incorrect.

Amnesiacs Unanonymous?

LonM

@steffie said in VPNs, proxies and privacy:

Naming Possibilities?

"Temporary Browser Profile Window". That describes exactly what it's doing and fits it into 4 words. You could probably just shorten it to "Temp Profile Window" or "Temp Browsing Window".

wognath

Thanks for a very informative article and interesting discussion. I will reread several times as head spins more slowly... For now, I have a question.

a VPN service on your computer encrypts the data, sends it over via the Internet to the destination VPN server

Suppose I'm connecting to a bank over hotel wifi, and I don't care who knows; of course, I don't want anyone to see my data. If the connection is https and the certificate checks out, then am I correct in thinking that a VPN adds little in terms of data security (tunnel within a tunnel)?

Morg42

@quhno said in VPNs, proxies and privacy:

• "disconnected"

Nah, sounds like "offline browsing window"

• "isolated" because it has (almost) nothing to do with other windows?

I think this pretty much nails it. It use it mostly if I

• want to avoid extensions getting in the way (some sites I really want to use get me to disable duck and hide mode...)
• want other sites to not be able to get or give information to/from other sites

So for me, isolated is good. I like the ring :-p

Morg42

@lonm said in VPNs, proxies and privacy:

"Temporary Browser Profile Window". That describes exactly what it's doing

I disagree. All my profile settings are still there, I even have access to saved passwords and extensions if I so like.

On the other hand, starting Vivaldi with a temporary browser profile (without touching my actual profile) might have some benefits, too...

LonM

@morg42 Good point. I hadn't considered the use case where you might want to use your bookmarks in a private window.

tarquin

@wognath: In such a case, the VPN-as-a-proxy or secure web proxy would not really offer you much in terms of privacy. Yes, without it, other hotel guests (and the hotel, and governments) could see that your IP is connecting to the bank website, and they could therefore assume (correctly) that you have a bank account there. But maybe you choose not to care, so in such cases, HTTPS is enough.

Of course, if the bank insists on only allowing you to connect from [country] and you are in [another country], then a VPN-as-a-proxy or an anonymising secure web proxy could allow you to connect via [country] and allow the website to work, so there is a functional benefit if needed.

Morg42

@tarquin Additionally, if - like so often - the hotel WLAN is not encrypted, any traffic not secured by (verifiable) certificates can essentially be read or manipulated...

Open WLAN are my main VPN use cases; getting into my home network from remote places is the other.

As both scenarios need more than just browser functionality, this always will be a system function, not a browser-related one.

tarquin

@morg42: It really doesn't matter whether or not the WiFi is encrypted (after all, other guests are already using the same network as you and can normally see the same traffic). If you are using an insecure connection to a website, then an attacker can always intercept the connection. A VPN doesn't prevent that. It just means that the attacker needs to sit somewhere along the connection between the VPN and the website (see the diagrams above), rather than snooping on the WiFi. The most serious attackers are the ones operating at a national level or hosting provider level, not the ones on your WiFi.

Certificates cannot be manipulated unless the manipulator has access to a signing certificate which is trusted by your system (if they have that access, the entire trust system breaks down, and no connections are safe, with or without a VPN).

Steffie

@wognath said in VPNs, proxies and privacy:

am I correct in thinking that a VPN adds little in terms of data security (tunnel within a tunnel)?

Yeah, but conversely, with a VPN then once you complete your high-level international financial shenanigans, you can relax & watch Netflix rather than the lousy/expensive hotel service.