----------------------------------------
VPN marketers rant
June 23rd, 2021
----------------------------------------

Windows is history for me.  The last time I used it it
was Windows 98 on an Intel Celeron, back in the late
'90s.  Then I discovered free operating systems such as
GNU/Linux, and I never turned back.

Unfortunately I can't say the same for my parents:
since I have my own life, far away, I'm no longer able
to effectively help them with their technical problems.
They've got to rely the local computer technician,
which means my Slackware installation was replaced with
Windows 10.

Today I used said computer for a quick online research,
which was interrupted by a pop-up window from Avast,
the Anti-virus.  The pop-up claimed I've got four
privacy issues to address.

Being somewhat biased by many online discussions about
how intrusive Windows is, I wasn't particularly
surprised.  I checked out, however, what Avast has to
say about it:

1. Your provider might see what you're doing, as you're
not using a VPN! Try Avast VPN!

2. Since you're not using a VPN, your traffic is
unencrypted! Try Avast VPN!

3. Look, I know you're from $WrongPlace. See? You need
Avast VPN!

4. Your IP address is X.Y.Z.W, and I would not know it
if I wasn't using Avast VPN.

I get it: it is marketing.  But I still hate how all
these points are fallacies, made to scare people, for
the purpose of selling a protection that most don't
need.

1. If you use Avast VPN, it is Avast who knows what
you're doing online: you just exchanged one master for
another[0].

2. The traffic might be encrypted from your computer to
the VPN endpoint, but if you don't use TLS it will be
visible from the endpoint forward, so it is the same
thing.  Using a VPN is no replacement for HTTPS[1].

3. Oh wow, you must be a great h4x0r to read the
fucking GeoIP databases.  Also, they're often wrong.

4. Oh wow, are you implying that having a VPN won't
really prevent a malicious application (such as
possibly Avast, for what it matters) to know the real
public IP of the machine?  In order to reach the VPN
endpoint, the VPN software still needs to use the
default gateway. Any software can do the same[2],
unless advanced filtering techniques are employed.

Don't get me wrong: I'm a VPN user (Mullvad[3], if
you're curious), but I know how what it means, how to
use it wisely, what kind of protection I get, and what
to expect.  I've got nothing against the "watch netflix
over VPN" argument (although let's face it: it is just
to spill you money, and most content is crap anyway).
But when it comes to privacy using a VPN makes sense
only when much more urgent holes are covered, such as,
for example, the telemetry services of Windows.  I
think that Avast should be really ashamed.


-- NOTES

[0] On what basis do you trust your VPN provider more
than your ISP?

[1] This fallacy is also commonly promoted by NordVPN
through hungry Youtubers these days.

[2] Need a Proof? Connect to a VPN and try `curl
--interface eth0 ifconfig.co` (where eth0 is the
effective interface over which the VPN tunnel is
established)

[3] By the way, not using their client.  I use a custom
script that I'm sharing here:
https://gitlab.com/dacav/wtf/

You are viewing proxied material from tilde.institute. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.