UKC

I keep seeing this advertised on youtube, does anyone use a VPN? 

Why so?

some people use things like the pirate bay and kodi (premium tv without paying) and a lot of UK internet service providers bock these services. A VPN will get around these blocks 

In addition to the common illegitimate reasons mentioned by wilkie, VPNs can also be useful for:

• Dodging regional limitations e.g. sometimes YouTube videos are available in the US but not Europe, iPlayer isn't accessible from abroad, Netflix has different shows in different countries
• Getting a secure internet connection over a network that you don't trust e.g. sketchy internet cafe when travelling (obviously this still requires that you trust the VPN provider)
• Getting around blocking or censorship on a particular network
• If you're paranoid about being tracked online by ad networks, a VPN could be part of a solution to make that harder for them

Personally, none of those are relevant to me, or at least not so much that I'd be willing to spend money on buying access to one. I believe that The Lemming, of this parish, sometimes uses one based on some posts he made about troubleshooting it so he might pop up to tell you his rationale.

If you have a decent internet connection at home and are geekily inclined, some of those objectives can be accomplished by setting up your own VPN at home.

I have been using a VPN for about 3 years simply because I want my privacy. I don't want to be anonymous because that is impossible however I want to stop people like my ISP snooping on me.

When I get home I close the door and draw the curtains at night so that people outside can't see into my house, so why not do the same while on the internet?

When out and about I use a VPN if I am forced to use free wifi. Most of the time I can use my own 4G contract but at least I have that option should I need it.

As to my choice of VPN, being a paranoid little rodent I would never use any company from the USA or the UK simply because I don't trust GCHQ or the NSA to demand access to those VPN providers. Its all a personal thing and how partial you are to a tinfoil hat or not.

My choice of VPN is AirVPN who allow me to connect 5 devices at a time to their VPN Servers. And the "deal clincher" for me is that they allow one of those devices to be your home router. Provided you have supported router you can use the AirVPN tutorials to set up your router so that it encrypts everything at home no matter if it is wireless or wired to the router.

So, for example say you have a Smart TV, a desktop computer, laptop, couple of tablets and another couple of phones in the house all wanting to use the internet. Normally you would have to choose five of those devices that you would want to encrypt and good luck trying to encrypt a Smart TV. Now if the router does all the encryption via the VPN Servers then everything in your home is considered to be one device allowing you to connect four other devices. Maybe you could share the VPN costs with a friend and share those 5 connections.

Around the end of November, Black Friday time AirVPN has a quick sale and drops their prices for a few days. A year's subscription is normally 54 euros but around Black Friday its 35ish euros.

I have to say that their Customer Service is very quick and excellent however the advice is in tech geek speech which I have to translate into punter speech.

https://airvpn.org/

And for the tinfoil conspiratist I offer this Snowden documentary to amuse you. You can skip to 13 mins 42 seconds for the meat of the documentary.

https://www.youtube.com/watch?v=XEVlyP4_11M&t=1436s

Which ever VPN service you choose find out if they block your internet address from accidentally being released. Also check to see if your web browser of choice accidentally leaks your internet address as well. This is called a Web RTC Leak.

https://nordvpn.com/blog/webrtc/

https://webrtc.org/

You can check with many web site checks such as this one

https://ipleak.net/

And if you want to see how advertisers can track you, and how you could slow them down check out this site

https://panopticlick.eff.org/

Yes. For ad filtering (not necessarily blocking). Because the internet has become a cesspit of autoplaying crap and flickering tat that I don't want to see, don't want to wait for loading of, and definitely don't want counted as data usage. I decide what's acceptable on my screen. So I installed pi-hole on a box that was already doing a bunch of other stuff and now I use it more than I ever thought I would. 

It's also good for iPlayer abroad and privacy and all the other reasons and has no ongoing cost.

 I live in China so v.p.n is essential all day every day.   I use Express V.P.N but i pay quite a bit  more than your price.  Do you get fast speeds? does the service ever get shut dow? i know some cheaper v.p.n companies frequently get shut down, especially in China.

Bear in mind that when you use a VPN you are trusting the company that provides it with all of your internet traffic. Instead of BT or Virgin etc seeing everything (that isn’t encrypted) you send and receive to the internet, whichever company operates your VPN will do so instead.

Its basically like running a very long cable from your computer to your neighbours’ house and plugging it in to their broadband instead of yours - just on a global scale.

You may consider that to be ok, if for example your objective is to appear to be connected to the internet from a different location to avoid (eg) UK specific content blocks or internet monitoring, but it definitely IS NOT some magic guarantee of privacy or security. It  doesn’t inherently provide you as much anonymity as some of the responses here are suggesting, either. Google and facebooks ad tracking is not going to be remotely fooled by your changing of IP address, since they accomplish it by different means.

Bear in mind that if your neighbour (ie the VPN company) have shitty network performance, then you will too - your best internet speeds are going to be the lower out of your broadband providers speed and the vpn company’s speed. 

If you want to see what a VPN provider can do in terms of snooping, have a look at this article. This article is not about any of the companies mentioned here and I’m not suggesting they they do anything like this (Facebook is obviously the sleaziest company there is), I’m just using it as an illustration of what can happen as a result of funnelling all your internet traffic off to some semi-unknown organisation somehwere.

https://techcrunch.com/2019/01/29/facebook-project-atlas/

I’m not saying VPN’s are bad or that you shouldn’t use one, the technology itself is used all over the internet for various reasons, but  be realistic about what it achieves.   Personally I would trust a UK company under UK reglulatory and data protection law a lot more than I’d trust some fly by night company that’s deliberately set up somewhere with loose regulations , especially if their service is suspiciously cheap. 

I use a VPN for work.  It means I can connect to work computers from home as if I was in the office.  They are otherwise fire walled off from me when off site.

Using a VPN for private traffic in the UK is probably an illusion of privacy, and is certainly a massive red flag to the spooks that you want to hide something. 

I can see reasons for using one privately, such as accessing iplayer from abroad or when passing through a repressive state with filtered net access.  When I was in repressive land I felt it better to do nothing that could flag me up to the MSS, and it’s worth checking if the cryptography your VPN uses is illegal in your destination when travelling.

I tried to use NordVPN one year simply to watch TV when out of the UK on holiday. It was pretty hopeless on BBC and I had to keep switching servers which was a faff. It never worked on Sky. I gave up after a month. Switched to Tunnel Bear. This was better and my wife was using it for 6 months or so to watch non-UK TV here. Unfortunately it too was blocked by the TV service so we have given up.

Alan

I can't comment on China and what speeds you'd get or if the service shuts down or not. All I can say is that AirVPN is not one of the more high profile sites with loads of advertising behind it yet they still get good reviews and are genuine about their desire to keep your privacy when challenged by government agencies.

As for speed levels, if you run the VPN software then it chooses the most appropriate server with the fastest speed depending on your computer specs. It gets a bit more tricky if you want to use a router to do the number crunching encryption because they have smaller processors in them. However I have a Linksys WRT1900ACS Dual Band AC1900 Gigabit Smart Wi-Fi Router and it can happily give me 100mbps speeds through a wired connection. Obviously WiFi speeds are lower but respectable 40mbps roughly.

With a router you have to manually choose the VPN server address to type into the router software and this takes time choosing a suitable one for your location. In my case, I get the fastest speeds from servers in Holland rather than servers in the UK. On the plus side any adverts I get on YouTube or surfing are in Dutch which I can't speak or read so I can ignore them.

AirVPN also goes through the TOR network for added privacy.

Firstly, I hope it doesn't seem like I'm beating on your posts particularly because I'm not, you're just posting the most pro-VPN points to respond to..

As regards the TOR routing, again bear in mind that all this does is obscure your original IP address. It does that very effectively, but that's all it does.

If you're conducting a secret second life where you use a separate laptop to conduct your freedom-fighter activities, and you're very careful not to 'leak' personal information in the process, then TOR is an excellent privacy tool.

However, if you're living your normal life and you're logging in to UKC, posting here there and everywhere using real names/financial details etc, then TOR is really giving you absolutely nothing in the way of privacy.

Imagine you're conducting a secret conversation by letter. TOR is like driving to a remote post office and collecting the responses from a PO box - nobody knows where you live. However, if what you're sending is postcards full of juicy personal information then the fact that the location that the message is being sent/received at is hidden does absolutely nothing - all the info the eavesdropper needs is right there in the message itself.

The main difference between TOR and a normal point-to-point VPN is what's called onion routing (TOR stands for The Onion Router). What this does is make it so that the end point of the VPN - the point where your internet traffic emerges from the VPN on to the internet - can't tell who it's handling traffic for, even if they wanted to. This level of anonymity is only really necessary if you're doing a) something really illegal or b) something where someone very powerful (nation state etc) is going to be upset by it.

It's now part of the vetting questions if anyone is thinking of getting one and might need DV clearance in the future.

I am not stupid or nieve enough to think that a VPN makes me anonoymus because if government agencies want to find me they can and will effectively with all their government might behind them.

However for everybody else such as my ISP, web advertising, hackers, internet criminals then I'm just not worth the effort where there are easier targets on the internet to go for.

If you were a burglar and you had two potential targets. One property had sturdy locks and an obvious alarm system and the other property had no visible protection and the kitchen window was wide open, which home would you consider robbing with the greatest chance of getting away with it?

What is wrong with me wanting my privacy?

And don't go saying if I have nothing to hide then I don't need to maintain my privacy.

If VPNs and Encrypted apps such as Watsapp are easy for the government to circumvent, then how come the previous Home Sec (Theresa May) wanted to either ban them or demand back doors to read encrypted messages?

At least I don't live in a country like China where their government spies on ALL of its law abiding citizens. That would never happen in the UK.

https://en.wikipedia.org/wiki/Five_Eyes

The usual reasons, Kodi and the occasional torrent. Will be even more useful next year when F1 is only available on Sky and I can appear to be in one of the countries that offer the streaming service.

I started using NordVPN last year. I looked around and they seemed to be one of the higher rated ones. Easy to install, reliable connection and only a slight hit on my internet speed. The only problem I have is trying to connect my laptop to my phone’s wifi if I’m using the VPN. Apparently Vodafone blocks it but other networks allow it.

On the other hand, organised teams of armed criminals are more likely to rob the house with the high security.

If you’re up to no evil, then nothing.  On the other hand - as others regularly point out - using some random 3rd party VPN could do little to increase ones privacy or could even decrease it, yet it gives the illusion of privacy.  

For a large team of criminals the rewards would need to be high enough to take the time and effort. I don't live in a big mansion and I don't have any national treasures hidden under the floorboards. I'm quite sure that I'm small fry and not worth the attention of criminal gangs looking for random tat.

You got any proof that my choice of random VPN decreases my privacy?

I am not worth the effort of GCHQ investigating me and protected enough to stop random criminals trying to intercept my shopping habits and banking details. And that is all I need or require.

The point that I am politely trying to get across is that a VPN on its own doesn't deliver privacy in the way that a normal, day-to-day user of the internet uses the term.

Advertising is not associated with you based on IP address, it's based on identifying cookies stored on your machine or in some cases by fingerprinting you based on behaviour. A VPN does not prevent this.

Hackers and internet criminals (almost exclusively) do not target you based on your IP address, they do it through tricking you into downloading something malicious or stealing your data from someone who already has it. A VPN does nothing to prevent this.

As far as privacy is concerned basically all you are doing is stopping your ISP from observing who you are connecting to. For the most part I would say 1) a UK ISP is prevented from spying on you by the law and by the fact that they handle vast, vast amounts of traffic. You are but a tiny little drop in a very big ocean, and there is simply not enough value in snooping on you to make it worth their while.

There's nothing wrong with wanting privacy on the internet, but for the issues you're saying you're concerned about you would be far better served with a few choice browser extensions (ghostery, an COMMERCIAL MESSAGE (I found a new UKC bad word!) blocker etc).

Edited to add:

Forgot a major good privacy practice - good password etiquette. Pick strong passwords, only use each password in one place, and use a tool to remember them for you (which is basically essential if you want to do the first two). 

VPNs (the technology) aren't necessarily easy for the government to circumvent, and Whatsapp is very secure in so far as communicating your message to the party at the other end of the connection. Hence the government's issue - when Terrorist A and Terrorist B want to discuss nefarious activities they keep the conversation between themselves and the government has a hard time eavesdropping.

The problem with these VPN services is they only provide a secure tunnel as far as the VPN provider, after that your traffic is only as secure or insecure as it would have been anyway. In most cases your privacy on the internet is not threatened by people eavesdropping on the message in transit, it's threatened by the legitimate recipient of the message doing something bad with it - either actively sharing it with people you don't like (advertisers), doing a bad job of securing it so that someone eventually steals it or doing something bad with it themselves as a side effect of providing you the service you actually want (see: Facebook/Google/Linked In/basically everything on the internet that's free...).

I agree.

I try to be careful here.

I would not like the Royal Mail to read my post or open my parcels, so why would I want my ISP ro read and see everything I do on-line?

The UK government Hoovers up everything irrespective of being a tiny drop in a very big ocean. Why is my government performing widespread surveillance on its law abiding citizens as standard policy?

I do all that I can to keep my digital fingerpring as bland as possible where Ghostery is one of those tools.

https://amiunique.org/tools

Yep. I have a stupidly long password on my router courtesy of Diceware

http://world.std.com/~reinhold/diceware.html

And I use a Password Manager for practically everything. Its that good that I don't know my passwords any more because they are so random. Long gone are the days of dictionary words for my passwords, with the exception of Diceware on my router. With the most powerful computer in the world it would take half the life span of the known universe to crack it.

Good luck cracking that.

I think that many people use them, but are too shy to mention their main benefit. If a person wants to have a Barclays, the UK family filters make that tricky. However, people don't want to go to their service providers page and turn off the filters for a couple of hours, late at night. One can justify a VPN, for all the above reasons, and have plausible deniability.

Couple of hours?

You must have some callouses for that length of time.

Over the decades, more than a few secure military and political communications systems have been intercepted by spying on the bit where messages are entered or read out. 

Depending on various factors ones traffic isn’t as “insecure as it would have been awyway” as...

1. It now has a giant red flag against it for both organised criminals and governments saying “hey here’s some stuff somoene really wants to hide from you”.  
2. How trustworthy are the people running the exit portal of the VPN?  How secure are their systems which are now carrying ones traffic?  In some ways using a VPN for public internet access increases ones attack surface.

It seems VPNs are really pretty rubbish at improving privacy and security (at least some are):

Facebook was found to be using a voluntarily installed virtual private network (VPN) to route all data from participants’ devices through its own servers – despite the fact that Apple had removed a previous Facebook app that did the same thing, Onavo, from the iOS App Store over privacy violations.

Facebook now says it will shut down the app, called Facebook Research, on iOS and maintains it did nothing wrong, and that the service was not a replacement for the Onavo VPN.

I'll admit straight off that this is a pedantic point, but VPNs are great at improving privacy and security *when they're used for what the technology was designed for*, which is to create a secure link between two points across an insecure network (Hence the term Virtual Private Network.).

If you control and/or trust the network at the other end of the VPN then it's fine (a good example of this is when you VPN in to your office network from home). The problem with these VPN providers is that the 'private' link doesn't connect you to the party you're corresponding with, just to some random middleman on the internet who then chucks your traffic out the window to fend for itself.

Agreed, but I was highlighting the point.... essentially with a lot of the VPN services you are trusting ALL (not just the little bit a lurking hacker on the tube could pick up) your private data to one particular organization (your VPN provider) given the potential risks, and misbehaviour, data loss (both accidental and malicious) we have already seen from major companies I'm not sure I'd trust many people to be the sole carrier of my data. Especially as many of these companies will not be UK/EU regulated and your chances of redress are pretty slim. Few people have enough knowledge to work out if their VPN is protecting them or harvesting data

Informative thread on UKC!

To all those not trusting VPNs and the fact that your web searching goes through a source that can or can not be trusted. How is this any different from all your web life going through your ISP which is heavily monitored and wedded to the hip with government surveillance organisations.

https://arstechnica.com/tech-policy/2018/09/bulk-interception-by-gchq-and-n...

Well, this a rather a separate issue from the question of whether these VPNs help with day-to-day privacy issues, but it’s another dimension to it. 

If you don’t use a vpn, the UK ISP will collect an Internet Connection Record showing which service you connected to at what time. See: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/...

So, if you use a VPN the UK isp will collect an ICR showing your connections to the VPN provider (so, less info). However, the exact same ‘ICR’ info (potentially more) can them be collected by 1) the vpn provider, 2) the government in the region where the vpn endpoint is based, and 3) the provider of the  cloud hosting platform, because it will almost certainly be in AWS or similar.

In addition you’re paying for an additional service and potentially suffering noticeable performance degradation as a result of the extra dogleg in your internet connection. I say ‘noticeable’ because there will definitely be a performance impact, it’s just questionable whether you’ll notice depending on what you’re doing (if you were playing games, for example, the extra latency would definitely be annoying). 

Further, if you are really of interest to GCHQ I don’t think the use of one of this type of VPNs is going to make much difference. See https://xkcd.com/538/

However this is probably the first point I’d flat out concede in this debate though - if the main thing you’re worried about is James Bond perusing a list of the times a computer at your house has connected to the server hosting UKC then yes, these VPNs probably make that a bit more inconvenient for him. 

Ps. None of this is to say that I’m in favour about the ICR/RIP stuff. I don’t want the government doing surveillance-by-default either.

Using speedofme and at this very moment I am getting 71mbps wired and 49mbps wifi through my encrypted router. And all of this while I'm streaming the radio. I think I can cope with the latancey 70ms.

If GCHQ want to find me they can. I just want my privacy from organisations that don't have the technical resources that a government surveillance agency can use to snoop on me.

But then if you are doing nothing illegal, then what is wrong with your own government capturing data from every citizen in the country on-line and on mobile phones?

Only police states and dictatorships do this and not Democracies, surely?

Well this takes us back to the previous half of the discussion, where I would argue that one of these VPNs basically achieves not a lot. Facebook/Google/advertisers/etc are not tracking you with your IP address for the simple reason that it’s not effective enough. Everyone on your WiFi will have the same IP from their perspective. The IP of your phone will change effectively at random as it reconnects to the network or moves between WiFi networks. That’s no good for profiling you vs your wife vs a guest.

Hackers are not stealing your data by making direct assaults on your broadband ip across the internet, they’re tricking you in to downloading software that does it, or they’re compromising your webcam via the badly engineered Chinese cloud service it connects to so that you can reach it when you’re out the house.

On the subject of government snooping:

No argument from me. It should be a point of national embarrassment that we have one of the (if not simply ‘the’) most invasive government surveillance regimes in the western world.

You’ve ignored people addressing this point several times now.  

1) Because the exit portal of the VPN concentrates traffic people want to hide.  It’s a red flag to governments, criminals and espionage agencies.

2) Because your ISP is incorporated and governed under UK law.  Can you say the same about the VPN provider you use?  Or is it some fly-by-night operation run by crooks looking to market and sell access to the secrets they marshal through their systems?

Rest assured, if the UK government cares about your web habits, some random VPN is not going to stop them.

If I were GCHQ, I'd put in place a filter for people who mention GCHQ. They're all probably free thinking anarchists, complaining about surveillance. The sort of people we should be keeping a close eye on...

I'd suggest that whist big brother is bad, it's the lightly regulated companies that that may pose a bigger threat. Facebook, Google, Amazon etc. All have lots and lots of data on you, whether you know it or not. You can block social media, but if you block cloud services from the big providers, big bits of the web will stop working.

My personal router allows me to connect to it as a VPN which has been useful for past clients who wanted me to give them a single IP address to give access to their production systems via the Internet (but weren't bothered where I actually accessed them from, just that they didn't have to code in a big list of IP ranges just in case I happened to want to log in from Starbucks or something).

Other than that, I can't be bothered.  It's not like I'm doing anything the Government would take any exception to, and HTTPS is quite adequate to protect my bank details.

One exception: if I went to China again I'd consider it, the lack of Google services is grossly annoying when I organise my life using them.

There’s a reason my home CCTV system runs on a separate, isolated physical LAN for the cameras, with a custom control stack running on Ubuntu behind a dedicated pfSense firewall/router and with access only via an encrypted tunnel in to the system even from the home LAN...  

The home LAN itself has seperate VLANs for resident WiFi, guest WiFi, the CCTV portal and the television (Samsung, it has two open web ports for their app based WiFi remote control. FFS).   There’s an android and windows ban on the resident WiFi as well as a MAC whitelist.  The outdoor CCTV network has intrusion detection and is getting EMP defences soon in case of lightning strikes or someone deciding to mess with one of the distant cameras.

You don’t *have* to wear a tinfoil hat when visiting...

Appropriately enough to this discussion, that’s something that a VPN service isn’t going to have any effect on. Your connection to most websites these days is encrypted by default, so while the government can see you’ve connected to the server you’re posting on they have no idea what the content of the message is unless they’ve compromised the server itself. 

That’s good. I just have one VLAN for trusted devices and one for everything else. Stuff on the second VLAN can only connect outwards if there are specific firewall rules to permit it. 

The problem I am finding is that in order to make things simple for the user, controller applications are increasingly relying on multicast-based discovery techniques that don’t propagate across VLANs, with the result that the app on your phone can’t find the Sonos on the insecure network, etc. If you happen to have any ideas in that area I’m all ears..

I installed our new dishwasher last night and was surprised to find out that it’s WiFi enabled, but due to the security regime I can’t activate it from my sofa...

After reading that I'm just going to smash every appliance in the house and simply buy a couple of big bitey dogs and a shotgun. 

My basic plan for dealing with this is to avoid “smart” appliances.  It’s not a very good plan.  I can’t control our TV from my phone for example.

The eventual plan is to create a temporary WiFi access point on the untrusted network for things like commissioning smart devices.  I can do this with the existing managed APs and switch I think.

What I do for the CCTV network is to run an OpenVPN server on the pfSense firewall/router.  I then use the iOS OpenVPN client to access it from my mobile.  I don’t know how well multicast can be made to work over the VPN but in theory it can so your phone could have controllable access in to the untrusted network.  

I've been thinking about this. Not many people come to my home but when they do, its expected that I will grant them cart-blanc access to my WiFi otherwise they become offended. How do I know what they will get up to?

Is it a good idea to set up a guest WiFi and how would I put security onto what can and can not be done including finding a way onto my personal data?

I made life more simple for my little brain by disconnecting my CCTV from the internet. Its Chinese and I don't trust it to be part of a botnet.

Or the certificate authority (CA).

UKC uses Comodo. Who are they? (It's a rhetorical question, btw.) I don't bank with them, I don't buy things from them. I have to trust that they are working in my best interests, based on nothing more than their cert is trusted by my browser.

There have been dodgy certificate authorities (DigiNotar got hacked, for example.) Even Symantec, that purveyor of security software, got slapped down by google for issuing a fake google ssl cert. Symantec lost hundreds of millions of dollars of business over that one. A fake google cert would allow people to read your gmail and sniff your search queries or add bogus answers in order to get you to click on a specific link. 

If you have the money you can buy an intermediate signing certificate and become your own CA. If you have access to someones machine, you can add your own certs to the trusted chain. This is normal practice, if you have a company issued laptop.

Many of these CA's, are based in countries with a big surveillance infrastructure. Who knows if someone made an offer they couldn't refuse (or talk about).

What about the chip in the dog’s neck?  At least you can trust the shotgun...

Is your dog called Wallace?

https://vignette.wikia.nocookie.net/wallaceandgromit/images/2/25/WallaceGro...

It depends - are you worried about them accessing other devices in your house, or about them accessing content from the internet that brings the police to your door?

My main reason for guest WiFi is (1) to allow me to password protect my internet to prevent strangers from bringing the police to my door whilst (2) not giving out my household WiFi password so that it can’t eventually leak into wider knowledge (see 1).  I’m less concerned about guest devices hacking my home network although given my extremely prejudiced views against random android devices and windows laptops that is a factor...

Some ADSL boxes can run a seperate guest network.  Otherwise you need a managed switche and a WiFi access point with VLAN support and to properly configure those downstream of your ADSL box and upstream of all connected devices.

The box that you get sent from Virgin also has a nice easy switch for a separate guest network if I remember. 

I didn’t try it before turning it to modem mode and plugging it in to my own router so I can’t say how good it is.

Complete waste of money. Any regular user is almost certain to leak its identity.
The only use would be is you wish to steal copyrighted material somewhat undetected, which is illegal.

So basically there is no point.

You must have strange friends if you think they might hack your home network.

It’s not my house guests I worry about.  It’s their devices.  

Thanks for the replies! 

Next question....

Are Macs more secure than a PC, are they "unhackable"? read this somewhere

And how secure do you think Apple Keychain password storer thing is?

One would almost suspect that you were a troll.

You can argue about whether Windows is fundamentally a lot less secure or has just been a much bigger target for an awfully long time but the answer is, yes, Macs are broadly less susceptible to malware. Windows has made big progress on security and Macs are probably more targeted now than they used to be but Macs are definitely still way ahead on this front.

"Unhackable" is a bit of a vague term but for any reasonable definition I think the answer is probably no. Any computer can be hacked in some way, certainly anything that allows you to install software of your choice. I've seen Macs with malware installed recently, though it was the Mac of a teenage boy who would install anything that promised him free FIFA coins. Catching a Mac user with malware generally requires a higher level of ignorance, stupidity or carelessness.

Pretty secure but inferior to more powerful and flexible third-party password tools like Lastpass, especially if you ever need access to your passwords on non-Apple products.

Not a troll, just thought id ask as we were on the subject of security.

Luke90, Cheers.

If GCHQ want to investigate you, then a VPN will do very little to protect you against targeted surveillance.

Conversely slinging all your data down a private 3rd party VPN and trusting their, unregulated, assurances around privacy guarantees you not a whole lot.

If you are more fearful of governmental intrusion then malicious hackers then either you really are leading a secret double life or you've got your threat model wrong.

For securing passwords I use keepass because it's free and there are no continuous subscription fees. Its open source and as far as I am concerned exceptionally difficult to hack.

I have it on all my kit including Linux, Window's, Android Tablets and Android phone. Everything is synced to a Dropbox folder. It took a while to adjust to trusting a password manager but now I have well over 60 if not more and I can honestly say that I do not know what all most of them are. They are just random strings of characters, numbers and symbols.

Best thing I ever did was start using a password manager.

Not the only use. I want to appear to be in one of the countries that allows F1 live streaming, which I will pay for, as I don’t want to pay Sky UK for an expensive subscription to crap TV I don’t want.

I’m not above stealing copyrighted material but would happily pay for access to current movies if the likes of Sky hadn’t stitched up the market or face the option of going to a cinema and sitting on an uncomfortable seat and forced to watch stupid adverts in front of a bunch of screeching women.

Is it actually illegal to download copyrighted material for non-commercial use with no further distribution? Copyright law generally controls distribution, not consumption.

The law has presumably been evolving rapidly in this area over recent years so I genuinely don’t know the answer. I’d be interested in a citation of an actual law. 

I'm sure that nobody on this site that has ever done tape to tape, LP to tape, video recording live TV,photocopied parts of a book or made music CDs to play in the car for their own personal consumption?

I approve of targetted surveillance and I like the idea that a vpn makes untargetted surveillance uneconomic.

Pick a country with privacy written into the constitution so that 3rd party is more trusted than your local isp.

Curtains don't keep out thieves but they're still nice for privacy against easy snooping. 

"The investigatory powers tribunal, which is the only court that hears complaints against MI5, MI6 and GCHQ, said the security services operated an illegal regime to collect vast amounts of communications data, tracking individual phone and web use and other confidential personal information, without adequate safeguards or supervision for 17 years."

https://www.theguardian.com/world/2016/oct/17/uk-security-agencies-unlawful...

Most countries' privacy laws exist to protect their own citizens, they don't care about the privacy of non-citizens - this is the entire reason that the sleazy five-eyes 'you spy on my guys and tell me what you see and I'll spy on yours' arrangement exists.

If you direct your internet traffic through a foreign nation you're probably making yourself easier game for being spied on than you are keeping it in the UK. The very fact that we have lawsuits against the government over the bulk surveillance issue should be comfort that at least *someone* is looking out for your rights here. The obvious tragedy is that it isn't your government itself.

There's no such thing as a UK intranet to keep within. 

An illegal regime ran for 17 years but it's fixed now so we can trust them?

Probably worth considering that despite the Guardian's spin ( not entirely unexpected from an organisation that managed to so resoundingly misunderstand Snowden's stolen data ),this judgement, coupled with that in 2018 bythe EHCR had the opportunity to decide whether the national and international courts considered bulk surveillance should be permitted, or not. 

Their opinion was that insufficient safeguards had previously been in place, but broadly it was a permissible activity. 

Personally as an ordinary punter, I'm glad it is. David Anderson highlighted numerous examples of where these powers have protected people. I've yet to see one actual example of where a free innocent person going about their everyday business has been harmed. 

Other than those who through paranoia or anti-government sentiment have decided to operate via a shady third party VPN and had a slower and more cranky internet connection than they paid for, as well as exposed all their data to their new friends in shady Eastern European data centres.

The irony in complaining that the very agencies that work 24/7 to protect you from being blown up, stabbed or otherwise killed in a terrorist attack, aren't "looking out for your rights" is almost an obvious tragedy in itself.

Well yes it is definitely illegal to download copyrighted movies, music from p2p for ex.

It’s illegal even if you own legally a copy of the original.

Can you cite the law that makes this the case? I’m not picking an argument, I’m genuinely curious. 

Opinions from the media organisations and the bodies they’ve put together to champion their ‘rights’ don’t count. 

Ps. If you download from a P2P network you’re likely to also be distributing the material, which is a different kettle of fish.

See the intro to this article.

https://www.copyrightuser.org/understand/exceptions/private-copying/

Just interested in which password manager you use? It's about time I caught up with technology and improved my password strength. The problem I have is I spend a lot of time resetting passwords I have forgotten.

I use Keepass which is free however its not as slick as other paid for password managers but then you pay an annual subscription for them to do the job for you.

It takes an hour or so, max, to get the hang of it and set up a dropbox file which can then sync with all your kit allowing everything to have your current passwords.

It may look dated, but it does the job and is very secure because it uses open software that can be examined by brains better than mine rather than proprietary software that is closed off to scrutiny.

I've been using it for about 18 months now.

https://www.techradar.com/reviews/keepass-password-safe

https://keepass.info/

It doesn’t really work like that.  See the horrifically long lived flaws in OpenSSH for example.

The kind of people who can spot weaknesses in encryption are perfectly capable of looking at the disassembled machine code of proprietary software to find its flaws.  There’s nothing like dissembling something and unpicking and reverse engineering its intent to really understand it.  My own mad skills in this area stoped are stuck in the Z80 era, but plenty of people are up to date - notably so in Russia and China.  

Copyright, Designs and Patents Act 1988 and the Digital Economy Act 2010