It changes a TON whether you pay 2x for renting or whether you pay 1.05x.
Renting has annoyances but it also has flexibility. A flat "more expensive" is staring at one tree and missing the whole forest of tradeoffs. Way more people would choose to spend $50/month for that flexibility versus $700/month.
Using a shipping container is almost always a stupid plan compared to just putting up some wood. As much as I want to make zoning more flexible, I'm not in a rush to change that particular regulation.
In the Firefox case, no difference. It doesn’t encrypt traffic from your device outside of Firefox but for whatever you do inside of Firefox it’s == VPN.
Hopefully no one will start with the whole "they're Chinese owned" argument. If anybody is still on that whole trip, see this (and go watch SomeOrdinaryGamer's video on the subject) but in short it's really nothing to worry about.
Yes because it's VPN for the browser. I can do the same kind of targeting with most VPN software. Applying it to specific programs doesn't make it stop being a VPN.
> This explains it well enough though:
Which answer? The dumb bot that contradicts itself? The first human answer says it is a VPN. Though that "cyber security expert" is also not someone I would trust since they seem to think AES 128 versus 256 is actually an important difference.
The first human "no" says it's not encrypted and I don't believe that for a second.
To say more about the bot answer, it basically repeats three times that only Opera traffic goes through the VPN as its main reason. And then it says it "doesn't offer split tunneling". Come on... The rest of the answer isn't much more grounded in reality.
Is an SSH jump server a VPN (or forwarding a port from another machine at VPN)? I'd suggest neither are because it's connection-based rather than setting up a network (with routing etc). Absent a network, it's a proxy (which can be used like some deployments of a VPN).
Really none of these VPNs are VPNs either since they don't establish a virtual private network. They are just tunnels for your internet access. Tailscale is actual VPN software. It simulates a private network.
I see your point, but I think that might label many uses of wireguard in tailscale "not a VPN" because they use imaginary network devices that only exist inside the tailscale process. Saying that would feel very wrong. On the other hand if process internals can be the deciding factor, then optimizing the code one way or the other could change whether a system is "VPN" or "not a VPN" even though it looks exactly the same from the outside. That doesn't feel great either.
And do we even know if Opera uses internal network addresses for its "VPN"?
I think I'm willing to say that routing all internet traffic from a program through a tunnel can be called either a VPN or a proxy.
We should be making sure everyone has internet access, but hosting some basic pages is about 1000x cheaper, so no I don't think free internet access should come before that.
Like, I understand the really restrictive ones that only allow web browsing. But why allow outgoing ssh to port 22 but not other ports? Especially when port 22 is arguably the least secure option. At that point let people connect to any port except for a small blacklist.
Asking back, when I limit the outgoing connections from a network, why would I account for any nonstandard port and make the ruleset unwieldy, just in case someone wanted to do something clever?
A simple ruleset would only block a couple dangerous ports and leave everything else connectable. Whitelisting outgoing destination ports is more complicated and more annoying to deal with for no benefit. The only place you should be whitelisting destination ports is when you're looking at incoming connections.
I definitely block outgoing ports on all our servers by default; Established connections, HTTP(S), DNS, NTP, plus infra-specific rules. There is really no legitimate reason to connect to anything else. The benefit is defence against exfiltration.
If you're allowing direct https out, how are you stopping exfiltration?
Maybe https is routed through a monitoring proxy, but in the situation of allowing ssh the ssh wouldn't be going though one. So I still don't see the point of restricting outgoing ports on a machine that's allowed to ssh out.
You can't, reasonably. It's just a heuristic against many exploits using non-standard ports to avoid detection by proxies or traffic inspection utilities.
Renting has annoyances but it also has flexibility. A flat "more expensive" is staring at one tree and missing the whole forest of tradeoffs. Way more people would choose to spend $50/month for that flexibility versus $700/month.
reply