• Prison Mike@links.hackliberty.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    Maybe from a security perspective but in terms of privacy, no. SNI can still be read, and just because DNS isn’t plaintext doesn’t mean it’s not possible to see which servers you’re talking to. And like others have said, there’s still a lot happening in plaintext at the OS and/or application level.

    • deadcade@lemmy.deadca.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Still doesn’t make a VPN the “magic all in one solution” it claims to be. And SNI is encrypted on newer servers using encrypted client hello (ECH).

      In terms of privacy, you’re switching around which entity gets to see a ton of details. Do you trust random public wifi enough, given modern security standards? Or do you trust a VPN company more, despite false advertising?

      Use HTTPS and DoH (Becoming a default on some Android versions), and the average person will be just fine without a VPN.