Hi,
Wifi is known for its cybersecurity vulnerabilities. using public wifi access point is risky for data privacy but if you can setup a vpn inside to hide your communications to other connected users.
Would it be possible to propose a default vpn service in the ROM ?
1 Like
You mean build into the ROM? I think that’s a very good idea!
2 Likes
My idea would be to offer an out of the box vpn service like Opera does but for the whole connection. It could be activated wen the phone connects a wifi spot depending on settings. I’m conscient it could be difficult to transfer the whole data flow of every /e/users…
2 Likes
Here in forum are a lot of posts regarding VPN. Pls gave a look in these posts. Could be that you will find some answers.
https://community.e.foundation/search?q=Vpn
Also a request for incl. Wireguard into eOS
Ok, then i think it must be build into the ROM itself. You could make a feature request on gitlab.
1 Like
Given how the purpose of /e/ is to bring an easy to use and viable alternative to Android to a broad audience, I would advise against this. For a few reasons:
-
Users will be confused if they are prompted to connect through a VPN everytime they turn on wifi. People tend to reject that they don’t understand.
-
Even if this happens seamlessly behind the scenes for the user, internet speeds will be slower and most likely will impact /e/ as a brand.
-
Related to the previous point, how will the device decide to which server to connect to? Not only this affects speed but may have other consequences that frequent VPN users already experience, and find frustrating i.e., irrelevant search results, websites in wrong language/currency, signup/login attempts flagged as spam, endless ReCaptchas’s, etc…
-
Security-wise, most if not all of your connections are already encrypted by default. An additional layer of encryption is nice to have, but as you mentioned this would only apply at the Access Point. Beyond this, most vulnerabilities are possible actually because of phising or user malpractice like downloading random stuff from the web. No VPN will shield you from those.
-
There’s also the fact that now all /e/ users’ traffic is now routed to a few VPN servers where data leaves without that extra layer of protection. Much easier to monitor, and a lot more damage should their servers get breached. Not saying this is a good nor a bad thing, it’s just one more thing to consider. There’s also the matter of who is going to pay for all of this.
-
Finally, privacy-wise, a VPN does not do much to help with this. Not only there are more effective ways of tracking than looking at the IP (and from which /e/ doesn’t protect you anyway) but people are still going to enter their credentials to services like Netflix, Twitter, etc…
In summary, I know that a lot of people here already know a lot about VPN, and make things work properly and all that which is great. However the end goal here is to create an OS that is available and easy to use right out of the box, for everyone.
Let’s keep things simple and tackle one challenge at the time. For now /e/ still has some work to do in making the OS fully ungoogled, and after that they still have to make it a viable alternative to Google’s services.
4 Likes
I would vote not to implant the VPN into the rom, because this cuts down on freedom. Rather, I would have awareness raised about VPN, maybe even have /e/ partner with a VPN service to provide cheaper service, but have it all user-configured. No default VPN-config…
Just my opinion.
3 Likes
/e/ VPN on/off switch in settings. Could help moms and dads.
1 Like
I proposed a new feature but I’m not a militant, just a modest contributor. It could be dramatic if those who decide the next /e/ features said yes to anything. Better run a few targets and reach them than try to satisfy every demand and deceive everybody for not being reliable enough.
Mmmm I hope that wall of text I dropped there did not come out as me completely downvoting the idea. I think is great that we have these forums to make proposals and discuss them. I’m just not particularly fond of this idea, for the reasons already mentioned.
There’s a lot of misconceptions surrounding what a VPN is and what it can do for the average user. Not everyone needs one and certainly not all of the time, and so I think having it by default would be a waste of resources, while also adding workload for the developers.
I use VPN to hide my IP for Goolag, they are so evil they will link your IP to other data they already have. So for privacy i recommend using a VPN also. How cool would it be if you have VPN using your /e/ cloud credentials. Maybe it’s too early but certainly a good idea. For users who don’t want this, it should be switchable, or stripped out of the coming full FOSS /e/ variant.
1 Like
@andrelam, you are right in saying that using a VPN will hide your IP address from Google. But what is the purpose of doing that? If your answer is to prevent them from tracking your activities online, then using a VPN does not by itself help at all.
Browser fingerprint is something companies use regularly to track users’ and build profiles of them, and it is much more difficult to avoid. This is a detailed explanation of how a VPN works, including the pros and cons and use cases.
The purpose is trying to feed Goolag as little as possible. I know this is not enough, but necessary.
I would not like a VPN built into the OS.
This requires more time & code updates from the /e/ team. Would rather them concentrate on keeping a good functioning OS “unGoogleled”, patched, and bug free.
Now I do like using a VPN and I think it should be the end user responsibility on which one to use. When choosing a good VPN I would start here.
Some of the apps associated to VPNs are very good. For instance I have used IVPN and their app has options like: connecting to VPN over untrusted WIFI automatically, Always on VPN (loads and connects at startup), block all internet activity if VPN fails, force all traffic over VPN, use custom DNS (or theirs), Option to use Open VPN or Wireguard protocol and even using a “double hop” VPN which also provides a better layer of privacy.
Firefox will be also comming out with their VPN service which is basically using Mulvad VPN https://mullvad.net/en/
So I think letting the VPN companies maintain a feature rich VPN service and app is better than an OS team trying to maintain additional layers of code, bug patching, security patching for a VPN integration.
Yeah two really good points @walle… Effort fragmentation is such a drag on the team’s efforts, and VPN’s should definitely be used and user configured.
Use f-droid. Install riseup VPN and orbot. You’re good to go.
What about mom and dad? They probably don’t even know what it is. /e/ is about privacy, VPN fit’s in very well.
Quote from website:
“Our mission: make technology that respects user privacy accessible to everyone.”
Maybe it’s a easy as making a VPN app a system app, /e/ could partner up with a VPN provider. The “extremists” can use the FOSS /e/ version, everybody happy.
/e/ is about privacy, VPN fit’s in very well.
@andrelam Mom and dad do not need a VPN. Please read the comments above to learn more about what a VPN is, how it works and what use cases are adequate to use one.
Everybody needs VPN, for hiding IP and public free wifi places to protect your data flying through the air. Maybe you should read some more.
1 Like
Do you have any suggestions on what should I read? Since you haven’t provided a single source for any of your claims.