"--but her achievements were never recognised..."
...in her lifetime.
In 1942, penniless and forgotten,
she died of polio.
She couldn't protect herself from viruses,
but you can protect your computer
by using a VPN.
Okay, look, I just want to say,
I do not want to start drama with
people who take sponsorships from VPN companies.
With a VPN, all the data you send and receive
goes through an encrypted tunnel,
so no-one can see it.
Without a VPN,
every time you connect to free wifi
in a hotel or a cafe,
you're risking people stealing your passwords,
your banking details,
and your private data.
That's not true.
You’ve probably seen the adverts at the
end of every educational channel’s videos,
and look,
it's just that I do this sort of
computer security stuff,
I am supposed to know about it
and understand it.
Like, if I took a sponsorship
from a boat manufacturer
and then it turned out the boats sank,
that would suck,
but I'm not expected to know about boats.
I am expected to know about VPNs,
Virtual Private Networks.
And some of the claims that VPN adverts make
are wrong.
Password-stealing over wifi was a serious
threat, a few years ago.
Someone could run an ARP spoofing attack,
make their computer
pretend to be the network hub,
and steal every plain-text password that went
through that wifi network.
It required very little technical knowledge.
Or they could compromise the hub itself and
look at all the traffic that was going through it.
But you know what else sends data through
an encrypted tunnel?
Every single web site with a
padlock in the browser,
every iPhone app since 2016,
every Android app since 2018.
Anything that sends any sort of personal data
now uses a trusted encrypted tunnel, HTTPS,
that padlock,
and unless you’re using web sites or apps
from the past,
if anyone tries to intercept your data,
it won't work.
Now, people on the network can see what sites
you're connecting to,
so, just the name of your bank,
and they could see the contents
of dated web sites,
the ones where the browser now shows "Not
Secure".
But that's all.
No passwords, no bank details.
Those attacks don't work any more.
One VPN company even had their advert banned
by the UK regulator
because of those misleading claims.
VPNs use military grade encryption to keep
your data safe.
Military-grade encryption means "AES",
which is the same encryption that's baked
into every web browser and app.
You're using military-grade encryption to
watch this video.
The claim’s not wrong,
it's just not special either.
Plus, a VPN stops your internet service provider
spying on what you're doing online.
Now, that is true, to an extent.
Yes, without a VPN,
your internet service provider, your ISP,
can see what domain names
you've been connecting to.
There can be very good reasons to hide those.
Your country may allow ISPs to sell that data
to advertisers,
or to build up a profile on you.
Maybe you are studying at a fundamentalist
Christian college
and don't want university administrators knowing
that you're questioning your faith,
or questioning your sexuality.
Some ISPs also prioritise some apps, sites
and traffic types over others,
and a VPN means that they can’t do that.
Or maybe your government is planning to introduce
an ill-advised and often-delayed
block on adult content
and you want to work around it.
That's all reasonable.
Metadata does give away a lot of information,
and wanting to keep that private
is a fair idea.
But that's not what a lot of the VPN ads are
implying,
they're implying that your ISP can read the
content of your messages.
And again, if there's a padlock in the browser,
or if you’re using a modern app,
that's not true.
And if you do use a VPN, all you're doing
is changing who can see that metadata.
Your ISP can't any more,
but the VPN company can
because at their end of the tunnel,
they have to look at that metadata
to work out where to send your traffic to.
But maybe that's worth it for you.
And besides...
A good VPN doesn’t keep any logs of who
you're talking to.
It is a brave move for a VPN not to keep any
logs, given that if that's true,
their service will inevitably be used for
a lot of really awful illegal stuff.
Some do claim that, some have even brought
in independent auditors to try and prove
that they don't keep any logs.
And you can’t have 100% certainty of that,
but they have got as close
as you reasonably can.
So if you're planning an assassination and
your priority is absolutely covering your tracks,
then sure, I guess a VPN might be worth it.
But to customers, a VPN that
doesn't keep logs is indistinguishable
from one that's been compromised by hackers,
or that's been given a little government
black box that they don't understand
but they have to plug into their systems and
not tell anyone about.
Or from a VPN where a single employee has
been bribed
and has started logging things for just a
few accounts.
To be clear, I do not think any of the
VPN services are a front for the FBI,
or Russian mobsters, or some state-sponsored
plausibly-deniable intelligence operation.
Genuinely, they are almost certainly not,
and I do not want to scaremonger.
Any company that was found to be logging stuff
without permission would be bankrupt soon after,
it would be a very very bad business decision.
And the enormous amount of money that VPN
companies suddenly have probably comes from
overenthusiastic venture capital firms.
Actually, it almost certainly comes from them.
But if you wanted to see what the most paranoid,
security-conscious people are connecting to,
and you wanted to install software
on their systems
that is designed to read all their network traffic
and then redirect it through
a single choke point,
then setting up a VPN service with a huge
advertising budget would be a great way to do it.
And if you use a VPN, you can connect to streaming
services around the world,
as if you were in those countries!
And that's the real reason a lot of people
use VPNs.
Are you going to China, or somewhere else
that blocks off access to a lot of web sites?
That's a fair reason.
Do you want to watch another country's streaming
content,
or download just enormous amounts of BitTorrents
without being tracked?
Those are valid uses of VPNs, even if they
are legally questionable.
It's just that "great for pirating stuff and
getting around the law"
is the sort of marketing that gets a company
in trouble,
and "we stop bad people stealing your passwords"
is the sort of marketing
that scares people into buying something that
they might not need.
So, with that in mind, I wrote a more honest
advert for VPN services,
and I found a company that was willing to
sponsor the video.
Unfortunately, they kept asking for changes,
and we disagreed on those,
so at the last minute,
I have had to blank their name out.
Do you want your hide your sexuality from
your college administrators?
Do you want to download huge amounts of pirated
content with an extremely low,
but not zero, risk of being found out?
Are you planning an assassination and want
to hide your tracks?
Then you need [bleep] VPN,
the best choice for gay people, pirates, assassins,
and gay pirate assassins.
[bleep] VPN is a tool that can be used both
for good and evil,
and it's extremely unlikely to be a front
for the FBI.
But you should know:
unless you are being personally targeted by
well-funded hackers using exploits that the
world doesn’t know about yet,
it doesn't make your passwords and
financial data any more safe.
They’re already pretty safe.
And if you are being targeted by hackers like
that, you have bigger problems.
But if you want to hide your identity,
pretend you’re in another country,
or make sure your connection is secure as
you work out the
lethal doses of particular chemicals,
then go to [bleep].com/honest for [bleep]
That was a lot of money left on the table.
Lot of money.
