Why do I always get a bad feeling about the motivations behind stuff like this? I want to believe it's for better privacy and security, but it's being driven by a corporation or two, and that makes me 100% suspicious. Like, for example, suddenly Edge is no longer respecting local DNS options and my pihole protects one fewer device from the real dangers to privacy. I don't want to be cynical so often, but this really doesn't feel like a benevolent move. Yeah, it's conditional at the moment, but as with Chrome and manifest v3, among many other examples, I'm losing my faith that anything with the potential to increase ad revenue will remain turned off for long.
The reason you have a bad feeling is it gives the FBI/FEDS a single point to collect your data, with a man-in-the-middle attack that you will have no idea is there.
VPNs don’t help privacy at all. They allow you to substitute trust in your ISP for trust in a different entity. For some, that may be good, but for most others it’s a wash.
If it was good for you, Microsoft would the the one announcing it. Loudly and repeatedly. They would do it even if it was harmful, but there existed some artificial narrative where it sounds good.
You are hearing it from a third party exactly because they couldn't construct any explanation minimally realistic that sounded good.
Windows is an appliance (an interface) for amazon shopping and watching netflix.
The MS telemetry has proven that 99.999% of consumers do not tweak default settings or dig under the hood.
The 1-2 million now former "windows power users" are just too small population to be economically feasible to deal with.
For MS it does not matter to lose those few to other tweakable OSs.
Instead MS's product department is dreaming of scooping the remaining billions of cash-laden consumers. Presumably this is what the telemetry tells them.
Cash is good, consuming is good, keeps the economy running, making shareholders happy.
When trying to ascertain the intents of large organizations, I find it useful to examine previous actions. In the case of Microsoft, their willingness/intent to add ads and telemetry (including keylogging) into their OS seem to indicate they are doing this for serving ads better to their larger (paying) customers.
If you're not paying for the (specific) service, you are the product.
I mean, if you have an attitude that anything an organization does must be for an ulterior motive, you're always going to get what you are looking for. Heck, people too for that matter. Maybe my dog just pretends to love me to get food.
But in this case, Microsoft is looking for any competitive advantage against Google. They won't win on targeting, and they still make more money selling software than ads. So this does seem like an easy win for them.
Check out the book “Hard Drive” about the early days of Microsoft, and you will never be able to see anything that corporate does without suspicion, and for a good reason.
Probably because Facebook already tried the free VPN and it was every bit the privacy nightmare you'd expect it to be. Given Microsoft's track record, there's no reason to expect that to be any different.
I am 100% with you in general, but this feels more like the Windows Defender launch than some fully cynical power grab. That is to say - Microsoft gets a lot of grief and work from windows installs getting taken over / viruses / etc. For users who don't pick up their own protection (and don't choose to turn off the default windows protection) this feels like a better default. I don't trust Microsoft, but you are already exposed to their manipulations when you are using their OS - and this will help protect you from other manipulations.
This is where Apple's implementation, where the info is split between them and a third party with neither of them able to read the traffic on their own is so smart. Especially since there are multiple counter-parties to Apple. It also negates the risk of an MITM attack. Yes of course they could collaborate with a counter-party to break the system, but it seems significantly less likely to happen, and if it was happening it would be significantly more likely to come to light.
I mean nobody is forcing you to use Edge or Chrome, there are better alternatives like Vivaldi or if you really want to take it to extreme Ungoogled Chromium. But I agree with your sentiment, although it just means you should probably move to open source and obscure options.
Also:
> Brave, Mozilla, and Vivadi have said they intend to continue supporting Manifest v2 extensions for an indeterminate amount of time.
The motivation is to keep up with Apple who themselves are trying to distinguish themselves from Google. Doesn’t need to be sinister. If your primary business model doesn’t depend on tracking people to sell ads, and you’re competing with someone else whose does, then leaning in to making the use of your software/hardware more private makes sense.
I noticed today I can't find the Chrome flag (v105) to enable its reader mode. It's like they just nuked it since it made articles actually readable. It's not a huge deal, but I liked not having to launch another service like Pocket.
Exactly.. I would take it from Firefox if they offered something like iCloud Private Relay.
But the thing they offer from Mullvad is no better than a traditional VPN (because it is a traditional VPN). And even more limited because it only works in the browser.
And indeed the circumvention of Pihole is a big problem.
If you have never worked at a large tech company like Microsoft, you'll probably have a bad feeling because there's a lot you don't know about the business process of shipping features like this. It's reasonable to be cynical and confused if you have never seen it from the other side.
For the most part, product features like this are shipped for boring and completely non-nefarious reasons. It's just hard to believe that if you've never worked on one.
> the VPN will automatically connect when you’re using public Wi-Fi or browsing unsecured networks and sites lacking a valid HTTP certificate.
OK, that's actually a pretty decent idea. It's not going to be always-on, but it's providing security specifically for things like coffeeshops/libraries and for sites that don't provide their own security. In other words, it's "backup security", not rerouting all of your "normal" secure traffic at work/home.
This mainly protects sites you visit from having JavaScript injected into them by networks when there aren't any other protections, and the VPN is run by Cloudflare so it will be performant, so I don't really see any problems here? Seems like a positive development actually.
From the article, this is powered by a partnership with Cloudflare. It's worth noting that until August 6 of this year, Cloudflare's WARP VPN would leak your IP address - but only to sites using the Cloudflare network.
Microsoft's initial announcement for the feature touted that IP addresses would be masked, and one imagines that they did their diligence with Cloudflare and are enforcing the strong practices that WARP has now rolled out more broadly.
But it's worth noting that you're routing through a company to whom the words "still private" encompassed leaking client IP address information to Cloudflare's hosting customers as recently as two months ago.
As a generally happy Cloudflare customer, a Cloudflare VPN makes me deeply uneasy. (Yes, I know Warp has been around for a while.) Using it means Cloudflare owns a huge chunk of your Internet traffic end to end and decrypted, a uniquely powerful position to be in. And this is going to be default on in Edge according to TFA, even though it’s only applied to plain HTTP sites by default at the moment.
While I would never use a VPN service fronted by a data thieving company, I really hope that VPN usage goes more mainstream so that companies can't have "no access from VPN" as a security strategy.
Ally bank recently did this and many others have intermittent issues due to flagging, etc.
When did the world start trusting any company with a VPN more than their ISP? I still find the privacy pitch to be flakey at best, where at least I can choose who’s aware of my traffic, but getting past geo-blocks really seems to be the most obvious consumer value, which this Cloudflare vpn lacks.
Edge is a reskinned Chromium browser with Microsoft tracking and telemetry baked in. Just because they have a VPN now, it doesn't make it any more private/secure. Why do people use Edge? If you're any way privacy conscious you wouldn't use Microsoft products.
I run a free browser game where you can start playing immediately, no registration required. The game has a big sandbox element where you can build and paint on the world map.
Naturally I've attracted trolls doing everything in their power to grief and ruin it for other players. This has lead me to reluctantly implement moderation tools such as IP bans and proxy detection.
I'm currently using a couple of services where I can supply an IP and get a risk score back but I'm worried about false positives. I'm afraid this initiative, while great for privacy, will make my defense measures futile.
What should I do? I just want to run a game with as few intrusive barriers as possible. I have no interest in collecting any private data from users whatsoever.
Everybody is suspicious of Microsoft's motives but I think in this, you gotta consider how many windows systems are out there used by security novices.
Lots of people are computer savvy but want to use a computer to do something else not under the umbrella of hobbyist sysadmin work.
I don't see the downside here, again, considering the multi-millions average users Windows/Edge has. If you are savvy enough to roll your own VPN using algo from Trail of Bits, then do that. If you are able to weigh the pros and cons of VPNs from having one or not, or which one to use, you are ahead of 99.99% of the people this will help.
I don't like this. When I add a URL to the address bar I want TCP/IP traffic to be directed to only the remote address I requested, and not have traffic relayed through some third party.
I don’t think Adguard, the Russian tech company registered in cyprus, but with mostly Russian employees living in Russia has our best interests at heart.
In India, it is illegal to operate an open unauthenticated wifi. All public Internet access requires a secure auth and you have to present a government ID to the operator to get access. (This applies to getting a mobile SIM card or landline Internet at home as well). This is to deter anonymous illicit activity being conducted from from public Internet locations (like cafes, bus/train/airport stations etc.) Also, same real identity requirement is now applied to VPN operators. Additionally, they have to collect and retain traffic logs, and cooperate with government cybercrime investigations.
Obviously there are potential loopholes – apparently a lot of VPN services are planning to continue operating services with Indian residents with servers not physically hosted in India without logs.
Apple with its Private Relay and now Microsoft with Edge Browser VPN – don't provide VPN with exit nodes hosted in foreign jurisdictions. I'm curious to know if they will cooperate with requirements to collect/retain logs as well.
Microsoft: "Sorry $site_owner, We (some unaccountable ML model) detected that you have violated some rule (we will not tell you which) and as a result, your website can no longer be accessed.
This decision is final and permanent."
There are other ways to protect user privacy without conveniently putting yourself in charge. They pulled the same move with UEFI and secure boot
[+] [-] andrewstuart2|3 years ago|reply
[+] [-] deviantbit|3 years ago|reply
This is absolute BS they're implementing this.
[+] [-] uup|3 years ago|reply
[+] [-] spicybright|3 years ago|reply
Even if they had the best intentions, it's pretty easy to botch these things which erode your privacy even more.
[+] [-] marcosdumay|3 years ago|reply
You are hearing it from a third party exactly because they couldn't construct any explanation minimally realistic that sounded good.
[+] [-] newZWhoDis|3 years ago|reply
[+] [-] idiocrat|3 years ago|reply
Windows is an appliance (an interface) for amazon shopping and watching netflix.
The MS telemetry has proven that 99.999% of consumers do not tweak default settings or dig under the hood.
The 1-2 million now former "windows power users" are just too small population to be economically feasible to deal with.
For MS it does not matter to lose those few to other tweakable OSs.
Instead MS's product department is dreaming of scooping the remaining billions of cash-laden consumers. Presumably this is what the telemetry tells them.
Cash is good, consuming is good, keeps the economy running, making shareholders happy.
[+] [-] r00fus|3 years ago|reply
If you're not paying for the (specific) service, you are the product.
[+] [-] legitster|3 years ago|reply
But in this case, Microsoft is looking for any competitive advantage against Google. They won't win on targeting, and they still make more money selling software than ads. So this does seem like an easy win for them.
[+] [-] cm2187|3 years ago|reply
[+] [-] kirillzubovsky|3 years ago|reply
[+] [-] pricci|3 years ago|reply
If Edge is using DoH, you're out of luck.
[+] [-] cowmix|3 years ago|reply
[+] [-] nerdawson|3 years ago|reply
[+] [-] aeturnum|3 years ago|reply
[+] [-] simonh|3 years ago|reply
[+] [-] Markoff|3 years ago|reply
Also:
> Brave, Mozilla, and Vivadi have said they intend to continue supporting Manifest v2 extensions for an indeterminate amount of time.
[+] [-] eastdakota|3 years ago|reply
[+] [-] bitsoda|3 years ago|reply
[+] [-] marcodiego|3 years ago|reply
Because of microsoft history. Including recent history.
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] GekkePrutser|3 years ago|reply
But the thing they offer from Mullvad is no better than a traditional VPN (because it is a traditional VPN). And even more limited because it only works in the browser.
And indeed the circumvention of Pihole is a big problem.
[+] [-] d0mine|3 years ago|reply
[+] [-] samstave|3 years ago|reply
[+] [-] mgraczyk|3 years ago|reply
For the most part, product features like this are shipped for boring and completely non-nefarious reasons. It's just hard to believe that if you've never worked on one.
[+] [-] jvanderbot|3 years ago|reply
[+] [-] amatecha|3 years ago|reply
[+] [-] numpad0|3 years ago|reply
[+] [-] jahewson|3 years ago|reply
[+] [-] ekianjo|3 years ago|reply
[+] [-] chinathrow|3 years ago|reply
[+] [-] crazygringo|3 years ago|reply
OK, that's actually a pretty decent idea. It's not going to be always-on, but it's providing security specifically for things like coffeeshops/libraries and for sites that don't provide their own security. In other words, it's "backup security", not rerouting all of your "normal" secure traffic at work/home.
This mainly protects sites you visit from having JavaScript injected into them by networks when there aren't any other protections, and the VPN is run by Cloudflare so it will be performant, so I don't really see any problems here? Seems like a positive development actually.
[+] [-] btown|3 years ago|reply
https://web.archive.org/web/20220609160341/https://developer...
And when Cloudflare released their new SOPs for Warp, they did so in a blog post titled "More features, still private" - https://blog.cloudflare.com/geoexit-improving-warp-user-expe... as referenced in https://developers.cloudflare.com/warp-client/known-issues-a...
Microsoft's initial announcement for the feature touted that IP addresses would be masked, and one imagines that they did their diligence with Cloudflare and are enforcing the strong practices that WARP has now rolled out more broadly.
But it's worth noting that you're routing through a company to whom the words "still private" encompassed leaking client IP address information to Cloudflare's hosting customers as recently as two months ago.
[+] [-] oefrha|3 years ago|reply
[+] [-] wintermutestwin|3 years ago|reply
Ally bank recently did this and many others have intermittent issues due to flagging, etc.
[+] [-] graypegg|3 years ago|reply
[+] [-] legrande|3 years ago|reply
[+] [-] ohbtvz|3 years ago|reply
[+] [-] hopfog|3 years ago|reply
Naturally I've attracted trolls doing everything in their power to grief and ruin it for other players. This has lead me to reluctantly implement moderation tools such as IP bans and proxy detection.
I'm currently using a couple of services where I can supply an IP and get a risk score back but I'm worried about false positives. I'm afraid this initiative, while great for privacy, will make my defense measures futile.
What should I do? I just want to run a game with as few intrusive barriers as possible. I have no interest in collecting any private data from users whatsoever.
[+] [-] AlexandrB|3 years ago|reply
I wonder how long until Microsoft starts blocking sites on their VPN for "your protection".
[+] [-] kingaillas|3 years ago|reply
Lots of people are computer savvy but want to use a computer to do something else not under the umbrella of hobbyist sysadmin work.
I don't see the downside here, again, considering the multi-millions average users Windows/Edge has. If you are savvy enough to roll your own VPN using algo from Trail of Bits, then do that. If you are able to weigh the pros and cons of VPNs from having one or not, or which one to use, you are ahead of 99.99% of the people this will help.
[+] [-] _mwnc|3 years ago|reply
[+] [-] bborud|3 years ago|reply
[+] [-] dodgerdan|3 years ago|reply
[+] [-] vinay_ys|3 years ago|reply
Obviously there are potential loopholes – apparently a lot of VPN services are planning to continue operating services with Indian residents with servers not physically hosted in India without logs.
Apple with its Private Relay and now Microsoft with Edge Browser VPN – don't provide VPN with exit nodes hosted in foreign jurisdictions. I'm curious to know if they will cooperate with requirements to collect/retain logs as well.
[+] [-] netsharc|3 years ago|reply
Now why didn't they call it Microsoft Secure Network! And MSN in short.
And next they should start a VPN'ed messaging service, they can name it "MSN Messenger".
[+] [-] bilekas|3 years ago|reply
These days that probably wont even manage the tracking requests being sent from the machine a month.
[+] [-] jll29|3 years ago|reply
[+] [-] hda2|3 years ago|reply
Microsoft: "Sorry $site_owner, We (some unaccountable ML model) detected that you have violated some rule (we will not tell you which) and as a result, your website can no longer be accessed.
This decision is final and permanent."
There are other ways to protect user privacy without conveniently putting yourself in charge. They pulled the same move with UEFI and secure boot
Microsoft needs to be investigated and fined.
[+] [-] kazinator|3 years ago|reply