Not sure if I used the correct terms but what is the difference in security and privacy between downloading from a public wifi (or a closed wifi; with password) and mobile hotspot (sharing 4G/5G data from your phone to your computer)? Which one is recommended or does it not matter?
Well, using a mobile hotspot will tie the IP address to your phone, so probably not a great idea if your name is listed on the account. Honestly, just use a quality VPN and you’ll be fine with your home connection.
I also did use a VPN on both mobile and computer. Does that change anything?
Yes a VPN will hide your IP address from the server you’re connecting to. The VPN service will still see your IP and may log/record it. You also have to watch out for things like DNS leaks.
Also have to make sure that the public WiFi network one’s device is connected to doesn’t block VPN connections, as was the case at at least one Walmart I tried using the WiFi at.
Absolutely! Wireguard (for example) uses UDP 51820 (normally) which will mlre than likely be blocked, but that won’t stop you from using something like cntlm to proxy it over an allowed port like 443/80. DPI or some intercepting proxies would likely still filter it.
On the public wifi, the operator of that wifi can see any data you pass through their network. They can likely see what sites you visit, but probably can’t see what data you send to and from those sites, due to encryption. Unless they have an account with you, or you provide your information in clearext, they can link your data to your devices, but not to you directly, at least not from your use of the AP. They can potentially link your data to your image on their cameras, and thus your identity.
Your ISP has the same access to your data, but they also have a payment account linked to you, and they regularly cooperate with rights holders and law enforcement.
A VPN can do the same thing as an ISP: they know what sites you visit, but probably don’t know what data you are sending and receiving, and they can link it to your payment account. However, they generally do not cooperate with rights holders, and may or may not cooperate with law enforcement in their jurisdiction. While you are using a VPN, your ISP knows you are using them, but doesn’t know what you are sending back and forth, due to encryption.
If you want to remain as anonymous as possible, use a burner device with no accounts on public wifi.
If you want to avoid harassment by rights holders while you engage in piracy, a VPN is sufficient.
Your ISP has the same access to your data, but they also have a payment account linked to you, and they regularly cooperate with rights holders and law enforcement.
This varies widely by ISP and jurisdiction. I never use a VPN and my ISP doesn’t give a fuck what I download. They forward me the scary letters from the rights holders but they always preface it with “don’t worry, we ain’t no snitch”
What incentive do they have to actually follow through on that claim?
I pay my ISP $600/yr. If a third party with a bug up their ass creates $601 worth of trouble for my ISP, why wouldn’t they throw me under the bus?
No ISP is deserving of the kind of trust you describe. It costs them nothing to put those words in a letter.
I don’t particularly trust a VPN provider either, for much the same reason. But, the VPN provider wants to know as little about me as possible, while the ISP needs to know everything.
The law in Canada limits the ISP’s risk exposure and the pursuable damages of the rightsholder. Also it definitely would cost them if they told me “we have not responded to this notice from the rightsholder” and then turned around and did exactly that. That would be a flat out lie to their client. I’d have grounds to sue in a situation like that.
Also, I’ve been doing this for almost a decade and never had any problems. Maybe you shouldn’t assume that your situation is everyone’s situation.
You don’t have any justification to be that condescending. Your security practices are reliant on the law, and the law is not a factor under your direct control. It has changed without your input before, and it will change without your input in the future. Meanwhile, your ISP is building a record of your non-compliance that it can provide to rightsholders just as soon as it likes.
Good security practice minimizes reliance on factors outside your control. You can’t control whether your ISP has your personally identifiable information, but you can deny them knowledge of your data transfers. You can’t control whether a VPN has knowledge of your data transfers, but you can deny them knowledge of your PII.
Also it definitely would cost them if they told me “we have not responded to this notice from the rightsholder” and then turned around and did exactly that. That would be a flat out lie to their client.
As of the time of their letter, they had not responded to that notice. They could respond tomorrow without ever having lied to you. You would not have grounds to sue.
Just out of curiosity, will your Canadian ISP and your (current) Canadian laws protect you when a rightsholder portrays you as a pedophile instead of a pirate? If they anonymously publish a torrent containing their movie and some hidden CSAM, are you fucked?
That level of paranoia is a waste of energy. I know that what I’m doing works just fine. Why would some Hollywood studio plant CSAM in a torrent? That would implicate them as well. It makes zero sense. They have better things to do than entrap some nobody in a country whose laws don’t favour them seeking any damages. It would cost them far more in legal fees to come after me than to just leave it alone. The notices they send out are entirely automated and exist primarily as a scare tactic.
If you’re willing to be curious and open minded about things beyond your limited perception and experience, rather than be a know-it-all, I’d be happy to share with you an example email that I recieved recently. I think the language they use is quite interesting.
That level of paranoia is a waste of energy.
I know I am paranoid, but am I paranoid enough?
Identifying and evaluating vulnerabilities is a critical component of any security plan. In a good one, any vulnerabilities will be well outside the scope of feasibility.
Why would some Hollywood studio plant CSAM in a torrent?
To cast FUD on piracy in general. To inextricably link “pirate” with “pedophile” in the mind of the general public. To convince the general public to treat copyright infringement as criminal rather than a civil matter.
That would implicate them as well.
They hire or extort someone to initially seed from some third world ISPs, and the swarm takes over from there. It never gets traced back to them.
It would cost them far more in legal fees to come after me than to just leave it alone.
You aren’t the objective, just the means. The purpose is to make piracy a truly objectionable practice in the eyes of the public.
None of this is a likely threat, but is any of it completely outside the realm of feasibility?
None of this is a likely threat, but is any of it completely outside the realm of feasibility?
Yes. It’s well beyond being worth considering. You’re describing a massive conspiracy where hundreds of people from multiple countries’ governments as well as private corporations would all need to work together without any information leakage. All this to entrap some Canadian programmer who tried to torrent season 2 of a TV show aired in 1990. If any of this was worth doing, it would have been done by now, yet we hear of nothing like this ever happening.
I’ve gone my entire adult life downloading copyrighted material without using a VPN and it’s never caused me any problem. My contract with my ISP confers me a level of trust that I’m perfectly comfortable with. I’m familiar with the Canadian law around this stuff, and how it’s been interpreted by the courts in the past. I am under no threat of financial damages being pursued against me. My ISP has no incentive to log my online activity or report it to foreign authorities. And even if they did, the Canadian courts limit the pursuable damages to four figures; barely enough to pay for the lawyer that would file the suit.
If you’re using a trusted VPN like Mullvad, it doesn’t matter really.
When you use a hotspot from your phone the site/peers/whatever sees an IP that your ISP has assigned to you and could share that with authorities etc.
When you use a WiFi they see an IP assigned to the owner of the WiFi.
Security wise its easier for others in the WiFi to try and fuck with your computer since you are on the same LAN.
So it depends on what you fear the most.
I have this very same question. Guess I’ll just wait for someone more experienced and knowledgeable to enlighten us here in the comments. Sorry if I’m not much help, have a nice day <3
Use a VPN if you’re in the West/Far East. That’s it
Edit: I know, I shouldn’t give a shit. But writing a fairly long comment to share my knowledge on this only to see it immediately downvoted without any explanation kind of sucks. So I’m removing this comment and will not interact here anymore.
