Remember kids, if the service is free, you are the product.
this post was submitted on 06 Oct 2025
25 points (96.3% liked)
Cybersecurity
8846 readers
5 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
Laughs in FOSS
Related: I motion that we really should stop using that advice so blanketly, and instead say "If the product is free and run by capitist entities, you're the product."
Don't be bringing your politics into this. Communist, socialist, anarchist, etc, entities are all capable of running a honeypot VPN service. Even if the motive isn't directly monetization, the user is still the product.
Also, even in the FOSS world, you have to be wary of services with ongoing costs (thinking of things that have a server side component, not software that you can run purely locally) that are offered for free.
I will start out by saying I was not the person who downvoted you, and while I also agree that anyone can run a honeypot obviously, that phrase IS inherently pro-corporation and capitalist. If you wrote out in it's entirely what it means, it's arguing that you can't trust anyone with your security unless they're a business you're paying. Which is objectively encouraging people to side with capitalism over the open source and community based internet. Which is really the only reason why I point out the flaw in that phrase. The phrase is as inherently political as privacy itself is.
What I'm saying is one step more cynical that that. I'm saying is that you can't fully trust anyone with your privacy. The best you can do is try to determine who will treat you best based on the motivation involved. VPNs take resources to operate. In our current society that means money, but even in the absence of money, there's labour, hardware, and electricity costs that go into making it work. Expecting someone to just eat that cost in perpetuity is unreasonable. If the cost is being covered by the users, there is much less incentive for the operator to do anything shady with the data they have access to.
I fully agree with that and I think there's been a misunderstanding. I was simply critiquing the actual phrase. Not trying to claim that the free vpns are in any way reliable or should EVER be trusted. I really did just mean that the phrase itself in (imo), quite problematic overall because if the inherent messaging that the only trustworthy distributers and maintainers of software are for-profit and any other model must be predatory. It completely undermines any proposal of FOSS being valid and safe. Which I think we can all (on the fediverse) agree is something we shouldn't purpetuate as a genralization. That was all I was trying to say.
Leak kind of implies accident. This is more "siphoning"
Modern journalism in a nutshell with this headline.
They never name the threat actor behavior for what it is.
Who could have guessed. Free VPNs are just bullshit
Literally every service in our lives leaks data.
Something that was already known. It's one of the reasons the privacy community online are so against using any old VPN you can find, and urge known good paid options.