What's a good VPN for Sonoma OS Mac M3?
I travel a bit and hotels often offer free internet. I use Norton VPN on my iPhone 13 Pro OS/Patch current.
MacBook Pro 13″, OS X 10.11
You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
I travel a bit and hotels often offer free internet. I use Norton VPN on my iPhone 13 Pro OS/Patch current.
MacBook Pro 13″, OS X 10.11
Walletarian wrote:
1. First, thanks for quick response.
One that encrypts my browsing, especially financial institutions
Built in.
It’s called Transport Layer Security, or TLS, or by the older Secure Sockets Layer SSL name. When used in website access, it’s shown as an HTTPS connection. TLS / SSL / HTTPS creates a secure connection from your local client all the way to the destination server, and back.
For added privacy, enable iCloud+ and Private Relay.
2. Home (fiber network w Wifi), travel through airports, hospitals, general web browsing
Built in.
3. account info, transactions, medical data
Built in.
4. Always like free, but the adage you get what you pay for holds true. Less than $100
Built in. Free, too.
Not sure of your "aware" statement. You saying no VPN will protect general web browsing.
The commercial first-few-hops,VPN apps add a weak second tunnel around the first (and far more secure, and end-to-end) TLS tunnel, and personally attribute the traffic to you. Which means that while the services might not have access to your data, they do have access to your metadata, all neatly centralized and terminated onto their servers for easy collection and attribution.
Commercial first-few-hops VPNs badly solve a problem that hasn’t existed for a decade or so, and badly solve it using a second and weak tunnel around just part of the far more secure and end-to-end tunnels already used, and badly solve the problem in a way that is perfect for collecting and personally-identifying and reselling users’ network activities.
Too many of the VPN vendors are themselves either shady, or have been caught in lies such as the leak of logs from the “no logging” VPN services.
And I’m sure that the massive hype around VPNs is not indicative of shady business practices, of course. 🙄
If you really need a VPN for geolocation shifting such as for website testing, or content delivery network testing, or such, look at running your own Algo server.
Walletarian wrote:
1. First, thanks for quick response.
One that encrypts my browsing, especially financial institutions
Built in.
It’s called Transport Layer Security, or TLS, or by the older Secure Sockets Layer SSL name. When used in website access, it’s shown as an HTTPS connection. TLS / SSL / HTTPS creates a secure connection from your local client all the way to the destination server, and back.
For added privacy, enable iCloud+ and Private Relay.
2. Home (fiber network w Wifi), travel through airports, hospitals, general web browsing
Built in.
3. account info, transactions, medical data
Built in.
4. Always like free, but the adage you get what you pay for holds true. Less than $100
Built in. Free, too.
Not sure of your "aware" statement. You saying no VPN will protect general web browsing.
The commercial first-few-hops,VPN apps add a weak second tunnel around the first (and far more secure, and end-to-end) TLS tunnel, and personally attribute the traffic to you. Which means that while the services might not have access to your data, they do have access to your metadata, all neatly centralized and terminated onto their servers for easy collection and attribution.
Commercial first-few-hops VPNs badly solve a problem that hasn’t existed for a decade or so, and badly solve it using a second and weak tunnel around just part of the far more secure and end-to-end tunnels already used, and badly solve the problem in a way that is perfect for collecting and personally-identifying and reselling users’ network activities.
Too many of the VPN vendors are themselves either shady, or have been caught in lies such as the leak of logs from the “no logging” VPN services.
And I’m sure that the massive hype around VPNs is not indicative of shady business practices, of course. 🙄
If you really need a VPN for geolocation shifting such as for website testing, or content delivery network testing, or such, look at running your own Algo server.
Walletarian wrote:
Thanks, Bob,
So logging into a bank site with two factor is best I can do? How does Norton et al, get away with security claims then, or is it just the MacOS Security is so good?
I don't like being a suckerfish :)
If you are connecting to a bank or such, use secure protocols such as https or sftp rather than insecure protocols.
Public VPNs do not add additional security. If you are sending insecure data on the Internet the vpn company, and all nodes between you and the final destination, sees that information and they can do with it whatever they feel like doing (selling it, sharing it, etc.) They then dump your information back onto the Internet to send it to the bank etc. These VPN companies do not have special secure access to banks, etc. They forward your data, after accessing it, in the same way you initiated the transaction.
Just adding to the excellent and comprehensive replies you already received:
Don't use VPN services. No, seriously, don't.
To which I would add: no. Seriously. Don't.
I travel a bit and hotels often offer free internet.
So do I. I'm traveling right now. I'm using an old Mac. A very old, well-traveled, beaten-up outdated one running an "obsolete" operating system. Yet somehow I manage to make financial transactions and probably do everything else you do, without using VPNs, "Norton" or any of that nonsense. Do I look worried?
I am a bit annoyed that I can't watch a movie that isn't available outside the US at the moment. I suppose I could use a VPN to get around that inconvenience, but I'll get over it. Or perhaps I'll just have to spend the twenty bucks and buy it.
Read Effective defenses against malware and other threats - Apple Community. That's what I do and it's what I recommend.
Could you provide us with four additional bits of information?
Just so you are aware, no VPN for general web browsing, will provide you with 100% end-to-end security.
Ok, let's go over each of those:
Not sure of your "aware" statement. You saying no VPN will protect general web browsing.
Yes, I'm very familiar with this. Most, if not all, VPNs that provide you with a service to "protect" web browsing, are based on using SSL/TLS. These are also known as "User to Server" VPNs.
Yes the data traversing the VPN tunnel between your device and the VPN provider is mostly encrypted (I say mostly, because a few "bad eggs" have been known not to actually provide you with an actual encrypted tunnel), when that data leaves their server to journey the rest of the way to the actual website's server, it is now completely outside of the tunnel ... leaving it vulnerable to attack. That's why I'm saying that these do NOT provide 100% end-to-end security.
The only VPNs that do are the ones that you (or your company) has control of both end-points of the tunnel.
Although the following article is a bit outdated (2017), it still holds true today. Hopefully, you will find it an interesting read. There are many more like it.
Walletarian wrote:
1. First, thanks for quick response.
One that encrypts my browsing, especially financial institutions
2. Home (fiber network w Wifi), travel through airports, hospitals, general web browsing
3. account info, transactions, medical data
4. Always like free, but the adage you get what you pay for holds true. Less than $100
Not sure of your "aware" statement. You saying no VPN will protect general web browsing.
Unless you are using the VPN to create a secure point-to-point tunnel to your workplace or other institution's private network the VPN provides no security.
Walletarian wrote:
Thanks, Bob,
So logging into a bank site with two factor is best I can do?
Two-factor is an authentication mechanism, not a privacy mechanism. 2FA is a last-ditch protection against compromised credentials, such as attacks based on password reuse and the ever-popular password cramming, or credentials phishing. (SMS- or standard RCS-based messaging 2FA isn’t great, but it’s better than no 2FA.)
How does Norton et al, get away with security claims then,
I’d expect most vendors will adhere to their tech specs and their fine print. Vendors may well include omissions or gaps or glossed-over details that are “advantageous” (to the vendor) in their fine print, of course. Avast surprised a few of their users a while back, for instance.
or is it just the MacOS Security is so good?
Most modern systems do pretty well, which means the threats have also evolved and moved on to different targets and different techniques.
More than a little of the malware and junk available for macOS lately is deliberately installed—cracked apps, adware, couponware, add-on security tools, etc—and not the traditional malware mess that Microsoft Windows was having decades ago.
A whole lot of what bad happens now is phishing, and spear-phishing, exploits due to re-used passwords and the inevitable cramming, and related. Ah, well… Sooner or later, we’re all going to get phished.
First, thanks for quick response.
Not sure of your "aware" statement. You saying no VPN will protect general web browsing.
Thanks, Bob,
So logging into a bank site with two factor is best I can do? How does Norton et al, get away with security claims then, or is it just the MacOS Security is so good?
I don't like being a suckerfish :)
Walletarian wrote:
So logging into a bank site with two factor is best I can do?
Two factor authentication (2FA) is to protect your user credentials. If available, I would always recommend that you enable this feature.
By default, most 2FA implementations rely on sending you a text message with a verification code. This is better than nothing, but text messages themselves are not 100% secure. Better methods have been introduced, but it will require that the financial (or any) institution allow for them ... and that is either PassKeys or having a physical Security Key. An example of the latter would be a YubiKey.
Thanks to all who advised me.
What's a good VPN for Sonoma OS Mac M3?