Not sure if I used the correct terms but what is the difference in security and privacy between downloading from a public wifi (or a closed wifi; with password) and mobile hotspot (sharing 4G/5G data from your phone to your computer)? Which one is recommended or does it not matter?
On the public wifi, the operator of that wifi can see any data you pass through their network. They can likely see what sites you visit, but probably can’t see what data you send to and from those sites, due to encryption. Unless they have an account with you, or you provide your information in clearext, they can link your data to your devices, but not to you directly, at least not from your use of the AP. They can potentially link your data to your image on their cameras, and thus your identity.
Your ISP has the same access to your data, but they also have a payment account linked to you, and they regularly cooperate with rights holders and law enforcement.
A VPN can do the same thing as an ISP: they know what sites you visit, but probably don’t know what data you are sending and receiving, and they can link it to your payment account. However, they generally do not cooperate with rights holders, and may or may not cooperate with law enforcement in their jurisdiction. While you are using a VPN, your ISP knows you are using them, but doesn’t know what you are sending back and forth, due to encryption.
If you want to remain as anonymous as possible, use a burner device with no accounts on public wifi.
If you want to avoid harassment by rights holders while you engage in piracy, a VPN is sufficient.
This varies widely by ISP and jurisdiction. I never use a VPN and my ISP doesn’t give a fuck what I download. They forward me the scary letters from the rights holders but they always preface it with “don’t worry, we ain’t no snitch”
What incentive do they have to actually follow through on that claim?
I pay my ISP $600/yr. If a third party with a bug up their ass creates $601 worth of trouble for my ISP, why wouldn’t they throw me under the bus?
No ISP is deserving of the kind of trust you describe. It costs them nothing to put those words in a letter.
I don’t particularly trust a VPN provider either, for much the same reason. But, the VPN provider wants to know as little about me as possible, while the ISP needs to know everything.
The law in Canada limits the ISP’s risk exposure and the pursuable damages of the rightsholder. Also it definitely would cost them if they told me “we have not responded to this notice from the rightsholder” and then turned around and did exactly that. That would be a flat out lie to their client. I’d have grounds to sue in a situation like that.
Also, I’ve been doing this for almost a decade and never had any problems. Maybe you shouldn’t assume that your situation is everyone’s situation.
You don’t have any justification to be that condescending. Your security practices are reliant on the law, and the law is not a factor under your direct control. It has changed without your input before, and it will change without your input in the future. Meanwhile, your ISP is building a record of your non-compliance that it can provide to rightsholders just as soon as it likes.
Good security practice minimizes reliance on factors outside your control. You can’t control whether your ISP has your personally identifiable information, but you can deny them knowledge of your data transfers. You can’t control whether a VPN has knowledge of your data transfers, but you can deny them knowledge of your PII.
As of the time of their letter, they had not responded to that notice. They could respond tomorrow without ever having lied to you. You would not have grounds to sue.
Just out of curiosity, will your Canadian ISP and your (current) Canadian laws protect you when a rightsholder portrays you as a pedophile instead of a pirate? If they anonymously publish a torrent containing their movie and some hidden CSAM, are you fucked?
That level of paranoia is a waste of energy. I know that what I’m doing works just fine. Why would some Hollywood studio plant CSAM in a torrent? That would implicate them as well. It makes zero sense. They have better things to do than entrap some nobody in a country whose laws don’t favour them seeking any damages. It would cost them far more in legal fees to come after me than to just leave it alone. The notices they send out are entirely automated and exist primarily as a scare tactic.
If you’re willing to be curious and open minded about things beyond your limited perception and experience, rather than be a know-it-all, I’d be happy to share with you an example email that I recieved recently. I think the language they use is quite interesting.
I know I am paranoid, but am I paranoid enough?
Identifying and evaluating vulnerabilities is a critical component of any security plan. In a good one, any vulnerabilities will be well outside the scope of feasibility.
To cast FUD on piracy in general. To inextricably link “pirate” with “pedophile” in the mind of the general public. To convince the general public to treat copyright infringement as criminal rather than a civil matter.
They hire or extort someone to initially seed from some third world ISPs, and the swarm takes over from there. It never gets traced back to them.
You aren’t the objective, just the means. The purpose is to make piracy a truly objectionable practice in the eyes of the public.
None of this is a likely threat, but is any of it completely outside the realm of feasibility?
Yes. It’s well beyond being worth considering. You’re describing a massive conspiracy where hundreds of people from multiple countries’ governments as well as private corporations would all need to work together without any information leakage. All this to entrap some Canadian programmer who tried to torrent season 2 of a TV show aired in 1990. If any of this was worth doing, it would have been done by now, yet we hear of nothing like this ever happening.
I’ve gone my entire adult life downloading copyrighted material without using a VPN and it’s never caused me any problem. My contract with my ISP confers me a level of trust that I’m perfectly comfortable with. I’m familiar with the Canadian law around this stuff, and how it’s been interpreted by the courts in the past. I am under no threat of financial damages being pursued against me. My ISP has no incentive to log my online activity or report it to foreign authorities. And even if they did, the Canadian courts limit the pursuable damages to four figures; barely enough to pay for the lawyer that would file the suit.
What are you even on about? One person could conceivably add CSAM to a torrent that you eventually download, and you could find yourself subject to a criminal investigation.
“I’ve been fucking multiple partners weekly my entire adult life. without protection, and I haven’t gotten AIDS yet.” <— That’s you. That’s what you sound like.
You are giving your ISP every thing that a rightsholder needs to harass you, with your understanding that laws and corporate policies currently protect you from that harassment. But you ignore that those policies can be changed, and those changes can apply to data you’ve previously given to your ISP. When rightsholders start arguing “think of the children” and pointing at such torrents, that’s the kind of thing that gets laws and policies changed.
Why give them the information in the first place? Why not keep that information away from your ISP? Why trust them to do the right thing when you can easily deny them the ability to do wrong?