re: #89 unproven innocence

Concerning VPNs, you can’t expect your bank(s) to be totally ok with repeated attempted logins FAR from where they know you live, unless they don’t care at all about security. They *might* be ok with it provided it happens only rarely.

I have multiple pcs, and several browers on each, so for my banking needs, letting cookies live beyond a single browser session could potentially cause me some problems. (Hey, you are using a different browser/pc/os, not what we usually see when you login, so would you please answer this security Q?) So I prefer that cookies expire in ALL browsers when the browser is closed (ie, “session-only” cookies setting), by default. Also, I prefer using (almost aways) just one browser on one PC for banking.

However, I have found it necessary to use three or so different profiles within a single browser because it is near-impossible to have a single secure browser configuration that works everywhere without issues. For example, one bank insists that cross-site scripting be allowed, as it hands off to onlinebank[dot]com (or whatever) during login. But that’s a scripting behaviour that is so broadly abused by malware that it should be blocked by default. With NoScript add-on, it IS blocked by default, except perhaps for some whitelisted sites. So I can allow that relaxed setting, but only in that one profile, which is used only for that one banking site. Everywhere else, cross-site scripting is generally forbidden.

No, that’s not it.

If I use the VPN and then turn it off (and close out the app), I can no longer access my bank on a separate attempt. The VPN borks up my entire phone. I had to hard reset my router last time.

So I just don’t use the VPN any longer.