Don't use VPN services to guarantee your anonymity

Discussion in 'VPN and Privacy' started by Prorootect, Feb 14, 2018 at 3:48 PM.

  1. Prorootect

    Prorootect Level 48

    Nov 5, 2011
    3,786
    4,452
    0wN3D by my cat!
    Don't use VPN services to guarantee your anonymity
    gist.github.com/joepie91/: Don't use VPN services. · GitHub

    Don't use VPN services.

    No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

    Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

    (A Russian translation of this article can be found here, contributed by Timur Demin.)

    Why not?
    Because a VPN in this sense is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want - including logging.

    But my provider doesn't log!
    There is no way for you to verify that, and of course this is what a malicious VPN provider would claim as well. In short: the only safe assumption is that every VPN provider logs.

    And remember that it is in a VPN provider's best interest to log their users - it lets them deflect blame to the customer, if they ever were to get into legal trouble. The $10/month that you're paying for your VPN service doesn't even pay for the lawyer's coffee, so expect them to hand you over.

    But a provider would lose business if they did that!
    I'll believe that when HideMyAss goes out of business. They gave up their users years ago, and this was widely publicized. The reality is that most of their customers will either not care or not even be aware of it.

    But I pay anonymously, using Bitcoin/PaysafeCard/Cash/drugs!
    Doesn't matter. You're still connecting to their service from your own IP, and they can log that.

    But I want more security!
    VPNs don't provide security. They are just a glorified proxy.

    But I want more privacy!
    VPNs don't provide privacy, with a few exceptions (detailed below). They are just a proxy. If somebody wants to tap your connection, they can still do so - they just have to do so at a different point (ie. when your traffic leaves the VPN server).

    But I want more encryption!
    Use SSL/TLS and HTTPS (for centralized services), or end-to-end encryption (for social or P2P applications). VPNs can't magically encrypt your traffic - it's simply not technically possible. If the endpoint expects plaintext, there is nothing you can do about that.

    When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and mess with all your traffic.

    But I want to confuse trackers by sharing an IP address!
    Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these kind of tactics, and combined with increased adoption of CGNAT and an ever-increasing amount of devices per household, it just isn't a reliable data point anymore.

    Marketers will almost always use some kind of other metric to identify and distinguish you. That can be anything from a useragent to a fingerprinting profile. A VPN cannot prevent this.

    So when should I use a VPN?
    There are roughly two usecases where you might want to use a VPN:

    1. You are on a known-hostile network (eg. a public airport WiFi access point, or an ISP that is known to use MITM), and you want to work around that.
    2. You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters.
    In the second case, you'd probably just want a regular proxy specifically for that traffic - sending all of your traffic over a VPN provider (like is the default with almost every VPN client) will still result in the provider being able to snoop on and mess with your traffic.

    However, in practice, just don't use a VPN provider at all, even for these cases.

    So, then... what?
    If you absolutely need a VPN, and you understand what its limitations are, purchase a VPS and set up your own. I will not recommend any specific providers (diversity is good!), but there are plenty of cheap ones to be found on LowEndBox.

    But how is that any better than a VPN service?
    A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that a VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be.

    So why do VPN services exist? Surely they must serve some purpose?
    Because it's easy money. You just set up OpenVPN on a few servers, and essentially start reselling bandwidth with a markup. You can make every promise in the world, because nobody can verify them. You don't even have to know what you're doing, because again, nobody can verify what you say. It is 100% snake-oil.

    So yes, VPN services do serve a purpose - it's just one that benefits the provider, not you.

    ______________________________________________

    touya-akira comment:
    The post is fine but the headline is wrong. Especially since you clearly state valid use-cases for a VPN. So, yes, there are reasons to use a VPN. (Another use-case, probably covered in 2) is access to country-restricted services like netflix, bbc, etc). You just should never rely on a VPN to guarantee your anonymity.


    nv-vn comment:
    You just should never rely on a VPN to guarantee your anonymity same goes for Tor or any other privacy service. you should always take as many measures as possible to prevent yourself from being tracked if you want to guarantee anonymity.


    ...Read MORE comments at the website...
     
  2. bribon77

    bribon77 Level 12

    Jul 6, 2017
    600
    4,165
    spain
    Windows 7
    Emsisoft
    Maybe this man is right.:unsure::confused:
    Although it is clear that anonymity is almost impossible.
     
  3. Arequire

    Arequire Level 19

    Feb 10, 2017
    910
    2,852
    United Kingdom
    Windows 7
    Default-Deny
    They're fine arguments until you consider the fact that your ISP also has the ability to see, log and manipulate your traffic however they see fit.
     
  4. Janl1992l

    Janl1992l Level 9

    Feb 14, 2016
    448
    1,560
    Germany
    Windows 10
    Avast
    I am fully against this article and i realy dont know why he thinks every vpn loggs. When i read this it seems more like he hate vpns, thats all. "vpn dont provider privacy" "vpn dont povide security" both false statements. Well, its how u define privacy and security but a vpn provider can give you both, a trustworthly one who knows what they are doing. And a vpn is by far not only a glorified proxie. Alone some vpn applications for windows are realy good with extra privacy/security settings, u cant say a vpn is just a proxy.
     
  5. Arequire

    Arequire Level 19

    Feb 10, 2017
    910
    2,852
    United Kingdom
    Windows 7
    Default-Deny
    From Windscribe (VPN provider):
    I wouldn't doubt every VPN provider has some form of logging, it just doesn't have to be traffic logs.
     
  6. MeltdownEnemy

    MeltdownEnemy Level 1

    Jan 25, 2018
    22
    48
    OutOfThisWorld
    Windows 10
    BitDefender
    That anyone knows, the vpn only to unlock pages, streaming services and to protect against attacks from other networks, that's not privacy, there is no such thing.
     
    Deletedmessiah and bribon77 like this.
  7. Janl1992l

    Janl1992l Level 9

    Feb 14, 2016
    448
    1,560
    Germany
    Windows 10
    Avast
    vpn is not the only way for become some privacy. first thing todo is not to use windows. there are some realy, realy good alternatives out there when it comes to privacy. Than u can use a vm on there+ a vpn. thats one big steep for privacy. i know, most guys say "there is no privacy, no anonymity online" But when i see some darknet ppl or "illegal person" online and see how much years they are online, i think about it and how hard it can be for anyone to get them. So there is a chance to stay almost fully anonymus online. Its just how u handle things. Dont use Accounts at all is the first thing. Like google-e-mail etc. That is all trackable and sure, than u have no privacy online. But when u only surfe the net without any accounts tht are linked to you u can have almost full privacy and anonymity when doing it right.
     
  8. bribon77

    bribon77 Level 12

    Jul 6, 2017
    600
    4,165
    spain
    Windows 7
    Emsisoft
    #8 bribon77, Feb 14, 2018 at 6:21 PM
    Last edited: Feb 14, 2018 at 6:29 PM
    I think VPNs do their job. What it says is to make you anonymous
    That is hard. But there are people in countries with many restrictions and they use VPN. and help, that your ips do not know anything about their navigation.

    Journalists, who have to send information should use some type of VPN . If they are not fried
     
  9. zzz00m

    zzz00m Level 4

    Jun 10, 2017
    159
    383
    USA
    Windows 10
    Avira
    Who gives a s h i t about anonymity? I just want to keep my data out of my ISPs hands...
     
    Sunshine-boy likes this.
  10. Flengo

    Flengo Level 1

    Oct 19, 2017
    45
    273
    Australia
    Linux
    It's about trust.
    I use PIA and definitely trust them much more than my ISP - PIA's business model is in keeping their users secure and adhering to their promise of privacy while my ISP has to keep logs of my internet usage for up to six months by law.
     
    Prorootect and Sunshine-boy like this.
  11. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,373
    5,993
    Far East
    #11 HarborFront, Feb 14, 2018 at 9:35 PM
    Last edited: Feb 15, 2018 at 1:54 AM
    If you do NOT want your VPN provider to know you then set up your own VPN at home. However, this method has its caveats too

    PROS

    1) You know the operator of the VPN isn't cooperating with police/spooks, because it's you
    2) Latency and bandwidth are likely much better than 'VPN' proxy services aimed at layman users
    3) You get to choose all config, cipher suites, exposed ports, data logged, auth standards

    CONS

    1) You have only 1 or 2 IP addresses unlike many available shared IP addresses from those VPN providers
    2) Unless you are truly well-versed you are solely responsible for the security of your server and all software config, and you might mess up
    3) You’ll be severely restricted when online logging if you want to remain anonymous
    4) Once an adversary ties you to your VPN endpoint, it's burned, and yours will be the only traffic originating from it. (This is mitigated somewhat by your choice of hosting/location i.e. use of VPS which is a rented private server. See below).
    5) Even using a VPS payment is likely easy to track back to you, unless you've paid using an anonymous method of payment that you got money into without exposing your identity, which is hard, and if plod/spooks can tie a bitcoin address to you, or uncover a fake ID/card, that's bad

    For mitigating CONS point 4) you can set up as follows

    Your friends <== VPN tunnel ==> Your VPS <== VPN tunnel through SSH ==> Your server running OpenVPN and Tor <== Tor ==> Internet


    Your friends' ISPs (and likely, governments) could see that they're connecting to your VPS. Your VPS provider could see connections to your friends, and also to your OpenVPN server. And your ISP (and likely, government) could see connections to your VPS.

    But neither your friends' ISPs and governments, nor yours, could see that your friends are connecting to your OpenVPN server, unless your VPS provider cooperates with them. Therefore, you want a privacy-friendly VPS provider that operates in a jurisdiction that's unlikely to cooperate with either your friends' governments or yours.

    For additional security, you could access your VPS through commercial VPNs (nested, even) and pay for it anonymously.
     
    Prorootect, harlan4096 and Oxygen like this.
  12. Erika

    Erika Level 1

    Sep 25, 2017
    8
    21
    UK
    Windows 10
    BitDefender
    Well, I don't think all VPNs are log users activities. I thought there is no need to use VPN also posted Q&A - Is there a real need of using a VPN? Be honest! after the user's reviews I really need to use VPN. I use VPN all the time and on all devices like Kodi box, Laptop and Smartphone because I feel unsafe without VPN. Pay the bills via credit card while using public wifi. All VPNs provider claim that they do not log users activities and I think I am using log less VPN, but I don't know if they record activities, but we can trust them there no other way.
     
  13. Prorootect

    Prorootect Level 48

    Nov 5, 2011
    3,786
    4,452
    0wN3D by my cat!
    "I don't know if they record activities" - exactly Erika, we don't know, that's all.
    This means - we don't have confidence in them.
    So...
     
    bribon77 likes this.
Loading...
Similar Threads Forum Date
Security Alert Most Web Services Don't Care How Weak Your Password Is Security News Aug 9, 2017
HitmanPro-Alert and Bullguard 2018 don't play nice. HitmanPro (Sophos) Nov 13, 2017
Android Don't Forget Your Unlock Method on Android 8.1, It Will Brick the Phone Android, iOS and Windows 10 Mobile Nov 2, 2017