You wont believe the truth about VPNs!

you-wont-believe-the-truth-about-vpns!

You wont believe the truth about VPNs!

You're likely reading this because you've asked what VPN service to use, and this is the honest answer.

Keep in mind that you may need a VPN for work related communications. That type of VPN is not what is being discussed here. We are discussing the VPN services available through multiple providers around the world. These VPN services are sold as 'privacy protection';

Why don't I need a VPN service?

Because a VPN in this sense is just a proxy. The VPN provider can see all your traffic, and do with it what they want - including intercepting your data and logging everything you visit or type.

My VPN provider says they don't log!

There is no way for you to verify that. The only safe assumption is that every VPN provider logs.

Keep in mind that it is in a VPN provider's best interest to log their users - it lets them deflect blame to the customer if they ever were to get into legal trouble.

Most countries have security agreements with other countries and those agreements are a massive part of global security. If the US/RU government directs your VPN provider to give them the logs, your provider will fold in seconds. No VPN provider wants the full weight of any super power's security apparatus pressed upon them.

Especially for your $5-$10/month.

But a VPN service provider would lose business if they did that!

I'll believe that when HideMyAss goes out of business. They gave up their users years ago, and this was widely publicized. The reality is that most of their customers will either not care or not even be aware of it.

I pay anonymously, using Bitcoin or other alternate currency or crypto-currency!

Doesn't matter. You're still connecting to their service from your own IP, and that data is logged. This includes your cell phone, desktop, laptop, iPad; this means every device you use.

I want more security!

VPNs don't provide security. They are just a proxy.

I want more privacy!

VPNs don't provide privacy, with a few exceptions (detailed below). They are just a proxy. If somebody wants to tap your connection, they can still do so - they just have to do so at a different point (ie. when your traffic leaves the VPN server) -or if requested by a nation state, directly at the VPN server.

I want more encryption!

Use SSL/TLS and HTTPS (for centralized services), or end-to-end encryption (for social or P2P applications). VPNs can't magically encrypt your traffic - it's simply not technically possible. If the endpoint [Facebook, Whatsapp, Instagram, Twitter etc.] expects plaintext, there is nothing you can do about that.

When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, a VPN provider can see and intercept with all your traffic.

But I want to confuse trackers by sharing an IP address!

Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these kind of tactics, and combined with increased adoption of CGNAT and an ever-increasing amount of devices per household, it just isn't a reliable data point anymore.

Marketers will almost always use some kind of other metric to identify and distinguish you. That can be anything from a useragent to a fingerprinting profile. A VPN cannot prevent this.

So when should I use a VPN?

There are two use cases where you might want to use a VPN:

  1. You are on a known-hostile network (eg. a public airport WiFi access point, or an ISP that is known to use MITM), and you want to work around that.
  2. You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters.

In the second case, you'd probably just want a regular proxy specifically for that traffic - sending all of your traffic over a VPN provider (like is the default with almost every VPN client) will still result in the provider being able to snoop on and mess with your traffic.

However, in practice, just don't use a VPN provider at all, even for these cases.

What should I do?

If you absolutely need a VPN, and you understand what its limitations are, purchase a VPS and set up your own (either using something like Streisand or manually - I recommend using Wireguard). I will not recommend any specific providers (diversity is good!), but there are plenty of cheap ones to be found on LowEndTalk.

How is that any better than a commercial VPN service provider?

A VPN provider specifically seeks out those who are looking for privacy. People who believe they have something to hide are more likely to have traffic that interests a state actor. It is more likely that a VPN provider will be malicious or a honeypot, versus honest. Using a commercial VPN is the easiest way for your traffic to be intercepted by a nation state.

So why do VPN services exist?

VPN services exist to:

  • Allow foreign and domestic agents to easily access your data and/or traffic. Just look at what countries run VPNs and look at their respective government's type of leadership and their government's trade and security agreements with foreign powers.

  • Make money simply because it's easy money. You just set up OpenVPN on a few servers, and you can resell bandwidth with a markup. You can make every promise in the world, because nobody can verify them. You don't even have to know what you're doing, because again, nobody can verify what you say.

So yes, VPN services do serve a purpose - unfortunately the benefits are for the provider, not you.

TL;DR: You don't need a VPN service.

The post You wont believe the truth about VPNs! appeared first on Veritasr.