Jump to content

Use VPN Services With Caution


Batu69

Recommended Posts

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

Why not?

Because a VPN in this sense is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want - including logging.

But my provider doesn't log!

There is no way for you to verify that, and of course this is what a malicious VPN provider would claim as well. In short: the only safe assumption is that every VPN provider logs.

And remember that it is in a VPN provider's best interest to log their users - it lets them deflect blame to the customer, if they ever were to get into legal trouble. The $10/month that you're paying for your VPN service doesn't even pay for the lawyer's coffee, so expect them to hand you over.

But a provider would lose business if they did that!

I'll believe that when HideMyAss goes out of business. They gave up their users years ago, and this was widely publicized. The reality is that most of their customers will either not care or not even be aware of it.

But I pay anonymously, using Bitcoin/PaysafeCard/Cash/drugs!

Doesn't matter. You're still connecting to their service from your own IP, and they can log that.

But I want more security!

VPNs don't provide security. They are just a glorified proxy.

But I want more privacy!

VPNs don't provide privacy, with a few exceptions (detailed below). They are just a proxy. If somebody wants to tap your connection, they can still do so - they just have to do so at a different point (ie. when your traffic leaves the VPN server).

But I want more encryption!

Use SSL/TLS and HTTPS (for centralized services), or end-to-end encryption (for social or P2P applications). VPNs can't magically encrypt your traffic - it's simply not technically possible. If the endpoint expects plaintext, there is nothing you can do about that.

 

When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and mess with all your traffic.

But I want to confuse trackers by sharing an IP address!

Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these kind of tactics, and combined with increased adoption of CGNAT and an ever-increasing amount of devices per household, it just isn't a reliable data point anymore.

 

Marketers will almost always use some kind of other metric to identify and distinguish you. That can be anything from a useragent to a fingerprinting profile. A VPN cannot prevent this.

So when should I use a VPN?

There are roughly two usecases where you might want to use a VPN:

  1. You are on a known-hostile network (eg. a public airport WiFi access point, or an ISP that is known to use MITM), and you want to work around that.
  2. You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters.

In the second case, you'd probably just want a regular proxy specifically for that traffic - sending all of your traffic over a VPN provider (like is the default with almost every VPN client) will still result in the provider being able to snoop on and mess with your traffic.

However, in practice, just don't use a VPN provider at all, even for these cases.

So, then... what?

If you absolutely need a VPN, and you understand what its limitations are, purchase a VPS and set up your own. I will not recommend any specific providers (diversity is good!), but there are plenty of cheap ones to be found on LowEndBox.

But how is that any better than a VPN service?

A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that a VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be.

So why do VPN services exist? Surely they must serve some purpose?

Because it's easy money. You just set up OpenVPN on a few servers, and essentially start reselling bandwidth with a markup. You can make every promise in the world, because nobody can verify them. You don't even have to know what you're doing, because again, nobody can verify what you say. It is 100% snake-oil.

 

So yes, VPN services do serve a purpose - it's just one that benefits the provider, not you.

 

Article source

Link to comment
Share on other sites


  • Replies 12
  • Views 2.9k
  • Created
  • Last Reply

I use a VPN and I...... can't argue with this, especially this quote:

 

2 hours ago, Batu69 said:

But my provider doesn't log!

There is no way for you to verify that, and of course this is what a malicious VPN provider would claim as well.

 

You can't prove a negative.  Sure, my VPN says they don't keep logs.  Almost all the VPN's on Torrenfreak's annual VPN guide say they don't log anything, but the whole article is based on self reporting.  The only way to disprove what they are saying is to hear of someone who got arrested for something in spite of using one of those VPNs.

Link to comment
Share on other sites


Israeli_Eagle

VPN is very useful, BUT... Only if it's used with brain! :eekout:

So... Real VPN users would never use any app for that or any provider & server in the same country where he's living etc...

Link to comment
Share on other sites


16 minutes ago, Israeli_Eagle said:

VPN is very useful, BUT... Only if it's used with brain! :eekout:

 

 That is not the whole truth better is to say "computer must used with brain"

Link to comment
Share on other sites


Israeli_Eagle
18 minutes ago, Togijak said:

 That is not the whole truth better is to say "computer must used with brain"

 

Too true.......... :clap:

Link to comment
Share on other sites


JeffDunhill

I somewhat agree with OP but it has become a need now and not all of them are like that. You gotta trust some or be super smart!

Link to comment
Share on other sites


  • 2 weeks later...

@Batu69Nice post. But like what should I do if I do not want anyone to spy on me? What if I want to download torrents but my ISP doesn't allow the same?

 

Have heard about VPN installed on VPS, but its a bad idea because a greater adversary can back-track the VPS IP directly back to my home IP.

 

Waiting for suggestions from Batu69 and others. Thank you.

Link to comment
Share on other sites


@nsan3

 

use a VPN provider with a cascade / chaining option like Perfect Privacy, Nord VPN, You can read All the truth about Double VPN, Triple VPN and Quad VPN

and if you to be protected against spying run it from inside a VM. In this combination you can also install a normal (single) VPN on your normal system and a second VPN inside the VM and the result is a double layer encryption. That works for surfing / mailing but I don't know how it works for torrent (I don't use torrent)

 

 

Link to comment
Share on other sites


@nsan3

 

Yes, true about using / choosing VPS, If you not obtain to choose good/secure VPS, you are also not having good/secure VPN.

Suggestion by @Togijak seem good idea, use / choose a good VPN for your work.

 

Same as Togijak, I not use torrent.

 

Link to comment
Share on other sites


  • 1 year later...
On 5/28/2017 at 9:37 PM, Batu69 said:

So when should I use a VPN?

 

In some areas or places especially when you are travelling in other countries , you can,t open some websites according to that country rules. So i need to

use vpn to visit my favourite websites easily.

 

And some VPN providers really keep your logs.

Link to comment
Share on other sites


  • 2 years later...

Do not use these VPNS, as they handed over users data:

Pure VPN

Private Internet Access

IP Vanish

Hide My Ass

* Any VPN or its owner based in 14 Eyes, especially in US, or its Puppet States like Singapore, Korea, Japan, Taiwan, Pakistan, India, 

 

Five Eyes: US, UK, Canada, Australia, New Zealand
Nine Eyes: Five Eyes + Denmark, France, Holland, Norway
Fourteen Eyes: Nine Eyes + Germany, Belgium, Italy, Sweden, Spain

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...