Lately (in these past years) I've seen VPN services promoted across the internet. I think a lot of people who use VPNs have been manipulated into believing that a VPN is a silver bullet for privacy. However, this couldn't be farther from the truth.
In this thread I'll be going through what I think are some of the common myths/misunderstandings/falsehoods about VPNs.
Why VPN services will not give you the privacy they advertise.
Unfortunately, your IP address isn't the only data point that companies use in order to track you. Information about your computer, like your operating system, the fonts you have installed on your system, your monitor size, your WebGL fingerprint, and other data is used to uniquely identify users.
There are ways to reduce fingerprinting. This can be achieved by using Mozilla Firefox with several add-ons and modifications, or, better yet, using Tor Browser on the safest security setting, which has very strong protection against fingerprinting.
However, one tradeoff is that this will require disabling JavaScript whenever possible, which will break a lot of sites. However, this is essential for preventing fingerprinting.
"But why would I want to use Tor Browser if I can simply use a VPN along with a hardened version of Firefox?".
Unfortunately, all VPNs have a major flaw: Trust. In order to use a VPN you must have absolute trust that your provider will not log your data, or provide to a third party, or somehow collaborate with authorities. You're putting all your trust in single point, and that's the problem!
Tor Browser directs your traffic through three different nodes. Unlike a VPN, you can be sure that the Tor Project isn't logging your data, since Tor is open source software. Additionally, in order to deanonymyze a Tor user, an adversary must compromise your first and last node (traffic correlation attack).
This is an improvement over a VPN, since there is no single point of failure.
"But Tor Browser is a lot slower compared to using a VPN with Firefox!".
Privacy often comes with tradeoffs, and Tor Browser will make your connection slower, due to the fact that it encrypts your data (only the exit node can see unencrypted data).
"Using a VPN can protect me when I'm using public WiFi".
Since anyone with a laptop and Wireshark can do packet sniffing on a public network, it might be a good idea to use a VPN in order to connect to websites. However, you must consider that a lot of sites use HTTPS, which is like regular HTTP but with encryption. You're only at risk of packet sniffing if your connection is done over plain HTTP.
But, if you also don't want an adversary to know which sites you visit, then using a VPN might be a good idea, though Tor also masks the IP address of the sites you visit.
"But I regularly torrent and my ISP will send me letters if I keep on doing it".
You might think a VPN is necessary at this point. Think again. Instead of using a VPN, you can get a seedbox. A seedbox (as the name suggests) does the torrenting for you. Once it's done, it'll keep seeding perpetually (very useful if you're on a private BT tracker) and you'll be able to download the file anonymously.
My conclusion:
In this thread I'll be going through what I think are some of the common myths/misunderstandings/falsehoods about VPNs.
Why VPN services will not give you the privacy they advertise.
Unfortunately, your IP address isn't the only data point that companies use in order to track you. Information about your computer, like your operating system, the fonts you have installed on your system, your monitor size, your WebGL fingerprint, and other data is used to uniquely identify users.
There are ways to reduce fingerprinting. This can be achieved by using Mozilla Firefox with several add-ons and modifications, or, better yet, using Tor Browser on the safest security setting, which has very strong protection against fingerprinting.
However, one tradeoff is that this will require disabling JavaScript whenever possible, which will break a lot of sites. However, this is essential for preventing fingerprinting.
"But why would I want to use Tor Browser if I can simply use a VPN along with a hardened version of Firefox?".
Unfortunately, all VPNs have a major flaw: Trust. In order to use a VPN you must have absolute trust that your provider will not log your data, or provide to a third party, or somehow collaborate with authorities. You're putting all your trust in single point, and that's the problem!
Tor Browser directs your traffic through three different nodes. Unlike a VPN, you can be sure that the Tor Project isn't logging your data, since Tor is open source software. Additionally, in order to deanonymyze a Tor user, an adversary must compromise your first and last node (traffic correlation attack).
This is an improvement over a VPN, since there is no single point of failure.
"But Tor Browser is a lot slower compared to using a VPN with Firefox!".
Privacy often comes with tradeoffs, and Tor Browser will make your connection slower, due to the fact that it encrypts your data (only the exit node can see unencrypted data).
"Using a VPN can protect me when I'm using public WiFi".
Since anyone with a laptop and Wireshark can do packet sniffing on a public network, it might be a good idea to use a VPN in order to connect to websites. However, you must consider that a lot of sites use HTTPS, which is like regular HTTP but with encryption. You're only at risk of packet sniffing if your connection is done over plain HTTP.
But, if you also don't want an adversary to know which sites you visit, then using a VPN might be a good idea, though Tor also masks the IP address of the sites you visit.
"But I regularly torrent and my ISP will send me letters if I keep on doing it".
You might think a VPN is necessary at this point. Think again. Instead of using a VPN, you can get a seedbox. A seedbox (as the name suggests) does the torrenting for you. Once it's done, it'll keep seeding perpetually (very useful if you're on a private BT tracker) and you'll be able to download the file anonymously.
My conclusion:
- VPN services use misleading marketing in order to manipulate the public into believing that they are a simple privacy solution.
- VPN services can never be completely trusted, as it is impossible to verify their claims without resorting to some third party.
- If you really want privacy, using Windows/macOS is definitely not an option.
- If you torrent and live in a country that might get you in trouble for it, a seedbox is a good idea. If you can't access a torrent site due to blocking, you can use Tor.