The whole talk about using VPNs for privacy doesn't cover the big picture

On one side, you have some YouTubers promoting Nord and PIA to help stop hackers. On the other hand, researchers say that just adding another hop in your network doesn’t really do much except give attackers another spot to gather your traffic.

But both sides are missing something important. I’ll venture a guess and say that most people here care mainly about stopping big tech from tracking them. When you visit a website, it shouldn’t track everything about you, like where you live, what you bought recently, or your political views.

To stay anonymous online, we need to get rid of as much personal information as we can from our traffic. This includes site data, browser fingerprinting, and your IP address. VPNs don’t help with the first two but they do help with the last one. It’s true that an IP address isn’t as identifiable as some think. Many residential IP addresses change often and are shared by multiple users on a LAN. However, there are still two issues:

  • The people you share a LAN with are often predictable. They are usually your friends, family, or colleagues. This is a problem because companies like Google track IP addresses across the web. If most of the people you regularly share a LAN with are logged into Google, you stand out. Every time your IP changes, Google can tell that your flatmate Bill’s address changed too, which can lead to them connecting your activities with his. Using a VPN mixes your traffic with that of many random users who have no connection to you. This is one of the benefits of using the Tor browser, although it has its own security issues and a single point of failure.
  • Unless you use Tor, your traffic will pass through a final node run by someone you pay for internet access. The person running that node theoretically knows everything about you. Typically, that’s your local ISP, and you don’t have much choice over which one you use. ISPs usually don’t share their privacy measures, and they can share data with brokers and governments. By using a VPN, you can at least choose who manages your traffic. You can find out what steps they’ve taken and what laws they must follow. Plus, you can change VPN providers if needed. In my opinion, VPNs are a safer option than just using one of the two ISPs I have nearby.

There are risks involved with using a VPN too. If you choose a bad one, it could be a honeypot and that could lead to serious issues. I believe VPNs are good for the online threat issues I mentioned earlier. If you’re hiding from state-sponsored groups or persistent attackers, a VPN is not much help and could even make things riskier. Only use a VPN for activities that wouldn’t be disastrous if someone were to see them, and for everything else, use Tor.

Finally, I see some VPNs asking for payment through crypto or prepaid cards, which seems odd. If a VPN provider is malicious, they could still track your traffic through your identifiable data, so using a VPN ultimately boils down to trust.

If you made it this far through my rant, I’d love to hear your thoughts. Maybe I’m completely off base, who knows. But I feel like this viewpoint isn’t shared much and it’s been my main reason for using a VPN for a while.

If you choose a bad VPN and it turns out to be a honeypot, then what happens to you?

Why does it matter? You’d just be in the same spot you would have been if you trusted your ISP instead of a VPN.

Cameron said:

If you choose a bad VPN and it turns out to be a honeypot, then what happens to you?

Why does it matter? You’d just be in the same spot you would have been if you trusted your ISP instead of a VPN.

I think an ISP might act poorly only within the limits of the law, but a compromised VPN poses a bigger danger, not just a privacy issue.

@Alexis
That’s a great point. I hadn’t thought about it like that until now.

@Alexis
How does that impact you? They would just see the sites you went to. Sure, that might help with phishing attacks, but I wouldn’t label that as a big security risk.

Zariah said:
@Alexis
How does that impact you? They would just see the sites you went to. Sure, that might help with phishing attacks, but I wouldn’t label that as a big security risk.

You’re right that the HTTPS protection still sits behind the VPN protocol. It’s not all that different from being on a risky Wi-Fi network, but for me, it’s about the skill of the person involved. Someone who has the ability to compromise a trusted VPN provider isn’t someone I’d want tracking what I do. It could be a basic spear phishing attack, but what if I visit a vulnerable site and they succeed with a downgrade to a man-in-the-middle attack? Or they could slip malware into the VPN application without it being flagged by the OS. I’m not a security expert, so I don’t have all the answers. That said, saying you’re completely compromised was probably a bit dramatic.

@Alexis
Sure, but if a VPN company gets hacked and spreads malware, then yes, that’s a security risk. But that’s rare. My concern is more that they might sell your internet history, similar to what some ISPs do.

@Zariah
I guess that’s all pretty much the same at that point. But I think it’s a moot point because if you thought either one was selling your data, you’d likely not use them at all.

@Alexis
Once you start talking about malware, this is a different issue altogether that doesn’t connect back to a VPN.

Cameron said:

If you choose a bad VPN and it turns out to be a honeypot, then what happens to you?

Why does it matter? You’d just be in the same spot you would have been if you trusted your ISP instead of a VPN.

If you are using HTTPS, how much traffic data does the VPN or ISP really see?

@Dale
Just don’t forget to use encrypted DNS, since it’s usually not secure by default.

Zorion said:
@Dale
Just don’t forget to use encrypted DNS, since it’s usually not secure by default.

I use the DNS provided by the VPN through the VPN tunnel.

You seem to think everyone lives in a place where websites aren’t blocked, but that’s not true.

If you’re in China or Iran, it’s way better to be at risk from a honeypot VPN run by the CIA than to be in trouble with your ISP.

I think you’re very close to the truth. I always prefer a VPN provider with a solid history rather than focusing too much on their current policies. When I see sales pitches, I get a bad feeling. You’re right that many of our concerns aren’t as big right now, but I’ve learned firsthand that situations can change quickly. One careless online action can lead to big problems.

That said, I use VPNs mostly for torrenting now. I don’t care too much about the privacy aspect anymore. If I can log into Real-Debrid and see my downloads listed, then there’s not much point in hiding further. I’m just trying to avoid copyright issues.

The main advantage of a VPN is that it helps obscure your online activity from automated tracking and ISP snooping since mine is very invasive.

YouTubers pushing Nord

I saw a Nord VPN commercial on an old movie channel the other day. Who do they think they’re trying to reach?

Zariah said:

YouTubers pushing Nord

I saw a Nord VPN commercial on an old movie channel the other day. Who do they think they’re trying to reach?

You?

Kerry said:

Zariah said:
YouTubers pushing Nord

I saw a Nord VPN commercial on an old movie channel the other day. Who do they think they’re trying to reach?

You?

The ads are just everywhere. I wish I had a way to block them on my TV.

If you’re not using a VPN or Tor, don’t expect to be anonymous online, and Tor can be quite slow.

There are indeed other ways to remove anonymity that go beyond just IP addresses, like browser fingerprinting. But there are ways to deal with that too. If you keep exposing your IP everywhere, nothing else will help, and you shouldn’t expect to stay anonymous.

A VPN is needed, but it’s not enough on its own.

@Breck
[deleted]

Zariah said:

Zariah said:
@Breck
[deleted]

[deleted]

They make everyone anonymous except the VPN company

That’s not true. They mask your IP and stop your ISP from tracking you.

Major advertisers and websites that use cookies and tracking can still figure out who you are.

If you’ve got browser extensions like uBlock Origin or NoScript, congratulations. They can be used to identify you as well.

Do you resize your browser? That helps to identify you too.

Are you on a less common operating system or browser, like Linux or Firefox?

Those details can help track you too.

Gather enough of that data and you can be uniquely identified without even using an IP address.

VPNs don’t guarantee anonymity.