On one side, you have some YouTubers promoting Nord and PIA to help stop hackers. On the other hand, researchers say that just adding another hop in your network doesn’t really do much except give attackers another spot to gather your traffic.
But both sides are missing something important. I’ll venture a guess and say that most people here care mainly about stopping big tech from tracking them. When you visit a website, it shouldn’t track everything about you, like where you live, what you bought recently, or your political views.
To stay anonymous online, we need to get rid of as much personal information as we can from our traffic. This includes site data, browser fingerprinting, and your IP address. VPNs don’t help with the first two but they do help with the last one. It’s true that an IP address isn’t as identifiable as some think. Many residential IP addresses change often and are shared by multiple users on a LAN. However, there are still two issues:
The people you share a LAN with are often predictable. They are usually your friends, family, or colleagues. This is a problem because companies like Google track IP addresses across the web. If most of the people you regularly share a LAN with are logged into Google, you stand out. Every time your IP changes, Google can tell that your flatmate Bill’s address changed too, which can lead to them connecting your activities with his. Using a VPN mixes your traffic with that of many random users who have no connection to you. This is one of the benefits of using the Tor browser, although it has its own security issues and a single point of failure.
Unless you use Tor, your traffic will pass through a final node run by someone you pay for internet access. The person running that node theoretically knows everything about you. Typically, that’s your local ISP, and you don’t have much choice over which one you use. ISPs usually don’t share their privacy measures, and they can share data with brokers and governments. By using a VPN, you can at least choose who manages your traffic. You can find out what steps they’ve taken and what laws they must follow. Plus, you can change VPN providers if needed. In my opinion, VPNs are a safer option than just using one of the two ISPs I have nearby.
There are risks involved with using a VPN too. If you choose a bad one, it could be a honeypot and that could lead to serious issues. I believe VPNs are good for the online threat issues I mentioned earlier. If you’re hiding from state-sponsored groups or persistent attackers, a VPN is not much help and could even make things riskier. Only use a VPN for activities that wouldn’t be disastrous if someone were to see them, and for everything else, use Tor.
Finally, I see some VPNs asking for payment through crypto or prepaid cards, which seems odd. If a VPN provider is malicious, they could still track your traffic through your identifiable data, so using a VPN ultimately boils down to trust.
If you made it this far through my rant, I’d love to hear your thoughts. Maybe I’m completely off base, who knows. But I feel like this viewpoint isn’t shared much and it’s been my main reason for using a VPN for a while.
@Alexis
How does that impact you? They would just see the sites you went to. Sure, that might help with phishing attacks, but I wouldn’t label that as a big security risk.
Zariah said: @Alexis
How does that impact you? They would just see the sites you went to. Sure, that might help with phishing attacks, but I wouldn’t label that as a big security risk.
You’re right that the HTTPS protection still sits behind the VPN protocol. It’s not all that different from being on a risky Wi-Fi network, but for me, it’s about the skill of the person involved. Someone who has the ability to compromise a trusted VPN provider isn’t someone I’d want tracking what I do. It could be a basic spear phishing attack, but what if I visit a vulnerable site and they succeed with a downgrade to a man-in-the-middle attack? Or they could slip malware into the VPN application without it being flagged by the OS. I’m not a security expert, so I don’t have all the answers. That said, saying you’re completely compromised was probably a bit dramatic.
@Alexis
Sure, but if a VPN company gets hacked and spreads malware, then yes, that’s a security risk. But that’s rare. My concern is more that they might sell your internet history, similar to what some ISPs do.
@Zariah
I guess that’s all pretty much the same at that point. But I think it’s a moot point because if you thought either one was selling your data, you’d likely not use them at all.
I think you’re very close to the truth. I always prefer a VPN provider with a solid history rather than focusing too much on their current policies. When I see sales pitches, I get a bad feeling. You’re right that many of our concerns aren’t as big right now, but I’ve learned firsthand that situations can change quickly. One careless online action can lead to big problems.
That said, I use VPNs mostly for torrenting now. I don’t care too much about the privacy aspect anymore. If I can log into Real-Debrid and see my downloads listed, then there’s not much point in hiding further. I’m just trying to avoid copyright issues.
The main advantage of a VPN is that it helps obscure your online activity from automated tracking and ISP snooping since mine is very invasive.
If you’re not using a VPN or Tor, don’t expect to be anonymous online, and Tor can be quite slow.
There are indeed other ways to remove anonymity that go beyond just IP addresses, like browser fingerprinting. But there are ways to deal with that too. If you keep exposing your IP everywhere, nothing else will help, and you shouldn’t expect to stay anonymous.