Thinking about a VPN but clueless about how it would work

Neither the ISP, VPN or you have control over machine info. Live with it or get off the Internet.

 

Huh?

Try connecting to this page with/without using a VPN ... https://browserleaks.com/ip

Now try telling me that the same ISP is shown on each result. If I try this with my VPN, it shows the VPN assigned IP address and the ISP provider that is used by my VPN for the location that I am connected to. If I disconnect my VPN, the results show my actual ISP and public IP address.

 

What??

Never on my end. e.g. - run https://www.dnsleaktest dot com and examine the results. If you see your ISP anywhere on that report you need a new VPN OR to fix a "loose end" in your firewall. The entire purpose of a VPN is so that your ISP never shows up when you visit any site.

 

That's why you use VMs. Or, when it really matters, hardware compartmentalization.

 

What a VPN does is it substitutes its DNS identifier for yours so your real location isn't given away. That said, its not something the user can change or remove - at the most it can be masked to ensure anonymity online.

 

That's just plain wrong!

VPN services are basically proxies. Or rather, like NAT routers with very long cable runs to Internet uplinks. That is, there's a VPN tunnel to a server somewhere, and all traffic gets routed through that server via the VPN. That includes DNS lookups.

 

A correctly configured VPN will protect your actual IP address, and provide a separate DNS service, and when properly encrypted will prevent ISP snooping. I think the confusion may be regarding whether your computer client can still be identified as unique, even when using a VPN. That is a different problem, and not one that the VPN networking technology will overcome.

I am not attempting to be completely anonymous on the net, but I have read up on the issues involved. I just want to protect my data and privacy from data miners. Complete anonymity is hard to achieve, and not worth the time and trouble, IMHO. Unless you really have something to hide, LOL!

At browserleaks.com you can test for many things, including a browser fingerprint. Depending on what browser you are using, there are some extensions that can spoof the fingerprint. I have one that returns a fake readout, which changes every hour. That gets around the issue of using the same fake fingerprint persistently, thus making your computer unique. Yes I still look unique, but I can appear to be a 'new' unique computer at regular intervals, or on demand.

It's also possible to spoof HTTP referrer, automatically clear browser cache at regular intervals, etc.

There are also extensions that will switch your browser user agent, that can make your system look like a different type, such as mask a PC to look like the user is running a Mac with Safari.

 

Yup.

All the tests with a VPN show I'm connected through another location.

You can switch user agents, too. With the present state of technology though, the VPN is an imperfect means of protecting personal privacy online.

 

Just one piece of a huge puzzle... yet an essential tool!

 

True. But you can chain multiple VPNs. Which makes deanonymization harder. And compartmentalize in multiple devices and VMs. Plus Tor. Maybe not perfect, but arguably good enough for all but the highest stakes. At least, as long as you aren't living in a total gulag.

 

Governments can find you if they want to but as far as the world is concerned you're anonymous.
Sufficient for all but the paranoid.

 

Yes, we agree

 

About the only thing I would consider (in the highest stakes circumstance) would be to use a high gain antenna and initiate the entire process via open wifi, where I would be a significant distance from the coffee shop and thereby not on camera. I used some fun toys in times past. In the perfect scenario you could watch the coffee shop but be out of sight yourself. Now admittedly this is an insanely paranoid circumstance. I do have the equip if I ever find myself in that scenario. Hopefully I won't.

 

Yeah, I've done that I've hit APs from several km.

But hiding a WiFi dish is a bit iffy. Maybe 5 GHz, because they're a lot smaller. And tracking a WiFi connection isn't impossible.

 

I come from extensive LE in my family. Here is the thing that gets you every single time, just like you see on the TV shows. Returning to the scene of the crime (not that we are talking crime) - analogous reference. For a major sensitive connection the one time and never return will leave you untraceable unless an operator error happens, or you stupidly use a machine that tracks right back to you. There are a thousand networks within 5 miles of my house and getting on any one of them is easy. As I mentioned above I don't currently have that need, but if I did that is how I would do it.

 

It's been a while since I played with this. But even a few years ago, open APs were becoming less and less common.

 

In my quest for good VPN, I found Perfect Privacy installs its root certificate for IKEv2 on iOS & Mac. Then I found IVPN saids their new iOS app uses certificate, but couldn't find if it's its own root certificate. Do anyone know or confirm it? Also if it uses CA in OS cert store, what CA? I won't be comfortable if it uses CA on my personal blacklist...
Also, IVPN says it only supports OpenVPN IPsec IKEv2, is this mean they no more support L2TP/IPsec with PSK?
Thanks in advance!