VPN - a Very Precarious Narrative April 8, 2019 https://schub.io/blog/2019/04/08/very-precarious-narrative.html
Mullvad accepts payments in cash and does not require you to enter a password or even an email. Instead, they use really long unique user names. Also, I feel the article is being kind of misleading on this logging critique. The only question that matters is: Can the VPN connect an action to an account? With OVPN for example, the answer is no, since they are not legally forced to store any information of this. Also, only the police could hope to have a chance at getting your true IP/identity in cases like these. This means if you're only into sharing culture, a VPN is anonymous in the sense that getting extortion letters has a 0% risk of happening.
It's stupid. So just ignore it. Or see https://news.ycombinator.com/item?id=19601503 for some discussion.
Good info there for not so tech savvy people, if it is right. I for one was under the impression that VPNs DID encrypt the traffic.
Huh? Of course VPNs encrypt traffic. But only as far as the VPN exit, of course. The rest is up to the site being accessed.
It's not bad writing. Most of the stuff are correct. VPN was originally meant to just connect two private networks (often home and/or corporate LANs) over unsecure, unencrypted network (aka Internet). So in that way, the VPN salesmans are kinda perversing the original idea. We had proxies, even encrypred ones (like SSH tunnel and HTTPS CONNECT method), long before VPN came along. It's also true that many nowadays are behind NAT even if they are not aware of it. It would be very hard for mobile operators to handle subscribers otherwise. Windows folks with USB modem plugged in can just start cmd and give "ipconfig /all" command and check the adapter IP address and then google "whats my ip" and compare them. If any NATin is in operation the two are different. Linux folks can do ifconfig or any other zillion ways of finding the adapter IP. And like @mirimir above mentions VPN is not end-to-end encryption scheme. Neither is Tor. When doing ordinary web surfing (not instant messaging with your WhatsApp, Signal, etc...) only the HTTPS is the only true end-to-end encryption scheme currently in the big bad Internet that we have. Everything else have the last mile unencrypted link problem (Tor, VPN, SSH, encrypted DNS etc...).
A minor point/comment from several posts on this thread. The assumption that when using TOR the "last mile" thing is a problem. Many sites I use are TOR all the way using 6 servers where my browser controls the first three and the site controls the final three. There is NO open road on such a connection and the two ends of the tunnel will never know who the other is. Just saying!
Can you give more details of that setup ? I always thought that ordinary Tor network uses just 3 hop circuit (entry/guard node, middle node and finally the exit node) I don't understand how could you conceal your traffic out of the exit node, except of course, if the site you are visiting is itself inside Tor network (aka hidden service)
He's talking about using onion services. Users and servers both have standard three-relay circuits, which meet at rendezvous relays. So seven relays total. That is, unless the server opts for one-relay circuits. That gives better performance, at the cost of zero anonymity. For the server, that is. Users still have normal three-relay circuits.
Some pretty good discussion there. But I have to scream when I read people talk about loading up on extensions while using a VPN to block this and block that, and another to cook breakfast, it drives me crazy. They need to go back to basics. Is there a bigger risk to accept that cookie - or hand over everything an extension has access to (real data, filenames and all)? Too many just accept all those permissions "needed" for an extension while paying money to remain private with a VPN. Keep it simple or realize that many of these extensions have absolute spying abilities while in use on a VPN. Of course, I don't need to tell the above to you, Mir, but so many in that discussion just let that go by with nary a word.
@LockBox - True. But I'd never rely on a VPN service at all if I were also using the same machine (let alone, the same browser) without the VPN. As you say, there are too many ways to leak.
He did not mention that ISPs (in the U.S at least) have a horrible record of tracking and selling the sites you navigate until he was called on it. VPNs are a great way to stifle them from doing that. VPNs should be forced to let consumers know what they protect against and what they don't protect against. I use a VPN simply to encrypt my traffic at the local level knowing that once it leaves the vpn services that everything is normal again, duh. On a normal computer, for example you have services that will ID you, like an email app, will ping its servers for mail, and by doing so, it will identify you after the vpn endpoint, so what? As long as you know that is going on. My use case is just mainly to stifle my ISP, and public WiFi, beyond that, I have not taken any measures to assert my anonymity.
