https://www.techradar.com/news/excl...ngered-by-this-cross-border-intelligence-pact Research the vpn that you use carefully. Stay away from free services if you can.
Yes and no. There is no such thing as a free lunch - but its a bit more complex when it comes to VPNs. Stating that free VPNs are inherently evil implies that paid VPNs are not. Which is not true. Too often - especially by those less savvy - VPNs are seen as a magic fix for privacy and security. It is not: Running a VPN requires some hefty resources - especially when doing it properly. Having users pay for a subscription takes away part of the incentive to raise funds in different ways. While certainly feasible to cover the costs and even make money off it, there still is the possibility - for paid providers - to sell data. There still is an incentive to do so. VPN providers can make all sorts of claims, which can't be verified. At least, not in every detail. Yes, there have been court cases before that might indicate that some providers adhere their no-logging claims, but even then - it is not certain that they don't. Using a VPN means that you move the trust from your ISP to the VPN provider. Which is likely located in a different judisdiction. Some countries have sane privacy protections - using a VPN in a different country basically evades those protections. You'll need to trust the competencies of the VPN provider to actually secure the traffic flowing from your computer to the VPN provider and keep it secured while being a customer. Aside from that, much more aspects weigh in here. Heck, your VPN provider could - theoretically be a sting operation from three to four letter agencies, comparable with the Crypto AG sting, effectively routing your traffic straight to adversaries you want to escape in the first place. That being said, there are some legitimate use-cases, like circumventing location restrictions (think Netflix, BBC iPlayer, etc) or obfuscating your traffic by combining it with much more outgoing traffic. But the latter one is no certainty. Tl;dr: rethink whether you actually need a VPN - and if so, consider segmenting your traffic. Not routing one hundred percent to a sole party
There's no way to really know what's up with any VPN service. Many are now having outside audits done, and open sourcing their apps and networks. And that's refreshing. But the truth is that there are ways to work around all that. Even so, you can distribute trust by using nested VPN chains, with each server from a different provider. So adversaries would need to compromise multiple VPN services in order to deanonymize you. And then you can combine that with Tor. So you don't need to fully trust the VPN chain or Tor.
Exactly. Open source clients and external audits can entail a secure/hardened client application, without backdoor. It is a first good step. But, unfortunately, we need something like configuration attestation to be really able to verify the clains. And currently, that is a real challenge that might take a considerable time to solve. How would a nested VPN chain work? I mean, sure, you can setup your router as a VPN client and then run a VPN from your local machine, but all that does is - yet again - move the trust. The VPN provider that is used on your router can still see your IP, whereas the VPN on your computer is both the entry and exit node. If your habits and behaviour doesn't change, you are still unprotected from global adversaries. Hence, segmentation of traffic does make a lot of sense.
Nested VPN chains distribute trust very much like Tor relays do. Yes, and it also sees the server for the VPN in your computer. It is the exit node. But it only sees the exit IP of the VPN in the router, and not your ISP-assigned IP. So with two VPN services, neither one knows both your ISP-assigned IP the stuff that you do online. I agree, somewhat. I'd call it compartmentalization. That is, you segment traffic in different VMs, using different connectivity paths.
Distribution of trust can include competing/adversarial jurisdictions. In fact, you may be better off with jurisdictions that are hostile to the one you are in: they are less likely to cooperate with your own jurisdiction (as per the x-eyes stuff), and the really nice thing is that - unless you are personally part of the "empire" - they do not care about you, and what's more cannot lock you up.
What's so exclusive about the article? isn't this information that is already known? Besides having a percentage of what kind of VPNs different people use, there doesn't seem to be anything new or concrete.
Agreed, compartmentalization is a better phrasing. Qubes has a pretty good foundation for this. Naturally, the user still has to make sure not to mix up different identities in different environments. But that isn't solved with technology, but education of and willingness from the user.
There are a lot of misconceptions about VPNs and the anonymity they provide. People need to be made aware.
I have quite a few VPN apps purchased at discount prices, mostly from discount lifetime specials. They are not perfect, they have a lot of different issues, ranging from their Interface to DNS Leaks, etc., but... Just some "strange" issues. I used to trust Ikev v.2 until recently I've noticed that Ikev 2 is LEAKING. I've informed the support teams of the appropriate VPN apps, but the problem is still there. Out of many VPN's, probably, only Windscribe did not leak while using Ikev2, but FastestVPN, VeePN, IVACY, VPNUnlimited, etc., were LEAKING. (My favorite DNS leak test is at ipleak org) Now, I either use Wireguard, OPENVPN, or TCP, UDP, but NEVER Ikev v.2! About browser extentions. Firefox - only IVACY did not leak my original IPS DNS servers. All other VPN extensions LEAKED. For some reason, I has fewer DNS leaks while using Brave or Vivaldi. P.S. Currently using Vivaldi with Wireguard Windows app and IVACY extention.
Counting on apps from VPN providers is iffy. A few that I tested, years ago, didn't leak. But most did. The safest bet is using stock open-source apps, plus firewall rules to prevent leaks.
Find the really long thread we have running in this forum website and pick one of the 5 top superstars from that list. Several of us have hit them from every angle and find them to be solid and about as trustworthy as can be without being on the inside of their systems. Some of us are even on the inside of a few providers providing support and guides for their members behind the scenes. I don't have the time or inclination to inspect or consider any others but those major approved by the sage folks here that know such things. I am not saying these are the only good VPNs only those are trusted, tested, and stand the test of time so far. You do what you want. No PM's on this please.