Skip to content

Instantly share code, notes, and snippets.

@joepie91
Last active March 26, 2024 20:19
Show Gist options
  • Save joepie91/5a9909939e6ce7d09e29 to your computer and use it in GitHub Desktop.
Save joepie91/5a9909939e6ce7d09e29 to your computer and use it in GitHub Desktop.
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

Why not?

Because a VPN in this sense is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want - including logging.

But my provider doesn't log!

There is no way for you to verify that, and of course this is what a malicious VPN provider would claim as well. In short: the only safe assumption is that every VPN provider logs.

And remember that it is in a VPN provider's best interest to log their users - it lets them deflect blame to the customer, if they ever were to get into legal trouble. The $10/month that you're paying for your VPN service doesn't even pay for the lawyer's coffee, so expect them to hand you over.

But a provider would lose business if they did that!

I'll believe that when HideMyAss goes out of business. They gave up their users years ago, and this was widely publicized. The reality is that most of their customers will either not care or not even be aware of it.

But I pay anonymously, using Bitcoin/PaysafeCard/Cash/drugs!

Doesn't matter. You're still connecting to their service from your own IP, and they can log that.

But I want more security!

VPNs don't provide security. They are just a glorified proxy.

But I want more privacy!

VPNs don't provide privacy, with a few exceptions (detailed below). They are just a proxy. If somebody wants to tap your connection, they can still do so - they just have to do so at a different point (ie. when your traffic leaves the VPN server).

But I want more encryption!

Use SSL/TLS and HTTPS (for centralized services), or end-to-end encryption (for social or P2P applications). VPNs can't magically encrypt your traffic - it's simply not technically possible. If the endpoint expects plaintext, there is nothing you can do about that.

When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and mess with all your traffic.

But I want to confuse trackers by sharing an IP address!

Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these kind of tactics, and combined with increased adoption of CGNAT and an ever-increasing amount of devices per household, it just isn't a reliable data point anymore.

Marketers will almost always use some kind of other metric to identify and distinguish you. That can be anything from a useragent to a fingerprinting profile. A VPN cannot prevent this.

So when should I use a VPN?

There are roughly two usecases where you might want to use a VPN:

  1. You are on a known-hostile network (eg. a public airport WiFi access point, or an ISP that is known to use MITM), and you want to work around that.
  2. You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters.

In the second case, you'd probably just want a regular proxy specifically for that traffic - sending all of your traffic over a VPN provider (like is the default with almost every VPN client) will still result in the provider being able to snoop on and mess with your traffic.

However, in practice, just don't use a VPN provider at all, even for these cases.

So, then... what?

If you absolutely need a VPN, and you understand what its limitations are, purchase a VPS and set up your own (either using something like Streisand or manually - I recommend using Wireguard). I will not recommend any specific providers (diversity is good!), but there are plenty of cheap ones to be found on LowEndTalk.

But how is that any better than a VPN service?

A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that a VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be.

So why do VPN services exist? Surely they must serve some purpose?

Because it's easy money. You just set up OpenVPN on a few servers, and essentially start reselling bandwidth with a markup. You can make every promise in the world, because nobody can verify them. You don't even have to know what you're doing, because again, nobody can verify what you say. It is 100% snake-oil.

So yes, VPN services do serve a purpose - it's just one that benefits the provider, not you.


This post is licensed under the WTFPL or CC0, at your choice. You may distribute, use, modify, translate, and license it in any way.


Before you comment: Be aware that any non-constructive comments will be removed. This includes advertising for VPN providers (yes, even when you phrase the marketing claims like a question), trolling, harassment, insults towards other people, claims that have already been addressed in the article, and so on.

If your comment isn't a genuine question or a concrete counterargument supported by evidence, it probably doesn't belong here.

@LokiFawkes
Copy link

Seeing as we're no longer getting any constructive discourse, if it's possible to freeze this gist, I highly recommend it. It's just whore ads now.

@joepie91
Copy link
Author

Seeing as we're no longer getting any constructive discourse, if it's possible to freeze this gist

Unfortunately, it's not. I already reached out to Github about this a while ago. Would've closed comments a long time ago otherwise.

@BrodyDoggo
Copy link

What would be the difference between a vpn and a proxy?
You said a vpn is a "glorified proxy", I'm just curious as to what the difference is and learning more about vpns and proxies. just seems interesting to me.

@LokiFawkes
Copy link

@BrodyDoggo
I can explain this.
The purpose of a VPN is to provide a tunneled connection into a private network. It's like a proxy, except you can traverse firewalls and connect to devices over any port or protocol through it. In a proper VPN, you even get your own IP address in the private network.
However, this is not how clearnet VPN services like NordVPN or ExpressVPN work. Even when they use real VPN protocols, they're just putting you into a NAT network and hiding you behind one IP address, their IP address. Essentially, the same as a proxy. They can control what ports you get to use, what protocols you get to use. Essentially, the same as a proxy. At best, with no restrictions on ports and protocols, you'd be looking at something called a SOCKS proxy.
In many actual VPN setups, you might even set your virtual network adapter that's connected to the VPN, as a SOCKS proxy to prevent direct access to the clearnet.
But these VPN services you see out there range from web proxies to SOCKS proxies, advertised as being more private than a proxy, and often come with proprietary apps that strip SSL so they can collect and sell your browsing habits.
They even advertise this SSL-stripping function as virus protection, when in reality, their VPN cannot protect you from viruses even by stripping SSL (though if they're honest they can try), but it can make them money by collecting data.
By stripping SSL, typically by replacing your root certificate so your browsing happens in an encrypted form that they can read but outsiders still can't, they not only can get your browsing habits beyond just IP addresses and DNS requests, but they can also harvest metadata AND the payload of the connection, including passwords and other personally identifying information that would have otherwise been transmitted without a man in the middle.
So really the difference between a VPN and a proxy is the P in VPN - private. If it doesn't provide a tunnel to a private network, it's not a VPN, regardless of what protocol it uses or what its name is.
VPN - Virtual connection to private resources like company servers
Also a VPN - Virtual connection to your company or home's private network, doubling as a proxy for the clearnet
Not a VPN - A tunnel to a web proxy, branded as a VPN, meant to look like you're browsing from the server you connected to rather than from where you are

If you still want to call these VPNs, the distinction would then be between Virtual Private Networks and Virtual Public Networks.

@ivanjx
Copy link

ivanjx commented Sep 20, 2022

not a single word about censorship

@TruncatedDinoSour
Copy link

@BrodyDoggo none, VPNs are proxies

@Naleksuh
Copy link

@LokiFawkes
Copy link

LokiFawkes commented Oct 11, 2022

@BrodyDoggo none, VPNs are proxies

Uh, no? https://en.wikipedia.org/wiki/Virtual_private_network#Types

None of which describe the services sold as "VPNs" today by big tech.
They just took their proxy services, at MOST using protocols meant for VPNs, and slapped VPN in the product name. And that's what TruncatedDinosour was referring to. VPN services, which aren't even VPNs to begin with.

@Naleksuh
Copy link

@BrodyDoggo none, VPNs are proxies

Uh, no? https://en.wikipedia.org/wiki/Virtual_private_network#Types

None of which describe the services sold as "VPNs" today by big tech. They just took their proxy services, at MOST using protocols meant for VPNs, and slapped VPN in the product name. And that's what TruncatedDinosour was referring to. VPN services, which aren't even VPNs to begin with.

Thank you for managing something factual, unlike TrunatedDinosaur who was lying. Yes, "VPN providers" are not using VPNs in the intended way. TruncatedDinosaur was implying all VPNs are inherently just a type of proxy

@TruncatedDinoSour
Copy link

@BrodyDoggo none, VPNs are proxies

Uh, no? https://en.wikipedia.org/wiki/Virtual_private_network#Types

None of which describe the services sold as "VPNs" today by big tech. They just took their proxy services, at MOST using protocols meant for VPNs, and slapped VPN in the product name. And that's what TruncatedDinosour was referring to. VPN services, which aren't even VPNs to begin with.

Thank you for managing something factual, unlike TrunatedDinosaur who was lying. Yes, "VPN providers" are not using VPNs in the intended way. TruncatedDinosaur was implying all VPNs are inherently just a type of proxy

https://us.norton.com/blog/privacy/proxy-vs-vpn VPNs and proxies are still very similar

@TruncatedDinoSour
Copy link

@BrodyDoggo none, VPNs are proxies

Uh, no? https://en.wikipedia.org/wiki/Virtual_private_network#Types

None of which describe the services sold as "VPNs" today by big tech. They just took their proxy services, at MOST using protocols meant for VPNs, and slapped VPN in the product name. And that's what TruncatedDinosour was referring to. VPN services, which aren't even VPNs to begin with.

anyway thx lol

@TruncatedDinoSour
Copy link

@Naleksuh and you should learn how to be less angry lol

@MinionArcane
Copy link

MinionArcane commented Oct 13, 2022

Don't tell us why we should not use VPN.
If you're saying VPNs offer no proper privacy, at least what it does isn't as heavy as what bigger enterprises do. Google especially is the largest snoop in the world. If Google does a lot blocking via vpn access for users, then you can say that VPNs are doing the exact right job against them.
If it was about ads, i don't think that's quite harmful really but to block users because they need to know where you're from, what you do and where you've been and all that, you got a whole lotta questions about the motives of Google than the VPNs.
Seriously, you can't hide the fact that the purpose of VPNs is to hide your location so that your data isn't being snooped by others especially by location! Who appointed Google or any other large enterprises as the Internet police anyway?

@carepack
Copy link

carepack commented Oct 13, 2022

At least you have to trust, some company, some software, some providers. With vpn you switch the trust to the vpn provider instead of the internet provider. So think about who you gonna trust and keep in mind about the country laws. If you want to bypass ip restrictions vpn is a good way for that.

@LokiFawkes
Copy link

@MinionArcane The problem is this does NOT circumvent any actual tracking and snooping. This stuff happens at endpoints, using accounts, browser fingerprinting, javascript, you name it. It's in the interest of these enterprises to block VPNs when it pertains to bypassing geofilters, because some of their services are designed to let you access certain content in certain locations despite the location of your account. But for tracking, snooping, ads, and so much more, your IP address is worthless.

Back in the days of unencrypted net traffic, this was more of a concern. People had to trust proxies to encrypt their data to keep neighbors and ISPs from snooping, but then they had to trust the proxy services and the numerous stops on the way from the proxy to the destination not to snoop on them. It was a bandaid for a bigger problem.

The rush to trust a "VPN" service comes from the days when proxies were relevant, and these so-called VPNs are often JUST encrypted proxies. Most of these services also practice SSL stripping by routing your traffic through a proprietary app that replaces your SSL certificate during use, allowing them to read your traffic and collect the data for sale. They picked up this practice from antivirus programs that try to detect viruses in your network traffic by doing exactly this but on a local proxy. By doing this on their proxy server instead of a local proxy program, they get to see it for themselves instead of just letting a program on your computer scan it.

@MinionArcane
Copy link

MinionArcane commented Oct 16, 2022

It's not to trust VPNs for sure. It's a tool to tunnel through blocked gateways. Not all is guaranteed however so.
Certainly corps would not accept VPN access through their domains. It's always about identifying the user with their accounts by their true location via their recorded IP ADDRESSES in their registration with them. Any other change that diverts from what was recorded and the user gets 'questioned' before acceptance. Any server connected IP tunnels recorded/registered to be false or deceptive would easily be blocked.
It's not something of an unknown that these are some of the security measures they take to ensure users connect the 'right way'. CGNAT and whatnot.... they all started from IP adds. Then they developed 'fingerprints'. Excuse me, your f'ingerprints' come from the codes used from your device programs. Your device has addresses. Though you may think it's no more important, that IS the basic identification to begin with still.
However, an experienced user will know better what, how, why, when and where to use a VPN, so it could give a less punishing deal to mole about. (I said "less".)
A little debate over the statements:
Why should one worry about traffic when they don't have a website? Not everyone has to survey their own traffic. That's an overreation and biased look to say VPNs can't encrypt your traffic. That's only for those who want it done. That's a business want. Users will need to know what they could get before jumping in to something they're not sure what could be offered. That's their risk but is not from everyone's needs that describe here what bad VPNs give instead.
For godsakes, it's not trackers as people who want to identify you right away. They have the machine for their work. They're called programs. People only want to track you when you have information they need and then they use the programs they have. So if you have less valuables to share out in the open, do you need to worry about trackers?
Why buy or subscribe to VPN premiums when you could choose the free ones? (knowing first how you fare in terms of what valuables you have with you in your system and knowing how destructible the VPN you chose is.)

Which VPN you choose is by your own risk. How you keep monitor of the processes for personal security purposes within your system or device is on your skill and knowledge when you use VPNs. What you use the VPNs for is also up to you. If you could bear with offering your data over for perhaps sale to another party, you should at first also know how secure your system is or how well you could maintain your focus over any suspicious processes within and as well as knowing how secure your personal data is from being read by outsiders. Also, you need to know why you intend to offer them your data and what benefit you may receive by doing so. Without those precautionary know hows, of course you'd be opening yourself to fall victim in various ways.
Why should beginners find a reason to use VPNs? Because they just read stuff over the internet or through their friends and thought it was just cool to use?
No. You'll find that those who learned what a VPN is and uses it, has that reason to dwell into it further and balance the risks before taking the step to engage. If a wayward beginner were to just hop into VPNs, there'd be no safety and there'd be no proper reason for them to use it either.
Sound childish for a layman's explanation?

Now, back to WHY VPN to me.
Because there is such a tool that gives us enough freedom these days. I don't have to talk about what was from the past because the past was where I learned lessons too to eventually land into HAVE to use VPNs now.
Because we can't just keep saying we should trust some company, some providers and such with our data for a long time. If you're like of my age, you'd know how those companies were before when you surfed. They were bad. They're 'professionally' bad this time. There's no space for them to brainwash me into trusting them for one. They've paid huge fines for breaching rules on privacy policies. Yet they're still huge. I'm not one to keep up with their 'legacies' even.
Why should I keep supporting them when they start fixing up walls when I refuse to provide them my data by force? Why should i allow them to monopolize the internet by owning our data? Why should i help them eliminate their competition?
Because I weighed the risks taken and did tests over various VPNs to see how efficient and professional each were before acceptance. So you see, I took the exact but basic precautionary measures corps take against users to attain some freedom.
Because the internet hasn't much thrills as before. It has become less to communicate than viewing ads, more products on sale, more useless past documents, there's just way too much of unnecessaries, worthless points that required your verification/authentication/identification and you're told to be just gated at one location and do your stuff on your seat. That's not for me. I want to open more doors and be accepted too when i throw out no harm to another system/user.
Because the sole purpose of the Internet was for communication. Not businesses. If it was business thrown out on me, it will be another door i show them out.

@danielsalama2
Copy link

danielsalama2 commented Oct 17, 2022 via email

@LokiFawkes
Copy link

LokiFawkes commented Oct 18, 2022

@MinionArcane Where do I start with this?
Firstly, trackers don't need your IP. That's a myth, and was only ever true in the old days of the Internet when other methods to track you hadn't been developed. By using cookies, JavaScript, Fingerprinting, and various browser exploits, they can track you just fine without your IP, which by the way is prone to changing if you ever have an Internet outage for a moment. If you're not doing anything against browser fingerprinting, you're being tracked no matter what IP you connect from. If you're not blocking cookies, you're being tracked no matter what IP you connect from. If you login to an account, you're being tracked no matter what IP you connect from. If Javascript is enabled, you could very well be tracked no matter what IP you connect from. This is why people limit cookies, block tracking cookies, install ad and tracker blockers, and mask their browser fingerprints. Because the one thing that is useless to track you with anymore, is an IP address. Netflix knows it's you. Google knows it's you. Facefuck knows it's you.
Second, you seem to think VPN services can protect you from ads, or from those verification/authentication/identification processes. They can't. They don't even try to. At best you might connect to a proxy that has completely blocked some servers from being accessed, but that doesn't fight against trackers when the big guns are on the same servers as the content.
I could go on and go after every incoherent detail in your message, but long story short, if you think your VPN provider is playing ANY part in protecting your privacy, you're objectively and eternally wrong. It's not even a VPN.

@MinionArcane
Copy link

MinionArcane commented Oct 19, 2022

@LokiFawkes
You're a joke.
Google and all the corps you mentioned already knows your IP and your location when you've first registered your account with them. You verify your identity by the codes or pins sent to your email and that is all that's needed for them to keep you in their record. Whatever else they muster on you with new codes and new developmenets later is from what they already have on you. Those rest technology or findings that they develop to track you after is by scripts and codes to make things easier comparing your data and detecting your identity faster. I did agree on that but you thought me otherwise.
Yes, IP detection is old but that was and still is the basis.
Never have i said that VPNs can protect you from ads or protect you from your privacy. Where'd you read that from?
You assume of what i think. I have not said VPNs can protect you much. My 2nd line already said that clear of what VPN is, as you too know what it is. So where did that come from too?
You also took my context wrong about what i said on the verification and etc. I didn't say that VPNs can help you bypass that. I meant that the Internet lost its lustre when corps snoop much on users with all of that hassle of keeping you in exactly where you're from. That statement had nothing direct involving what VPN's potential is. It's a ridiculous assumption because if you read me right, I needn't have to repeat to you to read my 2nd line of my message you initially referred from. Those hassles are merely a cause why VPN is being used in a different way and that different way is certainly something i will not reveal how.
So, I'd like you to read my message line by line at your own pace again and tell me where i went incoherent, eh?

And uhh, what makes you think that sites don't track you through your IP address to date? How are you surfing about huh? Hahahaaaa.

@MinionArcane
Copy link

@danielsalama2
As Jules Winnfield asks you what you didn't understand and your answer goes, "what?" .... you'll know my reply after from that same following famous line too.
You wanna say something, say it.

@jimthedj65
Copy link

This is an excellent summary of proxy services passed off as VPNs. As a result of knowing some of what was posted here, I decided to build a zerotier (I chose zerotier over wireguard for its tighter security, i.e. no header exposure) VPN on my raspberry pi to view the LAN and local security cameras and TV from my home base when I travel to Eastern Europe. Cost = cost of a pi3 and some of my time. It also allows me to access my router as if I was local, anytime, anywhere. gives me about 25 Mbps throughput between eastern Europe and UK, which is perfect and uses my home IP address to boot.

I will set up a similar pi in the US with my family. I am now looking at encapsulating/routing over the blockchain but need to accelerate due to performance and high encryption tax as well as possible curve issues on secp25k1.

Thanks for the post it's an excellent write-up on snake oil services, and this industry needs a good disruptor to shake it out..

@Berrik
Copy link

Berrik commented Oct 24, 2022

I looking to hide internet traffic from my snoopy neighbours who have nothing better to do than watch my activity on the internet. Additionally, if I am in a hotel or hostel, connecting to an open Wifi network and then using an encrypted connection to bypass the build in payment options would be beneficial.

Any help with information of a good provider and steps in which to connect using the built in Windows 11 systems found here would be great.

All the best!

@LokiFawkes
Copy link

@Berrik Your neighbors shouldn't be able to see your traffic, and if they could, they can't read it.

If your neighbors are seeing your traffic, you're probably on an open wi-fi network or they know your WPA password (WPA 1 or 2, PSK). They still shouldn't be able to read it.

With WPA-Enterprise or WPA3-SAE, they shouldn't be able to see your traffic at all. (Unless you're connecting to their router), and if they could, they can't read it if you're connecting over TLS (such as HTTPS).

Bypassing hotel paywalls is a futile effort. Any hotel that wants you to pay for wifi is going to put you in a blocked VLAN til you pay up. If you can't ping 8.8.8.8, for example, you ain't gonna connect to a proxy. If you really want to try to bypass paywalls, though, you could always try hosting your own VPN so if they don't know what they're doing you're more likely to connect than if you tried connecting to a well-known glorified proxy.

@Berrik
Copy link

Berrik commented Oct 24, 2022

@LokiFawkes I am well aware of what people can and can't see via network traffic.

You comment is not an answer, but your comment is an agressive use of communication and I don't care much for you.

@LokiFawkes
Copy link

@Berrik 1) Ask your question somewhere someone gives a shit
2) Bite my shiny metal ass. I gave you the straightest answer you'll ever get.

@Berrik
Copy link

Berrik commented Oct 24, 2022

@LokiFawkes You didn't answer the fucking question, you fucking avoided the question all together and gave me your opinion. I do not give a shit about your opinion; I give a shit about the question in a github file comment section about VPNs.

People that actually do not give a shit do not even make a comment explaining that they do not give a shit, so keep telling me how less of a shit you give about a response to a question that didn't help or inform anyone and was akin to uploading a piece of propaganda in the form of a comment response (why I referred to it as aggressive).

@LokiFawkes
Copy link

@Berrik Oh yes and you totally didn't expect this response in a discussion on VPN scams.

All this was intentional, dickweed.

Everything I said there was factual. It was the straightest factual answer you're going to get.

Anyone answering the last line of the question would be ignoring the premise. Anyone answering only the premise would be ignoring the question. I answered both. Now go crawl in a hole.

Wanna hide your Internet traffic from neighbors? Don't use their access point nor give them the password to yours. Want to bypass hotel wifi paywalls? You generally CAN'T. Aside from some exceptions where the paywall is more of a paysuggestion, it's impossible. And if you're just trying to mask your traffic while out in public, host your own ACTUAL VPN.

I will not entertain your decision to enter this conversation as a shill. I will not entertain your fallacies. I will not entertain your diametrically opposed "question" and premise. And nobody else here will either.

This conversation was closed long ago, but Github won't let it be frozen.

So next time you want to ask "What VPN service should I use"

Try not asking it in a gist titled "Don't Use VPN Services", you filthy troll.

@Berrik
Copy link

Berrik commented Oct 24, 2022

@LokiFawkes Using a VPN to block communication interceptions from your obsessive neighbours is a completely different VPN issue to "not needing a vpn, use a proxy bro" thread...

For whatever reason, me looking for the issue in the comment resulted in your github blog being linked, suggesting a very specific use of VPN for personal use vs business use, when 99% of internet businesses make use of things and monopolise services that you should be able to do from a personal computer.

I think you work for the CCP.

@LokiFawkes
Copy link

@Berrik Your discourse here is off-topic. Your question was an insult to the thread to begin with.

Want to block communication interception? You're already doing so in the best way available to you, on this site, RIGHT NOW. It's called encryption. Using TLS, you're able to verify the server you're connecting to and speak to it in a way that nobody in the middle can read.

Want to mask your traffic from other people in the network snooping? Set up your own VPN at home, connect to it from wherever the hell you are.

And if you think I work for the CCP, you don't know the difference between for and against.

If you don't like services being monopolized that you should be able to use from your personal computer, build your own like they do.

Do you think Google or Apple employees use NordVPN to connect to HQ? No. They use an internal VPN, an actual VPN, for that. Want what they have? Your router probably offers it, and if it doesn't, an old computer or a Raspberry Pi is a cheap option. IP address keeps changing? Dynamic DNS is cheap these days.

Troll somewhere else, all of your comments have been reported.

@Berrik
Copy link

Berrik commented Oct 24, 2022

@LokiFawkes It's literally a question about VPNs for a specific purpose in a thread containing people who are knowledgeable about VPNs.
Meds.

@LokiFawkes
Copy link

@Berrik AHEM.

Before you comment: Be aware that any non-constructive comments will be removed. This includes advertising for VPN providers (yes, even when you phrase the marketing claims like a question), trolling, harassment, insults towards other people, claims that have already been addressed in the article, and so on.

If your comment isn't a genuine question or a concrete counterargument supported by evidence, it probably doesn't belong here.

This isn't a place to shill a VPN service nor to ask for VPN service recommendations. Take it elsewhere.

@Berrik
Copy link

Berrik commented Oct 24, 2022

Well my VPN service that is coming out of your buttcheeks is my original statements: "I looking to hide internet traffic from my snoopy neighbours" and "connect using the built in Windows 11 systems found here "

If anything, I am promoting the proper use of VPN functions instead of asking people to download and subscribe to the latest VPN bloatware/backdoor.

@LokiFawkes
Copy link

@Berrik Again, wrong pasture for that bullshit. This isn't the place to shill a VPN service nor to ask for VPN service recommendations.

@birdwatcher1
Copy link

This article is poorly written and directed toward the same group of people who believe the marketing BS from VPN providers. From a technical standpoint however, the point of this article is written with as much disinformation as the marketing structure it criticizes from such VPN providers. There is very little, real technical information used in the article, and absolutely no evidence for the author's claim. This is not a technical article about VPN providers but, more of an opinion on the issue of trust with providers.

It would have been a lot easier and less confusing to educate people on how VPN do not help you beat tracking methods that use device ID, fingerprinting, app identifiers.

@szepeviktor
Copy link

Anyone can set up a "Viktor VPN" with 1 hour of learning.
OpenSSH on the server, PuTTY "dynamic" port forward and a browser with SOCKS proxy capability.

Copy link

ghost commented Nov 5, 2022

Tor, & the self hosted VPS, are the only real "virtual private networks". Everything else, are just proxies that pretend to be a vpn.

@xNeonHD
Copy link

xNeonHD commented Nov 5, 2022

I'm sorry but what the actual fuck even is this comment thread?

Literally just received a email notification where the last email of this thread I got was from January 2020 from a guy who replied to me "you truly are an ignore arrogant mother fucker that has no fuckin clue what the hell he's talking about [sic]"

HUH????

I have two burning questions:

  1. Why am I just receiving emails for this now...?
  2. Why are people still commenting on this?

P.S. For anyone with the intent on replying "read the OP" followed by a useless ad hominem attack, kindly shove a giant dildo up your ass. Thank you.

P.P.S. After reading just 1% of this thread it's honestly hilarious how people are getting so worked up by this 🤣this ain't left/right politics you fuckin goofs. Reminds me of the equally hilarious "skill based matchmaking" controversy that triggers people nowadays.

@birdwatcher1
Copy link

I have two burning questions:

  1. Why am I just receiving emails for this now...?

Because, you have Notifications on. You can remove them on the settings tab.

  1. Why are people still commenting on this?

Why are you still commenting on this?

@jcanfield
Copy link

@xNeonHD 👍 Yup. You took the damn words right out of my mouth. Why... why did i get this notification? lol

@birdwatcher1
Copy link

@xNeonHD

P.P.S. After reading just 1% of this thread it's honestly hilarious how people are getting so worked up by this 🤣this ain't left/right politics you fuckin goofs

I was just going to say the same thing. 🤣

@xNeonHD
Copy link

xNeonHD commented Nov 5, 2022

Because, you have Notifications on. You can remove them on the settings tab.

Thanks captain obvious!

@birdwatcher1
Copy link

Because, you have Notifications on. You can remove them on the settings tab.

Thanks captain obvious!

Happy to help. 😆

@jasperweiss
Copy link

jasperweiss commented Nov 5, 2022

Hi everyone who left their email notifications on 👋

Tor, & the self hosted VPS, are the only real "virtual private networks". Everything else, are just proxies that pretend to be a vpn.

If you’re going for a semantic discussion, I’d like to argue that a real “virtual private network” is an actual “private network” (meaning traffic is invisible to anyone not part of it and IP addresses are not routable to anyone not part of it.) that is created “virtually” on top of an existing real network.
e.g by bridging your personal devices together with wireguard, tailscale or something along those lines. That way each device has an additional ip address that is only routable by your own devices and all traffic to and from said devices is opaque to the underlying real network.

VPN’s (whether it be hosted by someone else, yourself or someone else still in the form of an VPS which I’d argue defeats the entire purpose) and Tor, in the way they are commonly used, are just proxying your traffic. There’s no private network to speak of. It’s not a different network. You’re attempting to hide the origin.

Copy link

ghost commented Nov 5, 2022

@jasperweiss I'm not much of an intelligent conversationer. But what you said is 100% true. Whether it's a VPN, or VPS, or any public proxy service like TOR, at the end of the day, all you want is to hide yourself from your actual IP, as well as your vpn. But where the problem arises, is the collection of your network traffic usage such as logging. We should always believe that it's impossible to achieve this because transparency from providers & a hiding user never go well together.

@ClarkFieseln
Copy link

Wow, lots of energy right there. Love it!
That means you all really care about this topic. And that is great.
In the following article, a data-diode implements a kind of proxy that really protects also one of the most critical things in this area: the end node:
https://www.codeproject.com/Articles/5295970/Audio-Chat-for-Quite-Good-Privacy-AC4QGP
This in turn eliminates the need to trust providers...of course, as usual, what you do is moving the issue one hop behind...but maybe that is actually the solution (?). See Figure 3 here:
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part
The data comes out encrypted and there is no way to know who is behind. Yes, you can still figure out the IP of the proxy, so what?...the guy can be thousands kilometers away.
I am also not an expert, but I am also really convinced of this idea. Here some other related articles:
https://www.codeproject.com/Articles/ClarkFieseln#Article

@jasperweiss
Copy link

jasperweiss commented Nov 6, 2022

@jasperweiss I'm not much of an intelligent conversationer. But what you said is 100% true. Whether it's a VPN, or VPS, or any public proxy service like TOR, at the end of the day, all you want is to hide yourself from your actual IP, as well as your vpn. But where the problem arises, is the collection of your network traffic usage such as logging. We should always believe that it's impossible to achieve this because transparency from providers & a hiding user never go well together.

@pc00per I’ve always found the focus on logging a bit odd when talking about proxying. When we talk about encryption, we don’t want there to be a backdoor of any kind. It’s not about trusting whether they will use it unjustly, it is about the technical ability being there for them to do so. It shouldn’t exist.

As far as logging is concerned; it should be assumed that whatever can be logged is logged. It makes no sense to me to have a heightened sense of privacy purely based on the assumption that someone who has insight into something is trusted to turn a blind eye.

Even if everything going through a proxy is assumed to be recorded fully, they provide some benefits. Namely that the service that is the receiving end of your encrypted TLS connection can not see its origin. It sees the actual data, such as search queries, but not the origin. Our malevolent proxy (that records everything as well) can see the connection from you to the service, but not the contents.

Arguably, in most cases, hiding yourself as the origin in order to decouple your identity from the data, suffices. The services you connect to, from the point of view of the proxy, is usually some big name datacenter anyway. So the proxy sees you’re connecting to google, Amazon, cloudflare, microsoft, OVH cloud or whatever. They learn very little from that about you. (This is assuming the use of TLS 1.3 where the SNI is properly hidden. But even if that wasn’t the case, the services you connect to most likely aren’t all that interesting by themselves)

If you wanted to hide the services to which you connect, rather than trusting on a “no logging” policy, an additional proxy should be introduced. This is what Tor does (but with 3 hops to be on the safe side).
The first node only knows that you’re connecting to another node, the other node knows someone coming through the first node is connecting to some service and none of the 2 know anything about the contents. Problem solved.

@hswopeams
Copy link

hswopeams commented Nov 7, 2022

@joepie91 Regarding your advice in the So when Should I use a VPN section,
would that allow me to get an IP from a specific country? My issue is that I am from one country but live in another. I have a small business and property in my country of origin. My mortgage lender has recently decided to block any IPs not in that country, as has the municipality my small business is registered in. Some of the national government websites of my country of origin also block based on IP. That means I can't access my mortgage information or file documents I'm legally required to file without an IP from that country. That's the main reason I occasionally use a VPN -- to get an IP from a specific country. I'm not doing anything nefarious -- just trying to do basic life things. What's the best solution for this situation?

@EdRoxter
Copy link

EdRoxter commented Nov 7, 2022

@xNeonHD +1 Yup. You took the damn words right out of my mouth. Why... why did i get this notification? lol

Same here, I'm not even sure I've ever subscribed to this topi...

@nukeop
Copy link

nukeop commented Nov 7, 2022

I just want to evade bans, a cheap VPN gives me a million IPs to do so.

@birdwatcher1
Copy link

Just let it die, people.

Yeah, just let it die. I did, and it is liberating.

😂

@xNeonHD
Copy link

xNeonHD commented Nov 23, 2022

Okay, but still not found any info about that the things were turned. Any info about leaks or cooperating with law enforcement? The main problem with all that whining, hysterical like "no-logs policy is just a bullshit" posts is they never have any proofs actually. I always see such posts in the way kind of the author just wanted attention by writing on such an exciting topic. He got it 😉

This gist became just like a some kind 4chan thread 😁

For what it's worth, you've got to at least admire the amount of chutzpah this article exudes.

@Alchemist98
Copy link

I found this post because I downloaded express VPN on my samsung phone and it showed me a message saying "Express VPN wants to set up a VPN connection that allows it to monitor network traffic. Only accept if you trust the source." I copy and pasted the message on google and ended up here. I already have Express VPN on my PC but not on my phone yet because the message appeared on my phone only and not my PC. So my whole concern is privacy. From what I read here, its possible that they can see what I browse online right? So my question is if Im on my PC, turn on Expess VPN, then open "Oracle VM Virtual Box" and run "Whonix Gateway" will they still be able to see what I browse on the "Whonix Wworstation"?

@aedicted
Copy link

Since most for sure has been discussed in this endless seeming thread already, to cut it short - if you never worried about using there service on your PC, you are a bit late to start doing so now, just because you're on a different platform which is programmed to state the obvious.

Another question would be: do you trust your internet service provider? By using a VPN provider like ExpressVPN, you're effectively outsourcing that point of trust by comparison, not less and not more. When in doubt, the usual VPN providers selling off their side product of cascaded interent access probably will give out personal data less likely than the usual ISPs.

@Alchemist98
Copy link

Thanks for your reply. I think I understand what youre saying. So can a VPN provider access any of my data or browsing history even if Im browsing the internet through the TOR browser from the Whonix Worstation on the Oracle virtual machine?

@LokiFawkes
Copy link

@Alchemist98 If you're going from Tor to VPN, yes, they're seeing it all. And seeing as that's usually the only direction that will work, that's probably what you mean.
Going from VPN -> Tor, you compromise the connection from you to the entry node. Going from Tor -> VPN, you compromise your exit traffic by associating it with your identity and passing it through their network which you now have to trust not to misuse that.
A few things to consider.
If it's free, it's mining your traffic.
If it requires a proprietary app, it's mining your traffic.
If it claims to protect you from malware or trackers, it's mining your traffic.
Not only that, most VPNs are owned by a few companies and even further, often whitelabel from a service called WL-VPN, in which the WL of course stands for WhiteLabel.
https://www.youtube.com/watch?v=8MHBMdTBlok
https://digital-lab-wp.consumerreports.org/wp-content/uploads/2021/12/VPN-White-Paper.pdf

Mullvad seems to be the top for privacy in the above, especially given you can connect to it using a regular OpenVPN client, but then again, ExpressVPN gets first place in a lot of those categories in that whitepaper, so take it with a grain of salt and don't trust "VPN" proxy services with anything sensitive

@DiscordGregory
Copy link

This seems like "I don't trust them, you shouldn't trust them either"

@LokiFawkes
Copy link

@DiscordGregory Hi, Strawman. How's Oz these days?

As we can see in this thread, we've established that "VPN" services are not a true VPN, many are just classic web proxies rebranded as "VPN", with or without encryption, and all of them lack the P in VPN. We've established reasons to doubt the safety of a given VPN, as their proprietary apps that are usually required to connect are a good sign that your computer's own encryption is being stripped, and some, like NordVPN, literally feed your traffic data into Google Analytics.

When using any tool to try to anonymize yourself, it's wise to practice some basic OpSec. Don't sign in to anything that could reveal your identity (if you need to, create a fictitious identity consisting of pseudonymous accounts meant only for your "anonymized" traffic), make sure you know the risks of the tool or service you're using, and make sure your activities on the clearnet and on your proxy are completely segregated from each other.

If you think that's too much work, don't use these services, or just use them to pirate Netflix from other countries.

@aedicted
Copy link

As we can see in this thread, we've established that "VPN" services are not a true VPN, many are just classic web proxies rebranded as "VPN", with or without encryption, and all of them lack the P in VPN.

That might be true on a political level (although still debatable), but isn't correct from a technical point of view.

It is a common misconception that the "P" for "private" would refer to privacy in terms of data protection. It doesn't, it only refers to a virtualised private network address space, tunnelled through another network which can be encrypted or unencrypted.

A common example for an often unencrypted VPN type by the way is the popular MPLS for business customers.

In that way, it isn't a false claim that the usual VPN operators advertise their products as VPN which they technically are, however, what they actually promote and offer as a service is the effective proxy functionality where the VPN attribute is just a side product for an internet-internet coupling.

@LokiFawkes
Copy link

LokiFawkes commented Nov 27, 2022

@aedicted The "P" is for "private" as in "private network". As in, using VPN protocols (which is rarely even the case with so-called VPN services) to make traffic appear to come from another IP on the clearnet is NOT the proper use case. It can be a consequence, and even a desired one, of one of the proper use cases (example, work-from-home jobs that handle PII typically put both private and clearnet traffic through the company's VPN, so that they hold custody of both types of traffic when you're on the clock), but these services are just false advertising, especially when a lot of them are just HTTP proxies or SOCKS proxies, with or without any encryption, and typically strip encryption to mine your traffic (cert replacement, can't believe I have to mention this again and again and AGAIN)

MPLS is a VPN in the same sense that VLAN tagging is a VPN. That is to say, it's not. It can be used in conjunction with other tools to create a VPN, but isn't a VPN in and of itself.

@aedicted
Copy link

aedicted commented Nov 27, 2022

@LokoFawkes:

"MPLS is a VPN in the same sense that VLAN tagging is a VPN"

In this context of the advertised VPN-services discussed here, that probably would be the wrong comparison anyway as VLAN tagging is happening on layer 2 whereas here, the concept of a VPN is to have a (private) address space routed through another one. Since it is a very generic term, many different concepts indeed can form such a VPN, apparently including layer 2/3 techniques such as the labelling used with MPLS:

https://en.wikipedia.org/wiki/Layer_2_MPLS_VPN

Encryption for instance cannot be a requirement for a VPN as if you take one which is broadly accepted to be one and turn off the encryption, nothing changes for the concept of having a tunnel and routing a different network (space) through another one which was supposed to me point thrown in here.

Consequently, Deutsche Telekom calls their Cisco-based now encrypted MPLS variant "GetVPN" and Versatel the regular one MPLS VPN.

At the end, we might mean the same and actually agree. It is of course important to distinguish between the technical definition from the advertisement based - mostly bullshit - one presented by the usual suspects e.g. NordVPN, Cyberghost with their alledged "privacy" nonsense for the absolute laymen.

@LokiFawkes
Copy link

@aedicted MPLS is not a VPN. You're conflating MPLS (which isn't a VPN, it's more akin to VLANs) with a VPN used to place you in an MPLS network, or "MPLS VPN"

@aedicted
Copy link

Please elaborate on what parts enable access to the MPLS by the means of a VPN then. Also, I'd appreciate your detailed definition of a VPN then - which, I think here we agree - doesn't necessarily involve any encryption.

@LokiFawkes
Copy link

@aedicted MPLS is an alternate protocol to Ethernet, and to some extent, TCP. It rests in the middle of layers 2 and 3, able to operate at both layers. MPLS is not a VPN or a conceptual network that has to be emulated by one. An MPLS VPN is typically used to bridge MPLS and Ethernet networks.

As for encryption, I do hold that a functional network tunnel must employ encryption or the idea that it's a tunnel is merely a suggestion and not a rule. This is also why I consider VLANs not to be VPNs. VLAN tagging is just a suggestion and switches that don't support it could route packets anywhere, which is how VLAN traffic leaking occurs. MPLS operates a bit similarly to VLAN tagging but also serves as an alternative layer 2 protocol to Ethernet, which is why I compared the two. It's why, despite MPLS not being a VLAN so much as just a protocol with a lot more rules than Ethernet, I still called it more akin to VLANs than a VPN.

I never really agreed with you that a VPN does not need encryption. I simply ignored your claim because it's wildly absurd. A tunnel with no encryption isn't a tunnel, and a VPN with no tunnel is a plaintext proxy.

@aedicted
Copy link

"I never really agreed with you that a VPN does not need encryption. I simply ignored your claim because it's wildly absurd."

Very lovely, I guess ignorance even based on a questionable, a bit narrow view must be bliss then. Let's see.

Of course, it fundamentally all depends on the definition of the terms and whether the privacy in "VPN" refers to the encapsulated (private) network address range or the potential data protection.

As for VPNs require encryption, even Cisco literature, referred to here, seems to disagree:

https://en.wikipedia.org/wiki/Virtual_private_network

"Encryption is common, although not an inherent part of a VPN connection.[2]"

[2] referring to Mason, Andrew G. (2002). Cisco Secure Virtual Private Network. Cisco Press. p. 7

As for the term "tunnel", at least when used more or less synonymously for "encapsulation", the argument of tunnels without encryption wouldn't be tunnels, doesn't hold either, as GRE for instance doesn't include encryption by default as otherwise, one wouldn't optionally wrap IPSec or other stuff around.

If for instance someone encapsulates something in a UDP session end-to-end to overcome NAT transversals, one could also call that a "tunnel" with maybe totally different IP endpoints on the application level, being encrypted or not. A tunnel is more a concept of encapsulation/wrapping rather than a manifestation of protection.

As stated, of course one could define the term "tunnel" or "VPN" to require encryption per se, however, the strongest technical counter-argument is that for any given encrypted, acknowledged VPN, one could turn off the encryption without any behavioural change for the endpoints. One example would be Cisco's DMVPN with the tunnel protection simply not configured:

https://community.cisco.com/t5/routing/dmvpn-without-ipsec-encryption/td-p/735716

Also, on a broader thought - taking key exchange procedures aside - there is no real conceptual difference between encrypted traffic one happens to know the key for and traffic which hasn't been encrypted in the first place.

"and a VPN with no tunnel is a plaintext proxy"

Well, a "proxy", taking the original term's meaning, is also a very generic term which can effectively include VPN connections as data is gathered "as a proxy" which is exactly the side-effect which the operators normally advertise when they sell their oh so great VPNs but a VPN still may encapsulate and connect private networks over public ones without encryption.

@peterjosvai
Copy link

I'm convinced, thank you. Not gonna use VPN services.

Copy link

ghost commented Dec 1, 2022

I installed express VPN on my laptop because I was living in a hotel while I was working out of state. It literally screwed up my laptop network (my laptop said I didn't have a NIC) after I uninstalled the program. I had to have an IT tech remove it. He told me that basically all VPN services for the general public are snake oil and he said what had happened is the VPN had infiltrated in parts of my network and that it wasn't removed. It totally messed up my laptop network and he spent about 2 hours working on it to get it backup so where I had a network again.

@CrazycatASG
Copy link

This article is just bullshit with no proof. It's the only thing what the article actually is. For now, I'll just leave it here: https://www.expressvpn.com/blog/expressvpn-statement-andrey-karlov-investigation

This article is also old as FUCK. What made you think his hot take is still relevant? No, more importantly, how did you even find this article? Do lots of websites just have a permanent link to this article or smth? I refuse to believe people just so happen to randomly stumble upon this 7 year old "article" whose last edit was in 2020. Just let it die, people.

Many, actually. I was about to reply, but then I realized that it's kind of pointless. The comments are an absolute cesspool.

@mehditlili
Copy link

mehditlili commented Dec 6, 2022

I installed express VPN on my laptop because I was living in a hotel while I was working out of state. It literally screwed up my laptop network (my laptop said I didn't have a NIC) after I uninstalled the program. I had to have an IT tech remove it. He told me that basically all VPN services for the general public are snake oil and he said what had happened is the VPN had infiltrated in parts of my network and that it wasn't removed. It totally messed up my laptop network and he spent about 2 hours working on it to get it backup so where I had a network again.

Lol dude you completely got ripped off, I hope you didn't pay that guy much to fix your laptop... You'd expect people using Github to have some basic understanding of computers... but that is obviously wrong now...

@dxgldotorg
Copy link

Perhaps the reason ExpressVPN messed up the user's network connection is due to a proprietary client modifying network settings to try to prevent the OS network stack from bypassing their tunnel.

Copy link

ghost commented Dec 11, 2022

I don't see the point of VPNs. Like what's the difference between a VPN & a free public proxy ? VPNs are just a glorified paid proxy that pretends to be private. Caz you don't run the VPS by yourself & donno whether the service really doesn't keep logs.

You wanna bypass geo restriction ? Just use public proxies man. If you're using VPNs to hide yourself, good luck with that.

@dxgldotorg
Copy link

If I need anonymity, I use Tor. Either the Tor Browser, or the Tails OS, both of which forget everything when closed.

For geo-restrictions, proxies might only be good enough for static websites, as they may not allow streaming media or other high bandwidth loads.

Copy link

ghost commented Dec 12, 2022

There are lot of proxies that can allow js too. It's just that the limitations are in bandwidth.

@LokiFawkes
Copy link

@madgoat It's kinda hard to believe you when you're shilling for the lowest ranked so-called VPN for privacy and security.
Firstly, they've never had a truly independent audit. Parent companies often own auditors or pay them for a good score. Second, Nord is a literal data broker. The entirety of your VPN traffic, data collected from your device about location, bluetooth, wifi, any type of data the app can wrestle permission out of you for, any data the app can wrestle from the OS behind your back, including pictures, videos, or even your whole filesystem, is all sent through Google Analytics. At BEST, Nord isn't keeping logs on their end, which by the way, they have to keep short term logs and then keep them long term upon government request, to comply with the laws of the countries they operate in. But regardless, Nord as a company is a data broker. Their parent company, a data broker. The fact you can ONLY connect through a PROPRIETARY app and, unlike almost every other supposedly safe VPN, you ABSOLUTELY cannot connect using a standard protocol, is a sure sign that they're using key replacement to decrypt.
PIA, Express, and Ghost are an example of one company owning multiple VPN services, AND their parent company owns the review sites and auditors. Ya know, sites like VPN Mentor and WizCase - Those are owned by the parent company of Express, PIA, and Ghost. The sites that Nord owns are harder to pin down, but it's clear that Nord and Kape (Express/PIA/Ghost) own review sites and auditors.

@TruncatedDinoSour
Copy link

this is the most annoying thread on github, my email is being spammed by it and every time i take a look here i lose another braincell, im in the negatives already, jesus fucking crist, get a life

@xNeonHD
Copy link

xNeonHD commented Dec 24, 2022

this is the most annoying thread on github, my email is being spammed by it and every time i take a look here i lose another braincell, im in the negatives already, jesus fucking crist, get a life

Dude fucking same. And on top of that every time I click on this email thread I am always forced to read a 3 year old email from a guy who called me "an arrogant mother fucker", because that's apparently the first email I got from this thread, LMFAO!

(FYI gmail doesn't collapse the first email of a thread, a feature that is handy in many scenarios, but is now annoying as fuck only thanks to this cesspool of a thread 🤣)

@xNeonHD
Copy link

xNeonHD commented Dec 24, 2022

OMFG!!!! why are you fucking ners so fucking retarted. of course they do that was the entire reason freevpn are made u fucking idiot. to male money. hey everybody the nerd figured out that companies like to make money. they wanted to make a very usful and attractive peice of software that a lot of ppl would want use then they would offer usage of the software for free in exchange they gain our permission to collect our data which they then sell to to hundreds of companies and marketing firms which is all perfectly ok and not nefarious or even immorall and if u werent so busy trying to soumd like a super smart fucking nerd fucking nerd you would have realized that vpn have a very specific and usefull purpose and that is to protect ur traffic and location ishidden from your modem u idiot cause if you didnt hide what ur doing on the internet from modem cause if you dont and you doing something less than legal totally can have and will shut ur internet off forever and because ur internet company is lickely a local bussiness and now have the evidence to prove that while u were both in the same town the intenet company saw u comitting illigLL ACTIVITIES ALONG WITH UR LOCATION AND THE DEVICE IDENTIVACTION DATA THAT THEY HAVE PROVEN WITH OUT A DOUBT THAT THAT DEVICE IS BEING USE BY YOU THEN THEY CALL THE COPS GIVE THEM THE EVIDENCE AND LOCATION AND THE COPS BEING SUMMONED IN THEI JURISDICTION BY A LOCAL TO BE GIVEN TETOMNY AND SIGNIFIGANT EVIDENCE PUT OUT A DOJ WARRANT FOR ARREST FOR UR ASS AND FORCE THERE WAY INTO UR HOUSE TACKLE YOU CYFF U AND THROW U IN JAIL WHICH IS VERY VERY VERY VERY LKELY TO HAPPEN IF U DECIDE NOT TO USE A VPN JUST BECAUSE IT COLLECTS YOUR DATA. U IGNORANT STUPID LITTLE MAN I HOPE U READ ALL OF THIS AND FEEL LITTERALY RETARTED ENOUGH FOR SPECIAL ED U FUCK EVER NERD EVER THAT HAS BEEN BEATEN DOWN FOR BEING A NERD TOTALLY DESERVS IT. @joepie91

Not sure if trolling or just batshit insane. Either way I'm making this into a copypasta and posting it to the subreddit. Thanks for the comedy dude 🤣😂🤣

@TruncatedDinoSour
Copy link

this is the most annoying thread on github, my email is being spammed by it and every time i take a look here i lose another braincell, im in the negatives already, jesus fucking crist, get a life

Dude fucking same. And on top of that every time I click on this email thread I am always forced to read a 3 year old email from a guy who called me "an arrogant mother fucker", because that's apparently the first email I got from this thread, LMFAO!

(FYI gmail doesn't collapse the first email of a thread, a feature that is handy in many scenarios, but is now annoying as fuck only thanks to this cesspool of a thread rofl)

lmaoooooooo

@eqn-group
Copy link

eqn-group commented Dec 25, 2022 via email

@TruncatedDinoSour
Copy link

unsubscribe!

do you now think i havent thought of that ? i dont think theres a way to ubsubscribe from singular threads, unless, idk

@eqn-group
Copy link

eqn-group commented Dec 25, 2022 via email

@GetAHat
Copy link

GetAHat commented Dec 25, 2022

I think the best use case for consumer VPNs is accessing region-locked content\websites etc. In case of Russia you literally can't even pay in some websites even if you have European or American credit card and\or you are European citizen, and you've set the region to any European one. Just because of the fact that you're connecting from Russian IP.

To be honest, I use whatever seems working but only turning VPN on for specific usecases, and turning off immediately after I'm done. Everything else - yep, it's just stupid. You just giving the data to some shady unregulated VPN company instead of shady and barely regulated ISP.

@TruncatedDinoSour
Copy link

look at the bottom your your email, there is an unsubscribe link

------ Original Message ------ From "TruncatedDinosour" @.> To "TruncatedDinosour" @.> Cc "Comment" @.***> Date 25/12/2022 16:46:15 Subject Re: joepie91/vpn.md
@TruncatedDinoSour commented on this gist. -------------------------------------------------------------------------------- >unsubscribe! >… <#> > do you now think i havent thought of that ? i dont think theres a way to ubsubscribe from singular threads, unless, idk — Reply to this email directly, view it on GitHub https://gist.github.com/5a9909939e6ce7d09e29#gistcomment-4413152 or unsubscribe https://github.com/notifications/unsubscribe-auth/ATM2XBBN6UQZR4HYOT7BM6TWPAUIBBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVAZDQNJSGY3DMNNHORZGSZ3HMVZKMY3SMVQXIZI. You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

hm. is it for singular threads though ? im scared to get unsubscribed from all notifications

@LupusMichaelis
Copy link

hm. is it for singular threads though ? im scared to get unsubscribed from all notifications

How do you achieve breathing? Unbelievable. I'd like to point out that there is an “unsubscribe” button at the top of this very page.
image

@TruncatedDinoSour
Copy link

hm. is it for singular threads though ? im scared to get unsubscribed from all notifications

How do you achieve breathing? Unbelievable. I'd like to point out that there is an “unsubscribe” button at the top of this very page. image

didnt look at the top, anyway, thank god, finally i can begin braincell recovery

@madgoat
Copy link

madgoat commented Dec 27, 2022

@LokiFawkes

The fact you can ONLY connect through a PROPRIETARY app and, unlike almost every other supposedly safe VPN, you ABSOLUTELY cannot connect using a standard protocol

You might want to revise your information, or lack thereof.

  • Nord allows you to connect however you want (OpenVPN, IPSec, IKEv2, etc...), you don't need their software.

they've never had a truly independent audit. Parent companies often own auditors or pay them for a good score.

  • So you're telling me that PricewaterhouseCoopers is owned by Nord, and that they were paid off to make them pass? Man, if that exclusive information ever got out, that would be bad news for PWC.

Next time look into things before spewing falsities. Sure, you might not like certain companies, but there's no need to lie about them.

@LokiFawkes
Copy link

@madgoat Assuming their instructions even WORK (last I had even touched their site, such instructions didn't even exist because the app was REQUIRED so they could pass your traffic to their GoogleAnalytics account), there's still the fact that they lie about data handling.
There's also the fact that not entirely having to use their app does not mean they don't collect data, only that the proprietary app GUARANTEES maximum data collection. Even a company that does allow connection over open protocols can be collecting data, just likely less data than when you use their proprietary app.
As mentioned, owning an auditor is not the only way to have a conflict of interest. Money can change hands behind closed doors, and the dissonance between reality and the score given makes that clear that PWC is either dumb or paid for. Pick your poison.
For privacy, data collection, and data collection disclosure, Nord is among the worst rated for a reason. It's run by, say it again, a data broker.

@aptblog
Copy link

aptblog commented Jan 3, 2023

Using a virtual private network (VPN) improves the security of your social media accounts by encrypting your internet connection and masking your IP address and location. This can make it more difficult for hackers to access your sensitive information and can protect your privacy when using social media. However, you should not relay on VPNs alone are for social media security, you need to be aware of many other security tips for securing your social media accounts.

@LupusMichaelis
Copy link

No. Pretend VPN do not improve security in any way. Please read the article you're commenting about that explains why they are not security tools at all, and stop puking marketing dump from those snakeoil vendors.

@LokiFawkes
Copy link

@aptblog Ad bot spotted. VPN services (glorified proxies) do not improve your security. In the age of HTTPS and DoT/DoH, your attack surface is on the client end and the server end. The attack surface is nowhere in the middle. At best, a man in the middle might get the hostname of a service you're connecting to at the handshake in the beginning of a TLS connection, a connection that could last from seconds to years, and that's if a method of encrypting the SNI (ESNI, ECH, etc) is not being implemented. Since the Web2 era, in which most sites are hosted on just a few servers, IP addresses are kinda useless for spying on users.

Things you can do to protect your browsing habits at home from being discovered by a MITM such as a hacker or your ISP:
Use DoT or DoH. DoT is superior for security and more lightweight, but browsers typically require DoH to implement ECH, the current encrypted SNI standard. Though currently they also hide this feature behind a config flag, too.
Enable ECH in your flags, even if you won't be able to use it due to your DNS configuration.
Set up a recursive resolver in your LAN, configure it to connect to other DNS servers via DoT. This server will cache your queries for a predefined length of time known as a Time To Live (TTL), either the TTL of the DNS record or the TTL the resolver has set globally, whichever is shorter. Hard mode: Use reverse-proxy software to implement DoH with this server as the DNS server, enabling you to use ECH on your favorite browser (they really should enable this for using DoT as well)

By encrypting your DNS queries and minimizing the amount of queries that reach WAN, all people see is you connecting to servers that usually host multiple domain names. By encrypting the Server Name Indicator, even the TLS handshake between you and a site will contain no usable data. At that point, only you and the site you connect to have any idea what's going on. From there, browser extensions that block ads and analytics further protect you. You can also blackhole certain hostnames on your resolver to minimize tracking where browser extensions aren't an option (mobile, for example) though that can come with its own set of functionality penalties.

Without the hostname, if a server hosts multiple sites, nobody knows what you're actually connecting to. They might be able to guess that yl-in-f101.1e100.net is probably an edge server for google.com, but they wouldn't be certain that the site is google.com and not, for example, just a site using Google's cloud services as a CDN.

@arkbg1
Copy link

arkbg1 commented Jan 3, 2023

@LokiFawkes Agreed. At least I hope. His primary arguement is directly addressed by OP.

@aptblog "(VPN) improves the security of your social media accounts by encrypting your internet connection and masking your IP address and location."

vs

@joepie91 " VPNs can't magically encrypt your traffic" & "Your IP address is a largely irrelevant metric in modern tracking systems."

also,

@joepie91 "claims that have already been addressed in the article... doesn't belong here."

@aptblog
Copy link

aptblog commented Jan 4, 2023

Defense in depth approach for security and VPN & Social Media Account Security.

Defense in depth is a security strategy that involves implementing multiple layers of defense at different points within a system or network. The goal of defense in depth is to make it more difficult for attackers to compromise the security of the system or network by requiring them to bypass multiple layers of defense.

Defense in depth is needed now more than ever as more employees work from home and as organizations increasingly rely on cloud-based services and social media is a weak human link in security.

Some examples of different layers of defense that might be included in a defense in depth strategy include:

Physical security measures, such as locks and security guards, to protect against physical attacks.
Network security measures, such as firewalls and intrusion detection systems, to protect against network-based attacks.
Application security measures, such as input validation and authentication controls, to protect against attacks targeting specific applications or services.
Data security measures, such as encryption and access controls, to protect against unauthorized access to sensitive data.

A virtual private network (VPN) is a network technology that creates a secure, encrypted connection between a device and a VPN server.

This can provide several benefits, including:

Privacy: By routing traffic through the VPN server, a VPN can hide the device's IP address and make it more difficult for third parties to track the device's online activity.
Security: The encrypted connection provided by a VPN can help protect against various types of cyber threats, such as man-in-the-middle attacks and data leaks.
Geo-blocking: Some websites and services are only available in certain countries. By connecting to a VPN server in a different country, a user can "trick" these websites into thinking they are located in the allowed country, allowing them to access restricted content.

VPN is only one component of a defense in depth strategy, and it should be used in combination with other security measures to provide the greatest level of protection.

Defense in depth for a social media account:

Choose strong and unique passwords: Use a password manager to create strong, unique passwords for your social media accounts, and enable two-factor authentication (2FA) if it is available. This will help protect against password-based attacks, such as brute-force attacks or credential stuffing.

Be cautious with links and attachments: Be cautious when clicking on links or downloading attachments from unknown sources, as these can potentially be used to deliver malware or phishing attacks.

Use privacy settings: Use the privacy settings provided by the social media platform to control who can see your posts and personal information.

Be aware of scammers and impersonators: Be aware of scammers and impersonators who may try to trick you into giving away personal information or money.

Use antivirus software: Install antivirus software on your devices and keep it up to date to help protect against malware.

Avoid sharing sensitive information: Be mindful of what personal information you share on social media, as this information could potentially be used to target you with attacks.

@LokiFawkes
Copy link

LokiFawkes commented Jan 4, 2023

@aptblog The application of VPN technology in a defense-in-depth strategy involves using an actual VPN, not a "VPN" service. VPNs are used in a defense in depth strategy to connect employees to a private network, not to serve as a proxy for their WAN traffic. When it does function as a proxy, this is to keep custody of that traffic until it goes to the WAN, not to dance around the globe via an untrustworthy third party. This way, if something leaks to WAN, it leaks through the company's private network, and is either stopped by the firewall or cannot be sniffed by the employee's home ISP.

If you are using a VPN service rather than a company VPN for your defense in depth strategy, you've defeated your whole security model.

The doctrine of defense in depth is also outdated.
For example, "strong" passwords are often short but use a wide character range instead of being long. They're not memorable, they're easy for machines to bruteforce, and they're plagued by the need to write down passwords or save them in a password manager. Passphrases are king.
For another example, antivirus software as we know it is ineffective. The most effective antivirus for Windows is Defender, with many commercial offerings actually spying on you, bypassing Defender (it disables itself if you have another AV installed) and leaving doors open for malware whose developer has bribed them for whitelisting to get through. The most effective antivirus for macOS is in fact is the Gatekeeper/Notarization/XProtect stack built in to macOS. As for Linux, there is no real AV offering (just about every offering you see for Linux is either a scam or a Windows AV scanning on Linux) and the method of defense is to patch out vulnerabilities and never give anyone but designated administrators administrative privileges. Just like macOS, a password is needed when escalating to admin power, and you must be in the admin wheel to escalate.

@aptblog
Copy link

aptblog commented Jan 5, 2023

@LokiFawkes actual VPN and VPN as service discussion is similar to choosing "Private Cloud" vs "Public Cloud".

Windows Defender a built-in antivirus software for Windows operating systems is generally effective at detecting and protecting against viruses and other malware. However keeping your OS up to date with the latest security patches and updates, enabling virtualization-based security, and using cloud storage service to store your important files and documents adds extra layer to security.

The doctrine of defense in depth is a military strategy that involves positioning defensive forces at various levels or depths in an area in order to create multiple layers of defense. While the specific tactics and technologies used in defense in depth may change over time, the fundamental principles behind this strategy remains relevant.

The doctrine of "Defense in depth" can be applied in a variety of contexts, including military, cybersecurity, and critical infrastructure protection.

Doctrine of defense in depth can also be applied to emotional security or personal security.

Here are some ideas for how to build a defense in depth for emotional security:

Identify and address sources of stress: Identify the things that cause you stress, such as work, relationships, or financial issues, and take steps to address them. This might involve seeking support from friends and family, seeking therapy, counseling, finding ways to manage your workload more effectively.

Practice self-care: Take care of yourself physically and emotionally by getting enough sleep, eating well, exercising, and engaging in activities that bring you joy.

Build a support network: Surround yourself with people who are supportive and who you can turn to for help when you're feeling overwhelmed or distressed.

Develop coping skills: Learn techniques for managing your emotions and coping with stress, such as deep breathing, meditation, or journaling.

Seek professional help if needed: If you're struggling to cope with stress or negative emotions on your own, consider seeking help from a mental health professional or a health coach.

@LokiFawkes
Copy link

@aptblog No, actual VPN vs VPN service is similar to choosing self hosted vs public cloud.

Audits of antivirus software showed the best to be Defender, which also happens to be the one that comes with Windows. Currently, as OS developers put their money into providing an antivirus, they've proven to be the best to turn to when protecting the OS they develop. Virtualization-based security is typically not needed unless you're downloading shit from Softonic, and even then, most malware you'll be worrying about can break the hypervisor or simply get sufficient permissions from the user for the hypervisor not to be a threat to its goal.

Cloud storage is not a form of security. You're thinking of backup, but also, it's not a form of backup either. It's not an archival service, it's a centralized sync service. Centralizing your files to Muh Cloud can actually make it easier for malware to destroy your data thoroughly enough that without a real backup you'll be unable to retrieve it.

If the doctrine of defense in depth hasn't embraced long passwords, it's outdated. End of.

@MandiYang
Copy link

Is protonvpn trustworthy? There is no way to confirm it to be trustworthy but they seem so legit :( https://protonvpn.com/blog/is-protonvpn-trustworthy/

@arkbg1
Copy link

arkbg1 commented Jan 8, 2023

Is protonvpn trustworthy? There is no way to confirm it to be trustworthy but they seem so legit :( https://protonvpn.com/blog/is-protonvpn-trustworthy/

I would be curious to know if OP read anything especially convincing in their lists of reasons to trust them.

@carmellopezhere
Copy link

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

@GASOLINE
Copy link

GASOLINE commented Mar 8, 2023

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

Says someone that just subscribed to Github. It seems more an advert/affiliate link.

@Kyr4l
Copy link

Kyr4l commented Mar 9, 2023

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

Bot detected 1000000%

@ElTioRata
Copy link

So, Mullvad isn't trustworthy?

@LokiFawkes
Copy link

Trust Mullvad as far as you can throw it. Don't expect it to keep your network traffic a secret any more than any other service, though it does have less data-broker baggage than many others.

@CostcoFanboy
Copy link

CostcoFanboy commented Mar 28, 2023

You can somewhat trust some rare VPNs as some of them made their canary tactics public and you can observe how the VPN/company interacted with other court orders in the past.

e.g. Mullvad and Proton

Basically, if they have logs, they just hand them encrypted jargon, if they have no logs, then nothing can be given.
This gist is somewhat right but too pessimistic.

99% of people use VPNs for geolocation bypass (Netflix or living in an authoritarian regime) or p2p torrenting, which are fairly valid use cases.

I'd say Mullvad, Proton and iVPN are trustworthy considering what I've seen from their responses and what happened during equipment seizures.

List of garbage VPNs that are to be avoided 100%:

  • GhostVPN: Owned by ex-malware company
  • PIA: Now owned by ex-malware company
  • Tunnelbear: Owned by McAfee
  • PureVPN: Lied about not keeping logs
  • Windscribe VPN: Lied about encryption
  • HideMyAss: Lied about not keeping logs
  • DoubleVPN: Lied about not keeping logs
  • EarthVPN: Lied about not keeping logs
  • ProtonVPN: Garbage apps.
  • Hola: Malware

Of course, never trust VPNs that are mass-peddled on YouTube channels.

It's all very circumstantial and somewhat "no brainer". Kind of like how you'd trust pCloud to harbor sensitive data but never Google Drive. But you can circumvent the whole thing by running Cryptomator on your Gdrive folder contents locally.

You just have to be smart about it.

As far as the best one, it definitely goes to Mullvad. You don't even need an identity tied to your payment method.

@Moizsohail
Copy link

Moizsohail commented Apr 3, 2023

What if we use openvpn and connect to free vpn providers like https://www.freeopenvpn.org/index.php?lang=en. is that safe?

I mean i am just looking to watch anime on pirated sites like gogoanime. and i don't need a letter knocking on my door.

@isaackielma
Copy link

@ranazain0009 Looks like all these vpn indicated in the website are logging all consumer traffic and personal data that's stored in their DB. Is that true or am I paranoid? Just because you pay them, doesn't mean that they will be ethical. Still giving them all the power to sell or use your info for nefarious purposes...

Just a thought, please correct me if I am mistaken.

@aedicted
Copy link

aedicted commented May 4, 2023

They most certainly won't log "all consumer traffic" as it would be way too much to store. Not even the NSA does that or would be capable of holding all that stuff.

If at all, it will be the meta-data about the connection itself.

Paranoia? Depends on your use case. I'd claim that for a little P2P, etc. ANY will do it as "investigations" in that regard will stop at the first visible IP-address and as long as it is not your easily accessible ISP, I'm yet to hear of any case where they took the effort to follow up the chain. If you plan "more" or your safety is a stake like being a Snowden, then cascade several up to your personal level of paranoia. ;)

@Viral
Copy link

Viral commented May 24, 2023

literally shit for brains

@AB9IL
Copy link

AB9IL commented May 24, 2023

Don't make careless arguments about VPNs as a useless or harmful service. Deprecating VPNs as "glorified proxies" is more sensationalist than accurate, as they are completely different in measures of bandwidth and encryption strength. Joepie91 does not consider that a main usage of VPNs is to prevent deep packet inspection and evade censorship. Plentiful VPNs are a reason why censorship is dead. If you are in a f#@&'ed up place with f#@&'ed up internet and want to read the Washington Post or stream some CBC Radio, a VPN works.

As one who has lived and worked in f#@&'ed up places with f#@&'ed up internet, VPNs are useful. I don't trust commercial VPN services either, and advocate usage of one's own VPS to run something like Wireguard. Streisand or Algo are tools for making the setup easy. Let me rephrase my point: VPNs are useful for circumventing internet surveillance and censorship imposed locally or regionally. For a higher level of trust, use your own server to avoid the pitfalls of commercial services.

If you are doing something risky, you need a solution requiring zero trust. Use Tor, Lokinet, or I2P (and a hardened browser) for anonymity. If you don't want your data accessed, use end-to-end encrypted services. As mentioned in this thread, there are some very good messaging applications which have strong E2EE and smartly written implementations. Briar, White Mouse, Element come immediately to mind.

Thank you for coming to my Ted Talk..

@Finoderi
Copy link

If you want to read WaPo something in your life is really fucked up already. For tasks described above any regular socks-proxy is more than enough.

@LokiFawkes
Copy link

@AB9IL So what you're saying is,
VPN services are a glorified proxy.
They don't provide privacy, only a very shallow and easily defeated evasion of censorship. Any proxy (and that's what these services usually are anyway) can do that. But again, that's all you're doing, is getting around geofilters until you're discovered.
No security or privacy benefit is involved. And that's what this gist is about.

@LokiFawkes
Copy link

@nukeop Your ISP knows your IP address. The site you go to knows your IP address or the IP of the server you're proxying through. Those are the only two parties that could normally track you by IP address. And neither does.

This is because your IP address is useless garbage information in the current internet structure. Clients have dynamic IP addresses, v4 uses NAT to combat the limited address space, meaning you can only identify a home or place of business at best, and IPv6 is currently poorly managed. Hell, my ISP gives me my own range of IPv6 addresses and somehow I still can't retain the addresses themselves. If a machine loses connection, or I lose internet connection, it's back to the drawing board and trying to set static addresses will just screw things up worse. Likely so they can sell a business plan that costs 10 times as much.

Servers often host multiple sites on one address, even sites owned by different people. So IP addresses are virtually useless for determining what site you connected to as well.

ISPs look for DNS requests and unencrypted client hello messages. They also source records from popular DNS providers. They also know if you're using a popular proxy service like NordVPN, and often are buying data from data brokers that own these proxy services.

That hello message, by the way, can still lead the people snooping between your proxy and the site back to you, to know you visited it. It's not as easy as if it came directly from you, but it still works.

Then there's the endpoint you're connecting to. They make a fingerprint of your browser, try to install cookies in your browser, and employ many other tricks to track you not only on their site but across sites and apps. Your IP address is not involved in that process.

Finally, a man in the middle cannot get the contents of your communication with the site. From the time you're done saying hello, to the time the encrypted connection is closed for good, an observer would need your private key and the site's private key to know what the hell you two are saying to each other. It's like listening to dialup. Just like how you'd need a demodulator to listen in on a dialup connection (even one that isn't encrypted), and without one you just hear noise, an observer cannot make heads or tails of a TLS connection.

With a private DNS server, either on your local network or over DoT/DoH, and a browser that will let you use ECH with a private server, nobody knows who connected to what site except you and the other party. And if you're worried about the site tracking you, don't worry, they already are, even if you don't have an IP address at all. It doesn't matter if you're communicating over TCP/IP or carrier pigeon. There's no turnkey solution to stop them tracking you. You have to use your brain, reject all conveniences, and leave your identity at the door. Only static webpages with JS disabled and cookies rejected for you, as well as a predetermined canvas size that makes you look like all the Tor Browser users out there.

@Finoderi
Copy link

@GenericRsPlayer
Copy link

Sounds like an american problem to me. Most of these things are outlawed in civilized countries.

Ahh yes. America; the country that brought the entirety of the planet standards of living up by a factor of 10, won 2 world wars, and was the primary country that said NO to slavery in the previous century; is not civilized. Privacy, torrenting, and VPN's are the only reason that places which do NOT have the ability to speak of atrocities (China, Venezuela, North Korea{if anyone can get a computer and is smart enough to figure this stuff out they will for sure will be able to access the unfiltered web} are some modern examples thanks to this kind of technology. Meanwhile our standards of speech lead Alexander Solzhenitsyn to be able to wildly publish his book, "The Gulag Archipelago". This book was one of the direct contributors to the downfall of the USSR; as he was able to show the world an inside look at what the Soviet's war machine looked like.

Not to mention the audacity to come onto a thread about VPN's; which are the only way that some people are able to see the outside world at all, and say something as profoundly ignorant as "most of the things that stop mass genocide are outlawed in the countries that originally sponsored some of it".

Stop it. Get help.

@GenericRsPlayer
Copy link

Lol, this is your mind on CIA propaganda. Check what happened to Gary Webb and Edward Snowden.

Don't think I am oblivious to the fact that the three letter agencies in the US are traitorous entities. But to throw out the entirety of the US, and say that we are uncivilized because we have privacy and protection laws? HA! Enjoy communism, Marxism, Socialism, Totalitarianism, and all the other "Ism's" there are; because freedom of speech is the Sword of Damocles to any Tyrant.

@GenericRsPlayer
Copy link

nukeop

so your argument is that because people are in jail, that we have no freedom of speech? point to me the political dissidents within the country that are currently in jail because they spoke ill of the governmental bodies in place

@Finoderi
Copy link

It's always easy to talk about things you don't know. In North Korea there are white lists of IPs you are allowed to connect to. Everything else are just dropped. It's pretty dumb and straightforward but no workaround exists. You can't pull routs out of your ass where they don't exist.
And in China shadowsocks is rather popular socks-proxy. But it's not a VPN and there are good reasons for that.

@GenericRsPlayer
Copy link

Alex Jones has to pay 6 gorillion dollars for his freedom of speech

alex jones had a lawyer that accidently emailed private conversations between him and AJ to the opposing defense team.
he also was up for deformation, in saying that no one was killed in Sandy Hook. News flash, they were.
He is a misinformation agent that is a MOSSAD plant. he purposefully tells you the truth, but twists it into a narrative. his job is to make people look crazy. and he does a fantastic job at it too.

he also; is not in jail. so please. try again. im very interested in understanding your logic on this.

@GenericRsPlayer
Copy link

GenericRsPlayer commented May 25, 2023

i was speaking as to people in NK. the government does issue computers to its citizens, but they are incredibly limited on what they see, and we are incredibly limited on what we see. what im saying is if a NK official who has unrestricted access (a hacker) can figure out how to setup a VPN, he more than likely could, because he would be able to get the information. from that point he could see the whole web.

i am, however; not an expert in this field, and will defer to others on their expertise.

dont forget that they even developed a video game at one point
https://en.wikipedia.org/wiki/Category:Video_games_developed_in_North_Korea

@Finoderi
Copy link

He is a misinformation agent that is a MOSSAD plant.
his job is to make people look crazy.

I wonder if this is fruits of his labour or you are just so... unique on your own...

@GenericRsPlayer
Copy link

He is a misinformation agent that is a MOSSAD plant.
his job is to make people look crazy.

I wonder if this is fruits of his labour or you are just so... unique on your own...

if you know; you know

@GenericRsPlayer
Copy link

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

im still waiting on proof of concept for your political dissidents.

not once did i claim America was a paradise. it has its problems like everywhere else does. but please; continue to say nothing, and put words in my mouth. if you want to know why I personally believe it is better than other countries; look at the tax rates (our highest tax rate overall is still lower than any other country on the planet) and healthcare (not its insurance system but the actual quality itself. people come from all over the world to get healthcare here) is, broken; but top of the line for the ones that have insurance. (not to mention most hospitals will treat you if you're not an American citizen, with American citizens tax dollars). not to mention freedom of speech; which is full circle back to what this whole conversation started on!

do you think NK is a wonderful place? go live there! they'd happily take you, as target practice once you approach the border.
my comparison was not to their quality of life, but as to how development does go on in the country with computers; and that people there may or may not have an ability to see the outside world.
you may have an issue with dyslexia and contextual information if you're struggling with that.

im trying to ask you a serious question. please. inform me, how we are all brainwashed and controlled by the system because we have a judicial system that operates. tell me which American in our country is a political prisoner. if you refuse to and continue to just take jabs at me; while providing no proof of anything. I'll just block you

@xNeonHD
Copy link

xNeonHD commented May 25, 2023

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

I am laughing at your idiocy. Either you must be a troll, or it must be a birthright to write such a comment unironically.

@GenericRsPlayer
Copy link

If the best you can say is that it's in some aspects better than North Korea then the bar isn't set very high

You clearly aren't interested in an intellectual conversation 😂😂. I never said this. Not once.

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

I am laughing at your idiocy. Either you must be a troll, or it must be a birthright to write such a comment unironically.

I choose to apply Hanlon's Razor with nukeop. He is right about one thing. The CIA loves to disinform people. He clearly has been affected.

@GenericRsPlayer
Copy link

GenericRsPlayer commented May 25, 2023

do you think NK is a wonderful place? go live there! they'd happily take you, as target practice once you approach the border.

You mean like this? https://en.wikipedia.org/wiki/Migrant_deaths_along_the_Mexico%E2%80%93United_States_border

Ok and when the border is open this problem gets worse because human trafficking of children goes up.

If people followed a legal process VS leaving it up to Cartel Cyoties women and children over the border who end up victims of SA and Rpe

But no. Open border clearly is the way to go. Turn on any TV channel and you'll see that.

Also no one tries to shoot you for traveling internationally

@GenericRsPlayer
Copy link

USA: The country that heroically overcomes problems unknown in any other country

Keep watching that TV

Nuke. Your all over the board bro. Bring it back to the start of the conversation.

Show me any political dissonant who have been locked up In the US. Any US citizen who is being held and not given his rights.

@LokiFawkes
Copy link

@nukeop If you want to play argumentum ad hominem, your profile says "fullstack software developer".

Nobody outside of HR cares about that term, at all. It's a term people who can't name what they do use to describe their skills, or lack thereof, in a favorable manner.

@LokiFawkes
Copy link

@nukeop It's so commonly used that anyone actually in tech knows you need to go into more detail or we throw out your application and tell our recruiters to stop sending people like you to us.

What do you write? What languages do you use in this "full stack", what do you use for backend, what do you use for frontend? Is your frontend HTML and JS or is it a generated page? Is your backend PHP, Node, Python, Java, C++, Rust(tm), etc? What do you use for SQL, or do you even use SQL? And finally, what do you specialize in?

Fail to answer any of these, or arrogantly say "all of it", and you're blacklisted from applying for a fucking year.

@GenericRsPlayer
Copy link

Lol ok

am curious as to why you deleted your previous comments....did you recognize your arguments fallacy?

@GenericRsPlayer
Copy link

No, I recognized that Github is an am***can service and as such, heavily censored, and I don't want to risk my account. Please stop sealioning

I haven't heard that term before. But looking it up; just sounds like a defense that someone throws out when they have no logical backing to their argument. Especially because I have no intention of bad faith in the argument. I would of love to have heard your reasoning to a logical conclusion. Especially since you were the one that initiated the topic of conversation in the first place.

Your a victim of your own creation. You know that; right?

@GenericRsPlayer
Copy link

GenericRsPlayer commented May 26, 2023

I wish you would stop talking and leave me alone


Reply to this email directly, view it on GitHub or >unsubscribe.
You are receiving this email because you commented on >the thread.
Show quoted text
@nukeop commented on this gist.
The message you're not getting is that nobody wants to talk to you
Show quoted text

You basically call me an idiot and expected me to just lie down and take it. Well bless your heart. Americans don't work that way. I'll stop replying once you stop replying. Till then I'll just keep quoting you.

@GenericRsPlayer
Copy link

GenericRsPlayer commented May 26, 2023

@nukeop commented on this gist.
Yes I already know that americans are brainwashed, obnoxious, and clueless. No need to drive the point home buddy

Wow you just continue to be oblivious too! You're not superior to anyone. Just as I am not superior to you. Clearly I have more common sense. But you just keep making fun of people; on a place where it won't go away. And where your future comments could be looked at as "doesn't cooperate well with others"

I'm not here to troll you. I'm just going to continue to hold up a mirror untill you've decided you've had enough.

Btw. Hope your having a wonderful day. God loves you brother.

@GenericRsPlayer
Copy link

I accept your concession.

I hope things get better for you

@Amiralgaby
Copy link

is there a French fork of this file please?

@2gn
Copy link

2gn commented May 26, 2023

VPNs will hide what you do from ISPs, at least.

@Finoderi
Copy link

It seems most people don't know anything about proxy servers, but VPN concept was popularized by YouTubers. And the 'glorified proxy' part is just ignored as something vague and inexplicit.

@LokiFawkes
Copy link

@2gn Not really. ISPs buy data from data brokers, which own almost all if not all the "vpn" services (which again are just proxies that maybe, MAYBE use a protocol meant for actual VPNs). Literally all they're good for is getting around geofilters and not a damn thing else.

@dxgldotorg
Copy link

dxgldotorg commented May 27, 2023

It seems most people don't know anything about proxy servers, but VPN concept was popularized by YouTubers. And the 'glorified proxy' part is just ignored as something vague and inexplicit.

Actually it is in more recent years that VPN companies have approached YouTubers with sponsorship deals.

@Finoderi
Copy link

From Nigeria with love.

@LokiFawkes
Copy link

We got another shill: @vpnsguru

@LokiFawkes
Copy link

Aaaand @nukeop steps back in the shill ring.

@LokiFawkes
Copy link

Keep shilling, you only have your reputation to lose... If that.

@LokiFawkes
Copy link

Talking to yourself? Cause you're the only mad one here.

@dxgldotorg
Copy link

Install Sponsorblock: https://sponsor.ajay.app/ Why would anyone watch videos with sponsor segments?

This doesn't address the issue, it sweeps it under the rug.

@Finoderi
Copy link

The article is rather short but you still failed to read it till the end. Well done.

@Finoderi
Copy link

Sunshine, you fail to understand the difference between using VPN in general and using VPN SERVICE. I highlighted the important word for you, but there is not much hope it'll make any difference.

I use both VPN and proxy all the time, but I set it up myself on a small VPS.

@Finoderi
Copy link

I don't know what it supposed to mean. I deleted my Reddit account back in 2020 when Americans were caught up in BLM hysteria. Reddit admins always have been completely fucked in the head but at that moment they've outdone themselves.

@LokiFawkes
Copy link

@phr34k0 Assuming you're not talking out your ass (you are), it begs the question, why chain when you can just use Tor or I2P

@MarcusRichardson
Copy link

hello

@T0asti3
Copy link

T0asti3 commented Jul 12, 2023

@phr34k0 Assuming you're not talking out your ass (you are), it begs the question, why chain when you can just use Tor or I2P

@LokiFawkes Dude ever heard about entry and exits nodes? try selling yo momma on TOR and watch CIA bust down your door. Nodes can be watched or controlled. This happens all the time. TOR routing is secure but not to the exit nodes.

@Finoderi
Copy link

It's always fascinating to see the discussion of true professionals.

@LokiFawkes
Copy link

@T0asti3 Firstly, if you're going through exit nodes, you're as insecure as if you're using a proxy service. NordVPN ain't gonna protect you any more than a malicious exit node, even if you've chained three NordVPNs.
Second, with Tor and I2P, you don't have to pay anyone or reveal your identity to anyone to use onion routing. There are very few proxies that might behave hands-off and that let you gain service without revealing yourself. And the ones, or really one, I'm speaking of, doesn't like to be chained.
And even the one I spoke of, still wouldn't recommend for privacy so much as obscurity for basic IP filters.
If you want privacy through an overlay network, you need that overlay network to not be owned by any third party. Tor and I2P for example, completely decentralized, at least in terms of design. I2P is better at staying that way, but less accessible, while Tor gained popularity by connecting to exit nodes by default to let you access the clearnet through Tor.
The endgame is you shouldn't have to exit the overlay network through anything you can't trust.
Some people actually use I2P with an outproxy into Tor instead of using Tor or I2P directly to the clearnet. Some people go as far as setting up a Tor outproxy on I2P using a server they got pseudonymously and use that as their outproxy wherever they go.
Try to sell your mom on Tor, you've just revealed yourself. Try to sell people who don't exist on Tor, you've got yourself a worthwhile scam.

@vanderplancke
Copy link

I can confirm beyond any doubt that vpns do not work. They do not mask your identity. You are just throwing money away using them. If you really want to not be tracked don't conduct activity that would get you on the radar.

@vanderplancke
Copy link

Yes listen to the shill throwing slurs. Speaking from experience with federal police no VPNs do not work. But hey gotta respect the hustle to get kickbacks from trying to convince people to sign up.

@RivenSkaye
Copy link

VPNs are very much useful for "when should I" argument 2.
My ISP would frequently squeeze traffic to known public trackers, which hasn't been an issue ever since I started using glorified proxies. And it also helps circumvent blocks on certain sites, which is precisely what I need it for.

As such, a third point to note is "when you need access to services or resources that you can't reach through your current network or ISP."

@dxgldotorg
Copy link

Sunshine, you fail to understand the difference between using VPN in general and using VPN SERVICE. I highlighted the important word for you, but there is not much hope it'll make any difference.

I use both VPN and proxy all the time, but I set it up myself on a small VPS.

For me, my VPN lives inside my router and gives me remote access to my connected devices.

@LokiFawkes
Copy link

For me, my VPN lives inside my router and gives me remote access to my connected devices.

And this is what I like to call, an actual VPN.

@M-u-m-p-i-t-z
Copy link

M-u-m-p-i-t-z commented Jul 31, 2023

Some questions:

But I want to confuse trackers by sharing an IP address!

Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these kind of tactics, and combined with increased adoption of [CGNAT](https://en.wikipedia.org/wiki/Carrier-grade_NAT) and an ever-increasing amount of devices per household, it just isn't a reliable data point anymore.

Marketers will almost always use some kind of other metric to identify and distinguish you. That can be anything from a useragent to a [fingerprinting profile](https://panopticlick.eff.org/). A VPN cannot prevent this.

Just suppose my ISP doesn't use CGNAT but I keep my IP for weeks, and my browser doesn't allow fingerprinting because only fake data is sent. If I visit different websites without VPN, the fingerprint is always different but I have the same IP, what sense does that make, you can not track easier?
If I use a VPN and / or proxies, I get a different IP every day that I share with thousands of other people and always have a different fingerprint. What should not work in this practice?

When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and mess with all your traffic.

Yes, but how can an outsider see which of the thousands of users is accessing which websites? The data streams that go in cannot be assigned to the decrypted streams that go out. Thus, you have 1000 defendants when someone fucks up.
Before the question is answered again with "But the VPN provider knows everything", please read my last question.
The VPN provider can know everything, but does not have to.

Because a VPN in this sense is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want - including logging.

The ISP does that too and sells the data and you can't always choose the ISP. A VPN provider that shares data with its customers without obtaining their consent is acting illegally and committing a crime itself. The ISP writes it in its terms of service.

And remember that it is in a VPN provider's best interest to log their users - it lets them deflect blame to the customer, if they ever were to get into legal trouble. The $10/month that you're paying for your VPN service doesn't even pay for the lawyer's coffee, so expect them to hand you over.

Wouldn't it be much easier to tell the authorities "Sorry I can't identify my users because I have no logs! I can only provide all users as a list"? It would never come to a criminal complaint, how do you want to prove a specific person did a crime? For what reason should the VPN provider here can be legally prosecuted, as long as no law requires that I do not log my users, which in turn must then be written in the terms of service?

@LokiFawkes
Copy link

@M-um-p-i-t-z Exactly as stated: The IP address is a useless metric these days.

Firstly, good luck actually setting up a browser that flies under the radar like that. If you sign in anywhere, your browser will be tracked, your new fingerprint will be tracked as long as you stay signed in or sign in again.

Marketers employ many different methods of tracking. From the classic cross-site tracking cookie, to the modern fingerprinting methods we know today. You basically aren't safe from this unless you're using Tor Browser (with or without actually using the Tor network) and not signing in anywhere.

As long as you're signed in, or allowing cookies, or allowing javascript, or it's able to get actual canvas sizes, etc from your browser, no proxy in the world can protect you.

The VPN provider that shares data of its customers without obtaining their consent is actually protected by silver tongued legalese in the terms of service and gag orders in the law.

It is in fact not easier to tell the authorities, "Sorry I can't identify my users because I have no logs!". That's a good way to get in trouble with 14 Eyes surveillance laws. And no, those surveillance laws are not limited to the 14 core nations of the Eyes. Most nations of the world are in on it without increasing the number of "eyes" in the name, and even if your company is from another country, if you have servers in an Eyes country, you're subject to their laws.

If they can't directly command you by law to conduct mass surveillance, they can hold you accountable for "letting" your users commit what these countries consider to be crimes. Such as journalism, protests, or god forbid being Fr*nch.

@Naleksuh
Copy link

Naleksuh commented Aug 3, 2023

I think the IP part is confusing people because first the post says "You're still connecting to their service from your own IP, and they can log that." then later it says "Your IP address is a largely irrelevant metric in modern tracking systems. ". I think the confusion is because joepie91 is talking about tracking by the government in the first one, and tracking by advertisers in the second one. It might be a good idea to clarify that.

@LokiFawkes It depends on the fingerprinting software. Some include your IP address, other people don't. Either way, there is more to fingerprinting than your IP address. Here's a test site many people use: https://coveryourtracks.eff.org/

Edit: Actually the original gist already links to this site

@LokiFawkes
Copy link

@Naleksuh Yeah, it seems a lot of people are confused by the concept of attacking the same assertion from multiple angles.

@M-u-m-p-i-t-z
Copy link

Firstly, good luck actually setting up a browser that flies under the radar like that. If you sign in anywhere, your browser will be tracked, your new fingerprint will be tracked as long as you stay signed in or sign in again. Marketers employ many different methods of tracking. From the classic cross-site tracking cookie, to the modern fingerprinting methods we know today. You basically aren't safe from this unless you're using Tor Browser (with or without actually using the Tor network) and not signing in anywhere.
Since some time Firefox prevents exactly these practices with its tracking protection, each domain has its own memory here where no other domain can access and if you use containers in addition, even the domain gets a different memory in each container.
As long as you're signed in, or allowing cookies, or allowing javascript, or it's able to get actual canvas sizes, etc from your browser, no proxy in the world can protect you.
With each domain the browser fingerprint changes and remains valid for this domain until the browser is closed but each container has different fingerprints for the same domains and another IP.
The VPN provider that shares data of its customers without obtaining their consent is actually protected by silver tongued legalese in the terms of service and gag orders in the law.
My government's laws prohibit the unstoppable storage of connection data. There must be a reasonable suspicion of a serious crime and there must be a suspect, not just thousands of VPN users because someone might have done something wrong.

It is in fact not easier to tell the authorities, "Sorry I can't identify my users because I have no logs!". That's a good way to get in trouble with 14 Eyes surveillance laws. And no, those surveillance laws are not limited to the 14 core nations of the Eyes. Most nations of the world are in on it without increasing the number of "eyes" in the name, and even if your company is from another country, if you have servers in an Eyes country, you're subject to their laws.
Why should a company get into trouble with the secret service if it complies with the laws in force in its country, where no one has to store any data. And if it would be so easy to get companies to record, why does even the NSA have its own department that deals with cracking VPN connections?
Be honest, if the secret service is looking for you, it will find you, no question, but who is wanted by the secret service?
The only danger you are exposed to when using VPN or even Tor is that you are swimming in a pot together with a few criminals, the price is not too high for me to protect my privacy.

@nukeop
Copy link

nukeop commented Aug 4, 2023

What's the point of fingerprinting if my fingerprint changes every 30s? And what's the point of tracking if I block tracking scripts and ads?

@LokiFawkes
Copy link

@M-um-p-i-t-z I can answer your entire response by answering your last sentence. You're not protecting your privacy. This is called the action bias.

But sure, if you think Firefox is protecting you by changing your fingerprint, go ahead and double check with the EFF.
No, it's not.

You have to set everything manually, make your canvas generic (thereby also limiting the screenspace in your browser or glitching certain graphics), and put every tab in a container. And even then, it's still not enough.

I'm a firefox user, with container tabs, strict privacy settings to the point that about:config is unrecognizable from the original, whole nine yards. And yet sites still find ways to worm cross site cookies across the containers. It's a neverending arms race, and the one thing they're not concerned with, is the IP address.

@LokiFawkes
Copy link

@nukeop Let's pretend you aren't the butt of the joke in this entire thread. Just for a second.
To what are you referring?

@LokiFawkes
Copy link

LokiFawkes commented Aug 6, 2023

@nukeop
You did not answer. To what are you referring?
Have you forgotten that it is you who knows less than nothing on the topic as you have proven multiple times in this thread?

Also, github gists is a discussion platform.

@vanderplancke
Copy link

@nukeop You did not answer. To what are you referring? Have you forgotten that it is you who knows less than nothing on the topic as you have proven multiple times in this thread?

Also, github gists is a discussion platform.

You know nukeop is a vpn shill right. Likes to attack anyone calling it out on it's grift. Ignore it and it will go away.

Copy link

ghost commented Aug 10, 2023

I agree. though I use one, because i trust it more, travel and torrenting

@M-u-m-p-i-t-z
Copy link

@LokiFawkes

@M-um-p-i-t-z I can answer your entire response by answering your last sentence. You're not protecting your privacy. This is called the action bias.

But sure, if you think Firefox is protecting you by changing your fingerprint, go ahead and double check with the EFF. No, it's not.

What is this supposed to prove? But I did it for you with the result that I double check on two days with 3 containers with different IPs from VPNs and I get 3 Yes in every single tab on both days. Tor Browser also. Seems like u have a mass of changes in about:config, that you look unique to the side. I am not. And your IP can be tracked, so they do so. Whether this is relevant or whether you do not want to believe it is irrelevant. So stop spreading such generalizations, they are not true.
Screenshot

@clippycoder
Copy link

clippycoder commented Aug 15, 2023

A few comments:

  • I think you are being to harsh on VPN services here. I understand that we cannot know for sure if a specific VPN provider is not logging you, but I wouldn't go so far as to say that none like that exist. It's a bit of a gamble, maybe, but sometimes that's better than nothing.
  • Additionally, I use a free VPN service to access geo-blocked content and to bypass network restrictions. I don't really trust it's privacy value, given that it's free, but for my purposes I'm content with that. And also, being a free tier of an otherwise paid service, it has an nice-looking and intuitive UI, much more than can be said for many open source projects.

Overall, given that VPNs provide benefits outside of privacy, and that privacy may very well be also provided, I think VPNs, even paid ones, have their place. But I don't think that this should detract from your argument that with no verifiability, VPN privacy may often be false advertising.

@tobx
Copy link

tobx commented Aug 30, 2023

I am pretty sure the main selling point of VPN services is to use IP ranges of foreign countries in order to circumvent being caught when doing illegal file sharing. Copyright holders work together with local authorities and local authorities can request user information from local internet providers. As long as the user's IP is from a country where there is no cooperation between authorities in this regard, copyright holders will not even try. So it does not even matter if there are logs or not. Even if, at one point in time, authorities would work together and if there are logs, chances are that the user's IP addresses are not stored anymore by the users actual internet provider or that the case becomes time-barred. Furthermore as long as there was not a single case of mass charges against VPN users, those users will keep using VPNs.

I think users that understand enough of IT to know what a VPN service is and that are able to use it and only use it legally for privacy and against tracking are quite a minority.

@douma
Copy link

douma commented Aug 31, 2023

I use VPN (OpenVPN with Pihole), with a private/ dedicated ip address, on a private VPS server, only to hide my traffic from my ISP (ISP's have the biggest share in selling data), to hide my true location for the websites I visit, to block ads and to block sites like facebook, google from tracking me... and to log my own network activities. In this way I have found a virus on my computer sending packages of information every hour to a certain host. Legally they could find out what websites I visit, but a VPN adds another threshold for them to find out. Don´t give them (legal agencies) any reason to track you down. Doing something illegal on the internet is extremely stupid, even with a VPN.

@eos1973
Copy link

eos1973 commented Sep 14, 2023

quite a lot of comments and discussions, apparently there is no complete solution.
Except acquiring a service from some server in a corner of Eastern Europe. XD

@nukeop
Copy link

nukeop commented Sep 14, 2023

Mullvad VPN is easily the best

Copy link

ghost commented Sep 14, 2023

Hello everyone.

These same questions that can be asked here about the cloud's open source. It is contradictory that open software works in cloud like sass (software as a service) or baas (backend as a service) etc. Because, in theory, we do not have access to any source code and the control of this server.

Some people have created the software license as AGPL for this. Although the company distributes the software to AGPL, you can never check which function is being performed. First, because we have a feeling of arrest, because you don't have the money to execute the software with your own infrastructure (hosting, physical server). And second, because we have the feeling of not knowing the future direction of the cloud product or service.

Just as we cannot trust VPNs, I don't think we should trust cloud services that uses open license as AGPL, MIT, GPLv2, GPLv3 etc. Does these concerns of mine make sense?

@panzer-arc
Copy link

This approach is parroted in various MSM articles but doesn't address all the potential concerns. I trust VPN providers more than my ISP. I see no evidence that I should trust my ISP by default even if they don't MITM me. They would know every single domain I connect to on all of my devices if I didn't tunnel my traffic. Why can't I find an explanation of how my data is used/stored on their site?
https://www.privacyguides.org/en/basics/vpn-overview/#should-i-use-a-vpn

@nukeop
Copy link

nukeop commented Sep 30, 2023

Yeah, it's a list of defeatist, often false or easily refuted bullet points written in a style of total confidence, which to some impressionable people may look like competence. Some of the bullet points are actually strawmen that nobody who uses VPNs would argue.

@Finoderi
Copy link

Finoderi commented Oct 2, 2023

Why can't I find an explanation of how my data is used/stored on their site?

Can you find something like that on the site of you favourite VPN service?
Have you actually read articles that short summary on privacyguides.org is referring to?

@rfc-2549
Copy link

rfc-2549 commented Oct 2, 2023

Mullvad is the only good VPN services
Either that or tor

@humanlyhuman
Copy link

humanlyhuman commented Oct 4, 2023

Mullvad is the only good VPN services Either that or tor

ivpn is pretty good too
check out https://www.ivpn.net/blog/why-you-dont-need-a-vpn

@sjorspa
Copy link

sjorspa commented Oct 13, 2023

A valid reason for VPN is by NOT want to hide your VPN but make sure you connect with a trusted one, IE if you have a dynamic IP and need to go to a firewalled site, this might be a very valid point. Another valid point can be Geolocation barriers, IE many content providers block based on your countries IP. The other points are pretty valid by the way. For real privacy use Tor and make sure that you don't login with accounts that you also use on your normal connection.

@sneer69
Copy link

sneer69 commented Oct 27, 2023

"A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that a VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be."

Can I see that statistic and your dataset?

@papahuge
Copy link

papahuge commented Nov 3, 2023

image
^
I'm pretty sure this is why most people need a glorified proxy service.

@5aturnius
Copy link

image ^ I'm pretty sure this is why most people need a glorified proxy service.

Precisely. I cannot believe the idiocy of morons on the internet with the idea that there is some way to outsmart intelligence agencies with the smartest people on the planet working together stacked against them. That there are thus conversely certain activities that "expose" one to said agencies. We need legislation to fight this battle on the same scale that this violation of user privacy operates on.

@nukeop
Copy link

nukeop commented Nov 29, 2023

Leaked NSA documents prove that they are powerless against TOR and have been since its inception.

@tobx
Copy link

tobx commented Nov 29, 2023

@5aturnius

Precisely. I cannot believe the idiocy of morons on the internet with the idea that there is some way to outsmart intelligence agencies with the smartest people on the planet working together stacked against them. That there are thus conversely certain activities that "expose" one to said agencies. We need legislation to fight this battle on the same scale that this violation of user privacy operates on.

The smartest people on the planet generally do not work for government agencies, because they pay less than private companies. The ones that do not care so much about money often have a problem with intelligence agencies and work for the science mostly at universities. Still, they have very good people and apart from probably not being the smartest people on the planet, they have money and power. That is probably not enough to hack security standards like VPN or encryption algorithms, but they can force companies to cooperate by legislation or pay companies to get into systems or pay to get software or hardware vulnerabilities to hack into systems.

That being said, you do not use VPNs to outsmart intelligence agencies that work together against you. If you are really so criminal or unlucky that you want to hide from intelligence agencies, then you use VPNs or better TOR in order to not draw any attention to yourself, so they won't even start to work against you.

@ahydronous
Copy link

Dumbest article ever. Completely glosses over the utmost mission to privacy Mulvad has, or the fact that Private Internet Access is court-tested.

@Finoderi
Copy link

Finoderi commented Dec 8, 2023

utmost mission to privacy

Someone can type that unironically. Fascinating.

@ahydronous
Copy link

Someone can type that unironically. Fascinating.

Someone can be this dumb unironically. Fascinating.

You can pay for Mulvad by sending in a letter with cash money. All you get back (and what they know) is an account number.

Private Internet Access has been audited too, btw : )

Anyway, I'm done here. Anyone reading this will realize how moronic this article is and just sign up for a good VPN.

Byee

@Finoderi
Copy link

Finoderi commented Dec 9, 2023

OK. For those who can read unlike that chap.
PIA is a US based company. It will obey US laws by definition no matter what. Furthermore the company still uses physical drives to store user data, and those drives can be ceased by authorities.

Mullvad is better in that regard. But Sweden is a member of 14 Eyes Alliance and not a completely safe jurisdiction for a VPN provider.

@tobx
Copy link

tobx commented Dec 9, 2023

Anyway, I'm done here. Anyone reading this will realize how moronic this article is and just sign up for a good VPN.

I cannot speak for everyone, but the aggressiveness in your writing makes me stay away from Mullvad.

Your arguments also make me trust less. „Sending a letter with money“ is trying to tell a potential customer, that you have no private data, so nothing could ever happen. But that only distracts from the fact, that you cannot prove that there is no logging. If Mullvad logs account number with real IP, „money in a letter“ does not help at all.

Even if there were court decisions in the past with no log files, or audits, that does not change the fact that a VPN is always able to implement logging in the future for all or specific customers. You can also disable logs for audits and turn them on afterwards. Also, how can we trust the auditor?

There is no way for a VPN provider to prove that there are no logs, so the article makes fully sense. The fact that you call it „moronic“ without providing good arguments, just makes the article even more convincing.

@maoydev
Copy link

maoydev commented Feb 21, 2024

@BrodyDoggo I can explain this. The purpose of a VPN is to provide a tunneled connection into a private network. It's like a proxy, except you can traverse firewalls and connect to devices over any port or protocol through it. In a proper VPN, you even get your own IP address in the private network. However, this is not how clearnet VPN services like NordVPN or ExpressVPN work. Even when they use real VPN protocols, they're just putting you into a NAT network and hiding you behind one IP address, their IP address. Essentially, the same as a proxy. They can control what ports you get to use, what protocols you get to use. Essentially, the same as a proxy. At best, with no restrictions on ports and protocols, you'd be looking at something called a SOCKS proxy. In many actual VPN setups, you might even set your virtual network adapter that's connected to the VPN, as a SOCKS proxy to prevent direct access to the clearnet. But these VPN services you see out there range from web proxies to SOCKS proxies, advertised as being more private than a proxy, and often come with proprietary apps that strip SSL so they can collect and sell your browsing habits. They even advertise this SSL-stripping function as virus protection, when in reality, their VPN cannot protect you from viruses even by stripping SSL (though if they're honest they can try), but it can make them money by collecting data. By stripping SSL, typically by replacing your root certificate so your browsing happens in an encrypted form that they can read but outsiders still can't, they not only can get your browsing habits beyond just IP addresses and DNS requests, but they can also harvest metadata AND the payload of the connection, including passwords and other personally identifying information that would have otherwise been transmitted without a man in the middle. So really the difference between a VPN and a proxy is the P in VPN - private. If it doesn't provide a tunnel to a private network, it's not a VPN, regardless of what protocol it uses or what its name is. VPN - Virtual connection to private resources like company servers Also a VPN - Virtual connection to your company or home's private network, doubling as a proxy for the clearnet Not a VPN - A tunnel to a web proxy, branded as a VPN, meant to look like you're browsing from the server you connected to rather than from where you are

If you still want to call these VPNs, the distinction would then be between Virtual Private Networks and Virtual Public Networks.

Is there any difference to them on a local perspective, like isp traffic protection and such?

@Finoderi
Copy link

Overquoting should be punishable by death.

@LokiFawkes
Copy link

LokiFawkes commented Feb 21, 2024

@maoydev Between not having a proxy and having one? Not really.
Without these services, most your ISP will know is what IP you're talking to, and currently between CDN centralization and Web2 "just trust the cloud" centralization, too many services share the same IP addresses with each other for it to really matter. Aside from that, if they're clever they may catch the SNI at the start of your connection. They still can't make anything of it if you have a bunch of ongoing sessions. Once ECH catches on (and browsers start supporting ECH while using a nameserver of your own choosing), that vulnerability will be dead too. You stand to lose more privacy than you stand to gain when trusting a Virtual Public Network.

@vanderplancke
Copy link

Hmmm the lone vpn simp is still at it. Almost like she gets kickbacks for each service sold.

Thinking logically, do you genuinely believe that the government would allow a means of hiding your ISP they themselves couldn't track?

@nukeop
Copy link

nukeop commented Feb 21, 2024

Can you keep unhinged conspiracy theories out of the thread? You're not making your side look sane

@vanderplancke
Copy link

vanderplancke commented Feb 22, 2024

Do you believe the government would allow a product they couldn't track? Yes or no? The likes of Tom Clancy and Richard Marcinko discussed communications security and spying. I would side with the experts over a shill who decries any criticism of VPNs.

@Aphexed
Copy link

Aphexed commented Feb 24, 2024

I visited IP vanish for coverage. I made it through paying for the first month then I was blocked because of Cloud flare and my email

@ipkpjersi
Copy link

VPNs are shared, VPSes themselves (not the host) are not, so your VPS gets tied to you - not great for privacy, is it? VPNs are great for bypassing censorship in countries like China with censorship problems and you don't need to setup your own to do that, it's kinda overkill.

Dumbest article ever. Completely glosses over the utmost mission to privacy Mulvad has, or the fact that Private Internet Access is court-tested.

It doesn't touch on bypassing censorship in restrictive countries either.

@Finoderi
Copy link

Finoderi commented Mar 22, 2024

so your VPS gets tied to you - not great for privacy, is it?

You get an external IP or IPs from a pool of that VPS-provider. I don't see much difference.

VPNs are great for bypassing censorship in countries like China with censorship problems...

It can be done with limited success and the result is far from great.

@ipkpjersi
Copy link

You get an external IP or IPs from a pool of that VPS-provider. I don't see much difference.

Sure, I can explain with difference. With a VPS, that IP is specifically tied to you for as long as you are renting that VPS. With a VPN, there is a shared pool of IPs where any individual IP can be used by multiple people at the exact same time - that's the difference. IPs are shared, not dedicated/unique.

It can be done with limited success and the result is far from great.

I guess we just disagree on this, then. VPNs are very important to these types of countries.

@Finoderi
Copy link

IPs are shared, not dedicated/unique.

Well, it's possible to choose another IP from the same pool after a while. I don't think a smaller pool compromises your identity that much but may be I'm wrong.

VPNs are very important to these types of countries.

I live in such country. The connection speed of VPN is tolerable most of the time but sometimes it slows to a crawl. And from time to time all VPN traffic, including wireguard protocol, is blocked for several hours for some reason. And there is nothing I can do on my end. Choosing another VPN provider doesn't make any difference. In these cases shadowsocks proxy with the server side on VPS works slightly better but not by much.

@ipkpjersi
Copy link

ipkpjersi commented Mar 22, 2024

Well, it's possible to choose another IP from the same pool after a while. I don't think a smaller pool compromises your identity that much but may be I'm wrong.

You aren't understanding my point. Two or more people can have the same IP address at the exact same time with a traditional VPN service, whereas rolling your own VPN via a VPS means that public IP address assigned to you is only used by you and not anybody else (since you are the only one using the VPN and you are also the one responsible for hosting the VPN). That's part of why traditional VPN services claim "anonymity", because multiple people can be using the same public IP address at the exact same time, you don't know "who" is really using it. In theory, with a traditional VPN service, you could have dozens or hundreds of people using the same public IP address at the exact same time.

@zefir-git
Copy link

zefir-git commented Mar 24, 2024

Well, it's possible to choose another IP from the same pool after a while. I don't think a smaller pool compromises your identity that much but may be I'm wrong.

You aren't understanding my point. Two or more people can have the same IP address at the exact same time with a traditional VPN service, whereas rolling your own VPN via a VPS means that public IP address assigned to you is only used by you and not anybody else (since you are the only one using the VPN and you are also the one responsible for hosting the VPN). That's part of why traditional VPN services claim "anonymity", because multiple people can be using the same public IP address at the exact same time, you don't know "who" is really using it. In theory, with a traditional VPN service, you could have dozens or hundreds of people using the same public IP address at the exact same time.

Most hosting providers will sell you additional IPs for your VPS at €1/mo and you can rotate your IPS all you want (and get completely new ones every month). And you can share your VPN with as many people as you like. So for the cheapest €13/mo N**dVPN plan you can get a server with like 10+ IPs, share with all your friends and even sell it if you want.

When multiple people use 1 IP, the service you are connecting to doesn't know that. So if it tracks an IP, it tracks it the same way regardless if it's from a VPS or VPN. Your VPS could as well be a VPN host used by thousands of people. That's why no service identifies users by IP. Even your home network IP will change (unless you're paying for one that doesn't). I won't even start talking about mobile data IPs.

If you want 1000% anonymity, you can't get that with anything online. If someone really really wants to know who you are, they can. "No log" VPNs have proven to have logs in the past, and if you don't control the VPN yourself to know for sure, are you willing to risk your 1000% security requirement based on trust in a corporation? And if you have a VPS, authorities can always find who you are through the VPS hosting provider. You can't get a new internet subscription without the ISP knowing who you are, so that's out of the options as well.

Furthermore, any service that really wants to, can easily block access to all VPS or VPN etc IPs. How? Every IP belongs to an ASN and all ASNs are publicly registered. Is the ASN a residential ISP? Or is it an ISP for data centres?

Don't waste money on VPN. Waste significantly less money on VPS.

@dxgldotorg
Copy link

dxgldotorg commented Mar 24, 2024

Except that many VPS providers are very stingy on IP allocations and will require you to provide justification before they sell you any more IPs. Linode for instance even calls out certain reasons like multiple website domains as not valid excuses because virtual servers and SNI allow multiple sites to share an IP.

They are a lot more generous with IPv6 but of course that cannot connect without a proxy to IPv4-only endpoints.

@ipkpjersi
Copy link

Most hosting providers will sell you additional IPs for your VPS at €1/mo and you can rotate your IPS all you want (and get completely new ones every month). And you can share your VPN with as many people as you like. So for the cheapest €13/mo N**dVPN plan you can get a server with like 10+ IPs, share with all your friends and even sell it if you want.

Hosting providers can be pretty strict about this actually, you'd be surprised.

When multiple people use 1 IP, the service you are connecting to doesn't know that. So if it tracks an IP, it tracks it the same way regardless if it's from a VPS or VPN. Your VPS could as well be a VPN host used by thousands of people. That's why no service identifies users by IP. Even your home network IP will change (unless you're paying for one that doesn't). I won't even start talking about mobile data IPs.

Sure, that's fair, but a VPS is much less likely to be used as a VPN host than an actual VPN host itself with it's own rented/purchased dedicated hardware. A VPS is much more likely to be a 1-to-1 type of situation.

"No log" VPNs have proven to have logs in the past

Except for the ones that have, you know, literally been tested in court. Of course, that's not to say that they won't change it in the future, but still better than having it not tested at all.

Furthermore, any service that really wants to, can easily block access to all VPS or VPN etc IPs. How? Every IP belongs to an ASN and all ASNs are publicly registered. Is the ASN a residential ISP? Or is it an ISP for data centres?

Sure, but a lot of companies will avoid this because they realize there are countries with horrible censorship and don't want to punish legitimate users from those countries.

One thing I agree with you 10000% on, if you want 1000% anonymity, don't go online - it really boils down to that, it's always possible to find out who you are if someone really wants to.

Ultimately, VPNs and VPSes have different use cases and provide different functionality. I feel like people want to hate on VPNs because it's cool to do so (although I admit there are legitimate criticisms of VPNs), but they actually do have legitimate uses like easily avoiding censorship in countries with heavy censorship and they can work pretty well for this because people do use them for this.

@zefir-git
Copy link

Hosting providers can be pretty strict about this actually, you'd be surprised.

No reasonable providers are. Especially if they don't give you port 25 by default (used for SMTP and sending mail). Hosting providers would only be hurt if you use their IPs to send spam mail and get them into blocklists and unusable for other clients for mail.

Sure, that's fair, but a VPS is much less likely to be used as a VPN host than an actual VPN host itself with it's own rented/purchased dedicated hardware. A VPS is much more likely to be a 1-to-1 type of situation.

That's true, but the target service doesn't know whether you're using a VPS or not. And I'd recommend sharing your VPS-installed VPN with friends who would rather trust you than a corporation.

Except for the ones that have, you know, literally been tested in court. Of course, that's not to say that they won't change it in the future, but still better than having it not tested at all.

The only objective of VPN companies, as all other companies, is to make money, forever if possible. You can never trust a company wants what's best for you. And if you truly want security/anonymity, you don't want any trust in the equation.

@ipkpjersi
Copy link

ipkpjersi commented Mar 24, 2024

I agree with what you just said, with the caveat that if you are the owner of the VPS then you become responsible for what your friends do via that VPN, rather than the responsibility falling on the VPN host company itself when using a traditional VPN service. That's one way I would think traditional VPN services would still be superior (and also ease of use since with VPN services you just download an app vs setting up your own VPN server).

@Finoderi
Copy link

...they can work pretty well for this because people do use them for this.

People use them because they have no other choice, not because of their sheer greatness.

On a side note , have tried to use Linode for a week, hated everything about them. From at least 5 fucking minutes to restart a tiny server to their retarded political activism.

@zefir-git
Copy link

On a side note , have tried to use Linode for a week, hated everything about them. From at least 5 fucking minutes to restart a tiny server to their retarded political activism.

And it's expensive. For under €4 Hetzner cloud gives you a better server with 20TB transfer. OVH currently has a promo at $1/mo for a year (but only 100 Mbps bandwidth, but I think it's unmetered). For around €5 Contabo has 4 core 6GB RAM and 32TB traffic in case you want to put something more on it. Atlantic.Net gives you a free VPS for 1 year (3 TB transfer).

This is not an endorsement for any of the companies or their services.

@nukeop
Copy link

nukeop commented Mar 25, 2024

What political activism?

@dxgldotorg
Copy link

What political activism?

Probably not supporting hate/discrimination or something like that.

@nukeop
Copy link

nukeop commented Mar 25, 2024

What political activism?

Probably not supporting hate/discrimination or something like that.

And without a passive aggressive tone that translates to...?

@dxgldotorg
Copy link

What political activism?

Probably not supporting hate/discrimination or something like that.

And without a passive aggressive tone that translates to...?

I do look at their TOS and it could be this clause that is grounds for termination:

be excessively violent, incite violence, threaten violence, or contains harassing content or hate speech;

Of course many hosting providers have had something similar for ages.

@nukeop
Copy link

nukeop commented Mar 25, 2024

That doesn't mean it's desirable. IMO that clause is there just to give them grounds to ban anyone they want if there's pressure on them. "Hate speech" is meaningless and arbitrary.

@Finoderi
Copy link

They sent me several e-mails about the importance of 'hearing black voices' or with similar cheap corporate bullshit.

@dxgldotorg
Copy link

They sent me several e-mails about the importance of 'hearing black voices' or with similar cheap corporate bullshit.

And you decided to politicize it.

@nukeop
Copy link

nukeop commented Mar 25, 2024

Sounds like they did.

@Finoderi
Copy link

It looks like you are this ideologically captured. Well, my condolences.
First, I don't live in US and it's not my problem Americans can't figure out why Marxism is bad for everybody. I was born and raised in USSR and it's pretty obvious to me.
Second, the only voices I care about are the ones in my head. They have some interesting ideas.

@LokiFawkes
Copy link

I have a feeling Godwin's about to take over any moment now.

@nukeop
Copy link

nukeop commented Mar 25, 2024

Godwyn the Golden?

@Finoderi
Copy link

Godwin's law.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment