Skip to content

Instantly share code, notes, and snippets.

@joepie91
Last active June 10, 2024 14:59
Show Gist options
  • Save joepie91/5a9909939e6ce7d09e29 to your computer and use it in GitHub Desktop.
Save joepie91/5a9909939e6ce7d09e29 to your computer and use it in GitHub Desktop.
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

Why not?

Because a VPN in this sense is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want - including logging.

But my provider doesn't log!

There is no way for you to verify that, and of course this is what a malicious VPN provider would claim as well. In short: the only safe assumption is that every VPN provider logs.

And remember that it is in a VPN provider's best interest to log their users - it lets them deflect blame to the customer, if they ever were to get into legal trouble. The $10/month that you're paying for your VPN service doesn't even pay for the lawyer's coffee, so expect them to hand you over.

But a provider would lose business if they did that!

I'll believe that when HideMyAss goes out of business. They gave up their users years ago, and this was widely publicized. The reality is that most of their customers will either not care or not even be aware of it.

But I pay anonymously, using Bitcoin/PaysafeCard/Cash/drugs!

Doesn't matter. You're still connecting to their service from your own IP, and they can log that.

But I want more security!

VPNs don't provide security. They are just a glorified proxy.

But I want more privacy!

VPNs don't provide privacy, with a few exceptions (detailed below). They are just a proxy. If somebody wants to tap your connection, they can still do so - they just have to do so at a different point (ie. when your traffic leaves the VPN server).

But I want more encryption!

Use SSL/TLS and HTTPS (for centralized services), or end-to-end encryption (for social or P2P applications). VPNs can't magically encrypt your traffic - it's simply not technically possible. If the endpoint expects plaintext, there is nothing you can do about that.

When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and mess with all your traffic.

But I want to confuse trackers by sharing an IP address!

Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these kind of tactics, and combined with increased adoption of CGNAT and an ever-increasing amount of devices per household, it just isn't a reliable data point anymore.

Marketers will almost always use some kind of other metric to identify and distinguish you. That can be anything from a useragent to a fingerprinting profile. A VPN cannot prevent this.

So when should I use a VPN?

There are roughly two usecases where you might want to use a VPN:

  1. You are on a known-hostile network (eg. a public airport WiFi access point, or an ISP that is known to use MITM), and you want to work around that.
  2. You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters.

In the second case, you'd probably just want a regular proxy specifically for that traffic - sending all of your traffic over a VPN provider (like is the default with almost every VPN client) will still result in the provider being able to snoop on and mess with your traffic.

However, in practice, just don't use a VPN provider at all, even for these cases.

So, then... what?

If you absolutely need a VPN, and you understand what its limitations are, purchase a VPS and set up your own (either using something like Streisand or manually - I recommend using Wireguard). I will not recommend any specific providers (diversity is good!), but there are plenty of cheap ones to be found on LowEndTalk.

But how is that any better than a VPN service?

A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that a VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be.

So why do VPN services exist? Surely they must serve some purpose?

Because it's easy money. You just set up OpenVPN on a few servers, and essentially start reselling bandwidth with a markup. You can make every promise in the world, because nobody can verify them. You don't even have to know what you're doing, because again, nobody can verify what you say. It is 100% snake-oil.

So yes, VPN services do serve a purpose - it's just one that benefits the provider, not you.


This post is licensed under the WTFPL or CC0, at your choice. You may distribute, use, modify, translate, and license it in any way.


Before you comment: Be aware that any non-constructive comments will be removed. This includes advertising for VPN providers (yes, even when you phrase the marketing claims like a question), trolling, harassment, insults towards other people, claims that have already been addressed in the article, and so on.

If your comment isn't a genuine question or a concrete counterargument supported by evidence, it probably doesn't belong here.

@madgoat
Copy link

madgoat commented Dec 27, 2022

@LokiFawkes

The fact you can ONLY connect through a PROPRIETARY app and, unlike almost every other supposedly safe VPN, you ABSOLUTELY cannot connect using a standard protocol

You might want to revise your information, or lack thereof.

  • Nord allows you to connect however you want (OpenVPN, IPSec, IKEv2, etc...), you don't need their software.

they've never had a truly independent audit. Parent companies often own auditors or pay them for a good score.

  • So you're telling me that PricewaterhouseCoopers is owned by Nord, and that they were paid off to make them pass? Man, if that exclusive information ever got out, that would be bad news for PWC.

Next time look into things before spewing falsities. Sure, you might not like certain companies, but there's no need to lie about them.

@LokiFawkes
Copy link

@madgoat Assuming their instructions even WORK (last I had even touched their site, such instructions didn't even exist because the app was REQUIRED so they could pass your traffic to their GoogleAnalytics account), there's still the fact that they lie about data handling.
There's also the fact that not entirely having to use their app does not mean they don't collect data, only that the proprietary app GUARANTEES maximum data collection. Even a company that does allow connection over open protocols can be collecting data, just likely less data than when you use their proprietary app.
As mentioned, owning an auditor is not the only way to have a conflict of interest. Money can change hands behind closed doors, and the dissonance between reality and the score given makes that clear that PWC is either dumb or paid for. Pick your poison.
For privacy, data collection, and data collection disclosure, Nord is among the worst rated for a reason. It's run by, say it again, a data broker.

@aptblog
Copy link

aptblog commented Jan 3, 2023

Using a virtual private network (VPN) improves the security of your social media accounts by encrypting your internet connection and masking your IP address and location. This can make it more difficult for hackers to access your sensitive information and can protect your privacy when using social media. However, you should not relay on VPNs alone are for social media security, you need to be aware of many other security tips for securing your social media accounts.

@LupusMichaelis
Copy link

No. Pretend VPN do not improve security in any way. Please read the article you're commenting about that explains why they are not security tools at all, and stop puking marketing dump from those snakeoil vendors.

@LokiFawkes
Copy link

@aptblog Ad bot spotted. VPN services (glorified proxies) do not improve your security. In the age of HTTPS and DoT/DoH, your attack surface is on the client end and the server end. The attack surface is nowhere in the middle. At best, a man in the middle might get the hostname of a service you're connecting to at the handshake in the beginning of a TLS connection, a connection that could last from seconds to years, and that's if a method of encrypting the SNI (ESNI, ECH, etc) is not being implemented. Since the Web2 era, in which most sites are hosted on just a few servers, IP addresses are kinda useless for spying on users.

Things you can do to protect your browsing habits at home from being discovered by a MITM such as a hacker or your ISP:
Use DoT or DoH. DoT is superior for security and more lightweight, but browsers typically require DoH to implement ECH, the current encrypted SNI standard. Though currently they also hide this feature behind a config flag, too.
Enable ECH in your flags, even if you won't be able to use it due to your DNS configuration.
Set up a recursive resolver in your LAN, configure it to connect to other DNS servers via DoT. This server will cache your queries for a predefined length of time known as a Time To Live (TTL), either the TTL of the DNS record or the TTL the resolver has set globally, whichever is shorter. Hard mode: Use reverse-proxy software to implement DoH with this server as the DNS server, enabling you to use ECH on your favorite browser (they really should enable this for using DoT as well)

By encrypting your DNS queries and minimizing the amount of queries that reach WAN, all people see is you connecting to servers that usually host multiple domain names. By encrypting the Server Name Indicator, even the TLS handshake between you and a site will contain no usable data. At that point, only you and the site you connect to have any idea what's going on. From there, browser extensions that block ads and analytics further protect you. You can also blackhole certain hostnames on your resolver to minimize tracking where browser extensions aren't an option (mobile, for example) though that can come with its own set of functionality penalties.

Without the hostname, if a server hosts multiple sites, nobody knows what you're actually connecting to. They might be able to guess that yl-in-f101.1e100.net is probably an edge server for google.com, but they wouldn't be certain that the site is google.com and not, for example, just a site using Google's cloud services as a CDN.

@arkbg1
Copy link

arkbg1 commented Jan 3, 2023

@LokiFawkes Agreed. At least I hope. His primary arguement is directly addressed by OP.

@aptblog "(VPN) improves the security of your social media accounts by encrypting your internet connection and masking your IP address and location."

vs

@joepie91 " VPNs can't magically encrypt your traffic" & "Your IP address is a largely irrelevant metric in modern tracking systems."

also,

@joepie91 "claims that have already been addressed in the article... doesn't belong here."

@aptblog
Copy link

aptblog commented Jan 4, 2023

Defense in depth approach for security and VPN & Social Media Account Security.

Defense in depth is a security strategy that involves implementing multiple layers of defense at different points within a system or network. The goal of defense in depth is to make it more difficult for attackers to compromise the security of the system or network by requiring them to bypass multiple layers of defense.

Defense in depth is needed now more than ever as more employees work from home and as organizations increasingly rely on cloud-based services and social media is a weak human link in security.

Some examples of different layers of defense that might be included in a defense in depth strategy include:

Physical security measures, such as locks and security guards, to protect against physical attacks.
Network security measures, such as firewalls and intrusion detection systems, to protect against network-based attacks.
Application security measures, such as input validation and authentication controls, to protect against attacks targeting specific applications or services.
Data security measures, such as encryption and access controls, to protect against unauthorized access to sensitive data.

A virtual private network (VPN) is a network technology that creates a secure, encrypted connection between a device and a VPN server.

This can provide several benefits, including:

Privacy: By routing traffic through the VPN server, a VPN can hide the device's IP address and make it more difficult for third parties to track the device's online activity.
Security: The encrypted connection provided by a VPN can help protect against various types of cyber threats, such as man-in-the-middle attacks and data leaks.
Geo-blocking: Some websites and services are only available in certain countries. By connecting to a VPN server in a different country, a user can "trick" these websites into thinking they are located in the allowed country, allowing them to access restricted content.

VPN is only one component of a defense in depth strategy, and it should be used in combination with other security measures to provide the greatest level of protection.

Defense in depth for a social media account:

Choose strong and unique passwords: Use a password manager to create strong, unique passwords for your social media accounts, and enable two-factor authentication (2FA) if it is available. This will help protect against password-based attacks, such as brute-force attacks or credential stuffing.

Be cautious with links and attachments: Be cautious when clicking on links or downloading attachments from unknown sources, as these can potentially be used to deliver malware or phishing attacks.

Use privacy settings: Use the privacy settings provided by the social media platform to control who can see your posts and personal information.

Be aware of scammers and impersonators: Be aware of scammers and impersonators who may try to trick you into giving away personal information or money.

Use antivirus software: Install antivirus software on your devices and keep it up to date to help protect against malware.

Avoid sharing sensitive information: Be mindful of what personal information you share on social media, as this information could potentially be used to target you with attacks.

@LokiFawkes
Copy link

LokiFawkes commented Jan 4, 2023

@aptblog The application of VPN technology in a defense-in-depth strategy involves using an actual VPN, not a "VPN" service. VPNs are used in a defense in depth strategy to connect employees to a private network, not to serve as a proxy for their WAN traffic. When it does function as a proxy, this is to keep custody of that traffic until it goes to the WAN, not to dance around the globe via an untrustworthy third party. This way, if something leaks to WAN, it leaks through the company's private network, and is either stopped by the firewall or cannot be sniffed by the employee's home ISP.

If you are using a VPN service rather than a company VPN for your defense in depth strategy, you've defeated your whole security model.

The doctrine of defense in depth is also outdated.
For example, "strong" passwords are often short but use a wide character range instead of being long. They're not memorable, they're easy for machines to bruteforce, and they're plagued by the need to write down passwords or save them in a password manager. Passphrases are king.
For another example, antivirus software as we know it is ineffective. The most effective antivirus for Windows is Defender, with many commercial offerings actually spying on you, bypassing Defender (it disables itself if you have another AV installed) and leaving doors open for malware whose developer has bribed them for whitelisting to get through. The most effective antivirus for macOS is in fact is the Gatekeeper/Notarization/XProtect stack built in to macOS. As for Linux, there is no real AV offering (just about every offering you see for Linux is either a scam or a Windows AV scanning on Linux) and the method of defense is to patch out vulnerabilities and never give anyone but designated administrators administrative privileges. Just like macOS, a password is needed when escalating to admin power, and you must be in the admin wheel to escalate.

@aptblog
Copy link

aptblog commented Jan 5, 2023

@LokiFawkes actual VPN and VPN as service discussion is similar to choosing "Private Cloud" vs "Public Cloud".

Windows Defender a built-in antivirus software for Windows operating systems is generally effective at detecting and protecting against viruses and other malware. However keeping your OS up to date with the latest security patches and updates, enabling virtualization-based security, and using cloud storage service to store your important files and documents adds extra layer to security.

The doctrine of defense in depth is a military strategy that involves positioning defensive forces at various levels or depths in an area in order to create multiple layers of defense. While the specific tactics and technologies used in defense in depth may change over time, the fundamental principles behind this strategy remains relevant.

The doctrine of "Defense in depth" can be applied in a variety of contexts, including military, cybersecurity, and critical infrastructure protection.

Doctrine of defense in depth can also be applied to emotional security or personal security.

Here are some ideas for how to build a defense in depth for emotional security:

Identify and address sources of stress: Identify the things that cause you stress, such as work, relationships, or financial issues, and take steps to address them. This might involve seeking support from friends and family, seeking therapy, counseling, finding ways to manage your workload more effectively.

Practice self-care: Take care of yourself physically and emotionally by getting enough sleep, eating well, exercising, and engaging in activities that bring you joy.

Build a support network: Surround yourself with people who are supportive and who you can turn to for help when you're feeling overwhelmed or distressed.

Develop coping skills: Learn techniques for managing your emotions and coping with stress, such as deep breathing, meditation, or journaling.

Seek professional help if needed: If you're struggling to cope with stress or negative emotions on your own, consider seeking help from a mental health professional or a health coach.

@LokiFawkes
Copy link

@aptblog No, actual VPN vs VPN service is similar to choosing self hosted vs public cloud.

Audits of antivirus software showed the best to be Defender, which also happens to be the one that comes with Windows. Currently, as OS developers put their money into providing an antivirus, they've proven to be the best to turn to when protecting the OS they develop. Virtualization-based security is typically not needed unless you're downloading shit from Softonic, and even then, most malware you'll be worrying about can break the hypervisor or simply get sufficient permissions from the user for the hypervisor not to be a threat to its goal.

Cloud storage is not a form of security. You're thinking of backup, but also, it's not a form of backup either. It's not an archival service, it's a centralized sync service. Centralizing your files to Muh Cloud can actually make it easier for malware to destroy your data thoroughly enough that without a real backup you'll be unable to retrieve it.

If the doctrine of defense in depth hasn't embraced long passwords, it's outdated. End of.

@MandiYang
Copy link

Is protonvpn trustworthy? There is no way to confirm it to be trustworthy but they seem so legit :( https://protonvpn.com/blog/is-protonvpn-trustworthy/

@arkbg1
Copy link

arkbg1 commented Jan 8, 2023

Is protonvpn trustworthy? There is no way to confirm it to be trustworthy but they seem so legit :( https://protonvpn.com/blog/is-protonvpn-trustworthy/

I would be curious to know if OP read anything especially convincing in their lists of reasons to trust them.

@carmellopezhere
Copy link

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

@GASOLINE
Copy link

GASOLINE commented Mar 8, 2023

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

Says someone that just subscribed to Github. It seems more an advert/affiliate link.

@Kyr4l
Copy link

Kyr4l commented Mar 9, 2023

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

Bot detected 1000000%

@ElTioRata
Copy link

So, Mullvad isn't trustworthy?

@LokiFawkes
Copy link

Trust Mullvad as far as you can throw it. Don't expect it to keep your network traffic a secret any more than any other service, though it does have less data-broker baggage than many others.

@CostcoFanboy
Copy link

CostcoFanboy commented Mar 28, 2023

You can somewhat trust some rare VPNs as some of them made their canary tactics public and you can observe how the VPN/company interacted with other court orders in the past.

e.g. Mullvad and Proton

Basically, if they have logs, they just hand them encrypted jargon, if they have no logs, then nothing can be given.
This gist is somewhat right but too pessimistic.

99% of people use VPNs for geolocation bypass (Netflix or living in an authoritarian regime) or p2p torrenting, which are fairly valid use cases.

I'd say Mullvad, Proton and iVPN are trustworthy considering what I've seen from their responses and what happened during equipment seizures.

List of garbage VPNs that are to be avoided 100%:

  • GhostVPN: Owned by ex-malware company
  • PIA: Now owned by ex-malware company
  • Tunnelbear: Owned by McAfee
  • PureVPN: Lied about not keeping logs
  • Windscribe VPN: Lied about encryption
  • HideMyAss: Lied about not keeping logs
  • DoubleVPN: Lied about not keeping logs
  • EarthVPN: Lied about not keeping logs
  • ProtonVPN: Garbage apps.
  • Hola: Malware

Of course, never trust VPNs that are mass-peddled on YouTube channels.

It's all very circumstantial and somewhat "no brainer". Kind of like how you'd trust pCloud to harbor sensitive data but never Google Drive. But you can circumvent the whole thing by running Cryptomator on your Gdrive folder contents locally.

You just have to be smart about it.

As far as the best one, it definitely goes to Mullvad. You don't even need an identity tied to your payment method.

@Moizsohail
Copy link

Moizsohail commented Apr 3, 2023

What if we use openvpn and connect to free vpn providers like https://www.freeopenvpn.org/index.php?lang=en. is that safe?

I mean i am just looking to watch anime on pirated sites like gogoanime. and i don't need a letter knocking on my door.

@isaackielma
Copy link

@ranazain0009 Looks like all these vpn indicated in the website are logging all consumer traffic and personal data that's stored in their DB. Is that true or am I paranoid? Just because you pay them, doesn't mean that they will be ethical. Still giving them all the power to sell or use your info for nefarious purposes...

Just a thought, please correct me if I am mistaken.

@aedicted
Copy link

aedicted commented May 4, 2023

They most certainly won't log "all consumer traffic" as it would be way too much to store. Not even the NSA does that or would be capable of holding all that stuff.

If at all, it will be the meta-data about the connection itself.

Paranoia? Depends on your use case. I'd claim that for a little P2P, etc. ANY will do it as "investigations" in that regard will stop at the first visible IP-address and as long as it is not your easily accessible ISP, I'm yet to hear of any case where they took the effort to follow up the chain. If you plan "more" or your safety is a stake like being a Snowden, then cascade several up to your personal level of paranoia. ;)

@Viral
Copy link

Viral commented May 24, 2023

literally shit for brains

@AB9IL
Copy link

AB9IL commented May 24, 2023

Don't make careless arguments about VPNs as a useless or harmful service. Deprecating VPNs as "glorified proxies" is more sensationalist than accurate, as they are completely different in measures of bandwidth and encryption strength. Joepie91 does not consider that a main usage of VPNs is to prevent deep packet inspection and evade censorship. Plentiful VPNs are a reason why censorship is dead. If you are in a f#@&'ed up place with f#@&'ed up internet and want to read the Washington Post or stream some CBC Radio, a VPN works.

As one who has lived and worked in f#@&'ed up places with f#@&'ed up internet, VPNs are useful. I don't trust commercial VPN services either, and advocate usage of one's own VPS to run something like Wireguard. Streisand or Algo are tools for making the setup easy. Let me rephrase my point: VPNs are useful for circumventing internet surveillance and censorship imposed locally or regionally. For a higher level of trust, use your own server to avoid the pitfalls of commercial services.

If you are doing something risky, you need a solution requiring zero trust. Use Tor, Lokinet, or I2P (and a hardened browser) for anonymity. If you don't want your data accessed, use end-to-end encrypted services. As mentioned in this thread, there are some very good messaging applications which have strong E2EE and smartly written implementations. Briar, White Mouse, Element come immediately to mind.

Thank you for coming to my Ted Talk..

@Finoderi
Copy link

If you want to read WaPo something in your life is really fucked up already. For tasks described above any regular socks-proxy is more than enough.

@LokiFawkes
Copy link

@AB9IL So what you're saying is,
VPN services are a glorified proxy.
They don't provide privacy, only a very shallow and easily defeated evasion of censorship. Any proxy (and that's what these services usually are anyway) can do that. But again, that's all you're doing, is getting around geofilters until you're discovered.
No security or privacy benefit is involved. And that's what this gist is about.

@LokiFawkes
Copy link

@nukeop Your ISP knows your IP address. The site you go to knows your IP address or the IP of the server you're proxying through. Those are the only two parties that could normally track you by IP address. And neither does.

This is because your IP address is useless garbage information in the current internet structure. Clients have dynamic IP addresses, v4 uses NAT to combat the limited address space, meaning you can only identify a home or place of business at best, and IPv6 is currently poorly managed. Hell, my ISP gives me my own range of IPv6 addresses and somehow I still can't retain the addresses themselves. If a machine loses connection, or I lose internet connection, it's back to the drawing board and trying to set static addresses will just screw things up worse. Likely so they can sell a business plan that costs 10 times as much.

Servers often host multiple sites on one address, even sites owned by different people. So IP addresses are virtually useless for determining what site you connected to as well.

ISPs look for DNS requests and unencrypted client hello messages. They also source records from popular DNS providers. They also know if you're using a popular proxy service like NordVPN, and often are buying data from data brokers that own these proxy services.

That hello message, by the way, can still lead the people snooping between your proxy and the site back to you, to know you visited it. It's not as easy as if it came directly from you, but it still works.

Then there's the endpoint you're connecting to. They make a fingerprint of your browser, try to install cookies in your browser, and employ many other tricks to track you not only on their site but across sites and apps. Your IP address is not involved in that process.

Finally, a man in the middle cannot get the contents of your communication with the site. From the time you're done saying hello, to the time the encrypted connection is closed for good, an observer would need your private key and the site's private key to know what the hell you two are saying to each other. It's like listening to dialup. Just like how you'd need a demodulator to listen in on a dialup connection (even one that isn't encrypted), and without one you just hear noise, an observer cannot make heads or tails of a TLS connection.

With a private DNS server, either on your local network or over DoT/DoH, and a browser that will let you use ECH with a private server, nobody knows who connected to what site except you and the other party. And if you're worried about the site tracking you, don't worry, they already are, even if you don't have an IP address at all. It doesn't matter if you're communicating over TCP/IP or carrier pigeon. There's no turnkey solution to stop them tracking you. You have to use your brain, reject all conveniences, and leave your identity at the door. Only static webpages with JS disabled and cookies rejected for you, as well as a predetermined canvas size that makes you look like all the Tor Browser users out there.

@Finoderi
Copy link

@GenericRsPlayer
Copy link

Sounds like an american problem to me. Most of these things are outlawed in civilized countries.

Ahh yes. America; the country that brought the entirety of the planet standards of living up by a factor of 10, won 2 world wars, and was the primary country that said NO to slavery in the previous century; is not civilized. Privacy, torrenting, and VPN's are the only reason that places which do NOT have the ability to speak of atrocities (China, Venezuela, North Korea{if anyone can get a computer and is smart enough to figure this stuff out they will for sure will be able to access the unfiltered web} are some modern examples thanks to this kind of technology. Meanwhile our standards of speech lead Alexander Solzhenitsyn to be able to wildly publish his book, "The Gulag Archipelago". This book was one of the direct contributors to the downfall of the USSR; as he was able to show the world an inside look at what the Soviet's war machine looked like.

Not to mention the audacity to come onto a thread about VPN's; which are the only way that some people are able to see the outside world at all, and say something as profoundly ignorant as "most of the things that stop mass genocide are outlawed in the countries that originally sponsored some of it".

Stop it. Get help.

@GenericRsPlayer
Copy link

Lol, this is your mind on CIA propaganda. Check what happened to Gary Webb and Edward Snowden.

Don't think I am oblivious to the fact that the three letter agencies in the US are traitorous entities. But to throw out the entirety of the US, and say that we are uncivilized because we have privacy and protection laws? HA! Enjoy communism, Marxism, Socialism, Totalitarianism, and all the other "Ism's" there are; because freedom of speech is the Sword of Damocles to any Tyrant.

@GenericRsPlayer
Copy link

nukeop

so your argument is that because people are in jail, that we have no freedom of speech? point to me the political dissidents within the country that are currently in jail because they spoke ill of the governmental bodies in place

@Finoderi
Copy link

It's always easy to talk about things you don't know. In North Korea there are white lists of IPs you are allowed to connect to. Everything else are just dropped. It's pretty dumb and straightforward but no workaround exists. You can't pull routs out of your ass where they don't exist.
And in China shadowsocks is rather popular socks-proxy. But it's not a VPN and there are good reasons for that.

@GenericRsPlayer
Copy link

Alex Jones has to pay 6 gorillion dollars for his freedom of speech

alex jones had a lawyer that accidently emailed private conversations between him and AJ to the opposing defense team.
he also was up for deformation, in saying that no one was killed in Sandy Hook. News flash, they were.
He is a misinformation agent that is a MOSSAD plant. he purposefully tells you the truth, but twists it into a narrative. his job is to make people look crazy. and he does a fantastic job at it too.

he also; is not in jail. so please. try again. im very interested in understanding your logic on this.

@GenericRsPlayer
Copy link

GenericRsPlayer commented May 25, 2023

i was speaking as to people in NK. the government does issue computers to its citizens, but they are incredibly limited on what they see, and we are incredibly limited on what we see. what im saying is if a NK official who has unrestricted access (a hacker) can figure out how to setup a VPN, he more than likely could, because he would be able to get the information. from that point he could see the whole web.

i am, however; not an expert in this field, and will defer to others on their expertise.

dont forget that they even developed a video game at one point
https://en.wikipedia.org/wiki/Category:Video_games_developed_in_North_Korea

@Finoderi
Copy link

He is a misinformation agent that is a MOSSAD plant.
his job is to make people look crazy.

I wonder if this is fruits of his labour or you are just so... unique on your own...

@GenericRsPlayer
Copy link

He is a misinformation agent that is a MOSSAD plant.
his job is to make people look crazy.

I wonder if this is fruits of his labour or you are just so... unique on your own...

if you know; you know

@GenericRsPlayer
Copy link

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

im still waiting on proof of concept for your political dissidents.

not once did i claim America was a paradise. it has its problems like everywhere else does. but please; continue to say nothing, and put words in my mouth. if you want to know why I personally believe it is better than other countries; look at the tax rates (our highest tax rate overall is still lower than any other country on the planet) and healthcare (not its insurance system but the actual quality itself. people come from all over the world to get healthcare here) is, broken; but top of the line for the ones that have insurance. (not to mention most hospitals will treat you if you're not an American citizen, with American citizens tax dollars). not to mention freedom of speech; which is full circle back to what this whole conversation started on!

do you think NK is a wonderful place? go live there! they'd happily take you, as target practice once you approach the border.
my comparison was not to their quality of life, but as to how development does go on in the country with computers; and that people there may or may not have an ability to see the outside world.
you may have an issue with dyslexia and contextual information if you're struggling with that.

im trying to ask you a serious question. please. inform me, how we are all brainwashed and controlled by the system because we have a judicial system that operates. tell me which American in our country is a political prisoner. if you refuse to and continue to just take jabs at me; while providing no proof of anything. I'll just block you

@xNeonHD
Copy link

xNeonHD commented May 25, 2023

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

I am laughing at your idiocy. Either you must be a troll, or it must be a birthright to write such a comment unironically.

@GenericRsPlayer
Copy link

If the best you can say is that it's in some aspects better than North Korea then the bar isn't set very high

You clearly aren't interested in an intellectual conversation 😂😂. I never said this. Not once.

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

I am laughing at your idiocy. Either you must be a troll, or it must be a birthright to write such a comment unironically.

I choose to apply Hanlon's Razor with nukeop. He is right about one thing. The CIA loves to disinform people. He clearly has been affected.

@GenericRsPlayer
Copy link

GenericRsPlayer commented May 25, 2023

do you think NK is a wonderful place? go live there! they'd happily take you, as target practice once you approach the border.

You mean like this? https://en.wikipedia.org/wiki/Migrant_deaths_along_the_Mexico%E2%80%93United_States_border

Ok and when the border is open this problem gets worse because human trafficking of children goes up.

If people followed a legal process VS leaving it up to Cartel Cyoties women and children over the border who end up victims of SA and Rpe

But no. Open border clearly is the way to go. Turn on any TV channel and you'll see that.

Also no one tries to shoot you for traveling internationally

@GenericRsPlayer
Copy link

USA: The country that heroically overcomes problems unknown in any other country

Keep watching that TV

Nuke. Your all over the board bro. Bring it back to the start of the conversation.

Show me any political dissonant who have been locked up In the US. Any US citizen who is being held and not given his rights.

@LokiFawkes
Copy link

@nukeop If you want to play argumentum ad hominem, your profile says "fullstack software developer".

Nobody outside of HR cares about that term, at all. It's a term people who can't name what they do use to describe their skills, or lack thereof, in a favorable manner.

@LokiFawkes
Copy link

@nukeop It's so commonly used that anyone actually in tech knows you need to go into more detail or we throw out your application and tell our recruiters to stop sending people like you to us.

What do you write? What languages do you use in this "full stack", what do you use for backend, what do you use for frontend? Is your frontend HTML and JS or is it a generated page? Is your backend PHP, Node, Python, Java, C++, Rust(tm), etc? What do you use for SQL, or do you even use SQL? And finally, what do you specialize in?

Fail to answer any of these, or arrogantly say "all of it", and you're blacklisted from applying for a fucking year.

@GenericRsPlayer
Copy link

Lol ok

am curious as to why you deleted your previous comments....did you recognize your arguments fallacy?

@GenericRsPlayer
Copy link

No, I recognized that Github is an am***can service and as such, heavily censored, and I don't want to risk my account. Please stop sealioning

I haven't heard that term before. But looking it up; just sounds like a defense that someone throws out when they have no logical backing to their argument. Especially because I have no intention of bad faith in the argument. I would of love to have heard your reasoning to a logical conclusion. Especially since you were the one that initiated the topic of conversation in the first place.

Your a victim of your own creation. You know that; right?

@GenericRsPlayer
Copy link

GenericRsPlayer commented May 26, 2023

I wish you would stop talking and leave me alone


Reply to this email directly, view it on GitHub or >unsubscribe.
You are receiving this email because you commented on >the thread.
Show quoted text
@nukeop commented on this gist.
The message you're not getting is that nobody wants to talk to you
Show quoted text

You basically call me an idiot and expected me to just lie down and take it. Well bless your heart. Americans don't work that way. I'll stop replying once you stop replying. Till then I'll just keep quoting you.

@GenericRsPlayer
Copy link

GenericRsPlayer commented May 26, 2023

@nukeop commented on this gist.
Yes I already know that americans are brainwashed, obnoxious, and clueless. No need to drive the point home buddy

Wow you just continue to be oblivious too! You're not superior to anyone. Just as I am not superior to you. Clearly I have more common sense. But you just keep making fun of people; on a place where it won't go away. And where your future comments could be looked at as "doesn't cooperate well with others"

I'm not here to troll you. I'm just going to continue to hold up a mirror untill you've decided you've had enough.

Btw. Hope your having a wonderful day. God loves you brother.

@GenericRsPlayer
Copy link

I accept your concession.

I hope things get better for you

@Amiralgaby
Copy link

is there a French fork of this file please?

@2gn
Copy link

2gn commented May 26, 2023

VPNs will hide what you do from ISPs, at least.

@Finoderi
Copy link

It seems most people don't know anything about proxy servers, but VPN concept was popularized by YouTubers. And the 'glorified proxy' part is just ignored as something vague and inexplicit.

@LokiFawkes
Copy link

@2gn Not really. ISPs buy data from data brokers, which own almost all if not all the "vpn" services (which again are just proxies that maybe, MAYBE use a protocol meant for actual VPNs). Literally all they're good for is getting around geofilters and not a damn thing else.

@dxgldotorg
Copy link

dxgldotorg commented May 27, 2023

It seems most people don't know anything about proxy servers, but VPN concept was popularized by YouTubers. And the 'glorified proxy' part is just ignored as something vague and inexplicit.

Actually it is in more recent years that VPN companies have approached YouTubers with sponsorship deals.

@Finoderi
Copy link

From Nigeria with love.

@LokiFawkes
Copy link

We got another shill: @vpnsguru

@LokiFawkes
Copy link

Aaaand @nukeop steps back in the shill ring.

@LokiFawkes
Copy link

Keep shilling, you only have your reputation to lose... If that.

@LokiFawkes
Copy link

Talking to yourself? Cause you're the only mad one here.

@dxgldotorg
Copy link

Install Sponsorblock: https://sponsor.ajay.app/ Why would anyone watch videos with sponsor segments?

This doesn't address the issue, it sweeps it under the rug.

@Finoderi
Copy link

The article is rather short but you still failed to read it till the end. Well done.

@Finoderi
Copy link

Sunshine, you fail to understand the difference between using VPN in general and using VPN SERVICE. I highlighted the important word for you, but there is not much hope it'll make any difference.

I use both VPN and proxy all the time, but I set it up myself on a small VPS.

@Finoderi
Copy link

I don't know what it supposed to mean. I deleted my Reddit account back in 2020 when Americans were caught up in BLM hysteria. Reddit admins always have been completely fucked in the head but at that moment they've outdone themselves.

@LokiFawkes
Copy link

@phr34k0 Assuming you're not talking out your ass (you are), it begs the question, why chain when you can just use Tor or I2P

@MarcusRichardson
Copy link

hello

@T0asti3
Copy link

T0asti3 commented Jul 12, 2023

@phr34k0 Assuming you're not talking out your ass (you are), it begs the question, why chain when you can just use Tor or I2P

@LokiFawkes Dude ever heard about entry and exits nodes? try selling yo momma on TOR and watch CIA bust down your door. Nodes can be watched or controlled. This happens all the time. TOR routing is secure but not to the exit nodes.

@Finoderi
Copy link

It's always fascinating to see the discussion of true professionals.

@LokiFawkes
Copy link

@T0asti3 Firstly, if you're going through exit nodes, you're as insecure as if you're using a proxy service. NordVPN ain't gonna protect you any more than a malicious exit node, even if you've chained three NordVPNs.
Second, with Tor and I2P, you don't have to pay anyone or reveal your identity to anyone to use onion routing. There are very few proxies that might behave hands-off and that let you gain service without revealing yourself. And the ones, or really one, I'm speaking of, doesn't like to be chained.
And even the one I spoke of, still wouldn't recommend for privacy so much as obscurity for basic IP filters.
If you want privacy through an overlay network, you need that overlay network to not be owned by any third party. Tor and I2P for example, completely decentralized, at least in terms of design. I2P is better at staying that way, but less accessible, while Tor gained popularity by connecting to exit nodes by default to let you access the clearnet through Tor.
The endgame is you shouldn't have to exit the overlay network through anything you can't trust.
Some people actually use I2P with an outproxy into Tor instead of using Tor or I2P directly to the clearnet. Some people go as far as setting up a Tor outproxy on I2P using a server they got pseudonymously and use that as their outproxy wherever they go.
Try to sell your mom on Tor, you've just revealed yourself. Try to sell people who don't exist on Tor, you've got yourself a worthwhile scam.

@vanderplancke
Copy link

I can confirm beyond any doubt that vpns do not work. They do not mask your identity. You are just throwing money away using them. If you really want to not be tracked don't conduct activity that would get you on the radar.

@vanderplancke
Copy link

Yes listen to the shill throwing slurs. Speaking from experience with federal police no VPNs do not work. But hey gotta respect the hustle to get kickbacks from trying to convince people to sign up.

@RivenSkaye
Copy link

VPNs are very much useful for "when should I" argument 2.
My ISP would frequently squeeze traffic to known public trackers, which hasn't been an issue ever since I started using glorified proxies. And it also helps circumvent blocks on certain sites, which is precisely what I need it for.

As such, a third point to note is "when you need access to services or resources that you can't reach through your current network or ISP."

@dxgldotorg
Copy link

Sunshine, you fail to understand the difference between using VPN in general and using VPN SERVICE. I highlighted the important word for you, but there is not much hope it'll make any difference.

I use both VPN and proxy all the time, but I set it up myself on a small VPS.

For me, my VPN lives inside my router and gives me remote access to my connected devices.

@LokiFawkes
Copy link

For me, my VPN lives inside my router and gives me remote access to my connected devices.

And this is what I like to call, an actual VPN.

@M-u-m-p-i-t-z
Copy link

M-u-m-p-i-t-z commented Jul 31, 2023

Some questions:

But I want to confuse trackers by sharing an IP address!

Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these kind of tactics, and combined with increased adoption of [CGNAT](https://en.wikipedia.org/wiki/Carrier-grade_NAT) and an ever-increasing amount of devices per household, it just isn't a reliable data point anymore.

Marketers will almost always use some kind of other metric to identify and distinguish you. That can be anything from a useragent to a [fingerprinting profile](https://panopticlick.eff.org/). A VPN cannot prevent this.

Just suppose my ISP doesn't use CGNAT but I keep my IP for weeks, and my browser doesn't allow fingerprinting because only fake data is sent. If I visit different websites without VPN, the fingerprint is always different but I have the same IP, what sense does that make, you can not track easier?
If I use a VPN and / or proxies, I get a different IP every day that I share with thousands of other people and always have a different fingerprint. What should not work in this practice?

When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and mess with all your traffic.

Yes, but how can an outsider see which of the thousands of users is accessing which websites? The data streams that go in cannot be assigned to the decrypted streams that go out. Thus, you have 1000 defendants when someone fucks up.
Before the question is answered again with "But the VPN provider knows everything", please read my last question.
The VPN provider can know everything, but does not have to.

Because a VPN in this sense is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want - including logging.

The ISP does that too and sells the data and you can't always choose the ISP. A VPN provider that shares data with its customers without obtaining their consent is acting illegally and committing a crime itself. The ISP writes it in its terms of service.

And remember that it is in a VPN provider's best interest to log their users - it lets them deflect blame to the customer, if they ever were to get into legal trouble. The $10/month that you're paying for your VPN service doesn't even pay for the lawyer's coffee, so expect them to hand you over.

Wouldn't it be much easier to tell the authorities "Sorry I can't identify my users because I have no logs! I can only provide all users as a list"? It would never come to a criminal complaint, how do you want to prove a specific person did a crime? For what reason should the VPN provider here can be legally prosecuted, as long as no law requires that I do not log my users, which in turn must then be written in the terms of service?

@LokiFawkes
Copy link

@M-um-p-i-t-z Exactly as stated: The IP address is a useless metric these days.

Firstly, good luck actually setting up a browser that flies under the radar like that. If you sign in anywhere, your browser will be tracked, your new fingerprint will be tracked as long as you stay signed in or sign in again.

Marketers employ many different methods of tracking. From the classic cross-site tracking cookie, to the modern fingerprinting methods we know today. You basically aren't safe from this unless you're using Tor Browser (with or without actually using the Tor network) and not signing in anywhere.

As long as you're signed in, or allowing cookies, or allowing javascript, or it's able to get actual canvas sizes, etc from your browser, no proxy in the world can protect you.

The VPN provider that shares data of its customers without obtaining their consent is actually protected by silver tongued legalese in the terms of service and gag orders in the law.

It is in fact not easier to tell the authorities, "Sorry I can't identify my users because I have no logs!". That's a good way to get in trouble with 14 Eyes surveillance laws. And no, those surveillance laws are not limited to the 14 core nations of the Eyes. Most nations of the world are in on it without increasing the number of "eyes" in the name, and even if your company is from another country, if you have servers in an Eyes country, you're subject to their laws.

If they can't directly command you by law to conduct mass surveillance, they can hold you accountable for "letting" your users commit what these countries consider to be crimes. Such as journalism, protests, or god forbid being Fr*nch.

@Naleksuh
Copy link

Naleksuh commented Aug 3, 2023

I think the IP part is confusing people because first the post says "You're still connecting to their service from your own IP, and they can log that." then later it says "Your IP address is a largely irrelevant metric in modern tracking systems. ". I think the confusion is because joepie91 is talking about tracking by the government in the first one, and tracking by advertisers in the second one. It might be a good idea to clarify that.

@LokiFawkes It depends on the fingerprinting software. Some include your IP address, other people don't. Either way, there is more to fingerprinting than your IP address. Here's a test site many people use: https://coveryourtracks.eff.org/

Edit: Actually the original gist already links to this site

@LokiFawkes
Copy link

@Naleksuh Yeah, it seems a lot of people are confused by the concept of attacking the same assertion from multiple angles.

@M-u-m-p-i-t-z
Copy link

Firstly, good luck actually setting up a browser that flies under the radar like that. If you sign in anywhere, your browser will be tracked, your new fingerprint will be tracked as long as you stay signed in or sign in again. Marketers employ many different methods of tracking. From the classic cross-site tracking cookie, to the modern fingerprinting methods we know today. You basically aren't safe from this unless you're using Tor Browser (with or without actually using the Tor network) and not signing in anywhere.
Since some time Firefox prevents exactly these practices with its tracking protection, each domain has its own memory here where no other domain can access and if you use containers in addition, even the domain gets a different memory in each container.
As long as you're signed in, or allowing cookies, or allowing javascript, or it's able to get actual canvas sizes, etc from your browser, no proxy in the world can protect you.
With each domain the browser fingerprint changes and remains valid for this domain until the browser is closed but each container has different fingerprints for the same domains and another IP.
The VPN provider that shares data of its customers without obtaining their consent is actually protected by silver tongued legalese in the terms of service and gag orders in the law.
My government's laws prohibit the unstoppable storage of connection data. There must be a reasonable suspicion of a serious crime and there must be a suspect, not just thousands of VPN users because someone might have done something wrong.

It is in fact not easier to tell the authorities, "Sorry I can't identify my users because I have no logs!". That's a good way to get in trouble with 14 Eyes surveillance laws. And no, those surveillance laws are not limited to the 14 core nations of the Eyes. Most nations of the world are in on it without increasing the number of "eyes" in the name, and even if your company is from another country, if you have servers in an Eyes country, you're subject to their laws.
Why should a company get into trouble with the secret service if it complies with the laws in force in its country, where no one has to store any data. And if it would be so easy to get companies to record, why does even the NSA have its own department that deals with cracking VPN connections?
Be honest, if the secret service is looking for you, it will find you, no question, but who is wanted by the secret service?
The only danger you are exposed to when using VPN or even Tor is that you are swimming in a pot together with a few criminals, the price is not too high for me to protect my privacy.

@nukeop
Copy link

nukeop commented Aug 4, 2023

What's the point of fingerprinting if my fingerprint changes every 30s? And what's the point of tracking if I block tracking scripts and ads?

@LokiFawkes
Copy link

@M-um-p-i-t-z I can answer your entire response by answering your last sentence. You're not protecting your privacy. This is called the action bias.

But sure, if you think Firefox is protecting you by changing your fingerprint, go ahead and double check with the EFF.
No, it's not.

You have to set everything manually, make your canvas generic (thereby also limiting the screenspace in your browser or glitching certain graphics), and put every tab in a container. And even then, it's still not enough.

I'm a firefox user, with container tabs, strict privacy settings to the point that about:config is unrecognizable from the original, whole nine yards. And yet sites still find ways to worm cross site cookies across the containers. It's a neverending arms race, and the one thing they're not concerned with, is the IP address.

@LokiFawkes
Copy link

@nukeop Let's pretend you aren't the butt of the joke in this entire thread. Just for a second.
To what are you referring?

@LokiFawkes
Copy link

LokiFawkes commented Aug 6, 2023

@nukeop
You did not answer. To what are you referring?
Have you forgotten that it is you who knows less than nothing on the topic as you have proven multiple times in this thread?

Also, github gists is a discussion platform.

@vanderplancke
Copy link

@nukeop You did not answer. To what are you referring? Have you forgotten that it is you who knows less than nothing on the topic as you have proven multiple times in this thread?

Also, github gists is a discussion platform.

You know nukeop is a vpn shill right. Likes to attack anyone calling it out on it's grift. Ignore it and it will go away.

Copy link

ghost commented Aug 10, 2023

I agree. though I use one, because i trust it more, travel and torrenting

@M-u-m-p-i-t-z
Copy link

@LokiFawkes

@M-um-p-i-t-z I can answer your entire response by answering your last sentence. You're not protecting your privacy. This is called the action bias.

But sure, if you think Firefox is protecting you by changing your fingerprint, go ahead and double check with the EFF. No, it's not.

What is this supposed to prove? But I did it for you with the result that I double check on two days with 3 containers with different IPs from VPNs and I get 3 Yes in every single tab on both days. Tor Browser also. Seems like u have a mass of changes in about:config, that you look unique to the side. I am not. And your IP can be tracked, so they do so. Whether this is relevant or whether you do not want to believe it is irrelevant. So stop spreading such generalizations, they are not true.
Screenshot

@clippycoder
Copy link

clippycoder commented Aug 15, 2023

A few comments:

  • I think you are being to harsh on VPN services here. I understand that we cannot know for sure if a specific VPN provider is not logging you, but I wouldn't go so far as to say that none like that exist. It's a bit of a gamble, maybe, but sometimes that's better than nothing.
  • Additionally, I use a free VPN service to access geo-blocked content and to bypass network restrictions. I don't really trust it's privacy value, given that it's free, but for my purposes I'm content with that. And also, being a free tier of an otherwise paid service, it has an nice-looking and intuitive UI, much more than can be said for many open source projects.

Overall, given that VPNs provide benefits outside of privacy, and that privacy may very well be also provided, I think VPNs, even paid ones, have their place. But I don't think that this should detract from your argument that with no verifiability, VPN privacy may often be false advertising.

@douma
Copy link

douma commented Aug 31, 2023

I use VPN (OpenVPN with Pihole), with a private/ dedicated ip address, on a private VPS server, only to hide my traffic from my ISP (ISP's have the biggest share in selling data), to hide my true location for the websites I visit, to block ads and to block sites like facebook, google from tracking me... and to log my own network activities. In this way I have found a virus on my computer sending packages of information every hour to a certain host. Legally they could find out what websites I visit, but a VPN adds another threshold for them to find out. Don´t give them (legal agencies) any reason to track you down. Doing something illegal on the internet is extremely stupid, even with a VPN.

@eos1973
Copy link

eos1973 commented Sep 14, 2023

quite a lot of comments and discussions, apparently there is no complete solution.
Except acquiring a service from some server in a corner of Eastern Europe. XD

@nukeop
Copy link

nukeop commented Sep 14, 2023

Mullvad VPN is easily the best

Copy link

ghost commented Sep 14, 2023

Hello everyone.

These same questions that can be asked here about the cloud's open source. It is contradictory that open software works in cloud like sass (software as a service) or baas (backend as a service) etc. Because, in theory, we do not have access to any source code and the control of this server.

Some people have created the software license as AGPL for this. Although the company distributes the software to AGPL, you can never check which function is being performed. First, because we have a feeling of arrest, because you don't have the money to execute the software with your own infrastructure (hosting, physical server). And second, because we have the feeling of not knowing the future direction of the cloud product or service.

Just as we cannot trust VPNs, I don't think we should trust cloud services that uses open license as AGPL, MIT, GPLv2, GPLv3 etc. Does these concerns of mine make sense?

@panzer-arc
Copy link

This approach is parroted in various MSM articles but doesn't address all the potential concerns. I trust VPN providers more than my ISP. I see no evidence that I should trust my ISP by default even if they don't MITM me. They would know every single domain I connect to on all of my devices if I didn't tunnel my traffic. Why can't I find an explanation of how my data is used/stored on their site?
https://www.privacyguides.org/en/basics/vpn-overview/#should-i-use-a-vpn

@nukeop
Copy link

nukeop commented Sep 30, 2023

Yeah, it's a list of defeatist, often false or easily refuted bullet points written in a style of total confidence, which to some impressionable people may look like competence. Some of the bullet points are actually strawmen that nobody who uses VPNs would argue.

@Finoderi
Copy link

Finoderi commented Oct 2, 2023

Why can't I find an explanation of how my data is used/stored on their site?

Can you find something like that on the site of you favourite VPN service?
Have you actually read articles that short summary on privacyguides.org is referring to?

@rfc-2549
Copy link

rfc-2549 commented Oct 2, 2023

Mullvad is the only good VPN services
Either that or tor

@humanlyhuman
Copy link

humanlyhuman commented Oct 4, 2023

Mullvad is the only good VPN services Either that or tor

ivpn is pretty good too
check out https://www.ivpn.net/blog/why-you-dont-need-a-vpn

@sjorspa
Copy link

sjorspa commented Oct 13, 2023

A valid reason for VPN is by NOT want to hide your VPN but make sure you connect with a trusted one, IE if you have a dynamic IP and need to go to a firewalled site, this might be a very valid point. Another valid point can be Geolocation barriers, IE many content providers block based on your countries IP. The other points are pretty valid by the way. For real privacy use Tor and make sure that you don't login with accounts that you also use on your normal connection.

@sneer69
Copy link

sneer69 commented Oct 27, 2023

"A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that a VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be."

Can I see that statistic and your dataset?

@papahuge
Copy link

papahuge commented Nov 3, 2023

image
^
I'm pretty sure this is why most people need a glorified proxy service.

@5aturnius
Copy link

image ^ I'm pretty sure this is why most people need a glorified proxy service.

Precisely. I cannot believe the idiocy of morons on the internet with the idea that there is some way to outsmart intelligence agencies with the smartest people on the planet working together stacked against them. That there are thus conversely certain activities that "expose" one to said agencies. We need legislation to fight this battle on the same scale that this violation of user privacy operates on.

@nukeop
Copy link

nukeop commented Nov 29, 2023

Leaked NSA documents prove that they are powerless against TOR and have been since its inception.

@ahydronous
Copy link

Dumbest article ever. Completely glosses over the utmost mission to privacy Mulvad has, or the fact that Private Internet Access is court-tested.

@Finoderi
Copy link

Finoderi commented Dec 8, 2023

utmost mission to privacy

Someone can type that unironically. Fascinating.

@ahydronous
Copy link

Someone can type that unironically. Fascinating.

Someone can be this dumb unironically. Fascinating.

You can pay for Mulvad by sending in a letter with cash money. All you get back (and what they know) is an account number.

Private Internet Access has been audited too, btw : )

Anyway, I'm done here. Anyone reading this will realize how moronic this article is and just sign up for a good VPN.

Byee

@Finoderi
Copy link

Finoderi commented Dec 9, 2023

OK. For those who can read unlike that chap.
PIA is a US based company. It will obey US laws by definition no matter what. Furthermore the company still uses physical drives to store user data, and those drives can be ceased by authorities.

Mullvad is better in that regard. But Sweden is a member of 14 Eyes Alliance and not a completely safe jurisdiction for a VPN provider.

@maoydev
Copy link

maoydev commented Feb 21, 2024

@BrodyDoggo I can explain this. The purpose of a VPN is to provide a tunneled connection into a private network. It's like a proxy, except you can traverse firewalls and connect to devices over any port or protocol through it. In a proper VPN, you even get your own IP address in the private network. However, this is not how clearnet VPN services like NordVPN or ExpressVPN work. Even when they use real VPN protocols, they're just putting you into a NAT network and hiding you behind one IP address, their IP address. Essentially, the same as a proxy. They can control what ports you get to use, what protocols you get to use. Essentially, the same as a proxy. At best, with no restrictions on ports and protocols, you'd be looking at something called a SOCKS proxy. In many actual VPN setups, you might even set your virtual network adapter that's connected to the VPN, as a SOCKS proxy to prevent direct access to the clearnet. But these VPN services you see out there range from web proxies to SOCKS proxies, advertised as being more private than a proxy, and often come with proprietary apps that strip SSL so they can collect and sell your browsing habits. They even advertise this SSL-stripping function as virus protection, when in reality, their VPN cannot protect you from viruses even by stripping SSL (though if they're honest they can try), but it can make them money by collecting data. By stripping SSL, typically by replacing your root certificate so your browsing happens in an encrypted form that they can read but outsiders still can't, they not only can get your browsing habits beyond just IP addresses and DNS requests, but they can also harvest metadata AND the payload of the connection, including passwords and other personally identifying information that would have otherwise been transmitted without a man in the middle. So really the difference between a VPN and a proxy is the P in VPN - private. If it doesn't provide a tunnel to a private network, it's not a VPN, regardless of what protocol it uses or what its name is. VPN - Virtual connection to private resources like company servers Also a VPN - Virtual connection to your company or home's private network, doubling as a proxy for the clearnet Not a VPN - A tunnel to a web proxy, branded as a VPN, meant to look like you're browsing from the server you connected to rather than from where you are

If you still want to call these VPNs, the distinction would then be between Virtual Private Networks and Virtual Public Networks.

Is there any difference to them on a local perspective, like isp traffic protection and such?

@Finoderi
Copy link

Overquoting should be punishable by death.

@LokiFawkes
Copy link

LokiFawkes commented Feb 21, 2024

@maoydev Between not having a proxy and having one? Not really.
Without these services, most your ISP will know is what IP you're talking to, and currently between CDN centralization and Web2 "just trust the cloud" centralization, too many services share the same IP addresses with each other for it to really matter. Aside from that, if they're clever they may catch the SNI at the start of your connection. They still can't make anything of it if you have a bunch of ongoing sessions. Once ECH catches on (and browsers start supporting ECH while using a nameserver of your own choosing), that vulnerability will be dead too. You stand to lose more privacy than you stand to gain when trusting a Virtual Public Network.

@vanderplancke
Copy link

Hmmm the lone vpn simp is still at it. Almost like she gets kickbacks for each service sold.

Thinking logically, do you genuinely believe that the government would allow a means of hiding your ISP they themselves couldn't track?

@nukeop
Copy link

nukeop commented Feb 21, 2024

Can you keep unhinged conspiracy theories out of the thread? You're not making your side look sane

@vanderplancke
Copy link

vanderplancke commented Feb 22, 2024

Do you believe the government would allow a product they couldn't track? Yes or no? The likes of Tom Clancy and Richard Marcinko discussed communications security and spying. I would side with the experts over a shill who decries any criticism of VPNs.

@Aphexed
Copy link

Aphexed commented Feb 24, 2024

I visited IP vanish for coverage. I made it through paying for the first month then I was blocked because of Cloud flare and my email

@ipkpjersi
Copy link

VPNs are shared, VPSes themselves (not the host) are not, so your VPS gets tied to you - not great for privacy, is it? VPNs are great for bypassing censorship in countries like China with censorship problems and you don't need to setup your own to do that, it's kinda overkill.

Dumbest article ever. Completely glosses over the utmost mission to privacy Mulvad has, or the fact that Private Internet Access is court-tested.

It doesn't touch on bypassing censorship in restrictive countries either.

@Finoderi
Copy link

Finoderi commented Mar 22, 2024

so your VPS gets tied to you - not great for privacy, is it?

You get an external IP or IPs from a pool of that VPS-provider. I don't see much difference.

VPNs are great for bypassing censorship in countries like China with censorship problems...

It can be done with limited success and the result is far from great.

@ipkpjersi
Copy link

You get an external IP or IPs from a pool of that VPS-provider. I don't see much difference.

Sure, I can explain with difference. With a VPS, that IP is specifically tied to you for as long as you are renting that VPS. With a VPN, there is a shared pool of IPs where any individual IP can be used by multiple people at the exact same time - that's the difference. IPs are shared, not dedicated/unique.

It can be done with limited success and the result is far from great.

I guess we just disagree on this, then. VPNs are very important to these types of countries.

@Finoderi
Copy link

IPs are shared, not dedicated/unique.

Well, it's possible to choose another IP from the same pool after a while. I don't think a smaller pool compromises your identity that much but may be I'm wrong.

VPNs are very important to these types of countries.

I live in such country. The connection speed of VPN is tolerable most of the time but sometimes it slows to a crawl. And from time to time all VPN traffic, including wireguard protocol, is blocked for several hours for some reason. And there is nothing I can do on my end. Choosing another VPN provider doesn't make any difference. In these cases shadowsocks proxy with the server side on VPS works slightly better but not by much.

@ipkpjersi
Copy link

ipkpjersi commented Mar 22, 2024

Well, it's possible to choose another IP from the same pool after a while. I don't think a smaller pool compromises your identity that much but may be I'm wrong.

You aren't understanding my point. Two or more people can have the same IP address at the exact same time with a traditional VPN service, whereas rolling your own VPN via a VPS means that public IP address assigned to you is only used by you and not anybody else (since you are the only one using the VPN and you are also the one responsible for hosting the VPN). That's part of why traditional VPN services claim "anonymity", because multiple people can be using the same public IP address at the exact same time, you don't know "who" is really using it. In theory, with a traditional VPN service, you could have dozens or hundreds of people using the same public IP address at the exact same time.

@zefir-git
Copy link

zefir-git commented Mar 24, 2024

Well, it's possible to choose another IP from the same pool after a while. I don't think a smaller pool compromises your identity that much but may be I'm wrong.

You aren't understanding my point. Two or more people can have the same IP address at the exact same time with a traditional VPN service, whereas rolling your own VPN via a VPS means that public IP address assigned to you is only used by you and not anybody else (since you are the only one using the VPN and you are also the one responsible for hosting the VPN). That's part of why traditional VPN services claim "anonymity", because multiple people can be using the same public IP address at the exact same time, you don't know "who" is really using it. In theory, with a traditional VPN service, you could have dozens or hundreds of people using the same public IP address at the exact same time.

Most hosting providers will sell you additional IPs for your VPS at €1/mo and you can rotate your IPS all you want (and get completely new ones every month). And you can share your VPN with as many people as you like. So for the cheapest €13/mo N**dVPN plan you can get a server with like 10+ IPs, share with all your friends and even sell it if you want.

When multiple people use 1 IP, the service you are connecting to doesn't know that. So if it tracks an IP, it tracks it the same way regardless if it's from a VPS or VPN. Your VPS could as well be a VPN host used by thousands of people. That's why no service identifies users by IP. Even your home network IP will change (unless you're paying for one that doesn't). I won't even start talking about mobile data IPs.

If you want 1000% anonymity, you can't get that with anything online. If someone really really wants to know who you are, they can. "No log" VPNs have proven to have logs in the past, and if you don't control the VPN yourself to know for sure, are you willing to risk your 1000% security requirement based on trust in a corporation? And if you have a VPS, authorities can always find who you are through the VPS hosting provider. You can't get a new internet subscription without the ISP knowing who you are, so that's out of the options as well.

Furthermore, any service that really wants to, can easily block access to all VPS or VPN etc IPs. How? Every IP belongs to an ASN and all ASNs are publicly registered. Is the ASN a residential ISP? Or is it an ISP for data centres?

Don't waste money on VPN. Waste significantly less money on VPS.

@dxgldotorg
Copy link

dxgldotorg commented Mar 24, 2024

Except that many VPS providers are very stingy on IP allocations and will require you to provide justification before they sell you any more IPs. Linode for instance even calls out certain reasons like multiple website domains as not valid excuses because virtual servers and SNI allow multiple sites to share an IP.

They are a lot more generous with IPv6 but of course that cannot connect without a proxy to IPv4-only endpoints.

@ipkpjersi
Copy link

Most hosting providers will sell you additional IPs for your VPS at €1/mo and you can rotate your IPS all you want (and get completely new ones every month). And you can share your VPN with as many people as you like. So for the cheapest €13/mo N**dVPN plan you can get a server with like 10+ IPs, share with all your friends and even sell it if you want.

Hosting providers can be pretty strict about this actually, you'd be surprised.

When multiple people use 1 IP, the service you are connecting to doesn't know that. So if it tracks an IP, it tracks it the same way regardless if it's from a VPS or VPN. Your VPS could as well be a VPN host used by thousands of people. That's why no service identifies users by IP. Even your home network IP will change (unless you're paying for one that doesn't). I won't even start talking about mobile data IPs.

Sure, that's fair, but a VPS is much less likely to be used as a VPN host than an actual VPN host itself with it's own rented/purchased dedicated hardware. A VPS is much more likely to be a 1-to-1 type of situation.

"No log" VPNs have proven to have logs in the past

Except for the ones that have, you know, literally been tested in court. Of course, that's not to say that they won't change it in the future, but still better than having it not tested at all.

Furthermore, any service that really wants to, can easily block access to all VPS or VPN etc IPs. How? Every IP belongs to an ASN and all ASNs are publicly registered. Is the ASN a residential ISP? Or is it an ISP for data centres?

Sure, but a lot of companies will avoid this because they realize there are countries with horrible censorship and don't want to punish legitimate users from those countries.

One thing I agree with you 10000% on, if you want 1000% anonymity, don't go online - it really boils down to that, it's always possible to find out who you are if someone really wants to.

Ultimately, VPNs and VPSes have different use cases and provide different functionality. I feel like people want to hate on VPNs because it's cool to do so (although I admit there are legitimate criticisms of VPNs), but they actually do have legitimate uses like easily avoiding censorship in countries with heavy censorship and they can work pretty well for this because people do use them for this.

@zefir-git
Copy link

Hosting providers can be pretty strict about this actually, you'd be surprised.

No reasonable providers are. Especially if they don't give you port 25 by default (used for SMTP and sending mail). Hosting providers would only be hurt if you use their IPs to send spam mail and get them into blocklists and unusable for other clients for mail.

Sure, that's fair, but a VPS is much less likely to be used as a VPN host than an actual VPN host itself with it's own rented/purchased dedicated hardware. A VPS is much more likely to be a 1-to-1 type of situation.

That's true, but the target service doesn't know whether you're using a VPS or not. And I'd recommend sharing your VPS-installed VPN with friends who would rather trust you than a corporation.

Except for the ones that have, you know, literally been tested in court. Of course, that's not to say that they won't change it in the future, but still better than having it not tested at all.

The only objective of VPN companies, as all other companies, is to make money, forever if possible. You can never trust a company wants what's best for you. And if you truly want security/anonymity, you don't want any trust in the equation.

@ipkpjersi
Copy link

ipkpjersi commented Mar 24, 2024

I agree with what you just said, with the caveat that if you are the owner of the VPS then you become responsible for what your friends do via that VPN, rather than the responsibility falling on the VPN host company itself when using a traditional VPN service. That's one way I would think traditional VPN services would still be superior (and also ease of use since with VPN services you just download an app vs setting up your own VPN server).

@Finoderi
Copy link

...they can work pretty well for this because people do use them for this.

People use them because they have no other choice, not because of their sheer greatness.

On a side note , have tried to use Linode for a week, hated everything about them. From at least 5 fucking minutes to restart a tiny server to their retarded political activism.

@zefir-git
Copy link

On a side note , have tried to use Linode for a week, hated everything about them. From at least 5 fucking minutes to restart a tiny server to their retarded political activism.

And it's expensive. For under €4 Hetzner cloud gives you a better server with 20TB transfer. OVH currently has a promo at $1/mo for a year (but only 100 Mbps bandwidth, but I think it's unmetered). For around €5 Contabo has 4 core 6GB RAM and 32TB traffic in case you want to put something more on it. Atlantic.Net gives you a free VPS for 1 year (3 TB transfer).

This is not an endorsement for any of the companies or their services.

@nukeop
Copy link

nukeop commented Mar 25, 2024

What political activism?

@dxgldotorg
Copy link

What political activism?

Probably not supporting hate/discrimination or something like that.

@nukeop
Copy link

nukeop commented Mar 25, 2024

What political activism?

Probably not supporting hate/discrimination or something like that.

And without a passive aggressive tone that translates to...?

@dxgldotorg
Copy link

What political activism?

Probably not supporting hate/discrimination or something like that.

And without a passive aggressive tone that translates to...?

I do look at their TOS and it could be this clause that is grounds for termination:

be excessively violent, incite violence, threaten violence, or contains harassing content or hate speech;

Of course many hosting providers have had something similar for ages.

@nukeop
Copy link

nukeop commented Mar 25, 2024

That doesn't mean it's desirable. IMO that clause is there just to give them grounds to ban anyone they want if there's pressure on them. "Hate speech" is meaningless and arbitrary.

@Finoderi
Copy link

They sent me several e-mails about the importance of 'hearing black voices' or with similar cheap corporate bullshit.

@dxgldotorg
Copy link

They sent me several e-mails about the importance of 'hearing black voices' or with similar cheap corporate bullshit.

And you decided to politicize it.

@nukeop
Copy link

nukeop commented Mar 25, 2024

Sounds like they did.

@Finoderi
Copy link

It looks like you are this ideologically captured. Well, my condolences.
First, I don't live in US and it's not my problem Americans can't figure out why Marxism is bad for everybody. I was born and raised in USSR and it's pretty obvious to me.
Second, the only voices I care about are the ones in my head. They have some interesting ideas.

@LokiFawkes
Copy link

I have a feeling Godwin's about to take over any moment now.

@nukeop
Copy link

nukeop commented Mar 25, 2024

Godwyn the Golden?

@Finoderi
Copy link

Godwin's law.

@jheagle
Copy link

jheagle commented May 14, 2024

Very good post, I found it as I become more and more disappointed with my VPN service. The main reason I use VPN was so I can do locale testing for web development. My secondary reason was for cafe, airport, and hotel WiFi networks I don't trust. I am finding more and more website block my VPN which is quite frustrating as my additional incentive was to use VPN when in foreign countries, it looks like this will be less and less possible with the current IP blacklisting going on.

@nukeop
Copy link

nukeop commented May 14, 2024

There's no reason not to trust wifi. All the internet uses HTTPS now. No matter who operates that wifi, they can't do anything to your traffic, and a VPN doesn't change that.

@sneer69
Copy link

sneer69 commented May 14, 2024

There's no reason not to trust wifi. All the internet uses HTTPS now. No matter who operates that wifi, they can't do anything to your traffic, and a VPN doesn't change that.

This is not true. There is a lot of metadata being sent unencrypted even with HTTPS with each session, that can easily provide profiling and identification means for bad actors. Cookies are often sent in plain text, which opens a way to session hijacking. Not all Internet uses HTTPS, HTTP is still in use and it is possible to intercept encrypted traffic by SSL stripping or by exploiting vulnerabilities in SSL/TLS protocol. Also, HTTPS does not protect from Cross-site Scripting (XSS). VPN protocol has it's own problems with recently discovered TunnelVision vulnerability, but Android is invulnerable to it, and that is how a lot of people use VPN. Besides, you could also use VPN to your home network where you have pi-hole and Unbound, which will cut out a lot of unwanted traffic. In my case unwanted DNS traffic makes up at least 66-75% of all, as per pi-hole blocked domains statistics. To summarize, a good VPN adds another layer of protection and security, but you still have to know what you are doing.

@nukeop
Copy link

nukeop commented May 14, 2024

Cookies are sent in plaintext? Is this 2004? Vulnerabilities in SSL? XSS too for some reason?

@jheagle
Copy link

jheagle commented May 14, 2024

Well, there is also another weird perk I experienced with my VPN. When I connected my VPN on the Disney cruise I got free WiFi, you just have to disconnect to use their app for Disney stuff. Typically you have to pay for WiFi usage on the Disney cruise.

@sneer69
Copy link

sneer69 commented May 14, 2024

Cookies are sent in plaintext? Is this 2004? Vulnerabilities in SSL? XSS too for some reason?

I have just visited nytimes website via HTTPS. Out of 12 cookies, 5 were without 'secure' flag, which means that they are being sent unencrypted, in clear text.

Vulnerabilities in all protocols are popping up all the time. SSL is not an exception. Check CVE database. CVE-2014-0160 is one of the most recent ones.

What XSS too? Are you sure that you know what are you talking about?

@nukeop
Copy link

nukeop commented May 14, 2024

Yeah, I am sure. Are you? What does this have to do with VPNs?

@sneer69
Copy link

sneer69 commented May 14, 2024

You said that HTTPS is an alternative to VPN on any wifi. It is not. With VPN all traffic is hidden from anybody on that wifi, even not web related. With HTTPS it is not. HTTPS only works within the application layer of TCP/IP protocol and that is not the only protocol your device uses on the network. It is just a portion of traffic.

You clearly have no idea what are you talking about, so come back to discuss when you learn a bit about networks and protocols and in the meantime, delete your misleading comments before anyone else reads them.

@nukeop
Copy link

nukeop commented May 14, 2024

Nice impotent rage

@sneer69
Copy link

sneer69 commented May 14, 2024

I can see that you are not burdened by the complexities or harsh realities of this conversation. Ignorance is bliss. Enjoy it.

@nukeop
Copy link

nukeop commented May 14, 2024

I can see that you're an internet tough guy know it all

@LokiFawkes
Copy link

Cookies are sent in plaintext? Is this 2004? Vulnerabilities in SSL? XSS too for some reason?

Tell me you don't know what you're talking about without saying you don't know what you're talking about.

Web is shitty like that. If you're not using your corporate overlords' preordained DoH servers, you can't even get Encrypted Client Hello, due to the way browsers want to shove this shit down our throats. Let alone cookies and other metadata. XSS on the other hand, is a constant cat and mouse game. Threats get better and better at Cross Site Scripting while we try to block it. Google for example really loves to skirt around XSS protection in browsers and extensions. The only real defense against XSS is running no scripts at all, and good luck getting anything done that way on the modern web. Plus even that isn't an absolute defense.

@nukeop
Copy link

nukeop commented May 15, 2024

This isn't a contest of who can copypaste the most buzzwords from wikipedia, and your little rant has nothing to do with VPNs.

@LokiFawkes
Copy link

This isn't a contest of who can copypaste the most buzzwords from wikipedia, and your little rant has nothing to do with VPNs.

You literally asked.

VPNs won't protect you from XSS, if you were wondering.

@vanderplancke
Copy link

nukeop is a vpn shill who repeatedly got into trouble with Github for the offensive content she posted. Ignore her and she will go away.

@LokiFawkes
Copy link

nukeop is a vpn shill who repeatedly got into trouble with Github for the offensive content she posted. Ignore her and she will go away.

That thing's a girl? I thought it was a robot.

@Finoderi
Copy link

DNS traffic isn't encrypted either. You can see for yourself with 'ngrep port 53'. Just plain text.
But yeah, nukeop always has been like that.

@nukeop
Copy link

nukeop commented May 15, 2024

I accept your concession.

@vanderplancke
Copy link

Thought you said you were done. Can't believe a word you say.

@dxgldotorg
Copy link

DNS traffic isn't encrypted either. You can see for yourself with 'ngrep port 53'. Just plain text. But yeah, nukeop always has been like that.

However, sensitive info like passwords, credit card numbers, etc. is not passed via DNS, and one can use a DNS over HTTPS service to encrypt their queries.

@Finoderi
Copy link

Or just set up DNS over TLS in Unbound.

@nukeop
Copy link

nukeop commented May 15, 2024

Some VPN services even offer their own DNS solutions in addition to tunnels.

@LokiFawkes
Copy link

Some VPN services even offer their own DNS solutions in addition to tunnels.

Yeah that's standard, as a proper VPN connection for any amount of privacy can't have leaks and can't get by simply tunneling a query to a public dns through their tunnel, it'd increase latency noticeably. But also, that means the data broker running your Virtual Public Network sees the queries even if you manage to encrypt your metadata.

And let's not pretend proxies run by data brokers aren't viewing that data.

And of course, between fingerprinting, SSL stripping (standard VPN grift), and cross site scripting, your attack surface just isn't lessened by a public proxy.

@dxgldotorg
Copy link

And of course, between fingerprinting, SSL stripping (standard VPN grift), and cross site scripting, your attack surface just isn't lessened by a public proxy.

Yet nobody ever thinks as to what is in those VPN client apps or whether they reconfigure your clients to accept MITM keys.

@nukeop
Copy link

nukeop commented May 16, 2024

What "data broker"? We're not talking about public proxies here though.

@LokiFawkes
Copy link

What "data broker"? We're not talking about public proxies here though.

Unless you're talking about setting up a VPN back to your home network, and not a VPN service, you're talking about a public proxy marketed as a VPN, or as I like to call it, a Virtual Public Network.

@nukeop
Copy link

nukeop commented May 16, 2024

We're not talking about that, that's just you confusing nomenclature. A VPN is very different from a public proxy, don't be intentionally obtuse.

@LokiFawkes
Copy link

We're not talking about that, that's just you confusing nomenclature. A VPN is very different from a