Don't use VPN services.

vpn.md

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

• A Russian translation of this article can be found here, contributed by Timur Demin.
• A Turkish translation can be found here, contributed by agyild.
• There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

Why not?

Because a VPN in this sense is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want - including logging.

But my provider doesn't log!

There is no way for you to verify that, and of course this is what a malicious VPN provider would claim as well. In short: the only safe assumption is that every VPN provider logs.

And remember that it is in a VPN provider's best interest to log their users - it lets them deflect blame to the customer, if they ever were to get into legal trouble. The $10/month that you're paying for your VPN service doesn't even pay for the lawyer's coffee, so expect them to hand you over.

But a provider would lose business if they did that!

I'll believe that when HideMyAss goes out of business. They gave up their users years ago, and this was widely publicized. The reality is that most of their customers will either not care or not even be aware of it.

But I pay anonymously, using Bitcoin/PaysafeCard/Cash/drugs!

Doesn't matter. You're still connecting to their service from your own IP, and they can log that.

But I want more security!

VPNs don't provide security. They are just a glorified proxy.

But I want more privacy!

VPNs don't provide privacy, with a few exceptions (detailed below). They are just a proxy. If somebody wants to tap your connection, they can still do so - they just have to do so at a different point (ie. when your traffic leaves the VPN server).

But I want more encryption!

Use SSL/TLS and HTTPS (for centralized services), or end-to-end encryption (for social or P2P applications). VPNs can't magically encrypt your traffic - it's simply not technically possible. If the endpoint expects plaintext, there is nothing you can do about that.

When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and mess with all your traffic.

But I want to confuse trackers by sharing an IP address!

Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these kind of tactics, and combined with increased adoption of CGNAT and an ever-increasing amount of devices per household, it just isn't a reliable data point anymore.

Marketers will almost always use some kind of other metric to identify and distinguish you. That can be anything from a useragent to a fingerprinting profile. A VPN cannot prevent this.

So when should I use a VPN?

There are roughly two usecases where you might want to use a VPN:

1. You are on a known-hostile network (eg. a public airport WiFi access point, or an ISP that is known to use MITM), and you want to work around that.
2. You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters.

In the second case, you'd probably just want a regular proxy specifically for that traffic - sending all of your traffic over a VPN provider (like is the default with almost every VPN client) will still result in the provider being able to snoop on and mess with your traffic.

However, in practice, just don't use a VPN provider at all, even for these cases.

So, then... what?

If you absolutely need a VPN, and you understand what its limitations are, purchase a VPS and set up your own (either using something like Streisand or manually - I recommend using Wireguard). I will not recommend any specific providers (diversity is good!), but there are plenty of cheap ones to be found on LowEndTalk.

But how is that any better than a VPN service?

A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that a VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be.

So why do VPN services exist? Surely they must serve some purpose?

Because it's easy money. You just set up OpenVPN on a few servers, and essentially start reselling bandwidth with a markup. You can make every promise in the world, because nobody can verify them. You don't even have to know what you're doing, because again, nobody can verify what you say. It is 100% snake-oil.

So yes, VPN services do serve a purpose - it's just one that benefits the provider, not you.

---

This post is licensed under the WTFPL or CC0, at your choice. You may distribute, use, modify, translate, and license it in any way.

---

Before you comment: Be aware that any non-constructive comments will be removed. This includes advertising for VPN providers (yes, even when you phrase the marketing claims like a question), trolling, harassment, insults towards other people, claims that have already been addressed in the article, and so on.

If your comment isn't a genuine question or a concrete counterargument supported by evidence, it probably doesn't belong here.

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

Says someone that just subscribed to Github. It seems more an advert/affiliate link.

I vote for my all-time favourite VPN. StreamVPN is an excellent virtual private network (VPN) service that offers its users a fast, secure, and private internet browsing experience. The service is easy to use and has a user-friendly interface that makes it easy for even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass internet censorship and geo-restrictions. With servers in multiple locations, users can easily connect to a server in a different country and access content that may be restricted in their region. This makes it an ideal VPN for users who want to stream content from other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which ensures that user activity and connection logs are not stored. This means that users can enjoy a high level of privacy and security while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for users who want to stream high-quality content or engage in online gaming. Additionally, the service offers excellent customer support and has a dedicated support team available 24/7 to assist users with any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a great mix of privacy, security, and functionality. It is a reliable and efficient VPN that is well worth considering for anyone looking for a top-quality VPN service.

Bot detected 1000000%

So, Mullvad isn't trustworthy?

Trust Mullvad as far as you can throw it. Don't expect it to keep your network traffic a secret any more than any other service, though it does have less data-broker baggage than many others.

You can somewhat trust some rare VPNs as some of them made their canary tactics public and you can observe how the VPN/company interacted with other court orders in the past.

e.g. Mullvad and Proton

Basically, if they have logs, they just hand them encrypted jargon, if they have no logs, then nothing can be given.
This gist is somewhat right but too pessimistic.

99% of people use VPNs for geolocation bypass (Netflix or living in an authoritarian regime) or p2p torrenting, which are fairly valid use cases.

I'd say Mullvad, Proton and iVPN are trustworthy considering what I've seen from their responses and what happened during equipment seizures.

List of garbage VPNs that are to be avoided 100%:

• GhostVPN: Owned by ex-malware company
• PIA: Now owned by ex-malware company
• Tunnelbear: Owned by McAfee
• PureVPN: Lied about not keeping logs
• Windscribe VPN: Lied about encryption
• HideMyAss: Lied about not keeping logs
• DoubleVPN: Lied about not keeping logs
• EarthVPN: Lied about not keeping logs
• ProtonVPN: Garbage apps.
• Hola: Malware

Of course, never trust VPNs that are mass-peddled on YouTube channels.

It's all very circumstantial and somewhat "no brainer". Kind of like how you'd trust pCloud to harbor sensitive data but never Google Drive. But you can circumvent the whole thing by running Cryptomator on your Gdrive folder contents locally.

You just have to be smart about it.

As far as the best one, it definitely goes to Mullvad. You don't even need an identity tied to your payment method.

What if we use openvpn and connect to free vpn providers like https://www.freeopenvpn.org/index.php?lang=en. is that safe?

I mean i am just looking to watch anime on pirated sites like gogoanime. and i don't need a letter knocking on my door.

@ranazain0009 Looks like all these vpn indicated in the website are logging all consumer traffic and personal data that's stored in their DB. Is that true or am I paranoid? Just because you pay them, doesn't mean that they will be ethical. Still giving them all the power to sell or use your info for nefarious purposes...

Just a thought, please correct me if I am mistaken.

They most certainly won't log "all consumer traffic" as it would be way too much to store. Not even the NSA does that or would be capable of holding all that stuff.

If at all, it will be the meta-data about the connection itself.

Paranoia? Depends on your use case. I'd claim that for a little P2P, etc. ANY will do it as "investigations" in that regard will stop at the first visible IP-address and as long as it is not your easily accessible ISP, I'm yet to hear of any case where they took the effort to follow up the chain. If you plan "more" or your safety is a stake like being a Snowden, then cascade several up to your personal level of paranoia. ;)

literally shit for brains

Don't make careless arguments about VPNs as a useless or harmful service. Deprecating VPNs as "glorified proxies" is more sensationalist than accurate, as they are completely different in measures of bandwidth and encryption strength. Joepie91 does not consider that a main usage of VPNs is to prevent deep packet inspection and evade censorship. Plentiful VPNs are a reason why censorship is dead. If you are in a f#@&'ed up place with f#@&'ed up internet and want to read the Washington Post or stream some CBC Radio, a VPN works.

As one who has lived and worked in f#@&'ed up places with f#@&'ed up internet, VPNs are useful. I don't trust commercial VPN services either, and advocate usage of one's own VPS to run something like Wireguard. Streisand or Algo are tools for making the setup easy. Let me rephrase my point: VPNs are useful for circumventing internet surveillance and censorship imposed locally or regionally. For a higher level of trust, use your own server to avoid the pitfalls of commercial services.

If you are doing something risky, you need a solution requiring zero trust. Use Tor, Lokinet, or I2P (and a hardened browser) for anonymity. If you don't want your data accessed, use end-to-end encrypted services. As mentioned in this thread, there are some very good messaging applications which have strong E2EE and smartly written implementations. Briar, White Mouse, Element come immediately to mind.

Thank you for coming to my Ted Talk..

If you want to read WaPo something in your life is really fucked up already. For tasks described above any regular socks-proxy is more than enough.

@AB9IL So what you're saying is,
VPN services are a glorified proxy.
They don't provide privacy, only a very shallow and easily defeated evasion of censorship. Any proxy (and that's what these services usually are anyway) can do that. But again, that's all you're doing, is getting around geofilters until you're discovered.
No security or privacy benefit is involved. And that's what this gist is about.

@nukeop Your ISP knows your IP address. The site you go to knows your IP address or the IP of the server you're proxying through. Those are the only two parties that could normally track you by IP address. And neither does.

This is because your IP address is useless garbage information in the current internet structure. Clients have dynamic IP addresses, v4 uses NAT to combat the limited address space, meaning you can only identify a home or place of business at best, and IPv6 is currently poorly managed. Hell, my ISP gives me my own range of IPv6 addresses and somehow I still can't retain the addresses themselves. If a machine loses connection, or I lose internet connection, it's back to the drawing board and trying to set static addresses will just screw things up worse. Likely so they can sell a business plan that costs 10 times as much.

Servers often host multiple sites on one address, even sites owned by different people. So IP addresses are virtually useless for determining what site you connected to as well.

ISPs look for DNS requests and unencrypted client hello messages. They also source records from popular DNS providers. They also know if you're using a popular proxy service like NordVPN, and often are buying data from data brokers that own these proxy services.

That hello message, by the way, can still lead the people snooping between your proxy and the site back to you, to know you visited it. It's not as easy as if it came directly from you, but it still works.

Then there's the endpoint you're connecting to. They make a fingerprint of your browser, try to install cookies in your browser, and employ many other tricks to track you not only on their site but across sites and apps. Your IP address is not involved in that process.

Finally, a man in the middle cannot get the contents of your communication with the site. From the time you're done saying hello, to the time the encrypted connection is closed for good, an observer would need your private key and the site's private key to know what the hell you two are saying to each other. It's like listening to dialup. Just like how you'd need a demodulator to listen in on a dialup connection (even one that isn't encrypted), and without one you just hear noise, an observer cannot make heads or tails of a TLS connection.

With a private DNS server, either on your local network or over DoT/DoH, and a browser that will let you use ECH with a private server, nobody knows who connected to what site except you and the other party. And if you're worried about the site tracking you, don't worry, they already are, even if you don't have an IP address at all. It doesn't matter if you're communicating over TCP/IP or carrier pigeon. There's no turnkey solution to stop them tracking you. You have to use your brain, reject all conveniences, and leave your identity at the door. Only static webpages with JS disabled and cookies rejected for you, as well as a predetermined canvas size that makes you look like all the Tor Browser users out there.

privacytools/privacytools.io#1760 (comment)

Sounds like an american problem to me. Most of these things are outlawed in civilized countries.

Ahh yes. America; the country that brought the entirety of the planet standards of living up by a factor of 10, won 2 world wars, and was the primary country that said NO to slavery in the previous century; is not civilized. Privacy, torrenting, and VPN's are the only reason that places which do NOT have the ability to speak of atrocities (China, Venezuela, North Korea{if anyone can get a computer and is smart enough to figure this stuff out they will for sure will be able to access the unfiltered web} are some modern examples thanks to this kind of technology. Meanwhile our standards of speech lead Alexander Solzhenitsyn to be able to wildly publish his book, "The Gulag Archipelago". This book was one of the direct contributors to the downfall of the USSR; as he was able to show the world an inside look at what the Soviet's war machine looked like.

Not to mention the audacity to come onto a thread about VPN's; which are the only way that some people are able to see the outside world at all, and say something as profoundly ignorant as "most of the things that stop mass genocide are outlawed in the countries that originally sponsored some of it".

Stop it. Get help.

Lol, this is your mind on CIA propaganda. Check what happened to Gary Webb and Edward Snowden.

Don't think I am oblivious to the fact that the three letter agencies in the US are traitorous entities. But to throw out the entirety of the US, and say that we are uncivilized because we have privacy and protection laws? HA! Enjoy communism, Marxism, Socialism, Totalitarianism, and all the other "Ism's" there are; because freedom of speech is the Sword of Damocles to any Tyrant.

nukeop

so your argument is that because people are in jail, that we have no freedom of speech? point to me the political dissidents within the country that are currently in jail because they spoke ill of the governmental bodies in place

It's always easy to talk about things you don't know. In North Korea there are white lists of IPs you are allowed to connect to. Everything else are just dropped. It's pretty dumb and straightforward but no workaround exists. You can't pull routs out of your ass where they don't exist.
And in China shadowsocks is rather popular socks-proxy. But it's not a VPN and there are good reasons for that.

Alex Jones has to pay 6 gorillion dollars for his freedom of speech

alex jones had a lawyer that accidently emailed private conversations between him and AJ to the opposing defense team.
he also was up for deformation, in saying that no one was killed in Sandy Hook. News flash, they were.
He is a misinformation agent that is a MOSSAD plant. he purposefully tells you the truth, but twists it into a narrative. his job is to make people look crazy. and he does a fantastic job at it too.

he also; is not in jail. so please. try again. im very interested in understanding your logic on this.

i was speaking as to people in NK. the government does issue computers to its citizens, but they are incredibly limited on what they see, and we are incredibly limited on what we see. what im saying is if a NK official who has unrestricted access (a hacker) can figure out how to setup a VPN, he more than likely could, because he would be able to get the information. from that point he could see the whole web.

i am, however; not an expert in this field, and will defer to others on their expertise.

dont forget that they even developed a video game at one point
https://en.wikipedia.org/wiki/Category:Video_games_developed_in_North_Korea

He is a misinformation agent that is a MOSSAD plant.
his job is to make people look crazy.

I wonder if this is fruits of his labour or you are just so... unique on your own...

He is a misinformation agent that is a MOSSAD plant.
his job is to make people look crazy.

I wonder if this is fruits of his labour or you are just so... unique on your own...

if you know; you know

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

im still waiting on proof of concept for your political dissidents.

not once did i claim America was a paradise. it has its problems like everywhere else does. but please; continue to say nothing, and put words in my mouth. if you want to know why I personally believe it is better than other countries; look at the tax rates (our highest tax rate overall is still lower than any other country on the planet) and healthcare (not its insurance system but the actual quality itself. people come from all over the world to get healthcare here) is, broken; but top of the line for the ones that have insurance. (not to mention most hospitals will treat you if you're not an American citizen, with American citizens tax dollars). not to mention freedom of speech; which is full circle back to what this whole conversation started on!

do you think NK is a wonderful place? go live there! they'd happily take you, as target practice once you approach the border.
my comparison was not to their quality of life, but as to how development does go on in the country with computers; and that people there may or may not have an ability to see the outside world.
you may have an issue with dyslexia and contextual information if you're struggling with that.

im trying to ask you a serious question. please. inform me, how we are all brainwashed and controlled by the system because we have a judicial system that operates. tell me which American in our country is a political prisoner. if you refuse to and continue to just take jabs at me; while providing no proof of anything. I'll just block you

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

I am laughing at your idiocy. Either you must be a troll, or it must be a birthright to write such a comment unironically.

If the best you can say is that it's in some aspects better than North Korea then the bar isn't set very high

You clearly aren't interested in an intellectual conversation 😂😂. I never said this. Not once.

Kids, now you see the effects of propaganda of success being forced on people for their entire lives. Americans truly believe their dystopic police state is a paradise on earth. You see, wikipedia has no information on north korean videogames; therefore amerimutts are the best.

I am laughing at your idiocy. Either you must be a troll, or it must be a birthright to write such a comment unironically.

I choose to apply Hanlon's Razor with nukeop. He is right about one thing. The CIA loves to disinform people. He clearly has been affected.

do you think NK is a wonderful place? go live there! they'd happily take you, as target practice once you approach the border.

You mean like this? https://en.wikipedia.org/wiki/Migrant_deaths_along_the_Mexico%E2%80%93United_States_border

Ok and when the border is open this problem gets worse because human trafficking of children goes up.

If people followed a legal process VS leaving it up to Cartel Cyoties women and children over the border who end up victims of SA and Rpe

But no. Open border clearly is the way to go. Turn on any TV channel and you'll see that.

Also no one tries to shoot you for traveling internationally

USA: The country that heroically overcomes problems unknown in any other country

Keep watching that TV

Nuke. Your all over the board bro. Bring it back to the start of the conversation.

Show me any political dissonant who have been locked up In the US. Any US citizen who is being held and not given his rights.

@nukeop If you want to play argumentum ad hominem, your profile says "fullstack software developer".

Nobody outside of HR cares about that term, at all. It's a term people who can't name what they do use to describe their skills, or lack thereof, in a favorable manner.

@nukeop It's so commonly used that anyone actually in tech knows you need to go into more detail or we throw out your application and tell our recruiters to stop sending people like you to us.

What do you write? What languages do you use in this "full stack", what do you use for backend, what do you use for frontend? Is your frontend HTML and JS or is it a generated page? Is your backend PHP, Node, Python, Java, C++, Rust(tm), etc? What do you use for SQL, or do you even use SQL? And finally, what do you specialize in?

Fail to answer any of these, or arrogantly say "all of it", and you're blacklisted from applying for a fucking year.