VPN

This is a long one, so buckle in and get ready for a wild ride! I’m going to shatter an illusion created by a lot of social media influencers right now and say that a VPN is almost useless for a home user. I don’t want to throw shade at people that are trying to earn a living and put food on the table, but a certain level of responsibility needs to be taken by the influencer market.

I noticed this trend started about six or so years ago where big names on social media were peddling VPN providers to their audience. The promises made were things like being able to hide all your internet traffic, no logs of what you were doing, and so on. Some of these statements aged like milk, like how some providers were caught keeping logs on everything their customers were doing. Some statements are just downright false, like hiding your internet traffic.  Then there’s the fact that some of these VPN providers have extremely shady connections.  Even today, I still see this BS come up once in a while on videos as sponsorships or affiliates.

People that don’t have a solid grasp of networking don’t know that these are just absurd statements. This really isn’t any different than influencers doing other shady garbage, like promoting crypto pump and dump scams. Then when these influencers get called out, they try to play stupid and act like they didn’t know what was going on. Either they did know and don’t want to admit it because they treat their fan bases as stupid and milk them for money, or they just didn’t bother to do any due diligence, which is a complete failure and letdown of their audiences.

For most people, using a VPN is a total waste of money, time, and will end up causing more issues. For example, if you use a VPN for daily driving, you’ll have issues with logging into sites. If you try to login to your bank or a lot of merchant accounts, you’ll trigger fraud detection systems that think your account is compromised.

Then there’s the aspect that you have to trust yet another party with a lot of sensitive info. I mention this when using things like AV suites and it applies here to. If your traffic is run through HTTPS, then you would mostly be okay, though the VPN provider will still see everything you’re visiting. Some Googling would reveal a lot of articles talking about VPN providers who have some really shady connections or who were doing things they claimed not to, like collecting logs of all their users' traffic. Many times, people use the client provided by the VPN provider. If this is a shady company or a downright malicious company, they will now have kernel level access to your device.

Putting the issues with the providers and influencers aside, let’s talk about the anonymity aspect. You will absolutely not be anonymous if you use one of these. I will get into the use cases for a VPN shortly, but they are very limited. First, all your traffic is still visible. The ISP will be able to see that all your traffic is going to and from the VPN provider. The VPN provider will be able to see all sites you go to.

Some world class geniuses have tried using VPNs to commit crimes. These clowns then quickly get caught and arrested because law enforcement just gives search warrants to the VPN provider to get all information about you. Lower level crimes will be handled usually by local law enforcement, who won’t have any issues getting a warrant. Generally speaking, local LE is much more capable than most people believe, and if/when a technically literate cop gets involved in the case, the suspect is in for a bad day. If a person does something really stupid, then an agency like the FBI gets involved, and then that person is really going to get railed.

If you haven’t read the nation state actor page in the OPSEC section, I suggest checking it out. Using a VPN will definitely not hide you from being arrested for committing a crime. Also, most VPNs are in a fourteen eyes country or a country that cooperates with fourteen eyes. Putting data retention and collection laws aside, it would be very naïve to think that intelligence agencies haven’t tapped into every VPN provider's server. If you used a VPN provider in a country that absolutely doesn’t work with fourteen eyes, you have yet another level of privacy and security risks that you probably haven’t even considered.

Now, I’ll cover the few instances where a VPN does something useful. One of those instances is whenever you use public Wi-Fi, such as at a coffee shop. If you use public Wi-Fi at all, you should always have a VPN turned on before browsing or using any apps. All of your activity will be visible and likely tracked through the router. Without a VPN, your website usage will be clearly visible. Two, if you are connected to a router that someone else uses, you should use a VPN, even if the router is properly secured and not open to the public. The same reason for number one applies here. Third, you could use one if you really want to hide your traffic from an ISP, but then you have to trust another party with your browsing history. Another reason is if you like to visit the Caribbean. If you don’t know what that means, that’s okay, because I don’t promote it and it won’t be discussed here.

There is one other reason but it’s really not a good one, and I’ll explain why. I see some talk about using it to access content that’s geoblocked. This used to be popular in the case of video streaming where a movie could be watched in one country but not another. Most places caught onto this and started banning VPN IP addresses. I’ve seen many threads of people trying to figure out what VPN or what server will work and it turns into a game of whack-a-mole. I don’t see a point in wasting time over garbage like this.

The other part of geography was to get a lower price due to currency conversions. Keep in mind that if this isn’t automatically blocked by the merchant, you risk account banning and could have your payment method charged for the full amount anyway. Steam is an example of this. Even if you were able to buy a game cheaper using currency conversions, it’s a violation of their terms of service and your account will just get banned. Then you lose everything that you paid for.

There are more security and privacy reasons for the first two use cases I listed a while back of why you might want to use a VPN. First, many routers are garbage and oftentimes have CVEs that haven’t been patched. It’s definitely not a fix-all, but a VPN can help in a small way here. Second, you should never trust network equipment that you don’t own, have exclusive access to, and have configured yourself. Third, you could be a victim of DNS hijacking, SSL stripping, or a similar attack. This is discussed more in the DNS section. In the case of using someone else’s network equipment, I never recommend relying on encrypted DNS to take care of this. A VPN is the best option you have.

If none of the above applies to you, then you probably shouldn’t bother spending money on a VPN. Try not to fall prey to the ridiculous marketing of the VPN companies saying all the evils they protect you against. It’s a bunch of garbage, just like most other advertising these days.

If you do need or want a VPN, there’s only a few on the market that I think are worth a damn and are trustworthy enough to use. They happen to all be listed on PrivacyGuides as their three recommendations. Going back to what I said a couple paragraphs ago about not trusting networking equipment, VPNs are in a similar category here. Most times, you’ll just use the software they provide and they will see all your network activity. You must be absolutely confident in your choice. Feel free to look at PrivacyGuides if you want to pick one.

Watch out for the rest though, as there are a lot of dangers in who you can choose from. If you choose one, look at the history of the company, the owners and who they get funding from, the privacy policy and terms of use, any known instances of them collecting data when they claim otherwise, any known court cases, user reviews, etc. Also, don’t believe 95% of review websites. They get paid a lot of money to shill crappy providers and embed affiliate links all over their sites to untrustworthy VPNs.