VPNs are Misunderstood by Many

Aug. 2, 2022 [technology] [privacy-security]

VPN services are being shilled everywhere, on privacy sites, in just about every techtuber channel and by the masses on forums. It has gotten so loud that even the boomers in my life are openly inquiring whether a VPN is worth their effort. I think it often gets missed that VPNs are just a tool which can in only bring benefit in some applicable situations. It seems that those who have just begun exploring internet privacy and security treat VPN services as a magical cloak, and when your only tool is a hammer then every problem looks like a nail.

It doesn’t matter what the marketing says (In fact, never listen to marketing), VPNs only address two aspects of your online signature:

  1. Conceal your WAN IP address from the destination servers or peers.
  2. Obfuscate traffic from network observers such as your ISP or other devices on the LAN.

One is essentially only rotating ISPs through the use of VPNs. When you connect over one, you are only shifting the trust over from your real ISP to the VPN service. And that’s the thing; its model is trusted, not trustless. VPN services can only ever be used for privacy, but never anonymity. It doesn’t matter if you’ve paid in privacy coin or use a free service, they still see you connecting from your real WAN IP address. Anyone seeking anonymity should consider something like Tor or I2P instead.

While this limits the scope of useful applications, that is not to say that VPNs are useless either. They are a perfectly valid means of:

It may be inadvisable to constantly remain on a VPN connection. Giving your holistic fingerprint of network activity over to some exit point can serve to correlate it with where it appears elsewhere. I would recommend shutting down any email or IM clients and logging out of any web services before enabling a host-wide VPN to conduct any of the above activities. Or use application isolated VPN routing. And consider only using the VPN connection for the duration of the necessary activity. If you have any networked applications that you want to conceal 24/7 it is much better to Torrify them through socks proxy.

Contrary to popular belief, VPNs do not make you anonymous. They do not make you untracable. Use appropriately and be realistic about the use cases before diving in to sign up for the flashiest, slickest marketed, hardest shilled, hot new VPN service.