It's hard to reply without more context, but given that there is no context, I'm going to say "no". If you're worried about safety/anonymity, you should be using TOR. When you use a VPN, you're...
It's hard to reply without more context, but given that there is no context, I'm going to say "no". If you're worried about safety/anonymity, you should be using TOR.
When you use a VPN, you're telling the owner of that VPN quite a lot about you (about as much as you tell your ISP), so it becomes a question of who do you trust more, the VPN or your ISP?
Worth keeping in mind is that all ISPs fall within the jurisdiction of their users and so are subject to that country's data retention, information request and privacy laws... whereas the VPN you...
who do you trust more, the VPN or your ISP?
Worth keeping in mind is that all ISPs fall within the jurisdiction of their users and so are subject to that country's data retention, information request and privacy laws... whereas the VPN you choose should generally be outside that same jurisdiction (and ideally out of 5/9/14 Eyes territory if you really care about privacy).
Many VPNs also have histories of actively denying information sharing requests from foreign governments and some even have a history of going out of their way to do everything in their power to legally fight against domestic warrants too. And depending on the VPNs logging and data retention policies, they may not even store data long enough for it to matter anyways, even if they are eventually forced to cave in to demands. All of this entirely depends on the particular VPN you choose and the country it's located in though, which you can check here: https://thatoneprivacysite.net/vpn-comparison-chart/
So, yes, they may not be perfectly secure or private, and using a VPN is not an absolute guarantee your traffic data will not be made accessible at some point (either through a data breach or warrant), but it's still a damn sight better than just going through your ISP, IMO.
Right. For anyone in the US, "who do you trust more, the VPN or your ISP" will almost always be answered with "the VPN", since you can actually shop around for a privacy-respecting VPN.
Right. For anyone in the US, "who do you trust more, the VPN or your ISP" will almost always be answered with "the VPN", since you can actually shop around for a privacy-respecting VPN.
I will probably be spamming this link till I die, but if you care about your privacy and anonymity, this is a great website with fantastic info on VPN providers, browser extensions, and stuff like...
I will probably be spamming this link till I die, but if you care about your privacy and anonymity, this is a great website with fantastic info on VPN providers, browser extensions, and stuff like that to help keep your privacy. I use protonVPN by the way, it's fairly cheap (layered subscription though, so how cheap it is depends on you), and there's a free version but the speeds are quite slow with only like 5 servers out of 250 or so.
Even VPNs in the US are required to retain data for the same period as ISPs. If they state otherwise, they are lying. Same goes for any VPN legitimately providing services into the US. This same...
Even VPNs in the US are required to retain data for the same period as ISPs.
If they state otherwise, they are lying.
Same goes for any VPN legitimately providing services into the US.
This same law also applies to your land-line phone service, your wireless phone service, your wired/cell/sat based Internet service, pretty much any communications connection provider. It's been that way for almost 20 years and was one of the main reasons so many ISDN/DSL providers went under. They just couldn't afford to collect/maintain that data for 7 years.
Except for at least one VPN that operates in the US, their "no logging" claim was proven in court: https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/
Except for at least one VPN that operates in the US, their "no logging" claim was proven in court:
I'll BS on the results of that report. That seems too much like a cover story to hide what was passed as law back in the 90's and I've yet to see any indication the law was overturned. YMMV, but...
I'll BS on the results of that report. That seems too much like a cover story to hide what was passed as law back in the 90's and I've yet to see any indication the law was overturned.
YMMV, but assuming you are anonymous on the Internet is being naive. Too many times people of skill and experience thought they were, then found out the hard way they weren't.
I recommend that you read here and draw your own conclusions, it has charts with actual useful information (unlike most fake VPN "review" websites) and a good section on choosing the VPN that's...
I recommend that you read here and draw your own conclusions, it has charts with actual useful information (unlike most fake VPN "review" websites) and a good section on choosing the VPN that's best for you.
Edit: I can't answer your title question, that depends on your particular use case.
The most important thing you should ask regarding any "should I do X?" security-related question: What's your threat model? If you're in China and you're trying to get around the Great Firewall,...
The most important thing you should ask regarding any "should I do X?" security-related question:
What's your threat model?
If you're in China and you're trying to get around the Great Firewall, you have a very different threat model than you would if you're a teenager with tech-saavy but anti-pornography parents you want to circumvent.
I started using a VPN relatively recently, and I'm not sure if I should continue. I'm really only interested in one thing from a VPN: I don't want my ISP to know my browsing habits. I'm in the...
I started using a VPN relatively recently, and I'm not sure if I should continue.
I'm really only interested in one thing from a VPN: I don't want my ISP to know my browsing habits. I'm in the United States, and it's legal for them to sell that information. That is incredibly compromising, so I use a VPN as prevention.
With that said, now that I've been using it for a few months I don't know if I want to keep going--or at the very least if I should change providers. The provider I chose was highly recommended by many, and what I didn't realize at the time was that VPNs don't just attract people who want to protect their privacy but people who want to do all sorts of shady stuff. And the "better" the VPN, the more it will attract those kinds of users.
Because I picked one of the "best" VPNs for privacy, I now feel like I've given money to a company that is basically aiding and abetting some of the worst people on the internet. Many sites I go to will block my VPN by default. One site gives me a message that simply reads: If you are a living human being, please choose a different VPN or proxy server not associated with this level of abuse. I also feel like I'm potentially flagging myself as one of them by mixing my traffic with theirs. Or, at the very least, my benign traffic helps cover up theirs. I don't like that.
Is there such a thing as a "clean" VPN? Something that promotes privacy but also doesn't permit abuse? Or is that simply a tradeoff of their function: disabling oversight enables misbehavior? I don't know, but I'm not nearly as enthusiastic about its purpose as I was when I first signed up.
Find a cheap cloud hosting provider (Linode, Vultr, Digital Ocean, etc). Not AWS, because the most expensive thing AWS sells is egress bandwidth. Install your own VPN server. OpenVPN is the...
Is there such a thing as a "clean" VPN?
Find a cheap cloud hosting provider (Linode, Vultr, Digital Ocean, etc). Not AWS, because the most expensive thing AWS sells is egress bandwidth. Install your own VPN server. OpenVPN is the conservative choice, Wireguard is the bleeding-edge option. Don't try to do anything involved with IPsec unless you're positive you know what you're doing.
Any business that puts out a shingle as a "VPN hosting provider" immediately pastes a giant target on themselves. You can get a decent amount of privacy-via-obscurity by just running your own little VM in someone else's cloud somewhere, sending up all your traffic through it, and then jumping onto the larger internet as part of a big 10gig link, where no one cares or has the wherewithal to inspect your traffic at line rate.
You don't really need a VPN to make it difficult for your ISP to track your habits. First step is to enable DNSSEC and DNS over TLS in your router/firewall and change your DNS servers over to the...
You don't really need a VPN to make it difficult for your ISP to track your habits.
First step is to enable DNSSEC and DNS over TLS in your router/firewall and change your DNS servers over to the legit root servers the entire internet depends upon. This will encrypt your DNS lookups. All your ISP can see is that you made a secure connection to an external DNS server that wasn't theirs. They can't scoop the information our out of the responses you get back since it's encrypted. A side benefit of using the root servers is that you'll never see parking pages or law enforcement 'takedown' notices of sites, because the root servers don't play that game. They give you real responses that haven't been edited by your ISP. That was the main reason I switched - I was tired of having torrent sites blocked.
Your next step is to install plugins like https everywhere in your browser, so that you only send encrypted information to all of the sites you visit. This is just about to become the default way that all browsers operate anyway. This way no one can glean any information out of your communication with that website.
If torrents are the reason you VPN (because your ISP is actively hostile to that activity) you can use clients like Bitthief that cheat the torrent protocol and upload no information about you, and don't register your IP address in the torrent swarm (which is the trigger that causes takedowns to be sent). This isn't particularly good for the health of the torrent since you're basically freeleeching, but it will keep your ISP off your back.
If you want to visit certain sites and not be tracked at all, there's always Tor. That's its purpose - not just for the dark web.
Thank you for this. I genuinely want to protect only my normal, boring, everyday web browsing habits. I don't need to hide torrenting or do any dark web stuff. There aren't any shady skeletons I'm...
Thank you for this.
I genuinely want to protect only my normal, boring, everyday web browsing habits. I don't need to hide torrenting or do any dark web stuff. There aren't any shady skeletons I'm trying to keep under wraps. I just don't like the idea that my ISP can see and sell everything that I do on the internet. It feels incredibly invasive, particularly because my internet use is an extension of my thinking. My searches alone, much less the sites I then click through and read, reveal not just interests and demographic data but also what I'm thinking about at multiple points throughout each day. Anyone with access to this data is basically able to climb into my mind, and that unsettles me. It makes it feel like companies are buying and selling not just "data" about me, but whole pieces of my consciousness or personality.
If I'm understanding you correctly, with root DNS servers and HTTPS, my ISP will only ever be able to see that I've connected to someone else's DNS servers? If so, that meets the use case I desire from my VPN without the auxiliary damage that I mentioned in my post.
I set up unbound on pfSense to do this, and I must have missed the part where DNSSEC and DNS over TLS were different aspects of the system. pfSense makes it so easy I never even noticed. Thanks...
I set up unbound on pfSense to do this, and I must have missed the part where DNSSEC and DNS over TLS were different aspects of the system. pfSense makes it so easy I never even noticed. Thanks for the clarification.
Yeah, TOR is surprisingly not bad for general surfing. You just hit cloudfront's captchas a lot. It's not even that slow anymore. I think the reason bitthief works is because detection is...
Yeah, TOR is surprisingly not bad for general surfing. You just hit cloudfront's captchas a lot. It's not even that slow anymore.
I think the reason bitthief works is because detection is something as simple as just keeping a list of the IPs in the swarm. Isn't a lot of the detection outsourced to a variety of firms that specialize in tracking infringement? I remember seeing something about firms not being able to actually share the material themselves. I used to read groklaw a lot, probably saw it there ages ago.
I wonder... is the presence of the IP address enough, or do they have to at least establish a connection and download a few bits so they can verify the presence of the file at that IP? Bitthief...
I wonder... is the presence of the IP address enough, or do they have to at least establish a connection and download a few bits so they can verify the presence of the file at that IP? Bitthief would block both. It'd only be detectable if they were sharing the file themselves and bitthief started a download from their honeypot.
You don't always need to run one, but there are times where it comes in handy -- especially if you have the dirty habit of using public wifi. If you don't already have or don't need a VPS, you can...
You don't always need to run one, but there are times where it comes in handy -- especially if you have the dirty habit of using public wifi.
If you don't already have or don't need a VPS, you can get a cheapo one from lowendspirit -- $3+ per year (cheap cheap). These cheap VPSs aren't for anything piracy related, but simple services like a VPN, ZNC, etc. You're given 20 ports for IPV4. They work well for what you're paying.
If you want to use Netflix and stuff for other countries, definitely go with Private Internet Access. You don't need their app, they have OpenVPN profiles:
It's hard to reply without more context, but given that there is no context, I'm going to say "no". If you're worried about safety/anonymity, you should be using TOR.
When you use a VPN, you're telling the owner of that VPN quite a lot about you (about as much as you tell your ISP), so it becomes a question of who do you trust more, the VPN or your ISP?
Worth keeping in mind is that all ISPs fall within the jurisdiction of their users and so are subject to that country's data retention, information request and privacy laws... whereas the VPN you choose should generally be outside that same jurisdiction (and ideally out of 5/9/14 Eyes territory if you really care about privacy).
Many VPNs also have histories of actively denying information sharing requests from foreign governments and some even have a history of going out of their way to do everything in their power to legally fight against domestic warrants too. And depending on the VPNs logging and data retention policies, they may not even store data long enough for it to matter anyways, even if they are eventually forced to cave in to demands. All of this entirely depends on the particular VPN you choose and the country it's located in though, which you can check here: https://thatoneprivacysite.net/vpn-comparison-chart/
So, yes, they may not be perfectly secure or private, and using a VPN is not an absolute guarantee your traffic data will not be made accessible at some point (either through a data breach or warrant), but it's still a damn sight better than just going through your ISP, IMO.
Right. For anyone in the US, "who do you trust more, the VPN or your ISP" will almost always be answered with "the VPN", since you can actually shop around for a privacy-respecting VPN.
I will probably be spamming this link till I die, but if you care about your privacy and anonymity, this is a great website with fantastic info on VPN providers, browser extensions, and stuff like that to help keep your privacy. I use protonVPN by the way, it's fairly cheap (layered subscription though, so how cheap it is depends on you), and there's a free version but the speeds are quite slow with only like 5 servers out of 250 or so.
Even VPNs in the US are required to retain data for the same period as ISPs.
If they state otherwise, they are lying.
Same goes for any VPN legitimately providing services into the US.
This same law also applies to your land-line phone service, your wireless phone service, your wired/cell/sat based Internet service, pretty much any communications connection provider. It's been that way for almost 20 years and was one of the main reasons so many ISDN/DSL providers went under. They just couldn't afford to collect/maintain that data for 7 years.
Except for at least one VPN that operates in the US, their "no logging" claim was proven in court:
https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/
I'll BS on the results of that report. That seems too much like a cover story to hide what was passed as law back in the 90's and I've yet to see any indication the law was overturned.
YMMV, but assuming you are anonymous on the Internet is being naive. Too many times people of skill and experience thought they were, then found out the hard way they weren't.
VPN easily, not even a question for me.
I recommend that you read here and draw your own conclusions, it has charts with actual useful information (unlike most fake VPN "review" websites) and a good section on choosing the VPN that's best for you.
Edit: I can't answer your title question, that depends on your particular use case.
The most important thing you should ask regarding any "should I do X?" security-related question:
What's your threat model?
If you're in China and you're trying to get around the Great Firewall, you have a very different threat model than you would if you're a teenager with tech-saavy but anti-pornography parents you want to circumvent.
I started using a VPN relatively recently, and I'm not sure if I should continue.
I'm really only interested in one thing from a VPN: I don't want my ISP to know my browsing habits. I'm in the United States, and it's legal for them to sell that information. That is incredibly compromising, so I use a VPN as prevention.
With that said, now that I've been using it for a few months I don't know if I want to keep going--or at the very least if I should change providers. The provider I chose was highly recommended by many, and what I didn't realize at the time was that VPNs don't just attract people who want to protect their privacy but people who want to do all sorts of shady stuff. And the "better" the VPN, the more it will attract those kinds of users.
Because I picked one of the "best" VPNs for privacy, I now feel like I've given money to a company that is basically aiding and abetting some of the worst people on the internet. Many sites I go to will block my VPN by default. One site gives me a message that simply reads:
If you are a living human being, please choose a different VPN or proxy server not associated with this level of abuse.I also feel like I'm potentially flagging myself as one of them by mixing my traffic with theirs. Or, at the very least, my benign traffic helps cover up theirs. I don't like that.Is there such a thing as a "clean" VPN? Something that promotes privacy but also doesn't permit abuse? Or is that simply a tradeoff of their function: disabling oversight enables misbehavior? I don't know, but I'm not nearly as enthusiastic about its purpose as I was when I first signed up.
Find a cheap cloud hosting provider (Linode, Vultr, Digital Ocean, etc). Not AWS, because the most expensive thing AWS sells is egress bandwidth. Install your own VPN server. OpenVPN is the conservative choice, Wireguard is the bleeding-edge option. Don't try to do anything involved with IPsec unless you're positive you know what you're doing.
Any business that puts out a shingle as a "VPN hosting provider" immediately pastes a giant target on themselves. You can get a decent amount of privacy-via-obscurity by just running your own little VM in someone else's cloud somewhere, sending up all your traffic through it, and then jumping onto the larger internet as part of a big 10gig link, where no one cares or has the wherewithal to inspect your traffic at line rate.
That's a bit above my current tech ability level, I'm afraid. I would like to get there someday, but I'm not there yet.
This is a very good idea. Just blend into the swarm.
You don't really need a VPN to make it difficult for your ISP to track your habits.
First step is to enable DNSSEC and DNS over TLS in your router/firewall and change your DNS servers over to the legit root servers the entire internet depends upon. This will encrypt your DNS lookups. All your ISP can see is that you made a secure connection to an external DNS server that wasn't theirs. They can't scoop the information our out of the responses you get back since it's encrypted. A side benefit of using the root servers is that you'll never see parking pages or law enforcement 'takedown' notices of sites, because the root servers don't play that game. They give you real responses that haven't been edited by your ISP. That was the main reason I switched - I was tired of having torrent sites blocked.
Your next step is to install plugins like https everywhere in your browser, so that you only send encrypted information to all of the sites you visit. This is just about to become the default way that all browsers operate anyway. This way no one can glean any information out of your communication with that website.
If torrents are the reason you VPN (because your ISP is actively hostile to that activity) you can use clients like Bitthief that cheat the torrent protocol and upload no information about you, and don't register your IP address in the torrent swarm (which is the trigger that causes takedowns to be sent). This isn't particularly good for the health of the torrent since you're basically freeleeching, but it will keep your ISP off your back.
If you want to visit certain sites and not be tracked at all, there's always Tor. That's its purpose - not just for the dark web.
Edit: Thanks @rfr for the clarification.
Thank you for this.
I genuinely want to protect only my normal, boring, everyday web browsing habits. I don't need to hide torrenting or do any dark web stuff. There aren't any shady skeletons I'm trying to keep under wraps. I just don't like the idea that my ISP can see and sell everything that I do on the internet. It feels incredibly invasive, particularly because my internet use is an extension of my thinking. My searches alone, much less the sites I then click through and read, reveal not just interests and demographic data but also what I'm thinking about at multiple points throughout each day. Anyone with access to this data is basically able to climb into my mind, and that unsettles me. It makes it feel like companies are buying and selling not just "data" about me, but whole pieces of my consciousness or personality.
If I'm understanding you correctly, with root DNS servers and HTTPS, my ISP will only ever be able to see that I've connected to someone else's DNS servers? If so, that meets the use case I desire from my VPN without the auxiliary damage that I mentioned in my post.
I set up unbound on pfSense to do this, and I must have missed the part where DNSSEC and DNS over TLS were different aspects of the system. pfSense makes it so easy I never even noticed. Thanks for the clarification.
Yeah, TOR is surprisingly not bad for general surfing. You just hit cloudfront's captchas a lot. It's not even that slow anymore.
I think the reason bitthief works is because detection is something as simple as just keeping a list of the IPs in the swarm. Isn't a lot of the detection outsourced to a variety of firms that specialize in tracking infringement? I remember seeing something about firms not being able to actually share the material themselves. I used to read groklaw a lot, probably saw it there ages ago.
I wonder... is the presence of the IP address enough, or do they have to at least establish a connection and download a few bits so they can verify the presence of the file at that IP? Bitthief would block both. It'd only be detectable if they were sharing the file themselves and bitthief started a download from their honeypot.
You don't always need to run one, but there are times where it comes in handy -- especially if you have the dirty habit of using public wifi.
If you don't already have or don't need a VPS, you can get a cheapo one from lowendspirit -- $3+ per year (cheap cheap). These cheap VPSs aren't for anything piracy related, but simple services like a VPN, ZNC, etc. You're given 20 ports for IPV4. They work well for what you're paying.
If you want to use Netflix and stuff for other countries, definitely go with Private Internet Access. You don't need their app, they have OpenVPN profiles: