Next time you think about opening your VPN before ingesting some quality content, you might want to think twice. When a reader asked what VPN service we recommend, we decided to turn the answer into a semi-rant, semi-instructional piece.

So why not bother with a VPN? Because VPN’s are just glorified proxies. The VPN Provider can see all your traffic and do whatever they want with it, including logging.

Even if you are paying for a VPN service that claims not to log your traffic, there is no way to know. The only safe assumption is that every VPN provider logs.

It’s actually in the VPN provider’s best interest to log their users since it lets them deflect blame to the customer if they ever encounter legal trouble. The $10 per month you’re paying for your VPN service doesn’t even pay for the lawyer’s coffee, so you can expect they’d turn you over the minute sh*t hits the fan.

HideMyAss is the perfect example of a VPN provider not being true to their word after they gave up their loyal customers data in what was a widely publicized ordeal. In 2011, they handed over evidence which resulted in the arrest of a suspected LulzSec member. The UK-based company offers a free web proxy and a subscription-based VPN. When the feds came knocking, they handed over potentially incriminating data to the feds only in response to a court order. Anonymous/LulzSec members were using the service since they thought the company could be trusted. They were wrong.

In response to the public outrage, HideMyAss explains:

It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all, there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using.

At a later date, it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company, we will cooperate with law enforcement if we receive a court order (the equivalent of a subpoena in the US).

HideMyAss, which bills itself as a leading online privacy website, adds that it does not condone illegal activity, saying that similar services that do not cooperate with law enforcement are “more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers”. The service said it carries out session-logging, recording the time a customer’s logs onto and disconnects from the service as well as the IP addresses he or she connects to. It said it does not record the actual content of web traffic.

When Should I use a VPN?

There are really two use-cases for when you might want to use a VPN:

  1. You are on a known-hostile network (eg. a public airport WiFi access point, library, or an ISp that is known to use MITM).
  2. You want to hide your IP from a very specific set of non-government-sanctioned adversaries, for example, circumventing a ban in a chatroom, preventing the anti-piracy scare letters, and getting around blackouts on various live streaming services.

In the second case, which is the most likely, you’d want to find a regular proxy specifically for that traffic – sending all of your traffic over a VPN provider (like is the default with almost every VPN client) will still result in the provider being able to snoop on and tamper with your traffic. The best practice is to not use a VPN provider at all.

If not a VPN, then what?

A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that your VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be.

If you absolutely need a VPN, and you understand what the limitations are, purchase a VPS and set up your own. There are plenty of cheap providers – check out some great deals on lowendbox.com.

Even if you’re using an “anonymous” or “decentralized” payment system such as Bitcoin, you’re still connecting to their service from your own IP, which they can log.

VPN’s don’t provide extra security or privacy. They are nothing more than a glorified proxy… that many pay on a monthly basis. If someone wants to tap your connection, they can still do so, they just have to do so at a different point (ie when your traffic leaves the VPN server). Whoever controls the exit nodes controls you.

Debunking Privacy Myths About VPN’s

The other myth is that VPN’s confuse trackers by sharing an IP address between hundreds of users. Your IP address is a largely irrelevant metric in modern tracking systems. Marketers have gotten wise to these tactics, and combined with the increased adoption of CGNAT (Carrier Grade Network Address Translation) and a rapid increase in devices in the average household, it is no longer a reliable data point.

Marketers almost always will use another metric to identify and distinguish you, especially when connecting your mobile phone usage with your computer browsing history. To do this, anything from a user-agent to a fingerprinting profile can be used. A VPN cannot prevent this.

Other Ways To Add Privacy & Increase Security

You should start by using SSL/TLS and HTTPS (for centralized services), or end-to-end encryption for social or P2P applications. VPN’s aren’t able to magically encrypt all of your traffic… it’s simply not technically possible. If the endpoint expects plaintext, there is nothing you can do about it.

When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and tamper with all of your traffic.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.