
Good luck finding a safe VPN - remx
https://www.engadget.com/2017/04/07/good-luck-finding-a-safe-vpn/
======
jamescostian
One thing I never understood is that once your packets reach your VPN and your
VPN decrypts them and forwards them to their destination(s), don't you get
right back to the original problem?

I can understand the sentiment "$MY_ISP is awful! They could be selling my
data! But if I'm using a VPN, $MY_ISP won't know exactly what I'm doing." But
what about your VPN's ISP? And, isn't it true that your packets most likely
cannot be routed from your VPN to their destination(s) without bouncing off of
a couple things in between (unless you're using a VPN to go to the VPN's
website)? Do Tier 1s have the right to log and sell traffic with the new bill?
And what about your destination's ISP? Due to the volume of posts in favor of
VPNs, I feel like I'm missing something here.

EDIT: according to another HN submission, it looks like I am not missing
anything:
[https://www.techdirt.com/articles/20170327/09244537008/just-...](https://www.techdirt.com/articles/20170327/09244537008/just-
use-vpn-isnt-real-solution-to-gops-decision-to-kill-broadband-privacy-
protections.shtml)

The article says in a quote "Traffic from VPNs doesn’t simply disappear: it
merely resurfaces in another ISP that can subsequently monitor user activity"

~~~
mirimir
Yes, you are of course back to the same problem: the VPN provider, and their
ISP, can now see all of your traffic. Just like your ISP could, without the
VPN. So you're just choosing to trust the VPN and its ISP rather than your
ISP.

Even so, if you and your ISP are in China, Russia or Iran, for example, it's
probably better to trust a VPN/ISP in the US. And if you and your ISP are in
the US, maybe it's better to trust a VPN/ISP incorporated in Malaysia, Sweden,
Italy, Gibraltar, the Seychelles, etc. Maybe even in Russia or Hong Kong.

Also, you can use nested VPN chains, with all but the first one purchased
anonymously with well-mixed Bitcoin. So the exit VPN doesn't know who you are,
unless you give yourself away. Perhaps you could be de-anonymized through
traffic analysis, or through successive court orders. But that'd be a lot of
work, and most folks don't warrant that much attention.

