
Choosing a VPN service is a serious decision - weinzierl
https://drewdevault.com/2019/04/19/Your-VPN-is-a-serious-choice.html
======
HNKingpin
Pretty bad article - most VPNs have a very high privacy focus, while ISPs
simply store all your stuff. Even a bad VPN is better than not using one. SSL
is unreliable (Cloudflare MITM, rogue certificate authorities, etc) and
doesn't hide your IP. Tor is slower and blocked by very, very many sites (and
does not handle all traffic! Unlike a VPN).

~~~
Fnoord
> most VPNs have a very high privacy focus

Most? Source? What does this "focus" mean anyway?

> while ISPs simply store all your stuff.

All? Source? Cause mine doesn't.

> Even a bad VPN is better than not using one.

Unless your VPN (or someone else who has access to the network) logs all data,
and someone does correlation attacks. And if someone on your VPN does
nefarious things (for which they need to "hide their IP") then you can be sure
the likelihood of correlation attacks and logging has... well, increased.

> SSL is unreliable (Cloudflare MITM, rogue certificate authorities, etc) and
> doesn't hide your IP.

Why do you need to "hide your IP"? On "all your traffic"? I don't need to hide
my IP at all. Even if I'd get (D)DoSed on my cable internet (why?!), I'd just
use DHCP to get a new IP address.

> Tor is slower and blocked by very, very many sites (and does not handle all
> traffic! Unlike a VPN).

If you need to "hide your IP", depending on your adversary, it might be worth
it to use Tor.

~~~
HNKingpin
> Most? Source? What does this "focus" mean anyway?

Focus means they care about your privacy. Here's a good chart:
[https://thatoneprivacysite.net/simple-vpn-comparison-
chart/](https://thatoneprivacysite.net/simple-vpn-comparison-chart/). As you
can see, the vast majority of the popular ones are in the green. Some even
went to court to prove their "no logging" claim.

> All? Source? Cause mine doesn't.

How do you know? And they for sure store your IP and the sites you've
connected to.

> Unless your VPN (or someone else who has access to the network) logs all
> data, and someone does correlation attacks. And if someone on your VPN does
> nefarious things (for which they need to "hide their IP") then you can be
> sure the likelihood of correlation attacks and logging has... well,
> increased.

On the other hand, the ISP just gets everything directly and easily.

> Why do you need to "hide your IP"? On "all your traffic"? I don't need to
> hide my IP at all. Even if I'd get (D)DoSed on my cable internet (why?!),
> I'd just use DHCP to get a new IP address.

Good for you if you don't need to hide your IP. Some people post stuff that
might get them in trouble, you know? These days you can get jailed because
you've shared a video (of, say, the recent mosque shooting). Or a comment on
twitter criticizing a transgender
([https://www.breitbart.com/europe/2019/02/10/uk-mother-
arrest...](https://www.breitbart.com/europe/2019/02/10/uk-mother-arrested-in-
front-of-children-for-calling-trans-person-a-man-on-twitter/))

> If you need to "hide your IP", depending on your adversary, it might be
> worth it to use Tor.

It's for sure better than direct connection...

~~~
Fnoord
> Focus means they care about your privacy. Here's a good chart:
> [https://thatoneprivacysite.net/simple-vpn-comparison-
> chart/](https://thatoneprivacysite.net/simple-vpn-comparison-chart/). As you
> can see, the vast majority of the popular ones are in the green. Some even
> went to court to prove their "no logging" claim.

Oh yeah, that one site with the generalizing charts.

Only those who've been tried and tested in court prove something, and only for
_that_ specific moment. It could be different now. We do not know.

> How do you know?

Because I live in the EU, and it is illegal to do that without my consent.

> On the other hand, the ISP just gets everything directly and easily.

If that is legal they might, but so could a VPN provider. If you want to avoid
this, Tor makes more sense.

> Good for you if you don't need to hide your IP. Some people post stuff that
> might get them in trouble, you know? These days you can get jailed because
> you've shared a video (of, say, the recent mosque shooting). Or a comment on
> twitter criticizing a transgender
> ([https://www.breitbart.com/europe/2019/02/10/uk-mother-
> arrest...](https://www.breitbart.com/europe/2019/02/10/uk-mother-arrest...))

That is not an issue everywhere in the world, and Tor would work for free and
just as well.

If anonymity if important, I recommend Whonix.

You know who benefits from your narrative? The companies selling the VPN snake
oil.

~~~
HNKingpin
> Only those who've been tried and tested in court prove something, and only
> for that specific moment. It could be different now. We do not know.

How about you provide proof that your ISP doesn't store your stuff, as you
claimed?

> Because I live in the EU, and it is illegal to do that without my consent.

That's not how it works.

> If that is legal they might, but so could a VPN provider. If you want to
> avoid this, Tor makes more sense.

ISP data is attached to your damn real name. There is nothing worse. A VPN
would first have to rat you out to the ISP, which at least creates another
step.

> That is not an issue everywhere in the world, and Tor would work for free
> and just as well.

It is becoming an issue in more and more places. And do you want to risk it?
If Tor works for you, great. But it is blocked much more often than VPNs are.

> You know who benefits from your narrative? The companies selling the VPN
> snake oil.

Stop it. I didn't recommend ANY paid VPN at all. I myself use only free ones.

~~~
Fnoord
> How about you provide proof that your ISP doesn't store your stuff, as you
> claimed?

> That's not how it works.

Yes, it is. GDPR forces them to inform me about this, should I ask them. My
ISP was forced by the government to log metadata as all Dutch ISPs were
because the Dutch government demanded this, by law. However a court case mid
'10s in European courts forced them to stop citing human rights.

> ISP data is attached to your damn real name. There is nothing worse. A VPN
> would first have to rat you out to the ISP, which at least creates another
> step.

You can do nothing, real name wise, when you have my public IPv4. Not in the
least because I have DHCP, and don't run any services whatsoever.

> It is becoming an issue in more and more places. And do you want to risk it?
> If Tor works for you, great. But it is blocked much more often than VPNs
> are.

Everyone will have to think for themselves in their threat assessment.

However, VPNs add an additional threat to your threat assessment. Is that
worth it? Is it worth it that they run a VPN in some datacenter on a KVM or
VPS they don't even own?

> Stop it. I didn't recommend ANY paid VPN at all. I myself use only free
> ones.

Even worse, TANSTAAFL.

I actually have a paid VPN which I use for copyright infringement related
things (which is civil court). Yes, there it adds an additional layer. For
police, not so much, and I would never route _all_ my traffic to it...

