Zoraster.org ✦ Blog Publications

Critique of VPN's

§0 The utilities of a vpn

pepe hacker

0.0 In some universities you get access to resources through being logged onto certain internet accounts on campus. Once you leave the campus you lose the access to these resources. A way to keep access to these services without having to deal with annoying and complicated login pages is relaying your traffic to a computer permanently logged into the campus internet ― some universities have vpn's for faculty members to do this. If you are a student you could maybe be sneaky and figure out a way to hide a computer running as a vpn permanently logged into uni WiFi on campus to keep access to things while studying away. [But if you just wanted to keep journal access maybe read into the SciHub project first].

0.1 If you have a job that deals with projects on servers then you may be locked into using certain computers/networks. Your employer (or you) may need to relay your traffic through a company vpn that connects to these computers if you want to work remotely.

0.2 If you don't want your employer, university, or mom to know what exactly the sites you are visiting then a commercial vpn will help. This is mostly done by people that don't have control over themselves and want to watch porn.

0.3 You can also use vpn's to get around ‘geoblocking’. Sometimes streaming services only license shows in certain countries and having a vpn can let you look like that you are in different countries with different license agreements. Though streaming services have their ways to combat this now. You can use a vpn to get around some other general web censorship but see (2.1).

0.4 If you are pirating things with torrents anyone can see the networks that are currently downloading and uploading the file ― without a vpn one of those networks would be yours. If what you are downloading is copyrighted you might get a finger-wagging letter in the mail from your internet provider threatening to cut you internet access. Use a vpn if you are torrenting. See (2.3-2.4).

§1 Rant on torrenting and pirating...

catholic will

1.0 Oh, I don't endorse torrenting for what it is commonly used for and I need to go on a bit of a tangent. If you mitigate overly stimulated activities ― movies, TV, porn, music and video game consumption (add in drinking and drugs for good measure) ― then you are able to enjoy slower paced things like reading a book or watching a sunset. Leaves mental space for making your own stuff that you can take pride in. You don't have to become a tradcon like me (you would be much happier if you did though) and there is a place for enjoying what others have created (if the creation is truly beutiful) ― acts of experience and experimentation is part of becoming ― but there can be more to life than just playing video games, smoking weed, and watching media.

1.2 It breaks my heart seeing people wasting their life away when they could become something much greater and interesting if they just put their bong, bottle, phone, or controller down for like a second. There is an entire universe that can be unlocked by just not blowing out your motivational systems; this idea that hyper stimulation is the peak of human experience is ruining lives.

1.3 All of this being said it does suck that it is becoming increasingly hard to own physical or digital copies of media with streaming services. At least with a pirated copy you can have it forever instead of being at risk to loose access to it though loosing access to the subscription provider.

1.4 I also understand that not everyone can afford software licenses or streaming subscription and since scarcity works a bit different for a few things (media and software can often be copied indefinitely, doesn't directly deny access to others) ― I don't think of intellectual property theft the same way as theft of physical things. Keep in mind that if you torrent software that you are taking a risk as apps are ‘executable’ files that run processes on your computer as opposed to media mp3 or mp4 files that (under normal circumstances) can only output audio or video respectively. Which is why I don't recommend pirating software either.

1.5 Of course there are non-pirating usages for torrents and torrenting. Software (and even YouTube like streaming platforms) is distributed by torrents to promote decentralization of a project and to reduce server fees. Torrents also work great if you want to share a large file to someone who has inconsistent internet due to how torrents can downloaded as small pieces: If there is an interuption the entire download doesn't have to be restarted. Leaks often get distributed as torrents which can sometimes contain interesting information.

§2 Limitations of a vpn

catholic will

2.0 A vpn does provide encryption but it's the same encryption that you get with most websites without using a vpn. The encryption that the vpn provides is redundant for most situations because most webmasters encrypt their web pages with https now (a ‘http’ website without the ‘s’ of https is rare to see ― even more rare for websites that have payment processing or forms). Vpn providers are lying in their ads (through implication) when they make it seem that they provide more meaningful anonymity or privacy through their encryption.

2.1 The traffic from that is coming from a vpn may not be pointing directly at the vpn user but the vpn provider can still always track all of its traffic that it is proxying back to who is sending it. Vpn's necessarily have to look at what traffic they received to know where to send the traffic back out. if someone who is using a vpn googles a question then google can only identify the vpn provider (from the ip part anyway, see 2.5) and not the individual. But google can still talk to the vpn provider to ask who the individual was. Adding more hops makes it harder for someone to track your traffic all the way back but the threat never goes away.

2.2 As for the argument that you can avoid any chance of surveillance by hosting your own vpn (or searx instances for the case of search engines) ― you would run into the problem that your web traffic would be still pointing at your vpn server or searx instance. If you are the only one using the server all the traffic coming from it must also be coming from you. No one may have access to your data logs on your vpn server if you run it privately but you can still be identified by the fact that all of the traffic coming out of the server must be yours from a process of elimination (the opposite problem of having many people routed through one server but zero control of logs of commercial vpn's). Running a vpn server by itself doesn't do much for anonymity.

2.3 Most vpn providers say that they delete the traffic record after they send the traffic out ("no logs" policy) ― but may be required by their host country to record some data by law. Or required by other types of force or coercion. The surveillance that we live in now sucks but there are concerns about national security and defense that may justify a minority of it.

2.4 Vpn providers generally try to respect their users privacy as if they get caught sharing their user data without a sufficiently legitimate reason their users will cancel their subscription (which is why they rarely rat or are pressured to rat out small-fry things like pirating). They are pragmatic on what they will report They are also less likely to care about reports of things done in countries that don't have strong relations with the host country that they themselves are located.

2.5 Vpn's change your IP address. There are still other ways that you can still be de anonymized if you hide it. Check out Matt Traudt blog. In short, the differences on how a webpage is generated in different browsers by different models of computers is enough to narrow down who is accessing a webpage even if they are changing their IP. Data collection from cookies doesn't go away when using a vpn.

§2 Use tor, not a vpn

tor logo

3.0 Use tor instead of a vpn for anonymity and privacy; webpages are generated the same for all tor users ― fingerprinting people who use it becomes impossible (or very hard). Tor has its own special vpn built into the browser and it is much better than a normal vpn because it (among other things) automatically passes your traffic through a bunch of servers instead of just one. There is no comparison between a vpn and tor for anonymity and privacy. Tor blows vpn's out of the water with the extra stuff that it does.

3.1 I should mention that those that use tor for day-to-day things aer inadvertently helping a host of interesting people that they may not want to support. Drug distributors and abusers ― journalists, freedom fighters, terrorists, 3-letter-agencies ― may be using tor and normal users help all them by diluting their (the interesting people's) traffic. When a huge amount of people are using tor for normal things then it becomes impossible to just dismiss everyone who uses it for doing something interesting: The faceless crowd becomes larger and a lower percentage of tor traffic can be considered dangerous. It may be worth using tor anyway even for cat videos for how much data collection and tracking is aimed at normal people now.

3.2 No one can never be 100% private or secure while using computers or the internet ― but it's a game of how much time, favors, and energy an advisory is willing to spend. This is called threat modeling. Tor ― when used correctly ― adds in a lot of resources that is needed to deanonymize someone.