you can now connect to your home network (which may be your company when you are on home office, or it may be your department of foreign affairs if you are your country’s embassy halfway around the world) using the vpn server, who authenticates you as a user and establishes encrypted connection to traverse the unsecure network.
it increases security in two main ways: the admin of the networks does not have to accept incoming connections from the whole internet, which reduces number of ways to attack the network.
the traffic going over the public internet and servers you have no control over is now encrypted and can`t be hijacked in the middle.
and it hides the route and traffic between (B) and (C). for everyone in (A), your traffic seems to look coming from (B), they don`t know what is behind it.
now using some public vpn service may help you pretend you are in another country (because the provider will provide you with server in that country, and no one sees the route between you and the server.
so you can now convince twitter you are black soccer mom in texas supporting trump, when you are actually gru officer in moscow.
but it is oversold to people as some super secure solution and people think it is more secure than it is. your traffic can no longer be intercepted between you and the vpn server, but can be intercepted anywhere behind it.
if you think you are some enemy of the state, it is actually much less secure. “the enemy” now have limited number of chokepoints where they can try to intercept the traffic, and doesn’t have to intercept all its little enemies independently. it is like if people voluntarily joined the line for some police checkpoint.
there are even conspiracy theories that some vpn providers and tor nodes may be directly operated by “the enemy” instead and if your data are really valuable (you are not a teenager trying to get to netflix, but you are say disident or journalist in some dictatorship country) then using tor, or vpn generally, may put target on your back - hey, these are data that are more likely to contain something interesting and may be worth monitoring.
long story short, vpn is designed to traverse unsecure public internet and connect you to some trusted network. the connection is allowed only to identified users and is encrypted and secure.
using it to connect to unsecure internet helps you
get access to netflix show that may not be accesible in your location
may help hide your identity (if the vpn server is in different jurisdiction, it can be complicated for law enforcement to get information)
may be useful if you think your own internet provider is after you and you trust the vpn provider more (which is definitely not the case for me in europe, i trust my own isp more than some random vpn provider, someone in iran may be in different situation)
anyone intercepting the traffic in your home provider’s network can see there is a connection between you and the vpn server, but can’t see the content, and can’t easily establish connection between you and outgoing data from the vpn server you are connected to.
and to asnwer your original question, if you operate your own vpn server at the remote location, no one will know. but if you use some public service for 5$/month, these and their servers are of course known.
Mullvad is often considered the gold standard of VPNs when it comes to privacy. It’s nice that they accept crypto and cash, and that they don’t tie the account to anything except an account number. That’s a layer of privacy that really goes above and beyond what a lot of other companies offer, beyond anything to do with the actual product
I’ve been using it for a year or two without complaint. Only problem I’ve heard people talk about is lack of port forwarding for torrents. I still torrent on it without much issue though.
What is your threat model exactly? What are you trying to protect against? Commercial VPNs have an extremely narriw spectrum of threats that they protect against, and most customers don’t realize this
I don’t want adult sites to know anything about my real identity or location. I don’t want social network sites to know about my kinks or to be able to correlate my IP data with that of other people who may be on the same network. I don’t want online stores to know my ID on social network sites, or vice versa.
I do have separate browser profiles for each of my online identities, but they could still be tied together if I would use them from the same IP, so they each get a different VPN connection.
I have proton unlimited subscription that comes to about €10 per month (though you can often get temporary better deals for the first year or so), and that includes proton mail as well, which was my main reason for getting it. Just the VPN should be a bit cheaper.
Any negatives you can think of?
Not many. Speeds are good, and the IPs seem to have a better reputation than on Private Internet Access, for example: no captchas on google.com.
One recent change I was rather annoyed by is that they restricted the number of servers that are available with a manual wireguard configuration file to 10 per country, when hundreds are available through the app or browser extension.
I’ve had a few connectivity issues with the firefox browser extension as well, but nothing as of late.
One security/privacy feature touted by some companies is that they keep no logs and no records. Some even claim that their entire system runs in volatile memory so there is no possibility of data being recorded. Of course, you are trusting that they are both telling the truth and competently executing the system.
Of course, you are trusting that they are both telling the truth and competently executing the system.
that is the thing, you have to trust them. unless they are intentionally malicious actor and if the law of country where they resides allows it, then not keeping the logs is quite hassle-free and actually cheaper than otherwise, so there is a reason to trust them, but you never know.
They don’t have to be malicious if they are incompetent.
They could say they don’t use logs and not realize that their tech stack is actually keeping some sort of metadata or maybe using swap or something. Probably not as likely as the other scenarios, but I wouldn’t count it out completely.
That’s the thing with anything cybersecurity is trust. Unless you wrote all of the firmware and software and websites and webservers yourself you are ultimately placing trust in another entity.
VPNs are just a technical means of shifting trust. Corporations use VPNs for remote work because the VPN connects the employee to the corporate network which they already trust, rather than trusting whatever wifi the employee happens to connect to. For a consumer using a commercial VPN the only thing you’re doing is shifting your trust from the network provider to the VPN provider. You’re not even really hiding anything from websites thanks to modern browser fingerprint techniques, they just see “user #64742258 but from a known VPN endpoint instead of the usual Spectrum residential network in Maryland, 86% match”
the way vpns are used now is not what they were designed for, and they are sold to layman users with promises they can’t fullfil.
vpn is virtual private network, and what is does is establishing encrypted connection between two vpn points.
you can now connect to your home network (which may be your company when you are on home office, or it may be your department of foreign affairs if you are your country’s embassy halfway around the world) using the vpn server, who authenticates you as a user and establishes encrypted connection to traverse the unsecure network.
it increases security in two main ways: the admin of the networks does not have to accept incoming connections from the whole internet, which reduces number of ways to attack the network.
the traffic going over the public internet and servers you have no control over is now encrypted and can`t be hijacked in the middle.
and it hides the route and traffic between
(B)and(C). for everyone in(A), your traffic seems to look coming from(B), they don`t know what is behind it.now using some public vpn service may help you pretend you are in another country (because the provider will provide you with server in that country, and no one sees the route between you and the server.
so you can now convince twitter you are black soccer mom in texas supporting trump, when you are actually gru officer in moscow.
but it is oversold to people as some super secure solution and people think it is more secure than it is. your traffic can no longer be intercepted between you and the vpn server, but can be intercepted anywhere behind it.
if you think you are some enemy of the state, it is actually much less secure. “the enemy” now have limited number of chokepoints where they can try to intercept the traffic, and doesn’t have to intercept all its little enemies independently. it is like if people voluntarily joined the line for some police checkpoint.
there are even conspiracy theories that some vpn providers and tor nodes may be directly operated by “the enemy” instead and if your data are really valuable (you are not a teenager trying to get to netflix, but you are say disident or journalist in some dictatorship country) then using tor, or vpn generally, may put target on your back - hey, these are data that are more likely to contain something interesting and may be worth monitoring.
long story short, vpn is designed to traverse unsecure public internet and connect you to some trusted network. the connection is allowed only to identified users and is encrypted and secure.
using it to connect to unsecure internet helps you
and to asnwer your original question, if you operate your own vpn server at the remote location, no one will know. but if you use some public service for 5$/month, these and their servers are of course known.
Like Mullvad, or would you recommend anyone else?
i am sorry, i don’t really follow market in this area, so i have no idea.
Mullvad is often considered the gold standard of VPNs when it comes to privacy. It’s nice that they accept crypto and cash, and that they don’t tie the account to anything except an account number. That’s a layer of privacy that really goes above and beyond what a lot of other companies offer, beyond anything to do with the actual product
$5 a month isn’t bad, I’ll give it a shot.
I’ve been using it for a year or two without complaint. Only problem I’ve heard people talk about is lack of port forwarding for torrents. I still torrent on it without much issue though.
Ahh… yeah, sadly that’s most people’s reason for a VPN. 🫣
What is your threat model exactly? What are you trying to protect against? Commercial VPNs have an extremely narriw spectrum of threats that they protect against, and most customers don’t realize this
For me it’s about separating online identities.
I don’t want adult sites to know anything about my real identity or location. I don’t want social network sites to know about my kinks or to be able to correlate my IP data with that of other people who may be on the same network. I don’t want online stores to know my ID on social network sites, or vice versa.
I do have separate browser profiles for each of my online identities, but they could still be tied together if I would use them from the same IP, so they each get a different VPN connection.
Using ProtonVPN here, because it gives me de-googled, private e-mail too.
I was looking at Proton, what are you paying monthly? Any negatives you can think of?
I have proton unlimited subscription that comes to about €10 per month (though you can often get temporary better deals for the first year or so), and that includes proton mail as well, which was my main reason for getting it. Just the VPN should be a bit cheaper.
Not many. Speeds are good, and the IPs seem to have a better reputation than on Private Internet Access, for example: no captchas on google.com.
One recent change I was rather annoyed by is that they restricted the number of servers that are available with a manual wireguard configuration file to 10 per country, when hundreds are available through the app or browser extension.
I’ve had a few connectivity issues with the firefox browser extension as well, but nothing as of late.
One security/privacy feature touted by some companies is that they keep no logs and no records. Some even claim that their entire system runs in volatile memory so there is no possibility of data being recorded. Of course, you are trusting that they are both telling the truth and competently executing the system.
that is the thing, you have to trust them. unless they are intentionally malicious actor and if the law of country where they resides allows it, then not keeping the logs is quite hassle-free and actually cheaper than otherwise, so there is a reason to trust them, but you never know.
They don’t have to be malicious if they are incompetent.
They could say they don’t use logs and not realize that their tech stack is actually keeping some sort of metadata or maybe using swap or something. Probably not as likely as the other scenarios, but I wouldn’t count it out completely.
That’s the thing with anything cybersecurity is trust. Unless you wrote all of the firmware and software and websites and webservers yourself you are ultimately placing trust in another entity.
VPNs are just a technical means of shifting trust. Corporations use VPNs for remote work because the VPN connects the employee to the corporate network which they already trust, rather than trusting whatever wifi the employee happens to connect to. For a consumer using a commercial VPN the only thing you’re doing is shifting your trust from the network provider to the VPN provider. You’re not even really hiding anything from websites thanks to modern browser fingerprint techniques, they just see “user #64742258 but from a known VPN endpoint instead of the usual Spectrum residential network in Maryland, 86% match”
luckily not everything, but i think about this every time i am using android keepass implementation written by god knows who 😆