> All they do is let you get onto the public, untrusted, internet through a different on-ramp. There is no point to them.
Not true, at all. There are several good reasons to use VPNs to get a different on-ramp to the otherwise untrusted internet.
- Avoid ISP tracking: Your ISP should see only traffic to and from the VPN.
- Access content intended for those in other regions: Many sites and services only show certain content to people who enter the internet from specific places.
- Limit the amount of activity linked by trackers: Visiting certain sites only from different IPs/browsers will help keep logs of that traffic isolated from the logs of your other browsing.
- Allows you to connect to sites and services that cannot connect back to you once you've disconnected: A lot of people, even those with dynamic IPs, keep their address for months or years at a time. VPNs provide a great way to cycle through IPs.
VPNs don't solve every problem, but they're a powerful tool to keep in your tookbox.
There are many many very valuable uses for VPNs some that offer privacy/security benefits and some that are just plain useful. It's wild to hear anyone say that "There is no point to them."
To support multiple sites per IP the browser has to send DNS name of the site to the web server. Moreover, since certificates that the server uses for encryption depends on the site name, the name cannot be encrypted within HTTPS. So the browser sends the name in clear when initiating the connection. This is called SNI, server-name-identification.
It is possible to encrypt SNI, but most sites do not support that as the setup is non-trivial and error-prone.
I use CloudFlare's 1.1.1.1 DNS to mitigate my ISP tracking the domains I visit. They have an iPhone app too. I don't know enough about the space to say whether it's 100% effective.
Again, due to SNI tracking sites that one visits is possible even if DNS traffic is encrypted. At the very least one needs for the site to support ESNI or encrypted-site-name-identification.
But then in practice for ESNI to be effective one needs for the site to use CDN or similar solutions to ensure that there are a lot of sites for the given IP.
I rather have my VPN track me than ISP does. For example, connection to Signal and Kakaotalk servers is used as an evidence of being a member of a terror organisation (!) in Turkey. Evidence is gathered by Ministry of Communications from the ISPs, whom they have to provide real-time connection data to the State including CGNAT records. With a VPN, it is almost impossible (depending on setup, i.e. NAT) to obtain such an evidence - especially for political purposes, even if the VPN provider willingly give logs, no way to prove that info is legit.
I guess it depends who your adversary is. If it's the Turkish government, then you are probably safe to trust a foreign mainstream VPN. If you're trying to avoid scrutiny by a five-eyes western government, you need to be somewhat more careful.
I'm not paranoid, and I have no evidence of anything at all, but it does occur to me that if I ran the US CIA/FBI, I would totally start a company like NordVPN and give them enough money to advertise widely and get sponsor spots on popular YouTube channels.
Sure, you'll probably end up facilitating a few petabytes of copyright infringing torrent traffic every day, but you'll also have a direct connection to countless people who think they're totally anonymous.
> Sure, you'll probably end up facilitating a few petabytes of copyright infringing torrent traffic every day, but you'll also have a direct connection to countless people who think they're totally anonymous.
This is the best part really. No three letter agency is going to spoil their honeypot in order to bust some kid for downloading movies and video games. They've got bigger fish to fry. The more successful they are at keeping their users safe from the copyright goons the more popular and "trustworthy" their little honeypot will seem. Your downloads will still probably earn you another black mark in your dossier, one more thing they could use against you if you ever became a problem for them, but still, free movies, music, and games! Might as well make oppression work for you.
Most people who use VPNs for privacy will readily admit that their use is based on relative trust. They know that ISPs are notorious for harvesting and granting access to browsing data, and they trust that their reputable VPN provider of choice is truthful about their logging and internal data handling policies.
> You just replaced ISP tracking with VPN tracking.
Yeah, that's the point. People have infinitely more choices for VPN providers than for ISPs. The VPN provider could be in another country. You can even run your own VPN on hosted infra.
If your hosting provider makes similar privacy guarantees to a similar VPN provider, then perhaps. For bonus points, use a hosted VM and commercial VPN in serial.
Again though, if the US Government is a potential adversary, there's still risk here. Intelligence services could have a 0-day on your linux distro, or an operative within the hosting company. If they get access, they can turn your hosted VM against you.
I think you just have to assume there's a possibility that the infrastracture can be compromised at any moment. For both of these two options. Guarantees from providers are valid until the day they are not.
Though a point has to be made about using a hosted VM for VPN purposes, you have some level of control about which specific software, configuration and encryption schemes etc. you want to use for your stack. Only downside is that currently there isn't sufficient hypervisor protection from the host kernel afaik.
However I do agree with you that either way, the risk threshold is too high if you are concerned about high level state actors. Neither commercial VPNs nor hosting providers can solve the "anonymity" problem for you.
You can choose your VPN. Your ISP, not so much. It's also possible to run your own VPN on a public cloud or VPS. You might still need to worry about your provider then, especially if a government might request who is renting the server that is sending certain traffic.
There are levels to trustworthiness. I mostly trust my ISP enough to not bother with VPN at home, but when I'm traveling I'll take my VPN provider over a hotel WiFi any day.
Not true, at all. There are several good reasons to use VPNs to get a different on-ramp to the otherwise untrusted internet.
VPNs don't solve every problem, but they're a powerful tool to keep in your tookbox.There are many many very valuable uses for VPNs some that offer privacy/security benefits and some that are just plain useful. It's wild to hear anyone say that "There is no point to them."