Why trust VPNs for privacy?

Why do so many people trust VPNs for their privacy?

The VPN provider knows your payment information and likely your real identity. Even if you pay anonymously, they’d still have your real IP as well as metadata concerning your usage. Any unencrypted data can be viewed and collected.

VPN providers claim they don’t keep logs, but that’s impossible to validate. Common practice is to not trust server side code. A VPN provider can get a warrant to start logging you specifically, and you wouldn’t be able to tell. Even if your VPN provider is outside of the 5 eyes countries, the NSA network extends to 41 countries (“41 eyes”), and most VPN providers are within that network.

At least with Tor, unless all 3 nodes in your loop are controlled by the same entity, no one will know both your IP and your data. While Tor reset the loop ~10 minutes, a VPN can collect data 100% of the times and know who they’re collecting it from.

When you collect to a work VPN, you expect them to track your usage. How are they a good idea for privacy?

How are they a good idea for privacy?

They aren’t a good idea for your privacy. They (and Tor) are a good idea for everyone’s privacy. Here’s what I mean.

You’re right. We can’t validate no logging policies, and most VPN providers would probably give in when the NSA comes knocking. So if the NSA wants you, u/db8edb8e, they are going to get you. No-one can make themselves secure from FVEY via VPN.

But what if the NSA doesn’t want you? What if they want everyone, just in case, but don’t have their eye on you in particular? This is what PRISM was all about - bulk data collection. Well, in that case, a VPN helps. The more people that have a VPN, the harder bulk data collection is. If it gets hard enough, it won’t be economically possible. It takes time and money to handle international jurisdictions, court orders, transfer of logs etc. There is power and safety in numbers.

The point of a VPN for privacy isn’t to protect you if the NSA comes knocking. The point is to force them to knock first. They’ll still be able to get the people they have their eye on (which, remember, in some cases is good); but they can’t knock on everyone’s door. The more people that use a VPN and other privacy tools, the more you can be sure that unless you have given them a particular reason to, the NSA isn’t getting your data.

I increasingly think of privacy protections primarily as my civic responsibility, rather than something that benefits me (it is that too). The NSA doesn’t want me. I’m boring. But by making it harder to collect my data, it also makes it harder for them to focus on that journalist or dissident they might want.

This doesn’t, of course, go into the other perfectly valid reasons to have a VPN (security, travel etc.). Plus, you’re probably still protected from lower levels of law enforcement, if that matters.

I use them as corporate intrusion prevention I don’t like idea of companies tracking me collecting my data etc…

I would never trust them to prevent government or law enforcement entities from getting my information. I think we have or are rapidly reaching the point where that is virtually impossible at least for the average user.

On this “At least with Tor, unless all 3 nodes in your loop are controlled by the same entity, no one will know both your IP and your data.”

Would not chaining VPN’s do the same thing?

A VPN offers adequate personal privacy for most people’s interactions with online sites. TOR does the same for those who need or just want added online anonymity when dealing with state actors, national firewalls, security services, and other nefarious eavesdroppers. If you’re doing stuff online that NSA might be interested in knowing about and it decides to have a look see, you’ll be had. For most of us, NSA surveillance of our particular activity isn’t a factor of concern…yet.

At least with Tor, unless all 3 nodes in your loop are controlled by the same entity, no one will know both your IP and your data.

You can actually get by with just two points with timing attacks.

I travel a good bit for work, a VPN for me is mostly to use the WiFi at an airport, coffee shop, hotel, etc. with an extra level of protection. That’s the core of why I trust it for privacy.

I may have a strong opinion about this, but I’ll give it to you. Keep in mind I am not in the US, so take my answer with a pinch of salt.

For privacy we have Tor and VPNs. For the common people, we don’t really have no issue with normal ISPs, so why trust a VPN agent instead of your own ISP? I think this is due to marketing mostly, as VPNs are being pushed as privacy tools, something I wouldn’t consider them. We are just pushing the problem from ISPs to VPNs.

But as Tor is the alternative for better privacy online. However Tor is associated with some bad things, and most people don’t have the time, or simply don’t want to take the time to learn how to use tools properly. That, associated with marketing from VPNs, well, made VPNs the go to.

TL:DR: n my country I wouldn’t change from trusting my ISP to trust a VPN, but that is me, in my country.

So anonymity & privacy & security are not possible for most above average technical users of the web? (Honest question, just investigating possibilities)

you have be able to have trust in somethings on the internet though. there is no fool proof plan to be totally anonymous on the internet and Tor is a good step towards privacy, vpn’s generally are as well.

I do not disagree with you, but VPNs do serve a purpose to some. At the end of the day, your privacy is your concern and you alone are responsible for doing your own due diligence.

Know your op-sec.

It’s better than nothing? also I trust them more than my ISP.

VPNs aren’t a total privacy solution. The main reason people use them is to route around ISP blocks or region blocks as well as help prevent ISPs knowing the sites you frequent.

Good points, and most VPNs do actually suck. But here’s why I still recommend a good VPN: Tor is compromised. (Although Tor with a VPN is not a bad idea.) Tor was created and sponsored by the US govt and is fundamentally broken: Judge confirms what many suspected: Feds hired CMU to break Tor - Ars Technica

Except Snowden docs show that the NSA and GCHQ have been pretty successful at compromising VPNs en masse.

Would not chaining VPN’s do the same thing?

Because you’d be the only one doing that, easily distinguishable.

You wont have the ability to change your TCP stream each 10 minutes.

You wont have the ability to choose one unique IP for each website, which is what Tor Browser does, making traffic correlation attacks harder.

All the problems that may be encountered (Time leaks, …) which Tor developers already solved.

This is the main reason I use VPN - to get past my ISP and to stop them from reading my traffic.

As for the other points OP brought up, he’s correct but IMO it is still a significant improvement over no VPN. A lot more work needs to be done to tie a connection back to me specifically.

Non-work VPNs can also be used as a tool for protecting you from your ISP if you can’t trust them and depending on the VPN to allow you to setup web services , since many ISPs block incoming connections on every port and some VPNs allow incoming ports.

But in that case you should set a lot of good security measures , since a port open on a vpn ip is quite a hostile environment.

Are you ok with non-NSA surveillance?

I rarely take my computer out. The one time I did recently I tried to connect to my vpn while at the public library, and the port was blocked. Do you come across that ever/often? I wasn’t sure if that was just bad luck, or if it’s normal.

Yes, really unfortunate, imagine if the total number of people using VPNs started actually using Tor? That would make the network much safer and traffic correlation attacks more harder for everyone.