Before we can understand the real purpose of a virtual private network, we need to see how it works.
The topic is quite controversial. I’ve nothing against VPNs. I’ve got a problem with how some companies sell it. There’s a lot of bullshit.
How I understand VPNs
So VPN stands for a virtual private network, but what does the “virtual” part mean?
They use the term “virtual” because, unlike LAN (local area network), you don’t have to be physically present to connect to the network. There is no geographical restriction.
Many companies use it to give their employees secure access to the corporate network, which is often protected by a firewall.
In other words, it’s like you are at work but without the need to be physically there, which is precisely the definition of “virtual”.
VPNs operate through tunneling. Roughly speaking, tunneling helps to create a secure channel between your computer and other devices within the same network.
Providers are abusing the language
While a VPN can be an extra layer of security, it’s not the ultimate shield for your security and privacy.
The problem is that they market it with technically wrong slogans, like “100% invisible”, “be anonymous”, or “hackers-proof”. Some VPN providers even declare their services allow for keeping governments and secret agencies away.
We are not going to discuss this ridiculous assertion, but it’s a striking example of bullshit.
A stalker ended up in jail in 2018 (17 years in prison and five years of supervised release) because he believed he could threaten people without consequences thanks to his VPN connection.
They found him with the VPN logs. (Source zdnet.com)
Don’t get me wrong. I’m glad the moron crashed and burned, but it shows that the 100% anonymity stuff is bullshit.
The VPN might hide the Internet activity from the ISP and gives you another IP address, but you use your real IP to connect to your VPN.
Security/privacy by policy, not by design
We can deduce from the previous example that a “no-logs policy” is a must-have for any VPN provider.
However, as the name suggests, it’s only a policy. Depending on the country they are based, VPN providers can have the same legal duties as ISPs.
Sometimes you read blog posts that compare VPN to ISP. They often say that, unlike ISP, VPN providers do not lose your data or use them for their profit.
I have some difficulties in believing that.
There have been many leaks, such as NordVPN’s fails. Besides, I’m not expecting god-like security and ultimate protection from hackers and the government’s will for $29/year.
The paradoxical effect of using a VPN
If you’re a whistleblower with critical information to share with journalists or want to get involved in activism, never use your VPN connection as a security/privacy shield.
In addition to the multiple VPN’s flaws, other powerful techniques, such as device fingerprinting, ultimately tie a device to a real identity and even a credit card.
Again, a VPN hides the Internet activity from your ISP, but using a VPN may trigger suspicion as well, and VPN providers have limited ranges of IPs that are now easily recognizable.
You’d better use specific devices with dedicated operating systems and probably TOR to reroute your traffic randomly.
The paradoxical effect of spending money on privacy
The major problem with privacy techniques is that you sometimes end up in the same category of “disreputable” people, such as script kiddies, drug dealers, etc.
Those people buy specific devices, and they want to secure all their communications for obvious reasons.
A VPN is an extra layer of security. They help in safer remote work, circumvent censorship, or any geographical restrictions, but they just cannot guarantee 100% privacy or anonymity.
Also published on https://blog.julien-maury.dev/en/vpn-myths/.
Create your free account to unlock your custom reading experience.