So I’m pretty recent to the high seas but I’ve seen a few posts now about “stop relying on your VPN” and “people that think VPNs will protect them are naive” and so on.
So since I believe knowledge is our greatest weapon/tool/super-power, can we get some answers regarding what exactly the doomsayers are getting at? ELI5 why VPNs wouldn’t protect your anonymity.
Is it about logging? The country your end-point is in? Something more technical?
Ultimately I’d like to be fully armed in order to keep making the best choices for my fledgling ship as it navigates the vast, stormy seas.
Every site on earth has been using https for multiple years. The only thing that is visible to your ISP has been the server’s address for a while. VPNs just got encrypt that as well, but that’s about it.
And yet, if you use a cheapo VPN with a well-known address (shared IP) sites like Amazon, or even Wikia will block you. Why? If most of your information is ‘private’ anyways, why go through the step of preventing a potential customer/user just because of their IP?
Because in reality, even such a minor thing as a dinky $3/month VPN is a huge headache for people trying to farm relevant information from you. Public Cookies, Basic Telemetry, and really any sort of ad-relevant data is pretty much publically available to any interested party, and even the simplest VPNs screw that up to a large degree.
People don’t go out of their way to spend a couple of bucks on a VPN and reserved IP because they think they’re gonna defeat the CIA or become a Net Ghost, they do it to get around region locks, IP bans, localized pricing (and yes to pirate their favorite movies/video games).
This isn’t why. They refuse service because a large part of DDoS, scam and generally unlawful trafic comes from VPNs (because the criminals are the ones interested in masking their true IP, for police evasion). If your site has a payment form, it is financial suicide to not block common VPN IPs because carders will use it to test their ill-acquired cards. If your site has a way to make a request that cost a lots of resources, you want to block VPN IPs because otherwise your site gets DoSed to hell and back by anyone who has a problem with you. The collateral damage of blocking people who deny you one data point to track them is completely acceptable to these businesses.
P2P communications by their nature require the receiver and sender to know what is coming and from whom. When you’re on a torrent that *anyone* can jump into and ask for the IP of everyone involved and what is being torrented, having that extra layer of obfuscation is paramount to protection, especially in countries with strong IP law enforcement. Stick that VPN in another country rather than your own, and suddenly the barrier to entry for most is going to be too high to get their hands on the information they desire.