VPN companies often create a lot of confusion with their unfortunately deceptive marketing. Promises of complete anonymity, privacy and “military” grade security are commonplace when you see their ads or visit their sites. The problem is that they’re mostly selling snake-oil to unwitting people. As tech people, seeing others fall for their misleading marketing really hurts to see. In this blog post we’ll go over 3 common misconceptions that people have about VPNs.
1. VPNs are not a cure-all
2. VPNs are not the best way to keep safe
VPNs are often thought of as the best defense if you’re trying to protect yourself when using a public network. The fact is, HTTPS and DNS over HTTPS (DoH), DNS over TLS or DNSCrypt are just as good. You don’t need to dish out money to some fishy VPN provider who promises not to log and thrives off of uninformed users. You can use already available and free technology. Most sites on the internet use HTTPS now and there are plenty of free DNS resolvers that support the standards mentioned above. The only thing you need to worry about on a public network is using sites that serve content in plain HTTP. Instead of using a VPN, we’d recommend that you use Tor Browser if you need better protection. Tor is free and open source software with hundreds or thousands of volunteers that operate ‘Tor relays’. Tor bounces your connection through at least 3 relays which are randomly selected and rotated. If you use HTTPS or plain TLS to connect to your destination, even the exit relay cannot see what you’re doing. With Tor, you can also safely visit plain HTTP websites, as the exit relays can only see that the connection came from a middle relay. The middle relay also can only see that the connection came from a guard relay. This provides a more superior level of anonymity, as there isn’t only one hop or provider giving you those routes. The Tor daemon also provides you with the ability to use it as a SOCKS proxy. You can route your existing applications through Tor if they have the ability to use a proxy.
3. VPNs are not completely anonymous
Nothing is completely anonymous, although you can achieve better anonymity when using other software. While using a VPN, you’re simply forwarding all of your connections through an encrypted tunnel with their network now being the endpoint. There’s really nothing special about that, besides the fact that you may be mixed in with other users and your existing network can’t really see what you’re doing. With VPN provider’s commonly deceptive practices, it’s hard to trust them, or at-least, it should be. Why or how would you transfer all of this trust to a single provider? If you’re doing this, you’re not really solving the issue, only putting a band-aid on it. You also must think about how you pay for your VPN. If you pay via PayPal or another payment processor, you’re exposing yourself then and there. Why not transfer that trust to a mostly trust-less platform, like Tor?
Although VPNs are very easy to use and they come with shiny looking software, they’re not what you should be using. Especially if you’re looking to remain anonymous. Use battle-tested and open source software that’s designed to be a full-suite for privacy and anonymity seeking users. Use Tor.