The Dark Truth about VPN

Use Tor instead of VPN for privacy

Photo by Dan Nelson on Unsplash

The most common advice on the internet to protect your online privacy is to use a VPN. The reasoning is that by using a VPN, your IP address will be hidden from all online services. However, what if I told you that this is all marketing designed to prey on your fears of being tracked online.

As the Pew Research Center states

That 81% of Americans feel like they have little control over the data collected from a corporations. That number increases to 84% for the government data collection.

You see VPN technology was never intended for privacy. It is interesting to see that through mass marketing, something that was used by businesses to remotely connect to the office has been turned into a tool that is supposedly going to make people on the internet private. And all of that assurance makes you feel like you are making a difference. In reality, the bearer of privacy has moved from online services to the VPN provider. It is interesting to contemplate what other mass-marketed technology (, ahem Crypto and NFT) are out there that are designed to take advantage of the ignorance of the technically illiterate masses.

Here is the dark truth about VPN technology.

The origins of VPN technology

Photo by Charles Forerunner on Unsplash

You see VPN technology was never designed to make a connection private. Or let me rephrase it, VPN technology was never designed to make a connection between 3 different points private. The three different points are your computers, the VPN provider, and the web service that you are connecting to. The purpose of VPN is literally baked into to the name Virtual Private Network. It was designed to create a tunnel directly from one network to another network without being snooped on by malicious actors. VPN technology was created for remote work.

The COVID-19 pandemic has caused the popularization of remote work. However, much of the infrastructure that facilitated remote work existed before the COVID-19 pandemic. VPN history started back in 1995 with Point to Point Tunneling Protocol technology that allowed people to connect remotely from computers. This technology was revolutionary as it allowed people to securely connect to a remote machine on a different network. However, the encryption was quickly broken by the NSA. Over time, multiple iterations of VPN technology were created to solve the problems faced by the previous protocol.

Today you will see a ton of websites and people shilling VPN services. You can list out a couple of VPN services on your hand. You see these websites are capitalizing on the awareness of online privacy. However, awareness is useless you understand the underlying problem on hand. And the masses do not understand the fundamental issues based on the concerning popularity of these VPN services. This brings us to the next point.

An explanation on why VPN technology is useless

Here is what the VPN providers will not tell you. When you connect to a website, the website has multiple ways of collecting your information. The first way they will collect your information is through your IP address. However, what the VPN providers will not tell you is that this is not the only way that online services collect your information. There is also browser fingerprinting that can be used to create a unique identifier based on the properties of your browser and hardware. And these are way more accurate than IP addresses that for most residential properties will change frequently depending on the ISP provider. As you can see, the mitigation that VPN provides is mitigated by the fact that online services have tons of ways that they can collect your information.

Not only that but you are adding another compromise point within your connection chain. What stops the VPN provider company from selling your data. You see there are a ton of VPN providers who make money selling user data. Which is especially problematic for the free VPN providers. Of course, there are the exceptions who solely make money from providing paid VPN. But it rests out the case of the single compromise point argument. What stops a malicious actor from compromising that single point of failure. Nothing.

As you see, for VPN technology to be useful it has to do so many things simultaneously. The provider has to create a service that deletes logs, the moment that is created. The service has to be run by competent people who know how to secure servers. And the users must take the precaution of installing extensions and modifying browsers settings. And if you fail at any point the benefits of what is being paid for are negated. But there is a technology out there that does all of the above for free. This technology is known as Tor.

Why you should use Tor?

The Tor Nodes and Tor Browser use all of the precautions listed above to secure your connections across the internet.

On the server-side, it is routing your connection through three different nodes. The routing through multiple nodes removes metadata such as IP address as only the previous nodes will know the IP address. However, the constant shifting of nodes means that none of the nodes have the true IP address. That is except for the entry node, however that problem will be covered down the line.

On the client-side, the browser will run some hard security optimization. They will spoof your screen resolution. And disable WebRTC to prevent IP address leaking. These are just a few ways the Tor browser will protect you.

There are still a few issues with using Tor. This brings us to the next point.

The downsides of using Tor?

The biggest downside of using Tor is that it is slow. The amount of nodes that the data has to go through is the reason why Tor is very slow. As most applications move from the client-side to server-side processing, it can be difficult to run software over a Tor connection.

Not only that but many websites block the Tor network connections. Sometimes they will flag the connection as bot connections and require you to go through a ton of verification. And they will outright block you from accessing the website.

Tor Nodes can also be compromised. There have been instances of the alphabet boys out there setting up Tor Nodes to catch criminals. These networks can be screwed if a large section of them has been compromised. So when you are routing packets through Tor make sure that your packets are encrypted otherwise you will indirectly screw yourself over in the name of stopping yourself from being screwed over.

And Tor does not prevent security breaches from human error. As smart as technology can be, it is only as smart as the stupidity of the people using the technology. Nothing is stopping you from entering your information into a FED honey pot and getting into some kind of watch list. Just like nothing is preventing you from putting your information into some kind of cat-fishing site by promising you HOT LATINA BABES IN YOUR LOCAL AREA. And the moment you enter your phone number, you get some call from a sketchy Indian Tech Support person is telling you that your computer has malware.

Is there a use case for VPN?

Yes, there is still a use case for VPN. With all the downsides of using Tor, a VPN can seem like the best option for reliability vs security. A VPN connection will be faster than a Tor connection. And most websites do not block VPN connections unless you are using services like Netflix or plan on blocking VPN. And alphabet boys are not sitting out there trying to catch pedis and drug dealers over the Tor network and monitoring your connection as a false flag.

What VPN should you use?

The VPN provider that I recommend is MullvadVPN. I am not sponsored by Mullvad. However, here are some of the top reasons that MullvadVPN.

  • Payment through Cryptocurrency
  • privacy policy that does not read like a law degree thesis
  • Has Native Desktop and Mobile Clients that are not dependent on Web Technology
  • Money back guarantee for 30 days

Mullvad is so good, that even Firefox uses MullvadVPN as a third-party distributor. However, you still have to trust these providers. At the end of the day, the internet should be trust-less means of communication, not trustful. The attempt to identify and centralize people over the internet is a foolish endeavor. You do not have to take my word for it as a former CEO of these large tech companies agrees with this stance.

In Conclusion

Online privacy is one of the most pressing issues facing the 21st century. So, Follow this guide to protect your privacy.

Leave a Reply