Hi
I am on Nextdoor.com and one of our neighbours has given a link about using a VPN does not keep your activities private:
Here's how your ISP and the entire internet know that you're using a VPN. I have not clicked on this. Does anyone here know if this is truthful?
Yes, it is truthful in most part. A VPN doesn’t hide an IP address. It assigns a different IP address as being that of the connection. An IP address still exists, which is that of the VPN.
It is possible to check if a publicly known VPN is being used. Some IP search websites give information if a public VPN is used. Many VPN IPs are on public registers (‘blacklists’) and can be used to determine if a VPN is being used. It is worth noting that Choice and Moderators use connection information, including if VPNs are used, within this community. This is especially for new member accounts, to check the account is likely to be genuine or not.
This website explains this a bit more:
However, with private VPNs, such as one set up by an organisation for its employees to use for remote access or a home router set up to be a remote access point when away from home, it is difficult to determine if a VPN is used. This is because the IP address will be that assigned to the organisation/household. Such IPs won’t be assigned in registers as being a VPN, but, their purpose of hiding one’s IP address isn’t possible as the organisation/home IP will be visible.
In some countries, such as Russia, China, and North Korea, they actively block VPNs by blocking their IP addresses using IP address registers. A VPN business could try and circumvent these blocks by obtaining more IP addresses registered to their servicers, but, this is only a shot gap solution as any new IPs will be blocked shortly thereafter (‘whack the mole’ scenario).
And is is worth outlining the requirements of the Telecommunications (Interception and Access) Act 1979, namely:
While a VPN can encrypt your communications, the TIA Act still applies to the underlying telecommunications data. If law enforcement or security agencies obtain a valid warrant, they can access the data, even if it is encrypted by a VPN.
Further to this, it has been found that due to legislative obligations for users of the VPNs, many VPNs collect user data even if they indicate that they don’t collect such data. They say they don’t for marketing purposes, but, this is often misleading. Basic metadata is connected to ensure that it is available for law enforcement agencies when requested, even if the law enforcement agency is in another jurisdiction. This is possible as the reach of law enforcement is further than the borders of the country where it is legislated. Many countries, including Australia, have reciprocal arrangements for the collection and sharing of such data. Where these reciprocal arrangements don’t exist, like some of the countries outlined above, there are other substantial risks of using VPNS located in such countries (such as a foreign government logging one’s internet activities).
With many countries having IP filters, which includes Australia, VPNs will collect metadata information even if they say they don’t so that they aren’t in position that a country blocks their IPs because they fail to meet legislative requirements. This can destroy their business model.
So, one can’t assume that VPNs delivery full privacy on the internet as they don’t. They might hide IPs one is visiting from their internet service provider, but, it doesn’t prevent this data being collected downstream. Often those which are caught using the internet for illegal activities, use VPNs thinking that they guarantee anonymous use of the internet. They only find out the limitations to this belief after they are caught.
VPN use for bypassing geolocating etc is also becoming more limited is also outlined in the article and also the additional link I posted above.
Their main advantage is moving towards providing secure encrypted connections when one is using insecure connection such as a free public WIFI or a connection where the connection could potentially have eavesdropping abilities (such as using a internet connection at work or place of education). But, even with more advanced internet security being adopted in some business sectors (e.g. financial industry), they are blocking access to online accounts when VPNs are used. This is because it is difficult for them to immediately track the source behind the VPN when access is required.
Choice’s article on VPNs is also worth reading as well:
There are ways to make your usage a little more obscure when using a VPN to most of the internet. VPN exits are however known (or on change are quickly discovered). Some people in China do bypass the Great Firewall of China (GFC) for example by using some techniques. They disguise their traffic as something else, so it slips past as innocuous data rather than something the GFC is supposed to block. Then there is the concern of who is an ethical VPN provider and who isn’t. Sticking to most well know VPN providers is a great start to achieving some sort of security.
I should have also said, some VPN providers make statements such as the country they operate, don’t have laws which mandate metadata collection - thus they can provide privacy not afforded elsewhere.
While this correct, legislation mandating metadata collection is only part of the bigger picture.
Ask the same VPNs if they receive a warrant, court order or a statutory order from within the country they are based (these can be instigated by foreign authorities where reciprocal arrangements are in place), will they ignore these orders to maintain their policy that they don’t collect data because the country they mandate doesn’t require metadata collection. They can’t guarantee this will not occur otherwise they might be in hot water.
This is where the ‘privacy’ claims fall down and can be easily misunderstood by VPN users, including those who use VPNs for illegal activities in the countries they are based.
One needs to also understand reciprocal agreements for intelligence data sharing which are also in place between countries to fully understand the risks, something which isn’t in the public domain for obvious reasons.
So when using a VPN, one can assume some level of privacy if it is a good VPN provider and their service isn’t used by someone for illegal activities (a huge ask and highly unlikely), otherwise one should assume that data collection and leakage can occur. Alternatively one could use a VPN in a country which are unlikely to have reciprocal arrangements in place (potential ones I suggested above), but live with the risks of not knowing if someone/foreign government agency is monitoring all your activities. The latter is one of many risks.
Here’s how your ISP and the entire internet know that you’re using a VPN
A short version: The purpose of using a VPN is not to conceal the fact that you are using a VPN.
To make an analogy … you put a lock on your front door in order to keep the bastards out but that in no way conceals the fact that you have a lock on your front door.
That is a very very broad topic. An entire forum could be filled on that one topic - and using a VPN would only be one small part of it.
General comment: If a VPN does not meet your requirements then maybe look at TOR.
While both are true (both are absolutely real possibilities) … if you have sufficiently attracted the attention of enough governments then a VPN can be broken just by traffic analysis without any legal shenanigans
e.g. let’s say that you access a site in country Z that hosts content that is illegal to access in your country, country X. Let’s say that you use a VPN that is located in country Y and let’s suppose that country Y is unlikely to cooperate with either country X or country Z. The authorities will watch all traffic going into and out of that site and will correlate that with traffic coming in and out of country Y, where correlation includes packet timing and packet lengths, matched requests and responses.
Unless there is enough traffic to swamp this approach utterly, they will eventually detect you.
Which leads to a Catch 22. You can provide your own VPN, which won’t be blocked by any authoritarian regimes and won’t be detected as a VPN by any web sites that just don’t like VPNs but you will be very vulnerable to traffic analysis. The bigger the VPN, the higher likelihood of detection as a VPN but the less vulnerable to traffic analysis.
You can also mix a VPN and Tor. Or go sort of incognito with TAILS or similar such as Whonix (which has Tor). Depends on the need and why you want to use the tools.
For those interested in TAILS and Whonix
Another that may interest some is Qubes
Some comparisons
To keep up with a language I spoke fluently as a child I had to log into servers in a country that charges for TV licences and computer use when streaming or watching catch up TV to hear the language spoken and apply for a course.. I originally used Mullvad VPN but after a week I received a warning advising me that the sites content was not available to me in Australia.
I switched over to Surfshark and have had no issues creating an account and logging in .A friend in that country let me use her address on the account application form . I even get a monthly email news letter . Surshark allows me to create email addresses on the fly . Comes in handy . Also they are not a member of 5 or 9 eyes . Nord VPN is their parent company . I have used their customer support twice . Excellent thorough and courteous service .
Love the door lock analogy! Keeps it nice and simple for those of us less tech savvy. Will use this analogy at work!!
