People worthy of suspicion are usually suspicious themselves and probably would use a VPN as a first line. Even if you find a VPN that really keeps no logs and is in a non-cooperating country, there's probably enough metadata collected which is likely precise enough to generally narrow down who your connecting with.

I'm not sure I would trust the VPS type doings either.

Hundreds of thousands, possibly hundreds of millions of VPNs are being used currently to access work networks all across the globe during the pandemic. VPNs are everywhere. Hundreds of millions of connections per hour. Distilling the nefarious usage from the good is not something that would be worthwhile, except to maybe catalog all VPN connections and then parse them individually using a supercomputer to weed out corporate from personal.

I agree VPNs aren't perfect, but they are better than a raw connection to the internet if merely for the added protection from ads and marketing data collection. Just because someone uses a VPN does not necessarily mean they are a bad actor.

To each his own. I worked in IT for 30 years and VPNs are ubiquitous and used constantly. Fear or not, they work.

I have since 2007. I have 2 VPNs running from my home network for LAN access from the internet. I'm not grouping the traffic by protocol or port. I'm thinking of certain entities that would group traffic by the dozens or hundreds of IPs associated with certain servers. If you don't think governments are subscribing to VPNs for that purpose, think again.

I'm suggesting that the VPNs offering public service and promising anonymity may not be able to make you anonymous enough.

I infer that the Utah Data Center has exaflop machines with enough storage to hold about 1 TB of data for every IP address on the planet. I base that on info that's 2 years old.

I wasn't even aware of them until recently. I do ALL my business on the interwebs and if it is worthwhile, I certainly don't mind another tax write off.

I do manage a VPS machine for my own use ... as backup for the email server that I run and as a remote "place to stand" when I'm poking at the Internet. But yeah, I wouldn't trust them more than necessary!

I can't think of a reason to trust any VPN service. There is just too much useful information flowing through them to assume that they are secure and are going to remain secure.

The end of the article has some good advice:

delivered via land lines, or a virtual network, whether method, were absolutely hands off for monitoring (other than the normal flow of all traffic via that pipeline to ensure that the network itself was working aok).

Listening in on communications on the links themselves were absolutely a no no too. You would get fired (and you should be). We had it in our annual rules of business conduct we had to read and sign off on.

I truly respected the company (it was SWBT back then, now ATT) for its strict adherence to these guidelines.

Well, any student of the NSA will tell you that they have been vacuuming up all the calls they can get their hands on for decades.

James Bamford in 1982's The Puzzle Palace (*) reported that the NSA recorded everything they could get their hands on, and legally only considered it intercepted if reviewed by a person.

But the value of recording everything is much less if it's widely known that they're doing it!

They work if you get the right one.

Hundreds of millions of VPN connections are made each hour around the globe during this pandemic in all sorts of business scenarios. There is a difference, though, in that these are point to point connections and thus more secure, but the technology is the same.

If your provider is in the right country and does not have to comply with logging requirements then your most likely safe. Payments to most providers can be made with bitcoin or even cash in a mailed envelope. You can create an email exclusively for your vpn activities not tied to any other email and thus you have an even smaller footprint.

If you feel the need to get a vpn, do some research, learn about them and make an informed decision.

Other than checking the hosting country, how exactly do you research a VPN? Google?

Being hosted in Hong Kong now makes you vulnerable to Chinese government snooping.

Being hosted in the US makes you vulnerable to our own government snooping.

Being hosted anywhere makes you vulnerable to the bad behavior of the people running the VPN ... either intentional or accidental (e.g. not keeping their systems secure).

Even if they're being run responsibly today, they will always be subject to the laws governing the host systems. Just look at what China is doing and what our government is trying to do.

I'm all in favor of VPN services run by corporations to get their employees safely into their internal networks. They have reasons to keep the system secure.

So of course, VPNs *can* work. But the commercial VPN services that sell to the public and are hosted in Hong Kong? Trust them?

I've been in IT on & off for 40 years. Since the Internet was still called Arpanet

Welcome to the VPN Comparison! This section is meant to be a resource to those who value their privacy, specifically those looking for information on VPNs (that isn’t disguised advertising). When I started down the path of retaking my own privacy, there was very little unbiased and reliable information with regard to VPNs.

https://thatoneprivacysite.net/#detailed-vpn-comparison

You'll note that all the VPN services mentioned in the article *claimed* they did not keep logs. And they all did.

It's tough to do a VPN comparisons when they lie to you.

Two people can keep a secret as long as one of them is dead.

Yes, fortunately ouija boards have not proved to be very useful!

I've long advised people not to put anything in email that they don't want to read in a newspaper someday. The same should be said today about anything you do on the Internet

Thanks for the heads up.

When you browse websites, there are several points where your privacy could be compromised, such as by your ISP or the coffee shop owner providing your WiFi connection. This page automatically tests whether your DNS queries and answers are encrypted, whether your DNS resolver uses DNSSEC, which version of TLS is used to connect to the page, and whether your browser supports encrypted Server Name Indication (SNI).


https://www.cloudflare.com/ssl/encrypted-sni/

Interesting link, thanks! Though I hadn't heard of 'encrypted SNI' before, it appears to be a reasonable idea, if not exactly taking the internet by storm.

In particular, if your web service is being hosted on a non-shared machine, then encrypted SNI buys you no additional security, since the IP address of the service is unique enough to determine the web server's identity.

But still, it's a step in the right direction.

On July 6, Chinese authorities forced through Article 43, a collection of new regulations that gave Hong Kong law enforcement sweeping online surveillance and censorship powers. These rules are an extension of China’s National Security Law, which cracks down on “separatism, subversion, terrorism and foreign interference.”

These laws give Hong Kong police the ability to put people in prison for sharing content online that the government considers “offensive” and foreshadow increased surveillance. There is little doubt the Chinese government will use these exceptional powers to crush Hong Kong’s pro-democracy movement and strictly curtail the freedom of expression.

In light of these developments, we have carefully considered whether ProtonVPN will continue to maintain servers in Hong Kong. After much deliberation, we have decided to keep our servers in Hong Kong, not only because we believe we can keep them secure, but also because we believe in fighting for Hong Kong.


https://protonvpn.com/blog/hong-kong-servers/