On Sun, Aug 7, 2022 at 11:36 AM Michael <confabul...@kintzios.com> wrote: > > The best a well configured VPN tunnel can offer is a secure connection between > client and VPN server, which is handy if you are out and about using untrusted > and insecure WiFi hotspots. > > The only other reason for using a VPN service is to present a different > geolocation for the purpose of overcoming country-specific website > restrictions.
I think ONLY is a bit strong here. A VPN effectively makes it impossible for your ISP to know who you're talking to, and it obscures your IP from hosts you are connecting to. Sure, there are ways to defeat this, but most of them are only applicable for state-level actors, and the methods available to ordinary companies can only identify at best a unique browser profile, which only lets them correlate traffic with those they share info with to the degree that you use a single browser profile across those platforms. For non-web traffic there are generally fewer attacks available. Many of the attacks that are often cited like DNS-based attacks are not that difficult to prevent (eg by ensuring your DNS traffic goes out over the VPN). If there are sites you browse using a different browser profile (ideally on a VM/etc), and you never use that browser profile for ecommerce or activity associated with your normal social media accounts, then it is unlikely that those sites will actually be able to identify you. Really the biggest pain with the VPNs is the number of websites that actively try to block connections from them or flood you with CAPTCHAs. Many more mainstream social media sites/etc also effectively require association with a mobile phone number, or trigger this behavior if they don't like your IP address. Obviously VPNs can be abused to attack hosts or evade bans and generally cause trouble, which is a frustration for those who simply don't want companies to know who you are. Bottom line is that just because the NSA can track your connections doesn't mean that every random webserver on the planet can do so. The few government agencies that are likely to be that well-connected are also very interested in keeping the extent of their capabilities hidden from each other, and so when they intercept your data they're going to guard it even more carefully than you would. A solution doesn't need to be able to defeat the NSA to be useful. -- Rich