So I’m pretty recent to the high seas but I’ve seen a few posts now about “stop relying on your VPN” and “people that think VPNs will protect them are naive” and so on.
So since I believe knowledge is our greatest weapon/tool/super-power, can we get some answers regarding what exactly the doomsayers are getting at? ELI5 why VPNs wouldn’t protect your anonymity.
Is it about logging? The country your end-point is in? Something more technical?
Ultimately I’d like to be fully armed in order to keep making the best choices for my fledgling ship as it navigates the vast, stormy seas.
Depends. There are varying levels of opsec and you need to tailor your precautions to the level of your opponent. In my country ISPs must deliver data if asked by a court. They can only ask for a specific IP address at a specific time. And then they would get my address. A VPN provider outside of my country doesn’t give a crap and ideally also doesn’t have any data to begin with. There is no way for the content industry to collect data beyond the ISP. First, because there is no legal right for them to get that information and secondly because it’s too expensive. Now, if you are trying to hide stuff from the government, then I’d argue that a simple VPN is not enough.
It takes so much more resources to get your data outside your country. And if your country is not part of 5-9-14 eyes, you should not be using your countries vpn at all.
Like I said, if you’re trying to hide from your government, your opsec requirements are on a whole different level than those of someone trying to download a torrent. You don’t need to use TOR over a public wifi while booting Tails from USB on your laptop if you want to download Fast X. A VPN that is either not required or even better just cannot provide information to the content industry is quite sufficient in that case.
The five eyes stuff is dumb. For starters, this is is a technical question, not a political one. If your OPSEC relies on guessing where the CIA does or does not have resources, you fucked up.
I can assure you, the CIA is perfectly capable of buying colo racks in Slovakian datacenters.