What are the pros and cons of a VPN for privacy

Question

Recently I have been getting more and more interested in the security (privacy and anonymity) issues of my online life. Not that I have anything to hide, or that what I do online is so interesting to others, but I just want to know what I can do to remain as safe (and anonymous) as possible.

I feel it is my right as a citizen of a free, democratic, society to be anonymous when I want to be. Not because I want to do anything illegal, but because I feel my privacy is being violated by big companies like google, facebook and even by my own government.

So that is why I have been looking into methods of ensuring my online anonymity (and therefore freedom). The best method I have found so far (as a noob in online anonymity) is a VPN (as opposed to tor, which is too slow for my day to day surfing needs). They offer a multihop VPN, use OpenVPN, aren't terribly expensive, don't log data and provide anonymous methods of payment.

My question is: is a VPN a good method for ensuring my online anonymity? More specifically:

• How do I know if I can trust them?
• What are the risks of using a VPN service?
• Would transferring my online activity to servers abroad mean I am subject to the laws of those other countries, or would I still only be subject to the laws of my own country?
• Can I relay my (imap and smtp) email traffic through them?
• Can I use the service combined with Tor and Tails for extra security, or is that not possible (or useful)?

I hope the questions are clear enough, and to be perfectly clear about my intentions: I am not a hacker looking to cover up my tracks or anything. I wouldn't even know how to hack something if the password were written on my forehead: I am just a person concerned with my online freedom, see also: reasons for anonymity

Answer 1

I have to say that in my opinion, VPN is very overrated in terms of privacy.

It's meant to tunnel your private data over an insecure medium, so provide confidentiality from your VPN client to your VPN server, and only between these points. The way from your application to your VPN client and the whole way from your VPN server to your wanted destionation does not include that! And it does not mean your destination won't know you're using VPN!

If you're an employee and need to do work in your companies network, fine, thats the purpose of VPN, but otherwise you have to distinguish your enemy:
Do you just want that one website you're visting to not know where you are? Maybe VPN is still ok.
Do you not want your authorities to know that, too? Hell don't even think about using VPN.
Your VPN provider will give out anything, and thats all you wanted to hide. He won't risk his business for you! No, even not if your providers country is different from yours. International "crime"-fighting is more organized than ever. And yes, downloading that one music title you'd never buy for money counts as "crime".

---

But you asked what you CAN do for privacy. There is something still exploitable to gain what you're seeking. Up to, I'd say 99% safety:

Prepaid mobile internet, it's cheap nowadays, and you can buy the SIM-card, the connector for your computer and the credit with the last anonymous payment method: Cash!
Of course you have to keep some important things in mind as to secure your computer (especially to not disclose information), just use it in crowded places, etc.

---

But as anything in security, the whole system is just as weak as the weakest member: One login with a real identity, one prepaid credit paid with your card, and you're (theoretically, but don't hope for something better) back to your current situation.

Answer 2

IMHO - very legitimate question.

The way Luzlsec got busted - is through VPN company (HideMyAss) providing police with logs.

" HideMyAss (HMA) keep logs and as a UK company when given a court order to cough up information, they do so. After matching timestamps to IP addresses, in the blink of an eye Luzlsec member ‘Recursion’ became 23-year-old Cody Kretsinger from Phoenix. The FBI had their man."

So - it's important to make sure your VPN company keeps no logs whatsoever. Here's a good post comparing VPN providers that share or don't share posts:

http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/

Answer 3

A VPN can be a very good way of ensuring your online anonymity, and can be a very practical solution as well. However, the best way to protect your online life from others would probably be using the Tor browser bundle. (Free and open source)

Tor is a large network of servers worldwide, which you connect through with encrypted data whenever you want to reach a service. You usually go through three servers or so before the last server sends your request to the site you want to visit.

You can read a lot more about Tor on their website: http://torproject.org

As far as i'm concerned this is THE BEST way to stay private online, though you might for practical reasons still choose to use a VPN. For an example when you use the browser bundle, it's only the traffic of the tor browser that goes through the tor network, where a VPN sends all your traffic through the VPN server. Also with tor you might run into having to type in an quick and easy captcha in order to make a google search because of the heavy traffic some of the tor servers deliver to google, though i don't find that to be too big of a problem.

Edit:
I see that you added some questions about using imap and smtp, and i would just add that you can relay all your traffic through Tor if you know how, but it might be hard work to set up, where as mentioned before, a VPN typically sends all your traffic through the VPN server once you've connected.

As for the pros and cons about using a VPN, the pros are that it's easy, encrypted and quick. The con is that when you use a third party provider, you have to trust in them to not log your data and hand it out to others.

Answer 4

Privacy and security are just concepts. To deal with them you need a conceptual approach.

Just think about your vulnerabilities: in which situations of life you feel somebody might be trying to collect information from you to take some kind of advantage.

If your answer is "all the time" then you'd better refrain from using any digital system that involves telecommunications.

Otherwise here is my approach: if you live in a developed country

• chances are that you will have lots of places where you can connect to the Internet, with your own computer or using others' resources
• you can buy second-hand computers so it will be more difficult to trace you as a owner (mostly if you pay in cash to some person you will met once in a lifetime, to buy a computer advertised in an online forum)
• you can use prepaid Internet access, as already said in this website
• use free online resources (email addresses, etc) and do not give your real identity if you do not want to
• keep handy a bootable USB memory drive with a Linux live distro, or a Boot copy of Windows, this way you should be able to use a computer elsewhere and leave no traces of you using it (other than your fingerprints...)

Any HW/SW you may think of will protect you from some issues, but security is a concept.

Answer 5

It's easy to set up a multihop VPN using two different (competing) VPN vendors.
First establish a L2TP VPN connection to Vendor 1.
Then establish an OpenVPN connection to Vendor 2.
(A double tunnel.)

Vendor 1 can see your 'real' IP but only sees encrypted exit traffic.
Vendor 2 only sees Vendor 1 IP and then the unecrypted exit traffic.

Virtually impossible to trace back to 'real' IP unless both Vendors are compromised.
(Note: Some VPNs refuse connections from other VPNs. Most do allow these connections.)

It's a cool setup. Simple and easy to use. Works great.
Just FYI.