If you’re using a VPN to stay safe, this will anger you.
You were told a VPN would shield you. Protect your data. Keep you anonymous. But what if the tool you downloaded for privacy was literally designed to watch you?
This video uncovers the full story behind the most dangerous VPN ever made—used by Facebook to spy on teenagers—and how today’s most trusted VPNs are following the same exact blueprint.
If you’ve ever felt unsure about who to trust online, this video will give you the receipts, the checklist, and the countermeasures you actually need.
Inside this video, you’ll learn:
• How Facebook turned a “privacy app” into a surveillance weapon
• The Israeli cyber intel unit behind Onavo and why it matters
• What Project Ghostbusters did to break HTTPS encryption
• Why 20+ top VPNs are secretly owned by spyware vendors
• The real story behind ExpressVPN, Kape Technologies, and fake “independent” review sites
• The 7-point checklist every VPN must pass to be trusted
• Better tools to protect yourself: DoH, hardened Firefox, Tor, browser isolation, and more
VPN originally meant ‘virtual PRIVATE network’. And it is still used that way, where security matters. Virtual private network meaning it connects someone’s private resources into a virtual network not accessible to anyone else.
The ‘VPN services’ you are talking here about are quite different. They use the same technology, just to tunnel traffic through a third party server. Third party - that is opposite to ‘private’.
I do use VPN a lot, but to securely connect my devices over untrusted network (internet). But in this case I control both ends of the VPN tunnel. Or my employer controls that for my work traffic. That is the legitimate use of VPN.
The other ‘VPNs’ are just ‘foreign IP as a service’. Still useful, but I have they being called VPNs and advertised as a privacy solution.
Very good point.
Really, these are just ISP endpoint selectors… they’re not really a P2P VPN
A VPN is not a privacy tool. Any VPN being sold on the claim that it protects your personal data is lying.
Yes a VPN can help, but simply using one does almost nothing, by itself, to protect your privacy.
Would you care to expand upon this point? I know that a VPN is not going to protect me from everything, but “almost nothing” seems harsh.
I would like to know more.
You just move your trust from your ISP to the VPN.
For many, that might be a sensible choice though. It also moves trust from Google to the VPN as well.
It’s all a question of threat model. If you are a government or megacorp whistleblower, don’t use NordVPN. If you want to get around regional restrictions and general tracking, VPNs are nice.
At least in the US, we 100% know our ISPs are evil and spying on us.
I can take a stab at this.
So let’s talk Internet traffic first. When you go to a website, your device first has to do a DNS lookup to find out the IP address that corresponds to youtube.com. The DNS server sees your IP address and probably logs that request, and that it has responded. Next, your browser attempts to connect to the IP, get a response from youtube, and render it.
If this was back in the day, youtube would probably let you connect with an unencrypted connection -
http://youtube.com/, but pretty much everyone uses https these days (SSL encryption).Encryption is basically just a way to secure a connection from eves droppers (namely, your Internet service provider/government). But the end points of the encrypted communication (in the example above, your device and youtube) is decrypted at your browser and at their servers. All your ISP can see is the DNS lookup (assuming you are using their DNS servers, or that you aren’t doing something like DNS over HTTPS - encrypted lookups), after that all the youtube traffic is encrypted so your ISP just sees a bunch of data going to a specific IP address.
So what does a VPN get you?
Well, now your source IP when you reach youtube isn’t your phone or your home in Ohio, it’s wherever that VPN terminates. This is probably the best use for VPNs - to get around region locks.
Your local ISP only sees the DNS request, then a bunch of encrypted traffic (same as before).
But critically, the VPN owner can log every single bit of unencrypted traffic that passes through. Also, they can link your behavior to a paying account via username/password and payment methods (not great for privacy). They effectively fill the role of your original eves dropper - your ISP.
So what did using a VPN actually do?
- Your ISP no longer knows as much about your browsing, so I guess that’s good.
- But now another 3rd party knows as much as your ISP did prior to using the VPN.
- Your ISP doesn’t know your DNS lookups now, but your VPN provider might.
- SSL traffic is still encrypted regardless - no change here.
- YouTube doesn’t know your device’s original IP (maybe).
The only other thing I’d say is that VPNs + torrents can may e protect you from DMCA take down notices. It’ll be that VPN termination IP that shows up in trackers, not your ISP provided IP.
I think I’m dramatically overestimating normal people’s understanding of computers.
I know a VPN isn’t a cloaking device. I just want my ISP to not know what I’m looking up, and my website top not know where I am located.
Yeah the whole reason I started using a VPN was because the United States government made it legal for Internet service providers to sell our browsing data, and I am forced to use Comcast due to a monopoly in my area on broadband Internet, and I want to give them as little profit as possible.
A VPN will help with the first, but probably not the second item.
GeoIP lookups will get fooled by VPNs, but that’s not the only way to figure out where you’re located. A browser leaks a ton of information that can be used to validate your location, and public VPN endpoints are fairly well known (that’s why you can see YouTube/Netflix blocking known VPN egresses.
Knowing I’m using a VPN is not the same as knowing where I’m using it from.
The browser thing is bloody irritating, though.
Also web tracking is not stopped in any way by VPN.
People buy a VPN, log into Facebook and Google and expect to browse privatly…
It’s kind of like if you hired me to browse the internet for you.
Am I gonna protect your privacy?
If you don’t trust me - random guy - why trust VPN company - with vested financial interest in collecting and selling your data?
Not to mention browser issues.
A VPN just means you’re relying on someone else to obscure your identity. It can absolutely protect your privacy, but it’s fully dependent on trust.
Really comes up against what you want to protect yourself. it can be a privacy tool , its not a anonymous tool.
This is literally exactly what the video explains from 10:30 on.
(Edit: autocorrect)
Except the video took 10 whole minutes to get there and probably wasted more than 2 sentences describing the problem.
I hate videos that could just be a 2-minute read.
The video is about a whole lot more than just that. I found it quite info dense and appreciate that someone posted it here
Pooling connections does really mess with fingerprinting though
In Mullvad I trust
Tl,DR Bad scammy vpn are terrible and kape / nord are terrible same for the norton owned vpn.
lol
Marketing team. We don’t log
Sysops team. We log
Mullvad doesn’t log AFAIK
Is Mullvad still legit? Never seen them engage in these kinds of shady business practices, at least not outwardly.
EDIT: Video confirms it as one of the good ones.
Even if mullvad logs, if you pay them in Monero, they don’t even know who you are
If Mullvad logs you’re potentially fucked no matter the payment method, if the authorities get your real IP address they can just track you down through your ISP.
I’m not in a place I can watch this now so anyone got TLDR if they recommended any good ones ( and feedback if this video itself is scammy or just shilling for some company)
Surprisingly good video with thorough details and good advice. I say surprising because ive seen more than a few talking-head style youtube tech presenters that are all fluff surrounding what’s ultimately an ad, and no valuable content.
I wanted to add that i think AirVPN is worth adding to her list of good providers. Her list was: ProtonVPN, Mullvad, IVPN.
- no free/unpaid user tier
- no logs
- client agnostic (works with openVPN and Wireguard protocols)
- their provided client (EddieVPN) is completely open source
- client has kill switch (blocks any traffic external to vpn to prevent leaks, no traffic if client disconnects)
- account can be completely anonymous (accepts Monero, Bitcoin, etc. Email account not even required)
One red flag in that they do not independently audit the no logs claim, the reasoning seems that they downplay the value of it and say the cost-benefit is not there for them. A server audit is never truly independent (the VPN provider is the playing client of the auditor). They do however pay for independent pen tests and bug bounties.
So according to her checklist of red flags and requirements of a good VPN AirVPN has one red flag and meets all other requirements - this is the same level of qualification (or better) than the other VPN providers she did advocate for. Eg: ProtonVPN does allow free users, that’s a red flag on her criteria.
I would also say that VPNs are not a monolith and that they have niches. If you just want to download torrents and not risk a corporation emailing you a summons, AirVPN is a great choice. If you’re a political dissident or reporter aiming for guarantees of privacy then ProtonVPN is a great choice.
I have some issues with proton but I feel like the free tier thing doesn’t really apply to them since they provide other services and use it as a loss leader to get people onto their ecosystem. Their business model is fundamentality different from other “free” vpns because their trying to build essentially an alternative to the Google suite
Their absolutely atrocious record with what they claim to be open source apps is a much bigger issue imo
Agree on that it may be an exception for Proton with your reasoning.
I’ve heard this before about Proton’s issues with releasing source code in timely manner or at all but didn’t know much about it so I just looked up more info; it seems at least their VPN client does have all the source code publicly available though (for each OS it’s available on). Whereas they do have holes elsewhere in unprovided code for various Proton service clients.
TL;DR, The Lobotomites are getting what they deserved.
That’s why I don’t use a VPN company. I use Google VPN.
No slimy VPN data slurper getting my skinny.
Might as well not even use one lmao
