VPNs have become a huge market in recent years, with all of them offering essentially the same service but branded differently.
I’ve talked about VPNs before and how you likely don’t need one if all you care about is “privacy”. Otherwise it has some usecases for like downloading torrents or accessing geo-blocked content but that’s about it.
To synthesize, the VPN owners can see what you do instead of your ISP when you use a VPN. You better trust that they don’t keep logs and encrypt your traffic.
Who do you trust more, some VPN company, or your ISP? That’s a personal question only you can answer.
Privacy and “security” is what VPNs advertise heavily on. Security is nonsense from their part; there is no additional security to using a VPN. NordVPN for example likes to talk about the evil hackers in starbucks that will hack your wifi, but that literally never happens (not never never but not enough to justify paying them money for it).
In any case, all VPN rankings omit one very important fact: fed involvement. that’s security 101.
The CIA controlled an encryption company for decades (established after WW2): Crypto AG. They sold encryption machines to embassies around the world under this name, and it was only found out they were CIA in the 2010s.
We’ve known since Snowden about backdoors in Windows that allow the NSA to bypass encryption and spy on anyone they want.
And it’s a very glaring issue. Look at any of those rankings and they’ll talk about privacy and encryption protocols, and never once mention potential fed involvement or other causes for concern.
Even worse, if they do talk about it, they often talk about “Chinese” involvement. How the fuck did the discourse get so bad in just 10 years? They don’t even have anything to back it up. Meanwhile we have evidence of NSA and CIA involvement in encryption and surveillance.
NordVPN especially is strange. They advertise a LOT and always sell at a discount (which makes the VPN cheaper than most competition). ProtonVPN too, I don’t trust anything Proton ever since they surrendered info to the feds about one of their clients (an eco-activist). Secondly they are a “Swiss” company like Crypto AG, but were not founded by Swiss people.
So again, who do you trust more? Some VPN company trying to sell you a product under false pretences, or your local ISP company?
Don’t we also have to worry about DNS’s?
DNS providers only “translate” (resolve is the correct technical term) the websites you type in address bar to correct IP addresses, since websites are IPs and not alphabetical names. Nothing else is possible for DNS provider to know or provide. This translation service is what needs to be trusted i.e. DNS is not involved in spoofing or redirecting you to malicious websites for purposes like phishing or hijacking or script payload attacks.
Yes but I think the risk is lower.
I personally run my own DNS server, both to block ads/trackers/telemetry and because local DNS servers in my region cooperate with state censorship schemes.
That being said, the most information a DNS service can realistically provide is the domains you’re requesting. They can’t tell which pages you visited at that domain or what other information you may have exchanged.
Another theoretical concern is a malicious DNS provider which sends you to a fake version of the domain you want to visit - similar to those websites hosted at miss-typed versions of the actual URL, but with a malicious DNS you’d think that you’re on the correct page.