Is your VPN Legit or Shit?
Those of you who frequent the darkweb should be familiar with VPN (Virtual Private Network) services and have done some research to find a trustworthy provider. For readers who are just starting to explore the darker catacombs of the Internet a VPN is a mandatory tool for online anonymity.
But not all VPN services are created equal.
A VPN provides a secure connection between your computer and the VPN servers. All communications between your computer and the VPN are encrypted and sent through a secure tunnel over the Internet, preventing outsiders from spying on your web activity. You can securely connect to a VPN service and surf the web from their servers, using their IP addresses.
There are lots of reasons to use a VPN service such as establishing a secure connection over an insecure network, accessing censored or region specific web content, or hiding p2p sharing activity that is often frowned upon in the US. But if you’ve made it to DDW you’re probably starting to understand that there are parts of the web where more nefarious things happen (which DDW acknowledges but does not condone) and anonymity is of the utmost importance.
The connection between your computer and the VPN is secure, but the connection between the VPN and the rest of the web isn’t. Your activity on the web can be monitored and traced back to the VPN IP addresses, but cannot be traced back to your own IP address. When you use a VPN no one can trace your web activity back to you (insert obligatory meme).
A VPN service’s main selling points are security and privacy, but privacy is interpreted differently among VPN providers. Just ask former lulzsec member Cody Kretsinger (a.k.a. recursion), how private his VPN service was.
Kretsinger used a popular VPN called HideMyAss and engaged in activity that linked him, and his online persona “recursion,” to several high profile hacks, including unauthorized access to servers controlled by Sony Pictures. As it turns out HMA keeps logs of users’ IP addresses and logon/off times. A UK court order was issued to HMA to turn over the logs related to the offending account, which were then used to identify and arrest Kretsinger.
VPN providers can log web activity over their network, but it is more common to see VPN providers log users’ IP addresses, logon/off times and bandwidth usage. This logging activity allows providers to identify individuals abusing the service for fraud and spam, but in doing so they acquire information that can be used to identify individual users.
You can be absolutely sure if a VPN provider is pressured to cooperate with authorities and they have any information to identify you as the suspect you will be up shit creek and you will be there without a paddle. No one is going to go to jail for you.
This is why some VPN services go out of their way NOT to log any information that could possibly identify their customers. They cannot be forced to hand over incriminating information that they do not have.
The Devil is in the Details
Good VPN providers state that they store “personal information” necessary to create an account and process a payment (for example: name, e-mail address, payment data, billing address), but state that they do NOT log users’ IP addresses, logon/off times, or bandwidth usage.
Great VPN providers go a step further to minimize the amount of “personal information” required by accepting bitcoin or other cryptocurrencies, eliminating the requirement for billing information. This further insulates the user’s true identity by requiring an as little information as an e-mail address to create an account.
An honorable mention must go out to VPN provider MULLVAD who do not even require an email address. Visitors to the website click “create account” and they are given an account number without entering any information at all.
VPN Providers to Avoid
If you intend to use a VPN to hide your p2p activity on the web or go to the other side of the great virtual divide we recommend that you steer clear of these VPN providers. We want to be fair, VPNs who make this list are not “bad” VPN providers but they do participate in logging activities that put their users at risk. These VPNs do not provide true privacy on the web.
Privacy Focused VPN Providers
The following is a list of ten VPN providers who openly state that they do not log any information that may be used to identify anyone using their VPN service. To be considered as a privacy focused VPN provider the service must have the following qualifications:
- Does NOT log any information that could be used to identify the user.
- Requires minimal personal information to sign up.
- Accepts cryptocurrency.
You will note that there are VPN providers based in the USA on this list. It is a common misconception that US VPN services are legally required to log activity on their network. This simply isn’t true, but they are still required to cooperate with US law enforcement while other countries are not. Required cooperation is partly the reason they dutifully do not log activity on their networks. These companies cannot be held liable for withholding information they do not have. Choosing a VPN service, and which country it is based in, is up to you, but we do not want to discourage people from supporting small businesses in the US based on hearsay
Anyone concerned with their privacy for any reason should consider one of the following VPN services. As a DDW Disclaimer: You shouldn’t rely on a VPN provider to protect you from the authorities. It’s really best if the authorities don’t have a reason to be looking for you at all.