So I’m pretty recent to the high seas but I’ve seen a few posts now about “stop relying on your VPN” and “people that think VPNs will protect them are naive” and so on.
So since I believe knowledge is our greatest weapon/tool/super-power, can we get some answers regarding what exactly the doomsayers are getting at? ELI5 why VPNs wouldn’t protect your anonymity.
Is it about logging? The country your end-point is in? Something more technical?
Ultimately I’d like to be fully armed in order to keep making the best choices for my fledgling ship as it navigates the vast, stormy seas.
And encrypting your traffic so your ISP can’t definitively see what you’re doing. They can guess, but they can’t definitively tell. That encrypted traffic is a shield for your ISP. When an IP holder demands something, the ISP can say it is encrypted and they can’t read it. It forces the bulk of the work back onto the IP holder. If your VPN is doing what it claims to do, then the work of that IP holder gets extremely difficult to downright impossible.
Every site on earth has been using https for multiple years. The only thing that is visible to your ISP has been the server’s address for a while. VPNs just got encrypt that as well, but that’s about it.
And yet, if you use a cheapo VPN with a well-known address (shared IP) sites like Amazon, or even Wikia will block you. Why? If most of your information is ‘private’ anyways, why go through the step of preventing a potential customer/user just because of their IP?
Because in reality, even such a minor thing as a dinky $3/month VPN is a huge headache for people trying to farm relevant information from you. Public Cookies, Basic Telemetry, and really any sort of ad-relevant data is pretty much publically available to any interested party, and even the simplest VPNs screw that up to a large degree.
People don’t go out of their way to spend a couple of bucks on a VPN and reserved IP because they think they’re gonna defeat the CIA or become a Net Ghost, they do it to get around region locks, IP bans, localized pricing (and yes to pirate their favorite movies/video games).
This isn’t why. They refuse service because a large part of DDoS, scam and generally unlawful trafic comes from VPNs (because the criminals are the ones interested in masking their true IP, for police evasion). If your site has a payment form, it is financial suicide to not block common VPN IPs because carders will use it to test their ill-acquired cards. If your site has a way to make a request that cost a lots of resources, you want to block VPN IPs because otherwise your site gets DoSed to hell and back by anyone who has a problem with you. The collateral damage of blocking people who deny you one data point to track them is completely acceptable to these businesses.