So I’m pretty recent to the high seas but I’ve seen a few posts now about “stop relying on your VPN” and “people that think VPNs will protect them are naive” and so on.
So since I believe knowledge is our greatest weapon/tool/super-power, can we get some answers regarding what exactly the doomsayers are getting at? ELI5 why VPNs wouldn’t protect your anonymity.
Is it about logging? The country your end-point is in? Something more technical?
Ultimately I’d like to be fully armed in order to keep making the best choices for my fledgling ship as it navigates the vast, stormy seas.
That sentiment isn’t so much about piracy, but general security. Do keep in mind that the NSA can easily sniff your VPN traffic, even through logless Mullvad in theory, and access your account information to correlate and deanonymize you via subpoena. This is done routinely, and there are thousands of illegal subpoenas done yearly with no repercussion. Fortunately it seems the NSA is only going after heinous criminals, but that could also change. To be truly NSA safe is nearly impossible - did you know your password can be determined by a simple audio recording of you typing it? The NSA has frequently snuck into private residence to install keyloggers as well. What will a VPN matter in such a case?
So a VPN might prevent a DCMA notice from your ISP, but if the NSA starts caring about piracy y’all are out of luck.
The NSA is always going to have bigger fish to fry than busting individuals for IP violations. Risks exposing their methods in court and allowing their real targets the opportunity to harden their security even more. It would be an incredible waste of their resources.
They’re pretty exposed already, and in my opinion their targets probably can’t do much to protect themselves unless they are part of a foreign government, like the Kremlin. But yea they haven’t gone after piracy yet.
Can you say more about this?
The NSA has unlimited legal power in this context. They can legally go to any US VPN, copy all traffic onto their massive servers, and use it as they want. They probably already do this, although that claim is unverifiable. That traffic contains your IP address and the websites you’ve viewed, clear data of torrents you’ve downloaded, etc. Mullvad, being outside its jurisdiction, is possibly safer, but presumably since they operate servers in the United States at least those could be sniffed. There is precedent for all of this.
While it’s unlikely for you to specifically be targeted, my point is that you can never be truly anonymous on the internet.
If you use US VPN you already doing it wrong. You should never use US for anything related to piracy that rule #1.
That makes it sound as if using a foreign VPN can keep you totally anonymous. It can’t. The NSA has authority to also operate in other countries. They can and surely do MITM any traffic going from the U.S. to another country. They can and probably do social engineer or zero day compromise a Mullvad VPN engineer’s credentials. Again, there is precedent for this. Not so much for piracy, but for sure for the very bad guys. They can keep your data forever and use it if they decide piracy is being very bad.
You are right that there is no precedent for the NSA going after piracy - and I’m definitely not even talking about piracy specifically here. But I do think everyone should know they are not as anonymous as they think they are any time they use the internet.
I’m saying that its better to use VPN than nothing at all, and that its safer to use VPN from another country. But no of course no one is safe 100% all the time. But this is one of the best ways anyone can protect themselfs. And no US don’t have juristictions in all countries especially outside those organizations mantioned. MITM attacks or reserve engineering possible but highly unlikely and MITM attack against AES-256 won’t do much at all. So total anonymity is very hard to achive but possible and many do it on daily basis.
Its trivial to find out youre using a VPN and which one and which of their servers youre using. If you pay for your VPN with identifying information (a card, PayPal etc) then they can theoretically make the provider log your specific activity.