So I’m pretty recent to the high seas but I’ve seen a few posts now about “stop relying on your VPN” and “people that think VPNs will protect them are naive” and so on.
So since I believe knowledge is our greatest weapon/tool/super-power, can we get some answers regarding what exactly the doomsayers are getting at? ELI5 why VPNs wouldn’t protect your anonymity.
Is it about logging? The country your end-point is in? Something more technical?
Ultimately I’d like to be fully armed in order to keep making the best choices for my fledgling ship as it navigates the vast, stormy seas.
The NSA has unlimited legal power in this context. They can legally go to any US VPN, copy all traffic onto their massive servers, and use it as they want. They probably already do this, although that claim is unverifiable. That traffic contains your IP address and the websites you’ve viewed, clear data of torrents you’ve downloaded, etc. Mullvad, being outside its jurisdiction, is possibly safer, but presumably since they operate servers in the United States at least those could be sniffed. There is precedent for all of this.
While it’s unlikely for you to specifically be targeted, my point is that you can never be truly anonymous on the internet.
If you use US VPN you already doing it wrong. You should never use US for anything related to piracy that rule #1.
That makes it sound as if using a foreign VPN can keep you totally anonymous. It can’t. The NSA has authority to also operate in other countries. They can and surely do MITM any traffic going from the U.S. to another country. They can and probably do social engineer or zero day compromise a Mullvad VPN engineer’s credentials. Again, there is precedent for this. Not so much for piracy, but for sure for the very bad guys. They can keep your data forever and use it if they decide piracy is being very bad.
You are right that there is no precedent for the NSA going after piracy - and I’m definitely not even talking about piracy specifically here. But I do think everyone should know they are not as anonymous as they think they are any time they use the internet.
I’m saying that its better to use VPN than nothing at all, and that its safer to use VPN from another country. But no of course no one is safe 100% all the time. But this is one of the best ways anyone can protect themselfs. And no US don’t have juristictions in all countries especially outside those organizations mantioned. MITM attacks or reserve engineering possible but highly unlikely and MITM attack against AES-256 won’t do much at all. So total anonymity is very hard to achive but possible and many do it on daily basis.