3.4 KiB
| title | date |
|---|---|
| On Proxies and VPNs | 2021-07-25 |
Obligatory rant about VPNs
As my girlfriend can testify to, I have very strong feelings about the whole "VPN" trend that doesn't seem to be grounded in reality. Occasionally these feelings coalesce into some form of a rant, which is what this is. Hopefully I can point future humans at this post if they ask how I feel about them.
I commonly find that VPNs (they're really proxies, but we'll get to that) are marketed as ways to "browse the web more securely", "hide your activity", or "stay anonymous online". In a sense, this isn't technically inaccurate. Indeed, the way these VPNs function is by funneling your traffic through an encrypted tunnel, but this only serves to hide your traffic from the internet service provider of the network you're connected to. The caveat is that you are entrusted a different (typically private) company with your data, rather than an ISP (which, depending on your location, may have stricter or looser regulations around how they can use your data). While some of these companies claim they do not maintain logs (and indeed, some have proven such in court), it's really a trust-based relationship.
My issue with these virtual private networks is less the actual functionality, and more to do with the terminology being used to sell them. I believe that they should exist -- if anything, they're becoming essential for avoiding censorship or ad injection that ISPs impose upon their paying customers (whether forced by aforementioned regulation or in their own self interest), among other things. But it's not a magic bullet to stop things like tracking, anonymizing your data online, or keeping yourself safe against viruses (claims vary from provider to provider). Nor is it a "virtual private network".
Tracking online is done primarily through cookies and code embedded directly into webpages, which offer benefits to site maintainers while also funneling data back to the provider (see: Google Analytics, Facebook Pixel). A proxy can't help here unless they go out of their way to block the specific domains used -- a more suitable option is a browser-level ad block, such as uBlock Origin, sometimes paired with DNS-level blocking with the likes of PiHole or NextDNS (affiliate link). It would be best to assume proxy providers are opting for maximum compatibility over risking breaking pages by blocking a tracking cookie or service (which shouldn't break a site, but I digress). If such cookies are allowed on your system, and the tracking services are reachable, it's safe to assume you are not anonymous, with the proxy serving only to hide your true IP address from the owner of the website and little more (indeed, this can be useful, but an IP address alone isn't super useful).
Keeping your websites untouched by ISPs and safe from prying eyes is best done with SSL/HTTPS, which encrypts traffic to and from a website with a trusted certificate. Tampering or reading the information would require them to hijack more than just your network connection.