{{Header}} {{Title|title= {{project_name_long}} versus VPNs }} {{#seo: |description=Comparison of {{project_name_short}} with VPN Services. Are VPNs anonymous? No. Here's why. }} {{Hide_all_banners}} {{other_networks_mininav}} {{VideoLink |videoid=m-S745kpN6Y |text=Superior anonymity - Whonix vs. VPNs }} {{#widget:Icon_Bullet_List |addClass=minimal |fontSize=17px |item=fa-solid fa-check cs-green,VPNs provide a basic IP hiding feature. |item=fa-solid fa-check cs-green,VPNs can often provide a basic network blocking circumvention feature. |item=fa-solid fa-times cs-red,VPNs don't make you anonymous. |item=fa-solid fa-times cs-red,VPN providers know what you are doing. |item=fa-solid fa-times cs-red,Security experts have a very low opinion of VPNs. }} __TOC__ = Summary = {{#widget:Icon_Bullet_List |addClass=minimal |fontSize=17px |item=fa-solid fa-times cs-red,VPNs do not even hide visited websites from your {{isp}} |item=fa-solid fa-times cs-red,VPN software is not designed for anonymity |item=fa-solid fa-times cs-red,VPNs have an unrealistic expectation of users |item=fa-solid fa-check cs-blue,See also Whonix homepage VPN comparison summary and Why does Whonix use Tor? }} {| class="wikitable" |- ! width="50%" | Whonix ! width="50%" | VPNs |- | [[Why_does_Whonix_use_Tor#Multiple_Server_Hops|{{hops}} independent Tor servers]] | 1 trusted party |- | [[Why_does_Whonix_use_Tor#Need_to_Know_Architecture|need to know architecture]] | [[#VPN Providers Know What You Are Doing|VPN Providers Know What You Are Doing]] |- | [[Why_does_Whonix_use_Tor|anonymity by design]] | [[#Logging_Risk|privacy by policy]] |- |} = VPNs don't make you anonymous = Quote https://obscurix.github.io/vpns.html :
VPNs are not an anonymity tool and should not be used as such. The VPN provider knows exactly who you are and what you're doing. They can find out who you are from your IP address, payment information, emails, usernames, browsing history etc. The VPN provider is in full position to log all of your traffic or launch man in the middle attacks.Due to [[Data_Collection_Techniques#Browser_Fingerprinting|browser fingerprinting]], VPNs are not suitable for being anonymous when browsing the internet. VPN software normally does not ensure that users have an uniform appearance on the Internet aside from replacing the user's IP address with an IP address provided by the VPN provider; see [[Data Collection Techniques]]. By merging the data, this means users are distinguishable and easily identifiable. [[#vpwns|
vpwns
(research paper)]]:
Other studies have shown passive browser fingerprinting to be effective at correlating user identities. [[https://coveryourtracks.eff.org/ 9]] VPN based systems in which a user shares the same browser with non-anonymous web surfing are nearly certain to transfer at least one cookie or other session identifier via the VPN session, which is enough for such an observer to de-anonymize the user via correlation with their non-VPN identity.This can be easily verified by the user using some of the many available [[Browser Tests]]. For example when using the popular [[Browser_Tests#Fingerprint.com|fingerprint.com]], the browser fingerprint will always be the same. The browser fingerprinting can equally be used to track the user similar to an IP address. This is common practice on the internet. The fingerprint.com tracking software alone is used by [[The_World_Wide_Web_And_Your_Privacy#Fingerprint.com|12% of the largest 500 websites use fingerprint.com]]. Two options: * '''A)''' The user is running the VPN software normally on their host operating system, which most users do. Or * '''B)''' The user is using a virtual or physical VPN-Gateway, which is much less popular. Even if the user would be using a virtual or physical VPN-Gateway, would consistently always use a VPN and always use a web browser over VPN but never over clearnet, then due to browser fingerprinting it would still be [[Tips_on_Remaining_Anonymous#Study:_Anonymity_and_Pseudonymity_are_not_the_same|pseudonymous rather than anonymous]]. And as soon as the user uses its real identity over the VPN, it would not even be pseudonymous. By comparison, users using [[Tor Browser]] inside [[About|{{project_name_short}}]], even fingerprint.com can no longer track the user as soon as the user restarts Tor Browser or uses its new identity function. {{Anchor|VPNs do not even hide visited websites from your Internet Service Provider}} = Traffic Analysis Attacks = Quote :
VPNs are extremely vulnerable to traffic analysis attacks. An adversary can see your connection to the VPN server, connections coming out from the VPN server, compare them and if they look the same, they can take a good guess that it is you. Tor is also vulnerable to traffic analysis attacks but not to the same extent due to the three hops involved in a regular circuit.
VPNalyzer
]]
}}
Researchers that submit papers to [https://www.freehaven.net/anonbib/ Anonymity Bibliography, Selected Papers in Anonymity] do not even consider VPNs. Nowadays most research focuses on Tor.
The Snowden documents describe a successful Internet-wide campaign by advanced adversaries for covert access to VPN providers' servers: [https://theintercept.com/document/2014/03/12/vpn-voip-exploitation-hammerchant-hammerstein/ VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN]
= VPN Software is not Designed for Anonymity =
The two most popular VPN applications https://openvpn.net/ and https://www.wireguard.com/ do not even mention anonymity on their respective project homepages.
When searching only the OpenVPN homepage with search query site:https://openvpn.net anonymity
or respectively the only WireGuard homepage with search query site:https://www.wireguard.com anonymity
there are no relevant search results on VPNs for anonymity, except for a few questions by users in the OpenVPN user forum.
There are also no discussions on anonymity related attacks such as browser fingerprinting, website traffic fingerprinting and so forth on these websites.
By comparison, for example the homepage of the The Tor Project or the Whonix project are focused on anonymity.
[[#vpwns|vpwns
(research paper)]]:
Whenever a tool is pressed into service to provide data security properties for which it was not originally designed and tested, the potential for subtle security flaws greatly increases. In the particular case of a VPN used as an anonymizing service, the issues seem to arise primarily from the conventional relationship the VPN client software has with the endpoint system’s routing table.
But when the goal of the system is to provide strong user anonymity, the requirements become much more stringent. Even a single leaked DNS query or TCP SYN packet may be enough to reveal the user’s identity entirely and subject them to consequences much greater than those of a failed connection. Under these new requirements, the method of securing traffic via the endpoint system’s routing table is insufficient. It proves vulnerable to a number of generic problems that have the effect of expanding the user’s attack surface dramatically.When the VPN is started, the VPN software modifies the routing table to route the traffic over the VPN. However, when the VPN looses connection, restarts or starts after networking was enabled, there could be clearnet leaks. Automatically started applications or daemons might make clearnet connections before the VPN started and modified the routing table. This is why something like [[VPN-Firewall]] is required. https://superuser.com/questions/1725438/how-can-i-prevent-wireguard-from-leaking-traffic = Unrealistic Expectations of User Behavior = An unrealistic set of operational rules is required to stay anonymous when a user is purely using a VPN for anonymity on most host operating systems such as Windows, Linux, macOS. If the VPN is dysfunctional, the user would likely disable the VPN in order to search the internet for a solution or to contact the support of the VPN provider. When disabling the VPN however, all applications previously using the VPN are now using clearnet, i.e. normal internt connections which uses the users's real IP address, which then allows adversaries to trivially link the VPN and non-VPN (clearnet) sessions. Almost all users will use the same computer to research that solution and won't use a dedicated separate computer only for the purpose of contacting the support. It is totally unrealistic to expect most users to terminate each and every application (some of them running in the background) beforehand as this requires too much complex technical knowledge, attention and discipline. But if some application keeps running, its connections will continue also without it's IP being cloaked by the VPN. The user's real IP address leaks in such situations and is then correlated with former sessions by server logs. Enabling/disabling a VPN on the host operating system is similar to Tor Browser Bundle's (TBB) past
toggle model
. In the past, torbutton (which used to be a component of Tor Browser) had an option to enable anonymous (Tor) use for some websites and to toggle (disable) it for others and vice versa. This experiment in user experience design (usability) failed. Through the necessary trial and error in usability design, the developers of Tor Browser recognized that users can easily make mistakes, confuse one website for another under the toggle model. Hence, the toggle feature has been removed from TBB. Nowadays, TBB is an anonymous-only, Tor-only browser.
https://blog.torproject.org/toggle-or-not-toggle-end-torbutton/
[[#vpwns|vpwns
(research paper)]]:
If an attacker were simply to deny all traffic to the VPN host by way of Deep Packet Inspection, it may cause the user to disable or restart the VPN client, or the VPN connection may even restart itself with a watchdog timer of some kind. Until the VPN reconnection is complete, the client’s routing table momentarily assumes an unsecured default (or even unpredictable) state. Applications the user expects to be secure now simply connect directly.When using {{project_name_short}}, there is no documented way to disable its traffic anonymization through use of the Tor anonymity network. It is [[Dev/Technical_Introduction#Security_Overview|very difficult]] to reconfigure {{project_name_workstation_long}} to connect over clearnet (non-anonymous). Users are unable to do this. * Nobody has posted instructions how to do that yet. ** https://forums.whonix.org/t/temporary-bypass-whonix-gateway/415 ** https://forums.whonix.org/t/using-whonix-gateway-to-route-a-lan-connection-not-through-tor/14808 * Highly technical users might be able to through extensive modifications of {{project_name_gateway_long}} but that's besides the point and serves no purpose. Therefore this cannot happen by accident. = VPN Providers Know What You Are Doing = == Logging Incidents == A number of VPN providers have already handed over user data in the past. Many VPN adherents are unaware of these precedents. Non-exhaustive list of cases where there have been media reports includes, [https://www.theregister.com/2011/09/26/hidemyass_lulzsec_controversy/ HideMyAss], [https://torrentfreak.com/ipvanish-no-logging-vpn-led-homeland-security-to-comcast-user-180505/ IPVanish], [https://www.theregister.com/2017/10/08/vpn_logs_helped_unmask_alleged_net_stalker_say_feds/ PureVPN], see [https://www.reddit.com/r/Piracy/comments/qjt2rm/all_unsafe_vpn_services_small_list_w_sources/ this list on reddit] or media reports such as [https://www.theregister.com/2020/07/17/ufo_vpn_database/ Seven 'no log' VPN providers accused of leaking]. https://web.archive.org/web/20220816044450/http://www.malwarebytes.com/blog/news/2021/03/21-million-free-vpn-users-data-exposed In comparison with Tor with its [[Why_does_Whonix_use_Tor#Need_to_Know_Architecture|need to know architecture]] and [[Why_does_Whonix_use_Tor#Multiple_Server_Hops|multiple server hops]], there have never been any logging incidents. == Logging Risk == VPN providers only offer privacy by policy, while {{project_name_short}} offers anonymity by design. VPN providers: * Unlike Tor, VPN hosts can track and save every user action since they control all VPN servers. The administrators and anyone else who has access to their servers, either knowingly or unknowingly, will have access to this information. * Claims that VPN providers do not log user activity are unverifiable; in fact this claim is exactly what could be expected from a malicious provider. * Recent research reveals that around one-third of all popular VPN providers are owned by Chinese companies, while others are based in countries like Pakistan, with non-existent or weak privacy laws. https://www.computerweekly.com/news/252466203/Top-VPNs-secretly-owned-by-Chinese-firms The implication is that traffic might be routinely examined in a high percentage of cases, despite corporate promises to the contrary. * [https://openvpn.net/access-server-manual/status-log-reports/ OpenVPN has an IP logging feature] which would have to be disabled by No-Log VPN providers. Similar situation for WireGuard. * https://www.reddit.com/r/WireGuard/comments/e408sz/how_do_i_enforce_that_wireguard_leaves_zero_logs/ * https://news.ycombinator.com/item?id=18923890 See also [[#VPN Software is not Designed for Anonymity|VPN Software is not Designed for Anonymity]]. Much safer would be if the VPN software had no built-in logging feature. Then accidental logging would be impossible. * The only safe assumption to make is that all VPN providers log activity in order to deflect potential legal actions and to satisfy government demands for (meta)data on 'suspect' users. {{project_name_short}}: * {{project_name_short}} uses the Tor anonymity network (with [[vanguards]]). * Due to [[Why_does_Whonix_use_Tor#Organisational_Separation|Tor's organisational separation]] and its [[Why_does_Whonix_use_Tor#Need_to_Know_Architecture|need to know architecture]] the logging risk is much lower. * There is no single person or legal entity that if logging was enabled could de-anonymize the user. * The routing algorithm of the Tor software chooses multiple servers (Tor relays) and multiple countries (different jurisdictions) for connections through the Tor anonymity network (Tor circuit). * By Tor's design, each Tor relay server must be hosted by a different organisation or person. Organisations and people may host multiple Tor relays, however they must, they ought to disclose that these belong to the same "family". This is to make it possible for Tor's routing algorithm to pick 4 relays, each from a different "family". * In {{project_name_short}}, all [[Why_does_Whonix_use_Tor#Multiple_Server_Hops|{{hops}} server hops (Tor relays)]] would have to be colluding. * It is also unknown if any of the {{hops}} hops (Tor relays) is keeping logs. However, one malicious node will have less impact. The entry guard will not know where you are connecting to, thus it is not a fatal problem if they log. The exit relay will not know who you are, but can see any unencrypted traffic -- this is only a problem if sensitive data is sent over this channel (which is unrecommended). Tor's model is only broken in the unlikely (but not impossible) event that an adversary controls all four relays in the circuit. Or if they are a [[Warning#Tor_cannot_Protect_Against_a_Global_Adversary|global passive adversary]] capable of monitoring the traffic between all the computers in a network at the same time. Tor distributes trust, while using VPN providers places all trust in the policy of one provider. * Since Tor is designed for anonymity, the Tor software run by Tor relays has no IP logging feature that could be turned on. https://tor.stackexchange.com/questions/21721/do-relay-and-entry-nodes-keep-logs * Malicious Tor relays would have to add an IP logging feature themselves. Therefore there is no risk for Tor relays to accidentally keep IP logs. = Issues with VPNs = There are a number of serious security and anonymity risks in wholly relying on VPNs. '''Table:''' ''Tor vs. VPN Comparison'' {| class="wikitable" |- ! scope="col"| '''Category''' ! scope="col"| '''Discussion''' |- ! scope="row"| Breaches | VPN provides got breaches by advanced adversaries. Ars Technica: [https://arstechnica.com/information-technology/2019/10/hackers-steal-secret-crypto-keys-for-nordvpn-heres-what-we-know-so-far/ Hackers steal secret crypto keys for NordVPN.]:
Breach happened 19 months ago. Popular VPN service is only disclosing it now.
The revelations came as evidence surfaced suggesting that two rival VPN services, TorGuard and VikingVPN, also experienced breaches that leaked encryption keys.|- ! scope="row"| Clearnet Risk | It is trivial to trick client applications behind a VPN to connect in the clear according to research paper [https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf vpwns: Virtual Pwned Networks] by Security and Privacy Research Lab University of Washington & The Tor Project. |- ! scope="row"| Design | VPNs do not magically improve security; they are just a 'glorified proxy'. Since they can observe all user traffic, there is nothing preventing them from using that data for any purpose they like, including logging. It could be argued these services truly only exist to sell overpriced bandwidth, with flimsy promises made to attract gullible customers. 'Honeypot' or malicious providers might be ubiquitous. It is logical that governments would set up providers in this manner to attract citizens who have a greater interest in protecting their privacy, since that traffic is deemed more interesting for intelligence purposes. |- ! scope="row"| Identity Correlation | VPNs lack stream isolation. All connections originating from the same user (operating system updates, chat, all visited websites) are routed to the same IP. Therefore the VPN provider could correlate all user online activity. In contrast, [[Why_does_Whonix_use_Tor#Stream_Isolation|Whonix and Tor implement stream isolation]]. |- ! scope="row"| Static Routing | VPNs lack route randomization. All traffic is always routed to the same server using the same IP address. [[Why_does_Whonix_use_Tor#Route_Randomization|Tor has route randomization]]. |- ! scope="row"| Malware | * VPNs do not necessarily protect against today's advanced malware that tries to discover the true IP address via browser and other exploits. * In {{project_name_workstation_short}} even malware with root rights cannot find out the users true IP address. |- ! scope="row"| Multi-hop VPNs | Advertisements for double, triple or multi-hop VPNs are meaningless. For example as in case of [https://web.archive.org/web/20210528044214/https:/www.doublevpn.com/ DoubleVPN], quote [https://www.malwarebytes.com/blog/news/2021/06/police-seize-doublevpn-data-servers-and-domain Police seize DoubleVPN data, servers, and domain]:
law enforcement also seized “personal information, logs, and statistics kept by DoubleVPN about all of its customers.”Unless the user builds their own custom VPN chain by carefully choosing different VPN providers, operated by different companies, then they are fully trusting only one provider. But even in that case, the user would still lack [[Why_does_Whonix_use_Tor#Route_Randomization|route randomization]]. |- ! scope="row"| Security | * The need to run additional software like OpenVPN can actually increase the attack surface and complicated configuration instructions can lead to mistakes that reduce overall security. * The claim of 'additional encryption' does not stack up in providing more security; even with a VPN if the endpoint expects plaintext, it is not technically possible for a VPN to change that. It is still necessary to use SSL/TLS and HTTPS (for centralized services), or end-to-end encryption for P2P and social applications for improved security. * The only encrypted part of the connection when using a VPN is from the user to the provider. From the VPN provider onward the traffic is the same as it would have been without a VPN. Since the VPN provider can see this traffic (and potentially mess with it), this is arguably a net loss in security. |- ! scope="row"| Software | * Some VPN providers require their proprietary closed source software to be used and do not provide an option for other reputable VPN software, such as OpenVPN. * Tor code is fully open source. |- ! scope="row"| TCP Timestamps | The fundamental design of VPN systems means they do not normally filter or replace the computer's TCP packets. Therefore, unlike Tor they cannot protect against [[Data_Collection_Techniques#TCP_Timestamps|TCP timestamp attacks]]. |- ! scope="row"| Trust | VPN providers represent a single point/entity of potential failure. Unlike Tor which distributes trust across multiple relays, VPN adherents must trust the provider does not: * keep payment information * keep logs * [https://blog.benjojo.co.uk/post/north-korea-dprk-bgp-geoip-fruad lie about their geolocation] * share information with adversaries * fail to keep servers secure (see this recent {{archive_link |url=https://nordvpn.com/blog/torguard-lawsuit/ |text=TorGuard server configuration file error |archive=none }} ([https://archive.ph/5Vd6F archive.ph])) |- ! scope="row"| Payment Link Risk | * VPNs: Most VPN providers require payments, a subscription. Most payment methods leave a trail to the user's real identity. For the VPN provider being able to decide which user should be granted access (those who have an active subscription) versus deny service (where the subscription expired) is a major risk for the user. During a VPN connection, the VPN provider must be necessarily always able to know which VPN connection is linked to which user and this information will also be linked to the user's payment information. * {{project_name_short}}: Tor, which {{project_name_short}} is based on, does not require any payment information from the user. The user's active connection cannot be linked to any specific identity or payment information. Even if it was requested, neither the developers of Tor nor {{project_name_short}} have a file of any user that could be linked to any identity or payment information. At most, the first server in the Tor chain of multiple relay servers, Tor entry guard which is run by the volunteers running the Tor anonymity network, knows the user's IP address, which is unavoidable. The other relay servers in the connection chain, however already don't know the user's IP address. The user can read more about this under [[Why_does_Whonix_use_Tor#Need_to_Know_Architecture|need to know architecture]]. |- ! scope="row"| VPN Configuration | If VPN software is run directly on the same machine that also runs client software such as a web browser, then [[Data_Collection_Techniques#Active_Web_Contents|Active Web Contents]] can read the real IP address. This can be prevented by utilizing a virtual or physical VPN-Gateway or a router. However, be aware that active contents can still reveal a lot of data concerning the computer and network configuration. |- |} = The law of triviality / bikeshedding = The potential [https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN positive or negative effects on anonymity] are being [https://web.archive.org/web/20220609222239/https://matt.traudt.xyz/posts/2016-11-12-vpn-tor-not-net-gain/ controversially] [https://gist.github.com/joepie91/5a9909939e6ce7d09e29 debated]. The [https://forums.whonix.org/t/law-of-triviality-bikeshed/6739 law of triviality / bikeshedding] applies to VPNs. While VPNs are frequently discussed, related privacy issues receive much less attention, including: [[Data_Collection_Techniques#Browser_Fingerprinting|browser fingerprinting]], [[Fingerprint#Website_Traffic_Fingerprinting|website traffic fingerprinting]], [https://bitguard.wordpress.com/2019/09/03/an-analysis-of-tcp-secure-sn-generation-in-linux-and-its-privacy-issues/ TCP Initial Sequence Numbers Randomization] ([https://github.com/Kicksecure/tirdad tirdad]); [[Keystroke Deanonymization]] ([https://github.com/Whonix/kloak kloak]); [https://blog.torproject.org/announcing-vanguards-add-onion-services guard discovery and related traffic analysis attacks] ([[vanguards]]); [[Time Attacks]] ([[sdwdate]]); and [[Advanced Deanonymization Attacks]]. See also: [https://www.freehaven.net/anonbib/ Anonymity Bibliography, Selected Papers in Anonymity]. = Use Case Exceptions = There are some ''possible'' use cases that might warrant a VPN provider: * A potentially 'hostile' network must be used, like those found in public airports (WiFi access points) and where ISPs have a questionable record of man-in-the-middle attacks. * It is necessary to hide an IP address from non-government-sanctioned adversaries. In this case, the VPN provider will still be able to link all activities to the same user. * Circumvention of geo-blocking although that is getting harder. * https://arstechnica.com/gadgets/2021/08/netflix-is-adding-residential-ip-addresses-to-its-vpn-blocklists/ * https://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/ If a VPN is essential in your circumstances for whatever reason, setting up one's own [https://en.wikipedia.org/wiki/Virtual_private_server Virtual Private Server (VPS)] could be considered. There is no guarantee that a rented server is less likely to be malicious than a standard VPN provider. = Criteria for Reviewing VPN Providers = The following list of criteria might be useful for a user reviewing the quality of various VPN providers. '''Table:''' ''VPN Provider Quality Review Criteria'' {| class="wikitable" |- ! scope="col"| '''Criteria''' ! scope="col"| '''Category''' ! scope="col"| '''Quality Impact''' |- ! Place of incorporation | Trust | Country with strong privacy laws |- ! incorporation verifiable Such as [https://www.gov.uk/get-information-about-a-company Companies House] for the United Kingdom. | Trust | Trust but verify the place of incorporation is truthfully documented. |- ! ownership / shareholders | Trust | |- ! known spokesperson | Trust | |- ! third party audited | Trust | |- ! popularity in external VPN reviews | Trust | |- ! overall popularity online | Trust | |- ! known cases of malicious activity | Trust | |- ! long term track record | Trust | |- ! no log policy | Anonymity | |- ! own infrastructure | Anonymity | VPN providers that run their own servers rather than relying on shared infrastructure exclude the risk of their hosting provider logging data or snooping around. |- ! has a free service or limited use free service | Anonymity | Free services are easiest to test and without payment trail can be more anonymous. |- ! accepts [[Bitcoin]] payments | Anonymity | Payments using Bitcoin are easier (but still hard) to anonymize. |- ! accepts other anonymous cryptocurrency payments like [[Monero]] | Anonymity | More anonymous than Bitcoin. |- ! JavaScript-free ordering possible | Anonymity | Less ability for the VPN provider (web service provider) to fingerprint the user's browser |- ! anonymous sign-up allowed | Anonymity | Self-explanatory. |- ! VPN client software is Freedom Software | Security | [[Reasons for Freedom Software]] |- ! can be used with Freedom Software like OpenVPN | Security | |- ! Freedom Software server source code | Security | |- ! private (non-shared), unique IP address(es) | {{nowrap|Functionality}} | Unique IP address(es) have a higher chance of not being banned by remote websites due to previous abuse by other users sharing the same IP address. |- ! can be connected to by TCP | Functionality | Useful in some restrictive networks. |- ! can be connected to by UDP | Functionality | Speed. |- ! supports tunneling TCP | Functionality | Most if not all VPN providers have this functionality. |- ! supports tunneling UDP | Functionality | Required for some applications such as Voice over IP (VoIP). |- ! VPN with Remote Port Forwarding (for [[Hosting Location Hidden Services]]) | Functionality | Only useful if the user intends to host location hidden services. |- ! popularity in {{project_name_short}} forums | usability | Ease of setup in combination with Tor |- |} = Conclusion = The host of security considerations suggest that relying purely on a VPN service for anonymity is unrealistic. {{project_name_short}} is more powerful for anonymity than a VPN. = Rationale = This chapter explains the rationale for this wiki chapter. The reader may skip this section. This page risks stating things that are obvious, but the question must be asked: "Obvious to whom?". The above points may only be common sense to developers, hackers, geeks and other people with technological skills. It is useful to sometimes read usability papers or the feedback from people who do not post on mailing lists or in forums. Why compare {{project_name_short}} with VPN providers? Aren't VPN providers in a totally different category than {{project_name_short}} or Tor? No.
Best VPN for privacy and anonymity* [https://web.archive.org/web/20220923173349/https://play.google.com/store/search?q=anonymous%20vpn&c=apps A search query for
anonymous vpn
on Google Play store.]
* Search query for anonymous online
on the Google search engine. The first 3 search results are VPN related advertisements.
'''Figure:''' ''Searching Google for search term "anonymous online" (23 September 2022)''
[[File:Anonymous-online-google-search-result-23-september-2022.png|border]]
The fact that VPNs are often perceived as anonymity tools has also been confirmed in various research papers:
* Quote [[#VPNalyzer|VPNalyzer
]]:
** Worryingly, we find that users have flawed mental models about the protection VPNs provide, and about the data collected by VPNs.**
Alarmingly, we find the highest degree of misalignment in the user’s trust in the VPN recommendation and review ecosystem. Most providers agreed that the review ecosystem is far from reliable and largely motivated by money. However, users are completely unaware of this, and rely on them believing they are trustworthy.**
Furthermore, 118 users also write-in additional reasons why they use VPNs (Appendix B.1), and we find that privacy (60.2%, 71 of 118; from ISP, tracking, surveillance, ad targeting) , security (12.71%, 15), being offered the service (10.1%, 12; by a company, with a purchase), during travel (7.6%, 9), and anonymity (2.5%, 3) are the main reasons for use.**
Malicious Marketing (6/9): Many providers mention several issues, that we term as malicious marketing, including the use of affiliate marketing, preying upon users’ lack of knowledge, and overselling of service including selling anonymity even though that is not a VPN guarantee.**
To understand users’ threat models when it comes to using a VPN, we first ascertain whether users use a VPN to secure their online activities, and if yes, who they want to protect it from. Notably, 91.5% (1145 of 1,252) of users indicate they use VPNs for securing or protecting their online activity. When exploring who they aim to protect from, we find that hackers/eavesdroppers on open WiFi networks (83.9%, 1,051 of 1,252), advertising companies (65.4%, 819), and internet service providers (ISP) (46.9% 587) are the top three responses. Notably, only ≈30% of users are concerned about the U.S. government or other governments. This is intriguing because post Snowden’s surveillance revelations in 2014, more users moved towards privacy tools such as VPNs and anonymity tools such as Tor [41]. Our results indicate a shift in user’s attitudes, and show a growing concern towards corporate and advertisement surveillance. This shift could have been influenced by the security advice users are exposed to, as shown in prior work [1] that finds that YouTubers often cite “the media” and “hackers” as common adversaries.* Quote research paper [https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf vpwns: Virtual Pwned Networks] by Security and Privacy Research Lab University of Washington & The Tor Project: **
The anonymity community often ignores VPN-based solutions, considering them obviously flawed against strong attackers. Nevertheless, these solutions are routinely employed by users who believe the claims of vendors.* Quote research paper [https://www.researchgate.net/publication/351159071_Awareness_Adoption_and_Misconceptions_of_Web_Privacy_Tools Awareness, Adoption, and Misconceptions of Web Privacy Tools] https://usableprivacy.org/static/files/story_popets_2021.pdf :
They found that 40% of participants used VPNs for security and privacy, and that about one-third of participants thought VPNs guaranteed privacy, anonymity, and safety from tracking.For examples how highly technical user groups tend to lose contact with non-technical users as far as misconceptions, see also [[Tips_on_Remaining_Anonymous#Rationale|Rationale for]] the wiki page [[Tips_on_Remaining_Anonymous|Tips on Remaining Anonymous]].
vpwns
: Research paper [https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf vpwns: Virtual Pwned Networks] by Security and Privacy Research Lab University of Washington & The Tor Project.
== VPNalyzer ==
VPNalyzer
: [https://vpnalyzer.org/ VPNalyzer VPNalyzer: Crowdsourced Investigation into Commercial VPNs] research paper [https://arxiv.org/pdf/2208.03505.pdf “All of them claim to be the best”: Multi-perspective study of VPN users and VPN providers] by a [https://vpnalyzer.org/about#team group of computer science researchers at the University of Michigan].
== Other Sources ==
See footnotes.
= See Also =
* [[Why_does_Whonix_use_Tor|Why does Whonix use Tor]]
* [[Whonix_versus_Proxies|Tor vs. Proxies, Proxy Chains]]
* https://web.archive.org/web/20230205050050/https://matt.traudt.xyz/posts/2019-10-17-you-want-tor-browser-not-a-vpn/
= License =
Appreciation is expressed to [https://web.archive.org/web/20220702230100/https://anonymous-proxy-servers.net/ JonDos] ([https://web.archive.org/web/20131225084524/https://anonymous-proxy-servers.net/forum/viewtopic.php?p=31220 Permission]). This wiki page contains content from the JonDonym documentation [https://web.archive.org/web/20211214064232/https://anonymous-proxy-servers.net/en/help/otherServices.html Other Services] page.
= Footnotes =
{{reflist|close=1}}
[[Category:Design]]
{{Footer}}