Are VPN's really that bad?

Not really.

26 Feb 2024

It’s easy to fall into the mindset that VPN bad because you can still be tracked. VPN bad because provider logged. VPN bad because everything uses TLS. And that’s fine, but these arguments miss the point of why I (or maybe you) use a VPN.

Don’t get me wrong I could use Tor to serve all my Internet-connected needs, just like I could only communicate to loved ones via IRC as opposed to iMessage. But let’s not confuse could, with should.

Consider this.

I don’t care if my web activity is tracked, I don’t care that the glowies and big tech know that this browser fingerprint did XYZ, clicked here, and searched this. I’m not using a VPN because of the spectre of public wifi hackers that haunts the nightmares of low-rate, uneducated tech journalists. I’m using a VPN because I don’t want that activity tied back to my real identity.

My browser fingerprint and me are two different people.

I don’t care if Google knows my browser likes Taki’s and Dr Pepper, I don’t want them knowing that Joe citizen at Drury Lane lkes Taki’s and Dr Pepper.

Now this is of course with the caveat that, in order to keep those two things seperate, I need to have good practice’s in ensuring that that activity isn’t tied back to my real identity. But, that same caveat applies to Tor anyway!

Now Tor can still keep that church and state seperation between Joe Citizen and Taki’s. But it does so with massive drawbacks. Ever tried downloading a large file over Tor? Ever tried streaming a video over Tor? Sure it’s good 30% of time, but try the other 70% and come back.

The neckbeard may say ”ackshually, traffic analysis attacks can reveal the true identity of the vpn user“.

That’s all well and good but I’m not Edward fucking Snowden. AKA That’s not part of threat model, and it shouldn’t be part of yours.

Now of course everything I’ve said falls apart quite dramatically when it comes to the fact that, “Your VPN provider is tracking you!” and hey you may be right, but given you choose the right provider, you could also be wrong.

So let’s not act like Tor is some faultless system. Whether it’s controlling exit/entry nodes on a state backed level, poor opsec, local threat actors, or even timing attacks, no system is perfect.

And hey, sometimes I need to fucking access a site, which is becoming harder to do over Tor without getting booted! Unlike some, not all the sites I want to visit are HTML2.0 compliant and have been dead since 2004.

This is not a defense of VPN’s, or an attack on Tor (although it certainly reads like it) but rather calls for a more balanced conversation amongst those who understand the difference.

Normies stay using NordVPN.