Why VPN is bullshit but not an anonymity.
From the author.
On every “dark” forum exist at least ten topics with discussions about VPN (Virtual Private Network) services. And what is fucking indicative no one discuss a question: «Does VPN gives anonymity at all?» Everyone discuss «What kind of VPN is better?»
And these discussions are going from that VPN benefits in terms of anonymity is not a theory or hypotheses, but axiom.
WHO TOLD YOU THAT VPN GIVES AN ANONYMITY?
Where is an opinion of expert in anonymity who thinks that VPN is useful for that? Show me at least one link. All the arguments I’ve ever seen is:
1. VPN services wrote this on their webpages;
2. Everyone use VPN services;
3. X told «it’s okei» on his webinar (but X is an expert only in his dreams and did not commit any crimes but thinks that he can give advices for people committing crimes every day).
I didn’t see nothing more sensible than that crap. And I’m 101% sure that I will not. In that article, I will explain why.
“A” is for “Alphabet”
Let’s start with identifying of terms because as my practice shows not many people understand what anonymity is (which do not prevent them from discussing that theme from the “expert” position). I’ll try to explain maximally simple and understandably, with using all the examples we need.
“A” is for “Anonymity”
Anonymity is when everyone can watch your actions but no one knows that YOU are doing it. For example, you’re wearing a black balaclava, black jeans and black jacket and going to an unfamiliar courtyard where you urinated on residents eyes. In that case you are anonymous because everyone saw that you were urinating but no one knows it was you.
“P” is for “Privacy”
Privacy is when everyone see that you’re doing something but no one can sees what exactly you’re doing. For example, you closed your smartphone screen with your hairy heel of hand hiding something you’re watching right now. Everyone know that you’re watching something bad, but it’s just on a suspicion level. In that case, you having a private watching of porn because everyone see that you’re hiding something but they can’t prove that you're watching porn or something else.
“S” is for “Safety”.
Safety is a set of measures aimed at prediction of damage from probable vectors of attacks. It means you’re at a guess where you can trip a mine and in advance thinking about
A: How can you evade it;
B: How to be if it happened.
If you have a solutions for each kind of vectors of attack (deanonymization in network by identifier, deanonymization in network by crossposting, checking by financial schemes, checking by agent data, special op aimed at your capture) then I can only praise you and be happy because of that. If you haven’t, then it’s your top priority because habit of thinking that no one will jail you because you’re a drop in the ocean someday will knocks the hell out of you, I guarantee that.
Opinions of real experts.
VPN services can be for money or for free. In my opinion, it’s stupid to write like that but there are newbies who don’t understand even this.
Service needs money, it’s an axiom. Well, if commercial services take money for their VPN, it’s normal. I haven’t any questions like «Where they find money to pay wages, taxes, rent, equipment etc». But where non-commercial services find money for that?
It’s simple. They sell logs of their abonents. Yes, it is. They will send logs of where you’d walked, what had watched, what had searched to every one who’ll pay. Usually it's bought for analyze of direct-advertising but in my view even this is a scumbaggery. I also think that it’s business, so there are nothing personal.
Thus, in that article I will contemplate exactly VPN, not that “gratuitous” piece of shit for newbies.
Let’s see what Wikipedia will tell us (
«VPNs CANNOT make online connections completely anonymous, but they can USUALLY increase privacy and security» which means VPN have problems even with privacy and security, not just with anonymity.
Private networks wasn’t developed for solution of tactical task like total anonymity. They just encrypt data in order to prevent facile interception of confidential traffic. For example, we have to transfer a commercial classified information from office A to office B. Attacker knows that information is transmitted between two nodes and even guess what information it is. But interception of that information is senseless because of technical issues: decrypting of these logs is technically hard to do, logs will lose their value and stop being commercial classified when decrypting will be done.
And there are thoughts of T.A.I.L.S. developers about VPN (
«Some users have requested support for VPNs in Tails to "improve" Tor's anonymity. You know, more hops must be better, right?. That's just incorrect -- if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor).
Similarly, we don't want to support VPNs as a replacement for Tor since that provides TERRIBLE anonymity and hence isn't compatible with Tails' goal».
I remind you that T.A.I.L.S. is non-commercial and distributed for free, so developers have no reasons to lie. And with the sellers of “anonymity” all is quite opposite because they have reasons to infix in minds of people that TOR is “insecure” or “useless”. That’s the way they’ll have more money from dupable newbies.
Probably you’ll have a question: «Why number of servers does not “increases” anonymity?» I’ll answer it.
For the solution of this tactical task three “hops” from server to server is enough.
[user] --hop1--> [node] --hop2--> [node] --hop3-->[internet]
The meaning of that daisy chain is it to be without such a node that is simultaneously known for user and the site (point of destination), to be without a weak point that “knows too much”. Upon condition of constant change of nodes and chains (in TOR and I2P nodes/chains “lives” just 10 minutes) it’s enough. In that case we have only two intermediate nodes where we can left information which is interesting for a foe.
If we’ll increase a number of nodes in our chain, it will not gives us any increase of anonymity because user and point of destination are separated with no weak point where user or site data can left. But the number of nodes where we’ll show ourselves will be increased, and so the chances that some of them are under enemy control will be increased too.
So the increasing of number of nodes will reduce our security, not increase. Especially if they're permanent (not changing). And especially if they have data about our online wallets. And ESPECIALLY if their IP-addresses are known for everyone interested in it (addresses of VPN servers are in open access on sites of other services).
VPN zealot.
Why do you think that services will not disclose you, will not put you in the police? Excuse «I didn’t know that» can exists only until official notification will be received. But when official document of every uniformed service will come, like this one
VPN service staff will be in a situation where they know your IP-address, know your online wallets, which you used, and know that you, undercovered by their honest name, were committing crimes. And for sure they provided for situations like this and wrote something about disclosing of you in their Privacy Policy (which one, I'm certain of it, you didn’t read).
Rejecting from disclosure of your data will be classified at least like concealment of crime and as maximum as abetment. Why do you think that someone will escalate situation between them and uniformed service because of one from tenner or even hundreds of thousands clients, because of one who INFRINGED A RULES OF SERVICE and who COMMITTING CRIMES? And don't tell me that VPN service based in Italy. Exchanging of information now is an often occurrence, so the specialists of your country will send an inquiry to an office of VPN service AND to Italy specialists.
In conclusion I would like to tell that there are “darkside” VPN services which invented how to refuse disclosures of information and inquiries of “take down” (to stop serve client). Their solution is:
1. Registration of a legal body in countries with loopholes in the law or with laws which is loyal to such activity;
2. Server building on volatile mediums.
But I will not mention them because they’re not much better than usual VPN services. Basis of anonymity it is lack of your own identifiers (you have to work with another’s WiFi access point + TOR with obfuscation (disguise) of traffic. That’s why in T.A.I.L.S. all traffic are going through TOR with Aircrack-ng tool. So the WarTech CR1ME Linux - is an evolved T.A.I.L.S. that allows you to install software you need, gives you inbuilt flexibility for customization and much larger arsenal to live in web.
P.S. Well, which VPN is better?
From the author.
On every “dark” forum exist at least ten topics with discussions about VPN (Virtual Private Network) services. And what is fucking indicative no one discuss a question: «Does VPN gives anonymity at all?» Everyone discuss «What kind of VPN is better?»
And these discussions are going from that VPN benefits in terms of anonymity is not a theory or hypotheses, but axiom.
WHO TOLD YOU THAT VPN GIVES AN ANONYMITY?
Where is an opinion of expert in anonymity who thinks that VPN is useful for that? Show me at least one link. All the arguments I’ve ever seen is:
1. VPN services wrote this on their webpages;
2. Everyone use VPN services;
3. X told «it’s okei» on his webinar (but X is an expert only in his dreams and did not commit any crimes but thinks that he can give advices for people committing crimes every day).
I didn’t see nothing more sensible than that crap. And I’m 101% sure that I will not. In that article, I will explain why.
“A” is for “Alphabet”
Let’s start with identifying of terms because as my practice shows not many people understand what anonymity is (which do not prevent them from discussing that theme from the “expert” position). I’ll try to explain maximally simple and understandably, with using all the examples we need.
“A” is for “Anonymity”
Anonymity is when everyone can watch your actions but no one knows that YOU are doing it. For example, you’re wearing a black balaclava, black jeans and black jacket and going to an unfamiliar courtyard where you urinated on residents eyes. In that case you are anonymous because everyone saw that you were urinating but no one knows it was you.
“P” is for “Privacy”
Privacy is when everyone see that you’re doing something but no one can sees what exactly you’re doing. For example, you closed your smartphone screen with your hairy heel of hand hiding something you’re watching right now. Everyone know that you’re watching something bad, but it’s just on a suspicion level. In that case, you having a private watching of porn because everyone see that you’re hiding something but they can’t prove that you're watching porn or something else.
“S” is for “Safety”.
Safety is a set of measures aimed at prediction of damage from probable vectors of attacks. It means you’re at a guess where you can trip a mine and in advance thinking about
A: How can you evade it;
B: How to be if it happened.
If you have a solutions for each kind of vectors of attack (deanonymization in network by identifier, deanonymization in network by crossposting, checking by financial schemes, checking by agent data, special op aimed at your capture) then I can only praise you and be happy because of that. If you haven’t, then it’s your top priority because habit of thinking that no one will jail you because you’re a drop in the ocean someday will knocks the hell out of you, I guarantee that.
Opinions of real experts.
VPN services can be for money or for free. In my opinion, it’s stupid to write like that but there are newbies who don’t understand even this.
Service needs money, it’s an axiom. Well, if commercial services take money for their VPN, it’s normal. I haven’t any questions like «Where they find money to pay wages, taxes, rent, equipment etc». But where non-commercial services find money for that?
It’s simple. They sell logs of their abonents. Yes, it is. They will send logs of where you’d walked, what had watched, what had searched to every one who’ll pay. Usually it's bought for analyze of direct-advertising but in my view even this is a scumbaggery. I also think that it’s business, so there are nothing personal.
Thus, in that article I will contemplate exactly VPN, not that “gratuitous” piece of shit for newbies.
Let’s see what Wikipedia will tell us (
You must be registered for see links
)«VPNs CANNOT make online connections completely anonymous, but they can USUALLY increase privacy and security» which means VPN have problems even with privacy and security, not just with anonymity.
Private networks wasn’t developed for solution of tactical task like total anonymity. They just encrypt data in order to prevent facile interception of confidential traffic. For example, we have to transfer a commercial classified information from office A to office B. Attacker knows that information is transmitted between two nodes and even guess what information it is. But interception of that information is senseless because of technical issues: decrypting of these logs is technically hard to do, logs will lose their value and stop being commercial classified when decrypting will be done.
And there are thoughts of T.A.I.L.S. developers about VPN (
You must be registered for see links
)«Some users have requested support for VPNs in Tails to "improve" Tor's anonymity. You know, more hops must be better, right?. That's just incorrect -- if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor).
Similarly, we don't want to support VPNs as a replacement for Tor since that provides TERRIBLE anonymity and hence isn't compatible with Tails' goal».
I remind you that T.A.I.L.S. is non-commercial and distributed for free, so developers have no reasons to lie. And with the sellers of “anonymity” all is quite opposite because they have reasons to infix in minds of people that TOR is “insecure” or “useless”. That’s the way they’ll have more money from dupable newbies.
Probably you’ll have a question: «Why number of servers does not “increases” anonymity?» I’ll answer it.
For the solution of this tactical task three “hops” from server to server is enough.
[user] --hop1--> [node] --hop2--> [node] --hop3-->[internet]
The meaning of that daisy chain is it to be without such a node that is simultaneously known for user and the site (point of destination), to be without a weak point that “knows too much”. Upon condition of constant change of nodes and chains (in TOR and I2P nodes/chains “lives” just 10 minutes) it’s enough. In that case we have only two intermediate nodes where we can left information which is interesting for a foe.
If we’ll increase a number of nodes in our chain, it will not gives us any increase of anonymity because user and point of destination are separated with no weak point where user or site data can left. But the number of nodes where we’ll show ourselves will be increased, and so the chances that some of them are under enemy control will be increased too.
So the increasing of number of nodes will reduce our security, not increase. Especially if they're permanent (not changing). And especially if they have data about our online wallets. And ESPECIALLY if their IP-addresses are known for everyone interested in it (addresses of VPN servers are in open access on sites of other services).
VPN zealot.
Why do you think that services will not disclose you, will not put you in the police? Excuse «I didn’t know that» can exists only until official notification will be received. But when official document of every uniformed service will come, like this one
VPN service staff will be in a situation where they know your IP-address, know your online wallets, which you used, and know that you, undercovered by their honest name, were committing crimes. And for sure they provided for situations like this and wrote something about disclosing of you in their Privacy Policy (which one, I'm certain of it, you didn’t read).
Rejecting from disclosure of your data will be classified at least like concealment of crime and as maximum as abetment. Why do you think that someone will escalate situation between them and uniformed service because of one from tenner or even hundreds of thousands clients, because of one who INFRINGED A RULES OF SERVICE and who COMMITTING CRIMES? And don't tell me that VPN service based in Italy. Exchanging of information now is an often occurrence, so the specialists of your country will send an inquiry to an office of VPN service AND to Italy specialists.
In conclusion I would like to tell that there are “darkside” VPN services which invented how to refuse disclosures of information and inquiries of “take down” (to stop serve client). Their solution is:
1. Registration of a legal body in countries with loopholes in the law or with laws which is loyal to such activity;
2. Server building on volatile mediums.
But I will not mention them because they’re not much better than usual VPN services. Basis of anonymity it is lack of your own identifiers (you have to work with another’s WiFi access point + TOR with obfuscation (disguise) of traffic. That’s why in T.A.I.L.S. all traffic are going through TOR with Aircrack-ng tool. So the WarTech CR1ME Linux - is an evolved T.A.I.L.S. that allows you to install software you need, gives you inbuilt flexibility for customization and much larger arsenal to live in web.
P.S. Well, which VPN is better?
Последнее редактирование:
Please english only in this thread. Thx.