Marcel Schramm

VPNs and the lies you are being fed

Written on 11 May 2019 by Marcel Schramm

Today I'd like to talk about VPNs, despite the fact that many people have probably already told you the same thing that I am about to tell you.

So, I have noticed that recently a lot of YouTubers are advertising VPN services. Those are usually PIA or NordVPN. The promise usually made in those advertisements, is something along the lines of "Privacy due to full encryption of your traffic". Now that sure sounds great, right? Err ... not really. While encryption would prevent someone from reading or manipulating your data, you can't simply End-To-End encrypt any traffic.

Usually when you make a request over the internet, you (the client) create your request and target some other machine (the server), that lies somewhere else. Since you are not directly connected to the server (in the same local area network), your request has to be routed over the internet, meaning it will hop from device to device, trying to find the most efficient route to your requests target.

So yes, the VPN could theoretically encrypt your request before sending it to the server, however, this would break the request, as the server could not decrypt it. So what actually happens, is that the VPN receives encrypted traffic, which it then decrypts and forwards to your actual target server. Now, usually that traffic is already encrypted, as most traffic nowadays is HTTPS.

So, what does this mean in the end? It means you don't really achieve privacy just by using some VPN service.

Some people actually get a VPN in order to hide their malicious activies from third parties that could potentially track them down. Does that at least make sense? Yes, kinda. The original location of the request will not be known to a third party. However, they can still ask your VPN who you are or where you are. And I doubt you really want to trust some random company that promises you full privacy for just 2.99€ a month. However, using the VPN to access some service that has geographical restrictions or get around blockades that your government has put up, a VPN is still fine. Even though a simple proxy would probably do the job, unless your government does deep packet inspection.

Let's not get started talking about free VPN services, like the one that facebook offered (or still does?). They obviously don't do this because they want to keep everyone from reading your precious traffic.

Anyway ... back to the YouTubers! It's a shame that strong social media presences advocate for something they don't seem to understand much about. If they'd really care about their audiences, they should not advertise such services or at least inform themselves a bit before doing so. In order to prevent such false advertisements.

EDIT:

Someone has pointed out to me that those YouTubers are being paid for making those advertisements in their videos. I was well aware of that when writing the post, however, I didn't feel like this would be worth mentioning, because even if you are paid for something, that doesn't mean you should lie, not inform yourself or abandon all your values.