Although this user has now taken a permanent holiday, it’s worth reminding users that VPNs probably hurt your anonymity and security goals since they are glorified proxies.
Read the VPN documentation in detail if you are in any doubt. At a minimum you increase the attack surface of your platform, and have to hope you didn’t hit a malicious/honeypot provider. Also, the bottleneck will probably kill your anonymity goals and your wallet will be lighter.
You’re better off configuring a bridge - preferably with someone who is willing to provide it, so it is not publicly listed by The Tor Project.
“VPNs = better privacy/security” seems to be one of those urban myths that won’t die, a bit like Elvis visiting McDonalds somewhere in the States last week.
If you really want to worry about something, worry about Stylometry and how you are boned right now if you don’t disguise your linguistic style. It’s not a sexy topic, but simply ignored by almost 100% of users.
Perhaps worth adding (also to docs) that one should also look where the VPN servers are hosted. I wouldn’t wonder if these are hosted at amazon AWS / S3. For example, dropbox is just a frontend, and S3 is the backend.
A cheap VPN provider could also just be hosted on S3 or some other cloud server provider. Would be better if they had their own servers under physical control.
Imo saying “we’re pro privacy” and then running google analytics (among other tracking scripts) on the VPN’s website isn’t a sign of competence.
Other signs of non-competence:
using weak algorithms
why use aes128 if there is aes256
vpn config files that allow cipher downgrade attacks
not mentioning browser fingerprinting (I guess super majority of users just installs the VPN and thinks they are now anonymous while something as simple as cookies still fully keeps them tracked)
not mentioning a VPN fail closed mechanism
opinionated: using non-libre software
Quite harsh, I hope. I haven’t researched VPN providers in depth yet. Would be cool to know which ones fulfill this all (and perhaps more?).
That’s alright. Can still discuss the topic. Even if the original thread starter has no interest anymore or is otherwise away, the topic may of course still be discussed by others. Starting a thread is like anonymously contributing an interesting discussion. The thread starter doesn’t own the topic.