[3]Skip to content

#[1]Gist [2]atom

[3]Skip to content
(BUTTON)
____________________

[4]All gists [5]Back to GitHub [6]Sign in [7]Sign up
[8]Sign in [9]Sign up

(BUTTON)
{{ message }}

Instantly share code, notes, and snippets.
[10]@joepie91

[11]joepie91/[12]vpn.md

Last active May 24, 2023 00:04
* [13]Star [14]2.2k
* [15]Fork [16]182

[17]Star

[18]Code [19]Revisions 13 [20]Stars 2,236 [21]Forks 182
Embed
What would you like to do?
(<script src="https://gist.github.com/joepie91/5a9909939e6ce7d09e29.js"
></script>)
Embed Embed this gist in your website.
(https://gist.github.com/joepie91/5a9909939e6ce7d09e29)
Share Copy sharable link for this gist.
(https://gist.github.com/5a9909939e6ce7d09e29.git)
Clone via HTTPS Clone with Git or checkout with SVN using the
repository’s web address.
Learn more about clone URLs
<script src="https:/
[22]Download ZIP
Don't use VPN services.
[23]Raw
[24]vpn.md

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked
what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their
intended purpose; that is, as a virtual private (internal) network. It
only applies to using it as a glorified proxy, which is what every
third-party "VPN provider" does.
* A Russian translation of this article can be found [25]here,
contributed by Timur Demin.
* A Turkish translation can be found [26]here, contributed by agyild.
* There's also [27]this article about VPN services, which is honestly
better written (and has more cat pictures!) than my article.

Why not?

Because a VPN in this sense is just a glorified proxy. The VPN provider
can see all your traffic, and do with it what they want - including
logging.

But my provider doesn't log!

There is no way for you to verify that, and of course this is what a
malicious VPN provider would claim as well. In short: the only safe
assumption is that every VPN provider logs.

And remember that it is in a VPN provider's best interest to log their
users - it lets them deflect blame to the customer, if they ever were
to get into legal trouble. The $10/month that you're paying for your
VPN service doesn't even pay for the lawyer's coffee, so expect them to
hand you over.

But a provider would lose business if they did that!

I'll believe that when HideMyAss goes out of business. They gave up
their users years ago, and [28]this was widely publicized. The reality
is that most of their customers will either not care or not even be
aware of it.

But I pay anonymously, using Bitcoin/PaysafeCard/Cash/drugs!

Doesn't matter. You're still connecting to their service from your own
IP, and they can log that.

But I want more security!

VPNs don't provide security. They are just a glorified proxy.

But I want more privacy!

VPNs don't provide privacy, with a few exceptions (detailed below).
They are just a proxy. If somebody wants to tap your connection, they
can still do so - they just have to do so at a different point (ie.
when your traffic leaves the VPN server).

But I want more encryption!

Use SSL/TLS and HTTPS (for centralized services), or end-to-end
encryption (for social or P2P applications). VPNs can't magically
encrypt your traffic - it's simply not technically possible. If the
endpoint expects plaintext, there is nothing you can do about that.

When using a VPN, the only encrypted part of the connection is from you
to the VPN provider. From the VPN provider onwards, it is the same as
it would have been without a VPN. And remember, the VPN provider can
see and mess with all your traffic.

But I want to confuse trackers by sharing an IP address!

Your IP address is a largely irrelevant metric in modern tracking
systems. Marketers have gotten wise to these kind of tactics, and
combined with increased adoption of [29]CGNAT and an ever-increasing
amount of devices per household, it just isn't a reliable data point
anymore.

Marketers will almost always use some kind of other metric to identify
and distinguish you. That can be anything from a useragent to a
[30]fingerprinting profile. A VPN cannot prevent this.

So when should I use a VPN?

There are roughly two usecases where you might want to use a VPN:
1. You are on a known-hostile network (eg. a public airport WiFi
access point, or an ISP that is known to use MITM), and you want to
work around that.
2. You want to hide your IP from a very specific set of
non-government-sanctioned adversaries - for example, circumventing
a ban in a chatroom or preventing anti-piracy scareletters.

In the second case, you'd probably just want a regular proxy
specifically for that traffic - sending all of your traffic over a VPN
provider (like is the default with almost every VPN client) will still
result in the provider being able to snoop on and mess with your
traffic.

However, in practice, just don't use a VPN provider at all, even for
these cases.

So, then... what?

If you absolutely need a VPN, and you understand what its limitations
are, purchase a VPS and set up your own (either using something like
[31]Streisand or manually - I recommend using Wireguard). I will not
recommend any specific providers (diversity is good!), but there are
plenty of cheap ones to be found on [32]LowEndTalk.

But how is that any better than a VPN service?

A VPN provider specifically seeks out those who are looking for
privacy, and who may thus have interesting traffic. Statistically
speaking, it is more likely that a VPN provider will be malicious or a
honeypot, than that an arbitrary generic VPS provider will be.

So why do VPN services exist? Surely they must serve some purpose?

Because it's easy money. You just set up OpenVPN on a few servers, and
essentially start reselling bandwidth with a markup. You can make every
promise in the world, because nobody can verify them. You don't even
have to know what you're doing, because again, nobody can verify what
you say. It is 100% snake-oil.

So yes, VPN services do serve a purpose - it's just one that benefits
the provider, not you.
__________________________________________________________________

This post is licensed under the [33]WTFPL or [34]CC0, at your choice.
You may distribute, use, modify, translate, and license it in any way.
__________________________________________________________________

Before you comment: Be aware that any non-constructive comments will be
removed. This includes advertising for VPN providers (yes, even when
you phrase the marketing claims like a question), trolling, harassment,
insults towards other people, claims that have already been addressed
in the article, and so on.

If your comment isn't a genuine question or a concrete counterargument
supported by evidence, it probably doesn't belong here.
(BUTTON) Load earlier comments...
[35]@TruncatedDinosour
Copy link

[36]TruncatedDinosour commented [37]Dec 24, 2022

this is the most annoying thread on github, my email is being
spammed by it and every time i take a look here i lose another
braincell, im in the negatives already, jesus fucking crist, get a
life

Dude fucking same. And on top of that every time I click on this
email thread I am always forced to read a 3 year old email from a
guy who called me "an arrogant mother fucker", because that's
apparently the first email I got from this thread, LMFAO!

(FYI gmail doesn't collapse the first email of a thread, a feature
that is handy in many scenarios, but is now annoying as fuck only
thanks to this cesspool of a thread rofl)

lmaoooooooo

Sorry, something went wrong.
[38]@eqn-group
Copy link

[39]eqn-group commented [40]Dec 25, 2022 via email
unsubscribe!
[41]…

Sorry, something went wrong.
[42]@TruncatedDinosour
Copy link

[43]TruncatedDinosour commented [44]Dec 25, 2022

unsubscribe!
[45]…

do you now think i havent thought of that ? i dont think theres a way
to ubsubscribe from singular threads, unless, idk

Sorry, something went wrong.
[46]@eqn-group
Copy link

[47]eqn-group commented [48]Dec 25, 2022 via email
look at the bottom your your email, there is an unsubscribe link
[49]…
------ Original Message ------ From "TruncatedDinosour" ***@***.***> To
"TruncatedDinosour" ***@***.***> Cc "Comment" ***@***.***> Date
25/12/2022 16:46:15 Subject Re: joepie91/vpn.md
[50]@TruncatedDinosour commented on this gist.
-----------------------------------------------------------------------
--------- >unsubscribe! >… <#> > do you now think i havent thought of
that ? i dont think theres a way to ubsubscribe from singular threads,
unless, idk — Reply to this email directly, view it on GitHub
<[51]https://gist.github.com/5a9909939e6ce7d09e29#gistcomment-4413152>
or unsubscribe
<[52]https://github.com/notifications/unsubscribe-auth/ATM2XBBN6UQZR4HY
OT7BM6TWPAUIBBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYL
EL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY
3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XA
ZNEM5UXG5FFOZQWY5LFVAZDQNJSGY3DMNNHORZGSZ3HMVZKMY3SMVQXIZI>. You are
receiving this email because you commented on the thread. Triage
notifications on the go with GitHub Mobile for iOS
<[53]https://apps.apple.com/app/apple-store/id1477376905?ct=notificatio
n-email&mt=8&pt=524675> or Android
<[54]https://play.google.com/store/apps/details?id=com.github.android&r
eferrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_so
urce%3Dgithub>.

Sorry, something went wrong.
[55]@GetAHat
Copy link

[56]GetAHat commented [57]Dec 25, 2022

I think the best use case for consumer VPNs is accessing region-locked
content\websites etc. In case of Russia you literally can't even pay in
some websites even if you have European or American credit card and\or
you are European citizen, and you've set the region to any European
one. Just because of the fact that you're connecting from Russian IP.

To be honest, I use whatever seems working but only turning VPN on for
specific usecases, and turning off immediately after I'm done.
Everything else - yep, it's just stupid. You just giving the data to
some shady unregulated VPN company instead of shady and barely
regulated ISP.

Sorry, something went wrong.
[58]@TruncatedDinosour
Copy link

[59]TruncatedDinosour commented [60]Dec 25, 2022

look at the bottom your your email, there is an unsubscribe link
[61]…
------ Original Message ------ From "TruncatedDinosour" @.> To
"TruncatedDinosour" @.> Cc "Comment" @.***> Date 25/12/2022 16:46:15
Subject Re: joepie91/vpn.md
[62]@TruncatedDinosour commented on this gist.
--------------------------------------------------------------------
------------ >unsubscribe! >… <#> > do you now think i havent
thought of that ? i dont think theres a way to ubsubscribe from
singular threads, unless, idk — Reply to this email directly, view
it on GitHub
[63]https://gist.github.com/5a9909939e6ce7d09e29#gistcomment-4413152
or unsubscribe
[64]https://github.com/notifications/unsubscribe-auth/ATM2XBBN6UQZR4
HYOT7BM6TWPAUIBBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNB
ZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAY
LOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMN
ZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVAZDQNJSGY3DMNNHORZGSZ3HMVZKMY3SMVQXIZ
I. You are receiving this email because you commented on the thread.
Triage notifications on the go with GitHub Mobile for iOS
[65]https://apps.apple.com/app/apple-store/id1477376905?ct=notificat
ion-email&mt=8&pt=524675 or Android
[66]https://play.google.com/store/apps/details?id=com.github.android
&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26u
tm_source%3Dgithub.

hm. is it for singular threads though ? im scared to get unsubscribed
from all notifications

Sorry, something went wrong.
[67]@LupusMichaelis
Copy link

[68]LupusMichaelis commented [69]Dec 25, 2022

hm. is it for singular threads though ? im scared to get
unsubscribed from all notifications

How do you achieve breathing? Unbelievable. I'd like to point out that
there is an “unsubscribe” button at the top of this very page.
[70]image

Sorry, something went wrong.

[71]@TruncatedDinosour
Copy link

[72]TruncatedDinosour commented [73]Dec 25, 2022

hm. is it for singular threads though ? im scared to get
unsubscribed from all notifications

How do you achieve breathing? Unbelievable. I'd like to point out
that there is an “unsubscribe” button at the top of this very page.
[74]image

didnt look at the top, anyway, thank god, finally i can begin braincell
recovery

Sorry, something went wrong.

[75]@madgoat
Copy link

[76]madgoat commented [77]Dec 27, 2022

[78]@LokiFawkes

The fact you can ONLY connect through a PROPRIETARY app and, unlike
almost every other supposedly safe VPN, you ABSOLUTELY cannot
connect using a standard protocol

You might want to revise your information, or lack thereof.
* Nord allows you to connect however you want (OpenVPN, IPSec, IKEv2,
etc...), you don't need their software.

they've never had a truly independent audit. Parent companies often
own auditors or pay them for a good score.

* So you're telling me that PricewaterhouseCoopers is owned by Nord,
and that they were paid off to make them pass? Man, if that
exclusive information ever got out, that would be bad news for PWC.

Next time look into things before spewing falsities. Sure, you might
not like certain companies, but there's no need to lie about them.

Sorry, something went wrong.

[79]@LokiFawkes
Copy link

[80]LokiFawkes commented [81]Dec 29, 2022

[82]@madgoat Assuming their instructions even WORK (last I had even
touched their site, such instructions didn't even exist because the app
was REQUIRED so they could pass your traffic to their GoogleAnalytics
account), there's still the fact that they lie about data handling.
There's also the fact that not entirely having to use their app does
not mean they don't collect data, only that the proprietary app
GUARANTEES maximum data collection. Even a company that does allow
connection over open protocols can be collecting data, just likely less
data than when you use their proprietary app.
As mentioned, owning an auditor is not the only way to have a conflict
of interest. Money can change hands behind closed doors, and the
dissonance between reality and the score given makes that clear that
PWC is either dumb or paid for. Pick your poison.
For privacy, data collection, and data collection disclosure, Nord is
among the worst rated for a reason. It's run by, say it again, a data
broker.

Sorry, something went wrong.

[83]@aptblog
Copy link

[84]aptblog commented [85]Jan 3, 2023

Using a virtual private network (VPN) improves the security of your
social media accounts by encrypting your internet connection and
masking your IP address and location. This can make it more difficult
for hackers to access your sensitive information and can protect your
privacy when using social media. However, you should not relay on VPNs
alone are for [86]social media security, you need to be aware of many
other security tips for securing your social media accounts.

Sorry, something went wrong.

[87]@LupusMichaelis
Copy link

[88]LupusMichaelis commented [89]Jan 3, 2023

No. Pretend VPN do not improve security in any way. Please read the
article you're commenting about that explains why they are not security
tools at all, and stop puking marketing dump from those snakeoil
vendors.

Sorry, something went wrong.

[90]@LokiFawkes
Copy link

[91]LokiFawkes commented [92]Jan 3, 2023

[93]@aptblog Ad bot spotted. VPN services (glorified proxies) do not
improve your security. In the age of HTTPS and DoT/DoH, your attack
surface is on the client end and the server end. The attack surface is
nowhere in the middle. At best, a man in the middle might get the
hostname of a service you're connecting to at the handshake in the
beginning of a TLS connection, a connection that could last from
seconds to years, and that's if a method of encrypting the SNI (ESNI,
ECH, etc) is not being implemented. Since the Web2 era, in which most
sites are hosted on just a few servers, IP addresses are kinda useless
for spying on users.

Things you can do to protect your browsing habits at home from being
discovered by a MITM such as a hacker or your ISP:
Use DoT or DoH. DoT is superior for security and more lightweight, but
browsers typically require DoH to implement ECH, the current encrypted
SNI standard. Though currently they also hide this feature behind a
config flag, too.
Enable ECH in your flags, even if you won't be able to use it due to
your DNS configuration.
Set up a recursive resolver in your LAN, configure it to connect to
other DNS servers via DoT. This server will cache your queries for a
predefined length of time known as a Time To Live (TTL), either the TTL
of the DNS record or the TTL the resolver has set globally, whichever
is shorter. Hard mode: Use reverse-proxy software to implement DoH with
this server as the DNS server, enabling you to use ECH on your favorite
browser (they really should enable this for using DoT as well)

By encrypting your DNS queries and minimizing the amount of queries
that reach WAN, all people see is you connecting to servers that
usually host multiple domain names. By encrypting the Server Name
Indicator, even the TLS handshake between you and a site will contain
no usable data. At that point, only you and the site you connect to
have any idea what's going on. From there, browser extensions that
block ads and analytics further protect you. You can also blackhole
certain hostnames on your resolver to minimize tracking where browser
extensions aren't an option (mobile, for example) though that can come
with its own set of functionality penalties.

Without the hostname, if a server hosts multiple sites, nobody knows
what you're actually connecting to. They might be able to guess that
yl-in-f101.1e100.net is probably an edge server for google.com, but
they wouldn't be certain that the site is google.com and not, for
example, just a site using Google's cloud services as a CDN.

Sorry, something went wrong.

[94]@arkbg1
Copy link

[95]arkbg1 commented [96]Jan 3, 2023

[97]@LokiFawkes Agreed. At least I hope. His primary arguement is
directly addressed by OP.

[98]@aptblog "(VPN) improves the security of your social media accounts
by encrypting your internet connection and masking your IP address and
location."

vs

[99]@joepie91 " VPNs can't magically encrypt your traffic" & "Your IP
address is a largely irrelevant metric in modern tracking systems."

also,

[100]@joepie91 "claims that have already been addressed in the
article... doesn't belong here."

Sorry, something went wrong.

[101]@aptblog
Copy link

[102]aptblog commented [103]Jan 4, 2023

Defense in depth approach for security and VPN & Social Media Account
Security.

Defense in depth is a security strategy that involves implementing
multiple layers of defense at different points within a system or
network. The goal of defense in depth is to make it more difficult for
attackers to compromise the security of the system or network by
requiring them to bypass multiple layers of defense.

Defense in depth is needed now more than ever as more employees work
from home and as organizations increasingly rely on cloud-based
services and [104]social media is a weak human link in security.

Some examples of different layers of defense that might be included in
a defense in depth strategy include:

Physical security measures, such as locks and security guards, to
protect against physical attacks.
Network security measures, such as firewalls and intrusion detection
systems, to protect against network-based attacks.
Application security measures, such as input validation and
authentication controls, to protect against attacks targeting specific
applications or services.
Data security measures, such as encryption and access controls, to
protect against unauthorized access to sensitive data.

A virtual private network (VPN) is a network technology that creates a
secure, encrypted connection between a device and a VPN server.

This can provide several benefits, including:

Privacy: By routing traffic through the VPN server, a VPN can hide the
device's IP address and make it more difficult for third parties to
track the device's online activity.
Security: The encrypted connection provided by a VPN can help protect
against various types of cyber threats, such as man-in-the-middle
attacks and data leaks.
Geo-blocking: Some websites and services are only available in certain
countries. By connecting to a VPN server in a different country, a user
can "trick" these websites into thinking they are located in the
allowed country, allowing them to access restricted content.

VPN is only one component of a defense in depth strategy, and it should
be used in combination with other security measures to provide the
greatest level of protection.

Defense in depth for a social media account:

Choose strong and unique passwords: Use a password manager to create
strong, unique passwords for your social media accounts, and enable
two-factor authentication (2FA) if it is available. This will help
protect against password-based attacks, such as brute-force attacks or
credential stuffing.

Be cautious with links and attachments: Be cautious when clicking on
links or downloading attachments from unknown sources, as these can
potentially be used to deliver malware or phishing attacks.

Use privacy settings: Use the privacy settings provided by the social
media platform to control who can see your posts and personal
information.

Be aware of scammers and impersonators: Be aware of scammers and
impersonators who may try to trick you into giving away personal
information or money.

Use antivirus software: Install antivirus software on your devices and
keep it up to date to help protect against malware.

Avoid sharing sensitive information: Be mindful of what personal
information you share on social media, as this information could
potentially be used to target you with attacks.

Sorry, something went wrong.

[105]@LokiFawkes
Copy link

[106]LokiFawkes commented [107]Jan 4, 2023 •
edited

[108]@aptblog The application of VPN technology in a defense-in-depth
strategy involves using an actual VPN, not a "VPN" service. VPNs are
used in a defense in depth strategy to connect employees to a private
network, not to serve as a proxy for their WAN traffic. When it does
function as a proxy, this is to keep custody of that traffic until it
goes to the WAN, not to dance around the globe via an untrustworthy
third party. This way, if something leaks to WAN, it leaks through the
company's private network, and is either stopped by the firewall or
cannot be sniffed by the employee's home ISP.

If you are using a VPN service rather than a company VPN for your
defense in depth strategy, you've defeated your whole security model.

The doctrine of defense in depth is also outdated.
For example, "strong" passwords are often short but use a wide
character range instead of being long. They're not memorable, they're
easy for machines to bruteforce, and they're plagued by the need to
write down passwords or save them in a password manager. Passphrases
are king.
For another example, antivirus software as we know it is ineffective.
The most effective antivirus for Windows is Defender, with many
commercial offerings actually spying on you, bypassing Defender (it
disables itself if you have another AV installed) and leaving doors
open for malware whose developer has bribed them for whitelisting to
get through. The most effective antivirus for macOS is in fact is the
Gatekeeper/Notarization/XProtect stack built in to macOS. As for Linux,
there is no real AV offering (just about every offering you see for
Linux is either a scam or a Windows AV scanning on Linux) and the
method of defense is to patch out vulnerabilities and never give anyone
but designated administrators administrative privileges. Just like
macOS, a password is needed when escalating to admin power, and you
must be in the admin wheel to escalate.

Sorry, something went wrong.

[109]@aptblog
Copy link

[110]aptblog commented [111]Jan 5, 2023 •
edited

[112]@LokiFawkes actual VPN and VPN as service discussion is similar to
choosing "Private Cloud" vs "Public Cloud".

Windows Defender a built-in antivirus software for Windows operating
systems is generally effective at detecting and protecting against
viruses and other malware. However keeping your OS up to date with the
latest security patches and updates, enabling virtualization-based
security, and using cloud storage service to store your important files
and documents adds extra layer to security.

The doctrine of defense in depth is a military strategy that involves
positioning defensive forces at various levels or depths in an area in
order to create multiple layers of defense. While the specific tactics
and technologies used in defense in depth may change over time, the
fundamental principles behind this strategy remains relevant.

The doctrine of "Defense in depth" can be applied in a variety of
contexts, including military, cybersecurity, and critical
infrastructure protection.

Doctrine of defense in depth can also be applied to emotional security
or personal security.

Here are some ideas for how to build a defense in depth for emotional
security:

Identify and address sources of stress: Identify the things that cause
you stress, such as work, relationships, or financial issues, and take
steps to address them. This might involve seeking support from friends
and family, seeking therapy, counseling, finding ways to manage your
workload more effectively.

Practice self-care: Take care of yourself physically and emotionally by
getting enough sleep, eating well, [113]exercising, and engaging in
activities that bring you joy.

Build a support network: Surround yourself with people who are
supportive and who you can turn to for help when you're feeling
overwhelmed or distressed.

Develop coping skills: Learn techniques for managing your emotions and
coping with stress, such as deep breathing, meditation, or journaling.

Seek professional help if needed: If you're struggling to cope with
stress or negative emotions on your own, consider seeking help from a
mental health professional or a health coach.

Sorry, something went wrong.

[114]@LokiFawkes
Copy link

[115]LokiFawkes commented [116]Jan 5, 2023

[117]@aptblog No, actual VPN vs VPN service is similar to choosing self
hosted vs public cloud.

Audits of antivirus software showed the best to be Defender, which also
happens to be the one that comes with Windows. Currently, as OS
developers put their money into providing an antivirus, they've proven
to be the best to turn to when protecting the OS they develop.
Virtualization-based security is typically not needed unless you're
downloading shit from Softonic, and even then, most malware you'll be
worrying about can break the hypervisor or simply get sufficient
permissions from the user for the hypervisor not to be a threat to its
goal.

Cloud storage is not a form of security. You're thinking of backup, but
also, it's not a form of backup either. It's not an archival service,
it's a centralized sync service. Centralizing your files to Muh Cloud
can actually make it easier for malware to destroy your data thoroughly
enough that without a real backup you'll be unable to retrieve it.

If the doctrine of defense in depth hasn't embraced long passwords,
it's outdated. End of.

Sorry, something went wrong.

[118]@MandiYang
Copy link

[119]MandiYang commented [120]Jan 8, 2023

Is protonvpn trustworthy? There is no way to confirm it to be
trustworthy but they seem so legit :(
[121]https://protonvpn.com/blog/is-protonvpn-trustworthy/

Sorry, something went wrong.

[122]@arkbg1
Copy link

[123]arkbg1 commented [124]Jan 8, 2023

Is protonvpn trustworthy? There is no way to confirm it to be
trustworthy but they seem so legit :(
[125]https://protonvpn.com/blog/is-protonvpn-trustworthy/

I would be curious to know if OP read anything especially convincing in
their lists of reasons to trust them.

Sorry, something went wrong.

[126]@carmellopezhere
Copy link

[127]carmellopezhere commented [128]Mar 8, 2023

I vote for my all-time favourite VPN. [129]StreamVPN is an excellent
virtual private network (VPN) service that offers its users a fast,
secure, and private internet browsing experience. The service is easy
to use and has a user-friendly interface that makes it easy for even
those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass
internet censorship and geo-restrictions. With servers in multiple
locations, users can easily connect to a server in a different country
and access content that may be restricted in their region. This makes
it an ideal VPN for users who want to stream content from other
countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy, which
ensures that user activity and connection logs are not stored. This
means that users can enjoy a high level of privacy and security while
browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for
users who want to stream high-quality content or engage in online
gaming. Additionally, the service offers excellent customer support and
has a dedicated support team available 24/7 to assist users with any
issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users a
great mix of privacy, security, and functionality. It is a reliable and
efficient VPN that is well worth considering for anyone looking for a
top-quality VPN service.

Sorry, something went wrong.

[130]@GASOLINE
Copy link

[131]GASOLINE commented [132]Mar 8, 2023

I vote for my all-time favourite VPN. [133]StreamVPN is an excellent
virtual private network (VPN) service that offers its users a fast,
secure, and private internet browsing experience. The service is
easy to use and has a user-friendly interface that makes it easy for
even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass
internet censorship and geo-restrictions. With servers in multiple
locations, users can easily connect to a server in a different
country and access content that may be restricted in their region.
This makes it an ideal VPN for users who want to stream content from
other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy,
which ensures that user activity and connection logs are not stored.
This means that users can enjoy a high level of privacy and security
while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for
users who want to stream high-quality content or engage in online
gaming. Additionally, the service offers excellent customer support
and has a dedicated support team available 24/7 to assist users with
any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users
a great mix of privacy, security, and functionality. It is a
reliable and efficient VPN that is well worth considering for anyone
looking for a top-quality VPN service.

Says someone that just subscribed to Github. It seems more an
advert/affiliate link.

Sorry, something went wrong.

[134]@Kyr4l
Copy link

[135]Kyr4l commented [136]Mar 9, 2023

I vote for my all-time favourite VPN. [137]StreamVPN is an excellent
virtual private network (VPN) service that offers its users a fast,
secure, and private internet browsing experience. The service is
easy to use and has a user-friendly interface that makes it easy for
even those new to VPNs to navigate.

One of the standout features of StreamVPN is its ability to bypass
internet censorship and geo-restrictions. With servers in multiple
locations, users can easily connect to a server in a different
country and access content that may be restricted in their region.
This makes it an ideal VPN for users who want to stream content from
other countries or access websites that may be blocked.

Another great feature of StreamVPN is its strict no-logs policy,
which ensures that user activity and connection logs are not stored.
This means that users can enjoy a high level of privacy and security
while browsing the internet.

StreamVPN also offers fast connection speeds, which is essential for
users who want to stream high-quality content or engage in online
gaming. Additionally, the service offers excellent customer support
and has a dedicated support team available 24/7 to assist users with
any issues they may encounter.

Overall, StreamVPN is an excellent VPN service that offers its users
a great mix of privacy, security, and functionality. It is a
reliable and efficient VPN that is well worth considering for anyone
looking for a top-quality VPN service.

Bot detected 1000000%

Sorry, something went wrong.

[138]@ElTioRata
Copy link

[139]ElTioRata commented [140]Mar 17, 2023

So, Mullvad isn't trustworthy?

Sorry, something went wrong.

[141]@LokiFawkes
Copy link

[142]LokiFawkes commented [143]Mar 18, 2023

Trust Mullvad as far as you can throw it. Don't expect it to keep your
network traffic a secret any more than any other service, though it
does have less data-broker baggage than many others.

Sorry, something went wrong.

[144]@CostcoFanboy
Copy link

[145]CostcoFanboy commented [146]Mar 28, 2023 •
edited

You can somewhat trust some rare VPNs as some of them made their canary
tactics public and you can observe how the VPN/company interacted with
other court orders in the past.

e.g. Mullvad and Proton

Basically, if they have logs, they just hand them encrypted jargon, if
they have no logs, then nothing can be given.
This gist is somewhat right but too pessimistic.

99% of people use VPNs for geolocation bypass (Netflix or living in an
authoritarian regime) or p2p torrenting, which are fairly valid use
cases.

I'd say Mullvad, Proton and iVPN are trustworthy considering what I've
seen from their responses and what happened during equipment seizures.

List of garbage VPNs that are to be avoided 100%:
* GhostVPN: Owned by ex-malware company
* PIA: Now owned by ex-malware company
* Tunnelbear: Owned by McAfee
* PureVPN: Lied about not keeping logs
* Windscribe VPN: Lied about encryption
* HideMyAss: Lied about not keeping logs
* DoubleVPN: Lied about not keeping logs
* EarthVPN: Lied about not keeping logs
* ProtonVPN: Garbage apps.
* Hola: Malware

Of course, never trust VPNs that are mass-peddled on YouTube channels.

It's all very circumstantial and somewhat "no brainer". Kind of like
how you'd trust pCloud to harbor sensitive data but never Google Drive.
But you can circumvent the whole thing by running Cryptomator on your
Gdrive folder contents locally.

You just have to be smart about it.

As far as the best one, it definitely goes to Mullvad. You don't even
need an identity tied to your payment method.

Sorry, something went wrong.

[147]@Moizsohail
Copy link

[148]Moizsohail commented [149]Apr 3, 2023 •
edited

What if we use openvpn and connect to free vpn providers like
[150]https://www.freeopenvpn.org/index.php?lang=en. is that safe?

I mean i am just looking to watch anime on pirated sites like
gogoanime. and i don't need a letter knocking on my door.

Sorry, something went wrong.

[151]@isaackielma
Copy link

[152]isaackielma commented [153]May 4, 2023

[154]@ranazain0009 Looks like all these vpn indicated in the website
are logging all consumer traffic and personal data that's stored in
their DB. Is that true or am I paranoid? Just because you pay them,
doesn't mean that they will be ethical. Still giving them all the power
to sell or use your info for nefarious purposes...

Just a thought, please correct me if I am mistaken.

Sorry, something went wrong.

[155]@aedicted
Copy link

[156]aedicted commented [157]May 4, 2023

They most certainly won't log "all consumer traffic" as it would be way
too much to store. Not even the NSA does that or would be capable of
holding all that stuff.

If at all, it will be the meta-data about the connection itself.

Paranoia? Depends on your use case. I'd claim that for a little P2P,
etc. ANY will do it as "investigations" in that regard will stop at the
first visible IP-address and as long as it is not your easily
accessible ISP, I'm yet to hear of any case where they took the effort
to follow up the chain. If you plan "more" or your safety is a stake
like being a Snowden, then cascade several up to your personal level of
paranoia. ;)

Sorry, something went wrong.

[158]@Viral
Copy link

[159]Viral commented [160]May 24, 2023

literally shit for brains

Sorry, something went wrong.

[161]Sign up for free to join this conversation on GitHub. Already have
an account? [162]Sign in to comment

Footer

© 2023 GitHub, Inc.

Footer navigation

* [163]Terms
* [164]Privacy
* [165]Security
* [166]Status
* [167]Docs
* [168]Contact GitHub
* [169]Pricing
* [170]API
* [171]Training
* [172]Blog
* [173]About

(BUTTON) You can’t perform that action at this time.

You signed in with another tab or window. [174]Reload to refresh your
session. You signed out in another tab or window. [175]Reload to
refresh your session.

(BUTTON)

References

Visible links
1. https://gist.github.com/opensearch-gist.xml
2. https://gist.github.com/joepie91.atom
3. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#start-of-content
4. https://gist.github.com/discover
5. https://github.com/
6. https://gist.github.com/auth/github?return_to=https://gist.github.com/joepie91/5a9909939e6ce7d09e29
7. https://gist.github.com/join?return_to=https://gist.github.com/joepie91/5a9909939e6ce7d09e29&source=header-gist
8. https://gist.github.com/auth/github?return_to=https://gist.github.com/joepie91/5a9909939e6ce7d09e29
9. https://gist.github.com/join?return_to=https://gist.github.com/joepie91/5a9909939e6ce7d09e29&source=header-gist
10. https://gist.github.com/joepie91
11. https://gist.github.com/joepie91
12. https://gist.github.com/joepie91/5a9909939e6ce7d09e29
13. https://gist.github.com/login?return_to=https://gist.github.com/joepie91/5a9909939e6ce7d09e29
14. https://gist.github.com/joepie91/5a9909939e6ce7d09e29/stargazers
15. https://gist.github.com/login?return_to=https://gist.github.com/joepie91/5a9909939e6ce7d09e29
16. https://gist.github.com/joepie91/5a9909939e6ce7d09e29/forks
17. https://gist.github.com/login?return_to=https://gist.github.com/joepie91/5a9909939e6ce7d09e29
18. https://gist.github.com/joepie91/5a9909939e6ce7d09e29
19. https://gist.github.com/joepie91/5a9909939e6ce7d09e29/revisions
20. https://gist.github.com/joepie91/5a9909939e6ce7d09e29/stargazers
21. https://gist.github.com/joepie91/5a9909939e6ce7d09e29/forks
22. https://gist.github.com/joepie91/5a9909939e6ce7d09e29/archive/060273b2528e3db5a7b676ac6725f3bff3b0520b.zip
23. https://gist.github.com/joepie91/5a9909939e6ce7d09e29/raw/060273b2528e3db5a7b676ac6725f3bff3b0520b/vpn.md
24. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#file-vpn-md
25. https://tdemin.github.io/posts/2017-08-13-dont-use-vpn-services_ru
26. https://write.as/nwz9t04yfjwlv0yj.md
27. https://schub.io/blog/2019/04/08/very-precarious-narrative.html
28. http://www.theregister.co.uk/2011/09/26/hidemyass_lulzsec_controversy/
29. https://en.wikipedia.org/wiki/Carrier-grade_NAT
30. https://panopticlick.eff.org/
31. https://github.com/StreisandEffect/streisand
32. https://www.lowendtalk.com/categories/offers
33. http://cryto.net/~joepie91/blog/LICENSE.txt
34. https://creativecommons.org/publicdomain/zero/1.0/
35. https://gist.github.com/TruncatedDinosour
36. https://gist.github.com/TruncatedDinosour
37. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4412854#gistcomment-4412854
38. https://gist.github.com/eqn-group
39. https://gist.github.com/eqn-group
40. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4413050#gistcomment-4413050
41. https://gist.github.com/joepie91/5a9909939e6ce7d09e29
42. https://gist.github.com/TruncatedDinosour
43. https://gist.github.com/TruncatedDinosour
44. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4413152#gistcomment-4413152
45. https://gist.github.com/joepie91/5a9909939e6ce7d09e29
46. https://gist.github.com/eqn-group
47. https://gist.github.com/eqn-group
48. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4413221#gistcomment-4413221
49. https://gist.github.com/joepie91/5a9909939e6ce7d09e29
50. https://github.com/TruncatedDinosour
51. https://gist.github.com/5a9909939e6ce7d09e29#gistcomment-4413152
52. https://github.com/notifications/unsubscribe-auth/ATM2XBBN6UQZR4HYOT7BM6TWPAUIBBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVAZDQNJSGY3DMNNHORZGSZ3HMVZKMY3SMVQXIZI
53. https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675
54. https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign=notification-email&utm_medium=email&utm_source=github
55. https://gist.github.com/GetAHat
56. https://gist.github.com/GetAHat
57. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4413226#gistcomment-4413226
58. https://gist.github.com/TruncatedDinosour
59. https://gist.github.com/TruncatedDinosour
60. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4413309#gistcomment-4413309
61. https://gist.github.com/joepie91/5a9909939e6ce7d09e29
62. https://github.com/TruncatedDinosour
63. https://gist.github.com/5a9909939e6ce7d09e29#gistcomment-4413152
64. https://github.com/notifications/unsubscribe-auth/ATM2XBBN6UQZR4HYOT7BM6TWPAUIBBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVAZDQNJSGY3DMNNHORZGSZ3HMVZKMY3SMVQXIZI
65. https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675
66. https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign=notification-email&utm_medium=email&utm_source=github
67. https://gist.github.com/LupusMichaelis
68. https://gist.github.com/LupusMichaelis
69. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4413311#gistcomment-4413311
70. https://user-images.githubusercontent.com/357873/209477382-caa48e37-3d64-4afc-b4f2-24905546a9b0.png
71. https://gist.github.com/TruncatedDinosour
72. https://gist.github.com/TruncatedDinosour
73. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4413386#gistcomment-4413386
74. https://user-images.githubusercontent.com/357873/209477382-caa48e37-3d64-4afc-b4f2-24905546a9b0.png
75. https://gist.github.com/madgoat
76. https://gist.github.com/madgoat
77. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4414333#gistcomment-4414333
78. https://github.com/LokiFawkes
79. https://gist.github.com/LokiFawkes
80. https://gist.github.com/LokiFawkes
81. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4416434#gistcomment-4416434
82. https://github.com/madgoat
83. https://gist.github.com/aptblog
84. https://gist.github.com/aptblog
85. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4422019#gistcomment-4422019
86. https://aptblogger.com/25-social-media-security-tips-every-marketer-should-know-about/
87. https://gist.github.com/LupusMichaelis
88. https://gist.github.com/LupusMichaelis
89. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4422042#gistcomment-4422042
90. https://gist.github.com/LokiFawkes
91. https://gist.github.com/LokiFawkes
92. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4422110#gistcomment-4422110
93. https://github.com/aptblog
94. https://gist.github.com/arkbg1
95. https://gist.github.com/arkbg1
96. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4422682#gistcomment-4422682
97. https://github.com/LokiFawkes
98. https://github.com/aptblog
99. https://github.com/joepie91
100. https://github.com/joepie91
101. https://gist.github.com/aptblog
102. https://gist.github.com/aptblog
103. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4423294#gistcomment-4423294
104. https://theconversation.com/is-social-media-the-weak-link-in-the-fight-against-cyber-attacks-36211
105. https://gist.github.com/LokiFawkes
106. https://gist.github.com/LokiFawkes
107. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4423815#gistcomment-4423815
108. https://github.com/aptblog
109. https://gist.github.com/aptblog
110. https://gist.github.com/aptblog
111. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4424792#gistcomment-4424792
112. https://github.com/LokiFawkes
113. https://healthylivinguru.com/why-is-too-much-workout-bad-for-you/
114. https://gist.github.com/LokiFawkes
115. https://gist.github.com/LokiFawkes
116. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4425042#gistcomment-4425042
117. https://github.com/aptblog
118. https://gist.github.com/MandiYang
119. https://gist.github.com/MandiYang
120. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4430239#gistcomment-4430239
121. https://protonvpn.com/blog/is-protonvpn-trustworthy/
122. https://gist.github.com/arkbg1
123. https://gist.github.com/arkbg1
124. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4430317#gistcomment-4430317
125. https://protonvpn.com/blog/is-protonvpn-trustworthy/
126. https://gist.github.com/carmellopezhere
127. https://gist.github.com/carmellopezhere
128. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4495137#gistcomment-4495137
129. https://gist.github.com/joepie91/www.streamvpn.com
130. https://gist.github.com/GASOLINE
131. https://gist.github.com/GASOLINE
132. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4495302#gistcomment-4495302
133. https://gist.github.com/joepie91/www.streamvpn.com
134. https://gist.github.com/Kyr4l
135. https://gist.github.com/Kyr4l
136. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4496567#gistcomment-4496567
137. https://gist.github.com/joepie91/www.streamvpn.com
138. https://gist.github.com/ElTioRata
139. https://gist.github.com/ElTioRata
140. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4506928#gistcomment-4506928
141. https://gist.github.com/LokiFawkes
142. https://gist.github.com/LokiFawkes
143. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4507328#gistcomment-4507328
144. https://gist.github.com/CostcoFanboy
145. https://gist.github.com/CostcoFanboy
146. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4517815#gistcomment-4517815
147. https://gist.github.com/Moizsohail
148. https://gist.github.com/Moizsohail
149. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4524658#gistcomment-4524658
150. https://www.freeopenvpn.org/index.php?lang=en
151. https://gist.github.com/isaackielma
152. https://gist.github.com/isaackielma
153. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4557732#gistcomment-4557732
154. https://github.com/ranazain0009
155. https://gist.github.com/aedicted
156. https://gist.github.com/aedicted
157. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4557745#gistcomment-4557745
158. https://gist.github.com/Viral
159. https://gist.github.com/Viral
160. https://gist.github.com/joepie91/5a9909939e6ce7d09e29?permalink_comment_id=4577535#gistcomment-4577535
161. https://gist.github.com/join?source=comment-gist
162. https://gist.github.com/login?return_to=https://gist.github.com/joepie91/5a9909939e6ce7d09e29
163. https://docs.github.com/site-policy/github-terms/github-terms-of-service
164. https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
165. https://github.com/security
166. https://www.githubstatus.com/
167. https://docs.github.com/
168. https://support.github.com/?tags=dotcom-footer
169. https://github.com/pricing
170. https://docs.github.com/
171. https://services.github.com/
172. https://github.blog/
173. https://github.com/about
174. https://gist.github.com/joepie91/5a9909939e6ce7d09e29
175. https://gist.github.com/joepie91/5a9909939e6ce7d09e29

Hidden links:
177. https://gist.github.com/
178. https://gist.github.com/
179. https://docs.github.com/articles/which-remote-url-should-i-use
180. https://desktop.github.com/
181. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#dont-use-vpn-services
182. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#why-not
183. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-my-provider-doesnt-log
184. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-a-provider-would-lose-business-if-they-did-that
185. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-i-pay-anonymously-using-bitcoinpaysafecardcashdrugs
186. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-i-want-more-security
187. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-i-want-more-privacy
188. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-i-want-more-encryption
189. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-i-want-to-confuse-trackers-by-sharing-an-ip-address
190. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#so-when-should-i-use-a-vpn
191. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#so-then-what
192. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-how-is-that-any-better-than-a-vpn-service
193. https://gist.github.com/joepie91/5a9909939e6ce7d09e29#so-why-do-vpn-services-exist-surely-they-must-serve-some-purpose
194. https://github.com/