Most arguments that I saw go like this: a) VPN services themselves say that they provide anonymity; b) all hackers use VPNs; c) expert Mr. X said this during his webinar. Mr. X does not commit cybercrimes himself, but for some reason believes that he has the right to give advice to those who commit them daily.

For starters, let’s define the terms, as practice shows, not everyone understands what anonymity is (which does not prevent them from discussing this topic from an expert position). I will try to explain as simply and easily as possible.

Anonymity

Anonymity is when everyone sees your actions, but no one knows you are doing them. For example, you put on a black hat with holes for the eyes, black jeans and a black jacket and go to an unfamiliar square and took a pee there. In this case, you are anonymous. Although everyone saw you peeing, no one knows who you are.

Privacy

Privacy is when everyone can see that you are doing something, but no one can see what exactly you do. For example, you hide the smartphone screen with your hand and look at something. Everyone understands that there is probably something bad there, maybe you are watching porn, but all this is at the level of suspicions. In this case, you are privately viewing porn – everyone sees that you are hiding something, but they cannot say what it is or prove it.

Security

Security is a set of measures aimed at preventing damage from possible vectors of attack like viruses, data breaches, etc. That is when you are almost sure that you will soon step with two feet in margarine and you start thinking in advance:

  1. How do I avoid it?
    2. What to do if it still happens?

There are lot methods hackers get caught:

  • De-anonymization by various network identifiers.
  • De-anonymization by cross-posting.
  • Tracing financial flows.
  • De-anonymization through the intelligence data and data received from agents.
  • Special operations aimed at your capture.

It is good If you know how to counteract the above methods and I can only praise you. If not, then this is your primary task, because the habit of thinking a la: “Who would want to catch me? I am just a small drop in the ocean” will sooner or later bring you to prison.

Expert opinions

VPN services can be either paid or free. Although in my opinion, it is foolish to write such a thing, but there are still quite inexperienced Internet residents who do not even understand this.

Any VPN service needs money – it is an axiom. So, if some services ask for monthly payments I have no questions about how they pay salaries, taxes, rent equipment, and so on.

But where do free VPN services get the money? Everything is simple here. They sell logs of their subscribers. Yes exactly. They will sell logs about what websites you visited, what you saw and clicked there, what you searched for. And they will most probably sell it to anyone who would pay.

So, in this article, I write about top VPN services and not about this free stuff for “hamsters.”

Let’s see what Wikipedia says:

“VPNs cannot make online connections completely anonymous, but they can usually increase privacy and security.” So, VPNs have issues with privacy and security, and anonymity is not even discussed.

Private networks were not designed to solve such tactical tasks as complete anonymity. They simply encrypt traffic in order to prevent free interception of confidential data. For example, you need to transfer information from office A to office B under the heading “Commercial secret.” The attacker knows that information is transmitted between the two nodes and even guesses which one. But its interception does not make sense, because, by the time attackers are able to decipher this data, it will lose all value and will cease to be a secret.

Let’s see what do the developers of Tails say about VPN:

“Some users have requested support for VPNs in Tails to “improve” Tor’s anonymity. You know, more hops (servers) must be better, right?. That’s just incorrect — if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor). Similarly, we don’t want to support VPNs as a replacement for Tor since that provides terrible anonymity and hence isn’t compatible with Tails’ goal.”

Let me remind you that Tails is free, and it makes no sense for its developers to tell lies, but with the sellers of “anonymity” it is quite the opposite – they have reasons to persuade people that Tor is not safe and have many holes, as VPNs can earn more money on gullible users.

Surely there can be a question: “Why the number of servers does not strengthen the anonymity?” Let me bring some clarity here. So some people believe that it is enough to have only three “hops” like this:

User > Hop1 > Node > Hop2 > Node > Hop3 > Internet

The essence of such a chain is that it does not have a node that is simultaneously “familiar” with both the user and the final website – that is, some weak link that “knows too much.”

Under the condition of constant change of nodes and chains (in Tor and in i2p chains/tunnels live only about 10 minutes) this number of hops considered to be enough. At the same time, we have only two intermediate nodes, which may contain information that is interesting to the probable enemy.

If we increase the number of nodes in the chain, say twice, it will not increase our anonymity. Two nodes and four nodes are the same as with both cases the user and the final website are divided and there is no “weak link” which can be used to connect the user and the final website. But having four nodes (instead of two) increases the likelihood of detection, as well as the chances that one of the nodes is under the direct control of a probable enemy.

Any further increase in the number of intermediate nodes will decrease, rather than increase your protection. Especially if they are “permanent” – not changing. And even more so if their IP addresses are known to everyone (VPN server addresses are publicly available on their websites).

Red as a fire truck

Where did you read that VPN services will not hand you over to law enforcement agencies? When the appropriate request comes from any law enforcement agency, VPN providers will find themselves in a situation where they know your IP address, they know what digital wallets you used to make payments and now they already know that you committed crimes under the guise of their good name. At the same time, they certainly put it in their Privacy Policy (which I am sure you either did not read or did not understand) preparing in advance for situations like this.

Their refusal to provide necessary data will be classified as a concealment or even complicity (participation in a completed criminal act). Where did you read that, for the sake of one of several tens, or even hundreds of thousands of customers, who violated the service rules or committed crimes, someone will inflame relations with law enforcers?

Someone will say that servers are far away, say in Albania. The paper from USA agents will fly simultaneously to the VPN office and local experts in Albania. Such information exchange is practiced quite often now, and cops in different countries have long understood the benefits of such joint work.

In conclusion, I want to say that there are a lot of great VPN services on the “Darkside”, which came up with ways to reject police requests to give out user data or stop serving some of the customers almost legally. To solve such issues, they register legal entities in third world countries with “leaky” or loyal to such activity legislation at the same time building servers on non-volatile data carriers.