DNS providers also collect habits of their users. That was part of my point about who do you want to be private from?
If you want real privacy, don't use the internet.
There are different levels of privacy and how much you want probably doesn't overlap with how much is easy to accomplish. It isn't for me.
When I want privacy,
- I don't do it from home. I use a mom-pop cafe, not a corporate one. Corporate places with free wifi are everywhere. Assume those places are capturing your image, connection, DNS, and browsing. There are mitigations against each.
- Use a full, paid, VPN who you can trust. How to know whether you can trust any VPN isn't easy. You'll need to work into the ownership, logging, and truly who is behind it. Often, the more privacy they claim to provide, the more likely your data ends up in a parent companies hands. Having headquarters in small countries often means the VPN can manipulate the govt there. If the CEO/President and CIO for a VPN provider don't actually live in the country where their HQ is located, I consider that a warning sign too.
- How has the VPN reacted towards legal demands to provide information on the users? If you don't hear anything about them fighting cased in court - what does that mean? To me, it means they handed it all over. I know of only 1 VPN provider who has fought legal battles AND proved they couldn't provide any logs to the govt, so the govt went away.
- When you sign up to pay for a VPN, use anonymous payment methods. Financial tracking is a real thing. Every year or two, I buy a Gift VISA card to buy VPN service. There is a pre-paid service charge for this ... basically I'm paying 10% more to ensure privacy. This card cannot have more money added to it. The cards that support adding are more traceable. To be used on the internet, we have to register the card with a name and ZIP code here. Many VISA payment systems use the ZIP code along with the PIN to validate the correct user. I look up a name and address for a real person, with a common name, somewhere else and "borrow" their name for this 1 transaction.
- For the VPN, there are really 2 secure-enough technical solutions - openvpn and wireguard. I want a provider that does at least 1 of those. I avoid providers using commercial VPN tools. In an old job, I deployed VPN for 25,000 users. We used a commercial solution with a SecurID fob. I watch the IT security announcements and every year one of the commercial VPN tools seems to announce a failure in a deployment that effectively made the VPN useless for some months. OpenVPN can be setup to be very non-secure too. Some of the default settings commonly used have been cracked by govts around the world. The VPN provider I used last year allowed some control by users to drastically improve they crypto for our connections, but it wasn't the default which was used by most people.
- The VPN will slow all connections. There's an extra middle-man between everything, after all.
- There is TOR too, and for many people it is fine. A few years ago, I read an article about TOR that estimated 30-60% of all exit nodes were run by different govt spy agencies. Read up about TOR for why it can be anonymous, but has some very important caveats. For example, if you've ever use TOR and connected to UbuntuForums.org using your normal userid for the login, then you've just broken the veil of privacy. When using TOR, never use any accounts that you've used before. It is best not to post at all, since we each have a writing style that can be "finger printed" on the internet. That will lead back to an individual as well, for a sufficiently motivated searcher.
Privacy is never a yes/no question. It is always on a scale. Always.
But most of us aren't doing anything nefarious or illegal. We just don't think it is anyone else's business. How much is more privacy worth, since it isn't automatic? That's the question.
Bookmarks