heywhoathere wrote: ↑Sun Jun 19, 2022 5:25 pm
roamingzebra wrote: ↑Sun Jun 19, 2022 3:21 pm
candb wrote: ↑Sun Jun 19, 2022 3:13 pm
roamingzebra wrote: ↑Sun Jun 19, 2022 3:03 pm
OnTrack wrote: ↑Sun Jun 19, 2022 12:48 pm
A number of replies state that VPNs are not needed because most websites are now encrypted. However, the ISP can still figure out the domain name of each site their customers visit.
Many domain names contain clues if not outright identification of the content of the website. Until websites start using domain names like www .random.com, an individual browsing the web is going to be telegraphing their personal interests, political affiliations, vehicle type, health issues, etc.
So you just decide to give all that information to the VPN provider instead?
I purchase a gift card with cash, then pay for the VPN with the gift card.
Some VPN providers accept cash through the mail (not something I'd do) and some except cryptocurrency. I know nothing about the latter, but from what I gather, it allows anonymity.
Paying for a VPN with a gift card doesn't stop the VPN provider from being able to see the domain names you're connecting to.
The specific argument about your ISP seeing domain names makes no sense to me. All of that information is found in the TLS handshake, so it's not like your VPN provider doesn't see the exact same info that your ISP would.
I think one of us is misunderstanding the other.
Here's my situation:
My ISP knows who I am because I pay them monthly with a credit card or check. They have my name, phone number, address, and other personally identifying information (PII). They even have my birth date, but not really, since I gave them a fake one, but I digress... Basically, I don't like having my ISP associate my browsing history with my PII and further making money on it by selling it.
By contrast, to obtain my VPN, I go to the supermarket or drugstore and pay cold cash (actual dollar bills) for whatever gift card is available and accepted by the VPN provider -- Home Depot, Target, Walmart, etc. Since I'm paying cash, there is no personally identifying information associated with the transaction.
Then I use that gift card to pay the VPN provider, and when I enter the gift card number I am given login credentials for the VPN. In essence, I have set up an anonymous account.
Sure, the VPN provider then has my starting
IP address when I make that transaction. That's not a big deal for me as I'm neither a criminal nor a political dissident hiding from the government. But that starting IP address is all they have -- they don't know my actual identity -- and I can immediately change the IP address using the method described in my earlier post.
Again, my threat model is not hiding from the FBI or any other entity that would want to expend resources to find out who I am. If I were a criminal or political activist in an authoritarian regime, I would have additional layers of protection and not just rely on a VPN to hide my identity.