πŸ›‘οΈ VPN Strategy

Choose and use VPNs effectively for privacy and security

⚠️ Critical Disclaimer

No VPN service is endorsed. VPNs are only as trustworthy as the companies running them. This is educational content only. All VPN providers have potential risks and may be compromised or compelled to cooperate with authorities. Jurisdiction, logging policies, and business models matter significantly. Always research current practices and consider your specific threat model.

VPN Reality Check

VPNs are not magic privacy solutions. They shift trust from your ISP to the VPN provider. Understanding their limitations is crucial:

  • Trust shift: You're trusting the VPN provider instead of your ISP
  • Logging policies: "No logs" claims may be misleading or legally challenged
  • Jurisdiction matters: Where the VPN is based affects legal obligations
  • Business model: Free VPNs often monetize through data collection
  • Government pressure: VPN providers can be forced to cooperate

πŸ’‘ When VPNs Are Useful

VPNs are most effective for: protecting against local network surveillance, bypassing geographic restrictions, hiding internet activity from ISPs, and securing connections on public Wi-Fi. They're less effective against: sophisticated state-level surveillance, browser fingerprinting, and social media tracking.

VPN Evaluation Criteria

Critical Factors

  • Jurisdiction: Legal environment and intelligence sharing agreements
  • Logging policy: What data is collected and retained
  • Business model: How the VPN makes money
  • Ownership: Who owns the VPN company
  • Auditing: Independent security audits
  • Warrant canaries: Indicators of government requests
  • Kill switch: Automatic disconnection if VPN fails
  • DNS leak protection: Prevents DNS queries from leaking

VPN Provider Assessment

Mullvad

β˜…β˜…β˜…β˜…β˜…

Jurisdiction: Sweden

Strengths: No personal data required, audited, flat pricing

Weaknesses: EU jurisdiction, limited servers

Payment: Cash accepted, anonymous accounts

IVPN

β˜…β˜…β˜…β˜…β˜…

Jurisdiction: Gibraltar

Strengths: Audited, minimal data collection, kill switch

Weaknesses: Higher price, smaller network

Payment: Cash and crypto accepted

ProtonVPN

β˜…β˜…β˜…β˜…β˜†

Jurisdiction: Switzerland

Strengths: Swiss privacy laws, Secure Core, free tier

Weaknesses: Requires account, limited free version

Payment: Various methods accepted

NordVPN

β˜…β˜…β˜†β˜†β˜†

Jurisdiction: Panama

Strengths: Large server network, marketing budget

Weaknesses: Previous breaches, aggressive marketing

Payment: Standard payment methods

ExpressVPN

β˜…β˜…β˜†β˜†β˜†

Jurisdiction: British Virgin Islands

Strengths: Fast speeds, good apps

Weaknesses: Owned by Kape Technologies, expensive

Payment: Standard payment methods

Free VPNs

β˜…β˜†β˜†β˜†β˜†

Business Model: Data collection and advertising

Risks: Malware, data selling, poor security

Examples: Hola, Hotspot Shield, most free options

Recommendation: Avoid completely

Jurisdiction Considerations

πŸ‡ΊπŸ‡Έ

Five Eyes (US, UK, AU, CA, NZ)

Extensive intelligence sharing. VPN providers may be compelled to collect data or provide backdoors.

πŸ‡ͺπŸ‡Ί

European Union

Strong privacy laws (GDPR) but increasing surveillance cooperation. Data retention requirements may apply.

🏝️

Privacy Havens

Countries like Switzerland, Iceland, and some offshore jurisdictions have stronger privacy protections.

🚫

Authoritarian Regimes

China, Russia, and other authoritarian states may ban VPNs or force cooperation with surveillance.

VPN Configuration Best Practices

Essential Settings

  • Kill switch: Always enable to prevent IP leaks
  • DNS leak protection: Use VPN's DNS servers
  • Auto-connect: Connect automatically on untrusted networks
  • Protocol selection: Use OpenVPN or WireGuard
  • IPv6 blocking: Disable IPv6 to prevent leaks
  • Split tunneling: Avoid unless necessary

Server Selection Strategy

  • Nearby servers: Better performance, lower latency
  • High-traffic servers: More anonymous in the crowd
  • Avoid specific countries: Based on your threat model
  • Multiple servers: Rotate regularly
  • Dedicated IP: Avoid unless absolutely necessary

Multi-Hop and Advanced Configurations

Multi-Hop VPN

  • Concept: Route traffic through multiple VPN servers
  • Benefits: Increased anonymity, multiple jurisdiction protection
  • Drawbacks: Slower speeds, more complex
  • Providers: ProtonVPN Secure Core, IVPN Multi-Hop

VPN + Tor

  • VPN then Tor: VPN hides Tor usage from ISP
  • Tor then VPN: VPN hides exit node activity
  • Tradeoffs: Complex setup, potential timing attacks
  • Use cases: High-threat environments

VPN Limitations and Alternatives

What VPNs Don't Protect Against

  • Browser fingerprinting: Unique browser characteristics
  • Social media tracking: Account-based tracking
  • Malware: Infected devices remain compromised
  • Sophisticated attacks: State-level adversaries
  • Endpoint security: Device-level vulnerabilities

Alternative Privacy Technologies

  • Tor Browser: Onion routing for maximum anonymity
  • I2P: Invisible Internet Project for hidden services
  • Proxy servers: Simpler but less secure
  • SSH tunnels: For technical users

Payment and Registration Privacy

Anonymous Payment Methods

  • Cash: Mullvad accepts cash payments
  • Cryptocurrency: Monero preferred over Bitcoin
  • Prepaid cards: Purchased with cash
  • Gift cards: Some providers accept them
  • Avoid: Credit cards, PayPal, bank transfers

Registration Best Practices

  • Fake information: Use non-identifying details
  • Temporary email: Use disposable email addresses
  • Tor registration: Sign up through Tor
  • Separate identity: Don't link to real identity

Testing VPN Security

Leak Testing

  • IP leak test: Check if real IP is visible
  • DNS leak test: Verify DNS queries go through VPN
  • WebRTC leak test: Test for WebRTC IP leaks
  • IPv6 leak test: Check for IPv6 bypassing

Testing Tools

  • ipleak.net: Comprehensive leak testing
  • dnsleaktest.com: DNS leak detection
  • doileak.com: Multiple leak tests
  • whoer.net: Privacy and anonymity testing

Threat-Specific VPN Strategies

β˜•

Public Wi-Fi

Always use VPN on public networks. Enable auto-connect for open networks. Verify server authenticity.

🌍

Censorship Circumvention

Use obfuscated servers, change protocols, have multiple VPN providers as backup.

πŸ“°

Journalism/Activism

Use VPN + Tor, pay anonymously, use providers in privacy-friendly jurisdictions.

🏒

Business Use

Consider self-hosted VPNs, multi-hop configurations, dedicated IPs for specific use cases.

Self-Hosted VPN Solutions

Advantages of Self-Hosting

  • Complete control: You control logging and data retention
  • Custom configuration: Tailored to your specific needs
  • Cost effective: Cheaper for long-term use
  • No third-party trust: Don't rely on VPN companies

Self-Hosted VPN Options

  • WireGuard: Modern, fast, and secure
  • OpenVPN: Mature, well-tested, widely supported
  • Algo VPN: Automated VPN deployment
  • Outline: Jigsaw's VPN solution

Mobile VPN Considerations

Mobile-Specific Settings

  • Always-on VPN: Enable in device settings
  • Battery optimization: Exclude VPN from battery saving
  • Network switching: Auto-connect on untrusted networks
  • Split tunneling: Avoid to prevent leaks

Quick Start Guide

Immediate Actions (15 minutes)

  1. Research VPN providers based on your threat model
  2. Choose a provider with good privacy practices
  3. Sign up using anonymous methods if possible
  4. Install VPN app and enable kill switch
  5. Test for leaks using testing tools

This Week

  1. Configure VPN on all devices
  2. Set up auto-connect for untrusted networks
  3. Test VPN performance and security
  4. Configure DNS leak protection
  5. Consider multi-hop or VPN+Tor setup

Next Steps

VPNs are one tool in a comprehensive privacy strategy:

Learn Tor Basics Secure DNS Back to Guides