Maybe I’m completely wrong about everything I’m going to say and in that case we can laugh about this theory I guess but here it goes…
Most people are only worried about if the VPN provider is keeping logs or not. But even if they don’t keep logs you could still be tracked by anyone who can see incoming and outgoing connections to the VPN server.
This would be easier to explain if I drew some images but I hope you understand anyway with just text. What it looks like for these adversaries is:
- they know your IP and who you are.
- They see you connect to a VPN server.
- They see VPN server connecting to many different servers and they don’t know which one is you.
But when it comes to number 3, they could actually figure out which one is you.
Obviously, if you are the only person connected to the VPN server they will see that there is no one else besides you using it and then any outgoing connection from the VPN server must be you.
If there are just a few users. Maybe three users are just connected to the VPN server but not doing anything, just idle. Another user is spending time reading reddit. Then you connect to the vpn server and within a minute a new outgoing connection from the vpn server starts and goes to lemmy. Pretty good guess that is you from their perspective. And to make the guess even better, when the connection to lemmy ends, you decide to immediately end your connection to the VPN server. I’m confident this would be enough evidence in a court and then it’s definitely enough for data harvesting and mass surveillance.
All this analysis can be done automatically with AI, even if there are hundreds users on a VPN server, the AI will over a larger amount of time (not just hours but days/weeks/months) collect enough data to be able to profile users and make good guesses which domains you are visiting even if the VPN prpvider doesn’t have logs.
What is the solution to avoid this type of tracking? Tor baby, tor. Leeegggoooo Whonix!
The thing about anonymity that a lot of people don’t get is that there is no such thing as 100% anonymous. Vpn makes it more expensive to track you. Tor makes it more expensive to track you. Good opsec makes it more expensive to track you but ultimately, if you’ve got a target on your back, there is no way to be 100% anonymous.
The thing you gotta ask yourself is, what is your threat model ? Are you hiding from LEO on account of torrents or just want some privacy from corporations? VPN is fine. Are you buying drugs on the darkweb ? TOR is fine. Are you selling drugs on the darkweb ? You probably need a more sophisticated masking network mesh. Are you involved in CSAM or run a darkweb market ? Nothing you do will help you, you are going to get caught, that is a certainty.
Don’t go wasting your precious brain matter on developing a leak free network. There is no such thing. If someone wants badly to track you down, with enough money, they will. Best you can do is be a little bit more trouble than it’s worth to spend on you. For some things, like i mentioned before, there is a cutoff point where you’re as anonymous as you’ll ever be. For others, there is basically unlimited resources to track you. Even using TOR, they can get you at your entry node, like it has happened before, if no one else in your neighborhood is connected to TOR.