I use VPN, how secure am I from government and big tech?

Here is my setup -

I have a Tiny Windows 11 VM that I run on my main machine. In this VM, I have a very popular VPN application installed. I pay for a subscription with this VPN provider.

I access reddit, twitter and other services exclusively through this VM. I do not access these services outside of this VM without connecting to VPN.

The VPN application is configured to kill internet access if I ever get disconnected from VPN.

I only ever use a browser (Firefox), no other apps are installed on this VM.

My question is - will it be possible for a government or for the service providers (reddit, twitter etc.) to find out my real identity? And also is there anything else I can do to protect my privacy.

Depends on what you do and how much rss they put aside to catch you

VPN only serves to mask your real public IP address. There are many many other ways to track and identify someone, so no, you are not ‘secure’ by virtue of using a VPN. That’s not what they are designed for, despite the marketing hype.

I’m going to suggest you just assume you are in fact not safe from those things pretty much no matter what you do

Government and military intelligence agencies have access to tech 10 to 15 years ahead of the public. If you became a high priority target no VPN will protect you.

I’ve posted about this before, you can grab my post history and you’ll find it. In short the people you need to worry about don’t care about VPNs, they use heuristic matching of behaviors. If I can write one in a weekend that can identify folks at a company with 95%+ accuracy using nothing more than mysql, Squid, and router logs you know damn well an actual trained programmer has made something miles better then I did 20 years ago.

​

Really Short version:

How many people out of 8 billion around 7 AM open 3 tabs with Drudge Report, Slashdot, and Reddit?

Lets Say 400 million.

We’ll call that pattern DSR@7

Then who at 1 PM CST checks ESPN? Lets Say another 400 million.

Well Call that pattern E@7.

But the magic is who has both DSR@7 AND E@7 Thursdays and Sundays But not Mondays?

The answer is 8. 8 people out of 8 billion open those three tabs only on Thursdays and Sundays with a confidence greater than 95%.

This gives us three things:

An identity, An Address, a Behavior.

The question is linking the three. Eventually you screw up and leak something that allows the 4th part: A person, to be associated with the first three at a given time.

No one cares if the address changes a billion times.

If 10.0.0.3 has ABBADC@7d4 on a Thursday and the next day Friday 192.168.2.66 also has ABBACD@7d4 there is a chance that is the same identity. The more behaviors, the more likely.

So if you sampled the traffic at a major core switch and could build a table of behaviors you find out real quick that despite 8 billion people on the planet only a few will share complex behaviors if you take 1 hour sample blocks.

So yeah regardless of VPN unless you can really shake up your viewing habits good old Pr0nhub will help them ID you every time as you search for the same types of videos and those favorite 3 stars with those 2 specific kinks at 11 PM EST because your spouse went to bed an hour ago and it is me time. You then fire up the same 2 hour rain video to help you sleep but don’t check Drudge on Holidays because you work for the state and sleep in on holidays.

VPN attacks prompt Check Point security warning
Check Point has issued a warning about ongoing cyberattacks targeting their Remote Access VPNs, with threat actors using old local accounts with weak password-only authentication to target security gateways. Customers are advised to strengthen authentication methods or remove vulnerable accounts, and to install a new hotfix to block password-only authentication.

You are never secure from a government.

Can you tell me what you mean by this?

I am quite literally a nobody, and if I died tomorrow, I can think maybe 4 people who will care. MAYBE. I am not the FBI. lol.

Understood. Thank you.

They don’t really have access to tech years ahead of anyone else.

They do have extensive knowledge of vulnerabilities of most tech and possess the tools and expertise to exploit those vulnerabilities.

That being said. The expertise and tools are tiered because of resource constraints. The more critical the intelligence target they more resources and expertise directed at exploring it.

Some rando on the internet is not a resource priority.

However, unmasking a VPN is not actually that resource intensive.

So it really comes down to whether you are worth any allocation of resources at all. Most people are not.

Until you are on their radar for something like a tip, interagency report, or you are connected to a person, activity, organization, or threat/crime they are already paying attention.

I am uploading some NES roms to a private tracker, so this information is much appreciated.

The government has a lot of power, they just ignore the small fish until you end up on their radar. Depending on how bad they want you, they will eventually figure out who you are. The weakest point is the VPN provider, they may cough up your info, they may simply be breached by state actors who then can then start checking logs. Your real IP address can be discovered then its only a matter of time. The provider might not save logs which is something you have to take their word but if they get live data it won’t matter.

We must understand that the government has a lot of tools we don’t know about, the Snowden revelations broke the gates on what they were doing and how but I guarantee the government hasn’t been sitting on their hands since then. New tools we don’t know about. You’re at greater risk if your VPN pivot is in a country that’s part of “the eyes” (countries with intelligence agreements, there’s different numbers with varying levels of cooperation). If you’re in the US and you connect through the UK for example there’s a good chance the UK intelligence agencies can get that info even if the provider doesn’t cough it up.

Your ISP for sure will cough up everything about you, some if not all even have special closets for gov to tap data from without their intervention. Again, it’s a matter of if you’re worth expending more than just automated surveillance on.

Edit: to answer your question about what more you can do, run a resident memory only OS like the bookable Linux flavors. Power goes off, everything that OS had going on is gone. You can also use TOR but I don’t have any experience with it. Extra paranoia you connect to public wifi and change your MAC address on the wifi card. If you’re a drug lord or kingpin of kiddie porn even this probably won’t be enough, but if you’re posting edgy memes and talking bad about your gov you’re probably safe, unless you get a big following while talking bad about your gov. Also never underestimate the power of snitches. They don’t even need to know what you’re doing other than “acting weird” and they call a hotline on you.

If you are a drug lord and they are looking for you then you have to watch your back and stay online for very short period of time and be on the move no matter what kind of von you are using.(read about silk road guy)

If you are just using vpn for gambling or streaming and things like that nothing to worry about

No worries but do you honestly think the FBI care when their own die?
They have academies to replace the dead

Thank you for this very detailed explanation.

I absolutely not referring to doing something illegal.

I want to browse nsfw subreddits, and then when I close it, I want to go back to my normal real life. I do not want my online “persona” to interfere in anyway with real life.

I have no intention of doing anything, but I do intend to browse and perhaps interact people, and I do not want those interactions tied to my real identity in any way.

This is all I am looking for.

I am not anything of that sort. Just a loser in life in like most people.

That said, Ross U got caught because he used a gmail account with this name. That led to his downfall. Sadly.

I have a friend like this, he has an iPhone, but refuses to have a Google account logged in because he sure Google will track him wherever he goes. The guy earns like $30,000 a year, does he think Google or the government are very interested in what he does?

That is true…now that you mention it. lol