If you’re just using a VPN, how can your real identity/location be discovered (apart from you blatantly revealing it)?
Please remember that all comments must be helpful, relevant, and respectful. All replies must be a genuine effort to answer the question helpfully; joke answers are not allowed. If you see any comments that violate this rule, please hit report.
When your question is answered, we encourage you to flair your post. To do this automatically simply make a comment that says !answered (OP only)
We encourage everyone to report posts and comments they feel violate a rule, as this will allow us to see it much faster.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
Basically cookies and browser fingerprinting.
So when you first visit a website, it sends you a kind of “file” that your browser automatically saves and attaches to every future request to that site. Websites can use this to identify you. It’s necessary for example to keep you signed in into your accounts, but it’s also abused for tracking. You can avoid tracking cookies by using incognito mode and not signing into any of your accounts.
Browser fingerprinting is more nasty. Essentially, when you visit a website, it sends you some Javascript code that will be executed by your browser. It’s sandboxed, so that code should not be able to access any of the private data on your PC¹, but there are various pieces of information that can be collected. Individually, these may not be suspicious, but in total that’s enough datapoints to uniquely identify and track your browser. For example:
- Browser name and version
- OS name and version
- Screen resolution
- Number of CPU cores
- WebGL vendor
- Browser configuration (e.g. DNT, dark mode, etc.)
- Available sensors
- List of installed languages
- List of installed browser versions
- List of installed fonts
- Time zone
- Approximate location (derived from your IP address)
¹ ignoring side channel attacks (which are totally possible to exploit in JS)
Tor browser might be better (and freer) depending on what you want the anonymity for.
Metadata.
If you truly want to browse anonymously then use a portable OS like Tails:
- you VPN provider can just sell all your data for that sweet advertiser cash
- browser fingerprinting and other tracking tech server-side
- feds just supoena VPN provider for the deets
- because people log into websites whilst on their VPN to check Facebook or do banking
You go to website without VPN. You go to website with VPN. Welcome back says Mr Cookie. Also logging into any website. It doesn’t matter that your VPN keeps rotating that one login or visit without VPN means you are now identifiable. They just remove all the VPN IP addresses till they are left with yours. A lot of VPN’s also keep logs. They may say they don’t’ but that depends on the country they are based. Their servers are also based in countries that have to follow laws. There is no anonymity on the web at least not for you or I without a lot of work.
VPN was never intended to anonymize your traffic in the first place. It will merely redirect your traffic to somewhere else in the world, but if you, say, participate in a federal crime using your computer, the VPN provider usually has a track of your IP and can comply and tell it to the authorities. The primary purpose of a VPN is to create end-to-end encrypted tunnel to somewhere else. So I can, dunno, use FTP over Internet securely, as FTP is insecure protocol itself. But if the tunnel ends up going to the Internet, only thing you did is that you masked your true location and true IP. And due to the reasons mentioned above, even that you did not do properly. Why people thinks using VPN is improving security or privacy puzzles me.
TL;DR: Before you go and look for VPN providers, start with the low hanging fruits and change your DNS server.
There are other leaks with VPN as well, example:
You want to go to superporn5000.com but are ashamed someone might find out. The internet is based on addresses like 123.123.123.123 not domains like superporn5000.com , so who tells your computer that superporn5000.com is actually reachable at the address 123.123.123.123 ? It is a so called DNS server, which is usually run by your ISP. So no matter how private your communication is, your ISP will always know that you are a naughty little superporn5000.com watcher.
When you use a VPN provider, the DNS server of your ISP cannot do this anymore, so who will do it for you? => the VPN provider, so you basically just replaced your ISP with your VPN provider and now you can ask yourself if you trust Verizon more than NordVPN.
There are workarounds like using privacy oriented non profit DNS providers like quad9.com , but you still face the same trust problem with them.
look up device fingerprinting
You are dumb enough to login to a service, maybe your Gmail, and with Google Analytics install on so many sites, well …
Also the VPN knows your IP address and payment details etc.
Because websites, like reddit, look into your browsing history?
I’m really not concerned if someone knows what I’m doing.
PureVPN is more then enough if u dont do nothing crazy Get PureVPN at amazing discounts
How to say you’re a peado without saying you’re a peado
Everything you do leaves a virtual fingerprint in every deviced. So let´s say you use a VPN to access Reddit. You still can be hunted by following from Reddit every single node you´ve connected to.
You’re better off layering a Socks5 proxy over VPN (only really necessary in case your Socks5 drops connection and you need a kill switch. Residential Socks 5 proxies are the way to go to remain fully anonymous once configured correctly. Proxifier (which will turn the Socks 5 proxy into a VPN in effect; where every program goes through that IP) and 360proxy(dot)com layered ontop of a VPN is what SWIM uses for certain activities. The IP’s or entire IP range of many VPN hosts are blocked by many websites (or make you go through captchas like Google, with socks you won’t face this issue), also as they are shared IP’s by many users, whereas residential Socks 5 IP’s are generally not shared by anyone else; effectively you’re connecting to someone else’s internet connection as using it as your own. You can pick which ISP, country and even postcode to connect to.
Browser fingerprinting is more of a concern now anyway than VPN’s. Google Antidetect browsers and there are quite a lot now. From my experience the best ones that offer free plans (if you only need like one or so browser session open at once) are IX Browser, Dolphin{anty}, Incogniton and Orb Browser. You have to configure them correctly though depending on what you’re trying to achieve. The idea isn’t that you’re completely unique to every website as that’s a dead giveaway you’re using an antidetect browser/browser plugins; it’s the opposite, you want to be blending in.
I don’t know the technological answer to this but I do know if 3 letter agencies are able to track your path of nodes across the tor network, vpns ain’t gonna do shit.
Just because i dont see Where you are, doesn’t mean i won’t see What you’re doing
VPN is good for getting around geolocation and torrenting.
But browser fingerprinting is hard to avoid.