Privacy Guides – IVPN
IVPN have published a few privacy guides to explain the range of anonymity tools, and what and how they will protect you. Not all tools will work for you – they ask what is the threat? In the UK, the threat is probably your government – as the UK operates censorship. The government is also trying to pass a new law, called the “Snoopers Charter”, which allows the government to know every website that you’ve read. I’m a proud affiliate of IVPN, as I can’t find anyone who’s better. I won’t promote anyone else, as nothing compares to them.
Here’s an extract from their threat model:
Will a VPN Protect Me? Defining your threat model
2. Protecting Against Monitoring and Logging by ISPs
- Consider someone who is concerned that their ISP may be monitoring and logging their online activity. They want privacy, and they also want anonymity, in the sense of remaining unassociated with their online activity. But they’re not concerned about hackers, or other real-time adversaries. They’re just concerned that their ISP might, at some point, share logs of their online activity with other potential adversaries.
- Using a reputable VPN service that retains no logs, and that implements perfect forward secrecy, is the least invasive approach for mitigating this threat.
- When a user is connected to a VPN server, their ISP sees only encrypted traffic. Websites and other Internet destinations see the VPN service’s exit IP address, rather than the user’s ISP-assigned IP address. With perfect forward secrecy, an adversary that manages to compromise a particular VPN session can only decrypt data from that session (and not past or future data). Any encrypted traffic logged by the user’s ISP remains secure.
- For this approach to make sense, the user must trust the VPN service more than they trust their ISP. That’s often a straightforward choice (for example, where ISPs are tightly regulated and monitored). If the stakes are high, it may be prudent to distribute trust, so that compromise would require collusion. Using the Tor browser would be the simplest approach. However, given the risk of malicious exit nodes, using end-to-end encryption would be prudent. If hiding Tor use is important, the user could access the Tor network through a VPN service, or perhaps through a nested chain of VPN services.
I’m a proud affiliate of IVPN, as I can’t find anyone who’s better. I won’t promote anyone else, as nothing compares to them.