I’ve always been wary of VPNs. Even though I’m security-minded, the concept of funneling all my internet traffic through someone else’s server raised immediate red flags. The idea of entrusting my data to a third-party company—one that could say one thing while doing another—felt risky.
Response to Dark Marc's "Why I’ve Avoided VPNs for Years—And Why You Might Need One in 2025"
Excellent recap! Although I have heard arguments against using Tor and a VPN together.
One issue with Tor is we can't be sure half the exit nodes aren't under NSA surveillance by now. Some people distrust Tor simply because it was developed by the Navy labs, although I don't think that's actually an issue since any backdoors would have been found by now.
I use Mullvad myself, but only use it rarely, usually just to access sites in countries that are blocked for some geopolitical reason. The reason is simple: I'm not subject to many of the existing threats.
It's simply that I rely on three things: A good password manager (KeePassXC) which generates good quality passwords for the sites I view as critical such as my banking site, a reasonably secure OS (openSUSE Tumbleweed Linux), and an ability to ignore and immediately delete anything that I didn't ask for coming in my email.
I'm not subject to "phishing emails, identify theft, or social engineering" - because I'm not a moron. I may be an old guy, but I don't fall for scams a lot of elderly people will. Perhaps it's because I'm into computer security (I'm training to be a bug bounty hunter), or perhaps it's because I'm naturally suspicious of any social engagement with people after a lifetime of experience with them. "Trust no one" was a motto I adopted back when I was in high school.
That's one's best protection. All the software and communications tech in the world can fail - and it can all be subverted one way or the other if someone wants to and has the patience and resources to do so - but a suspicious, cautious and analytical mind is the best defense. Despite the classic KGB Colonel statement: "There is no firewall for the mind."
I also don't particularly care about "privacy". As long my confidential documents sit on the computer and don't go over the Internet - to ChatGPT or anyone else - I don't care if Amazon knows everything I've bought. There's zero chance Amazon will ever convince me to buy something I don't need or want. I reuse passwords all the time on sites that don't matter because even if someone collects them all, they're not going to get anywhere knowing I'm on those sites.
I have had my debit card compromised in the past - almost certainly due to shoddy security on the few sites I've used it on that weren't Amazon. It's a pain to replace, but I've never lost any significant amount of money because the bank user ID and password are still secure. I don't even use a VPN to connect to my bank because I trust the random user ID and even more random password to keep that secure (along with the SSL between my browser and the bank.)
It's again a matter of keeping control of yourself and behaving rationally (as much as possible for a human chimpanzee.) Keeping your social engagement with others under control is the best way to remain private. In other words, stop posting everything on Meta or X or Instagram or LinkedIn. You'd be amazed how much an OSINT (Open Source Intelligence) operator can determine about your life from that stuff.
Greate post! I'm a believer in using VPNs, and personally use mullvad. The most important thing for people to know about choosing a VPN (your post is much more detailed) is to NEVER EVER use a free VPN.
I”m not sure, I’d need to do more research. Generally speaking, non-profits, if reputable are more trustworthy than random 3rd party companies offering free VPNs, but I recommend some due-diligence and research on both. My 3 minute research seems like they might be okay
This was a very informative read. Truly appreciate the education and the time you took to write this. I have set on the sidelines exactly for the reason you mentioned, lack of trust in a single company. But I feel better armed now with broadened set of tools. Thank you
I've been using ExpressVPN for 5 years. Only every had 1 issue which support dealt with pronto. Speeds are as fast as if I wasn't using it. Affordable and stable.
We use it too and haven’t had any issues, but I am definitely not experienced or an expert on this stuff. I’m not sure I’d even know if there was a problem. But it’s easy to use and fast, with lots of location options to connect.
I use Express VPN on and off. Sometimes, websites don't work when I use a VPN. Once, Instagram suspended me when I used Express VPN, location US, on my phone, but didn't use a VPN on my PC (I'm in Japan) -- perhaps they thought I was a hacker or something.
Thank you for a great post and forensic detail. I use Proton, but I was concerned by Yen’s recent support of the Republican party in the US. Does this weaken Proton’s security claims?
Great article, it seems that discussion on VPNs has been drowned out by the multitude of paid advertisements and it still shocks me how many journalists and activists, for instance, are still not using encryption or taking any measures to protect themselves and those they contact.
Anyway I enjoyed your writing and I thank you for the time and work it took to execute!
Thanks for the valuable information. If I may, I have one question. Some time ago, I read that those who stream via Hulu, Apple, and Netflix have had difficulties when using a VPN. Perhaps streaming services themselves are a security risk. What do I need to know?
In life, privacy often comes down to personal tolerance. Streaming services blocking VPNs isn’t necessarily a security risk but more of a privacy issue. They want to prevent VPN use so they can track your viewing habits, enforce regional restrictions, and collect data for targeted ads and recommendations.
If you want to use these services, some level of tracking is unavoidable. One option is to temporarily disable your VPN while streaming, then turn it back on afterward. There are also other ways to reduce tracking, like using browser extensions or network-level blockers, but some data collection is built into the platform itself. It’s all about deciding what trade-offs you’re comfortable with.
Response to Dark Marc's "Why I’ve Avoided VPNs for Years—And Why You Might Need One in 2025"
Excellent recap! Although I have heard arguments against using Tor and a VPN together.
One issue with Tor is we can't be sure half the exit nodes aren't under NSA surveillance by now. Some people distrust Tor simply because it was developed by the Navy labs, although I don't think that's actually an issue since any backdoors would have been found by now.
I use Mullvad myself, but only use it rarely, usually just to access sites in countries that are blocked for some geopolitical reason. The reason is simple: I'm not subject to many of the existing threats.
It's simply that I rely on three things: A good password manager (KeePassXC) which generates good quality passwords for the sites I view as critical such as my banking site, a reasonably secure OS (openSUSE Tumbleweed Linux), and an ability to ignore and immediately delete anything that I didn't ask for coming in my email.
I'm not subject to "phishing emails, identify theft, or social engineering" - because I'm not a moron. I may be an old guy, but I don't fall for scams a lot of elderly people will. Perhaps it's because I'm into computer security (I'm training to be a bug bounty hunter), or perhaps it's because I'm naturally suspicious of any social engagement with people after a lifetime of experience with them. "Trust no one" was a motto I adopted back when I was in high school.
That's one's best protection. All the software and communications tech in the world can fail - and it can all be subverted one way or the other if someone wants to and has the patience and resources to do so - but a suspicious, cautious and analytical mind is the best defense. Despite the classic KGB Colonel statement: "There is no firewall for the mind."
I also don't particularly care about "privacy". As long my confidential documents sit on the computer and don't go over the Internet - to ChatGPT or anyone else - I don't care if Amazon knows everything I've bought. There's zero chance Amazon will ever convince me to buy something I don't need or want. I reuse passwords all the time on sites that don't matter because even if someone collects them all, they're not going to get anywhere knowing I'm on those sites.
I have had my debit card compromised in the past - almost certainly due to shoddy security on the few sites I've used it on that weren't Amazon. It's a pain to replace, but I've never lost any significant amount of money because the bank user ID and password are still secure. I don't even use a VPN to connect to my bank because I trust the random user ID and even more random password to keep that secure (along with the SSL between my browser and the bank.)
It's again a matter of keeping control of yourself and behaving rationally (as much as possible for a human chimpanzee.) Keeping your social engagement with others under control is the best way to remain private. In other words, stop posting everything on Meta or X or Instagram or LinkedIn. You'd be amazed how much an OSINT (Open Source Intelligence) operator can determine about your life from that stuff.
Greate post! I'm a believer in using VPNs, and personally use mullvad. The most important thing for people to know about choosing a VPN (your post is much more detailed) is to NEVER EVER use a free VPN.
Thanks, Tate!
Yes, agreed on your free VPN's point.
What about riseupvpn or calyx institute VPN. Is it both a scam?
I”m not sure, I’d need to do more research. Generally speaking, non-profits, if reputable are more trustworthy than random 3rd party companies offering free VPNs, but I recommend some due-diligence and research on both. My 3 minute research seems like they might be okay
This was a very informative read. Truly appreciate the education and the time you took to write this. I have set on the sidelines exactly for the reason you mentioned, lack of trust in a single company. But I feel better armed now with broadened set of tools. Thank you
Great post man!
Glad you found it helpful! Thanks for reading. 🙏
What about ExpressVPN? It is much talked about, and I was slighlty surprised not to see it listed anywhere.
I've been using ExpressVPN for 5 years. Only every had 1 issue which support dealt with pronto. Speeds are as fast as if I wasn't using it. Affordable and stable.
We use it too and haven’t had any issues, but I am definitely not experienced or an expert on this stuff. I’m not sure I’d even know if there was a problem. But it’s easy to use and fast, with lots of location options to connect.
Fantastic summary of all of this, Marc!!!
I use Express VPN on and off. Sometimes, websites don't work when I use a VPN. Once, Instagram suspended me when I used Express VPN, location US, on my phone, but didn't use a VPN on my PC (I'm in Japan) -- perhaps they thought I was a hacker or something.
Thank you for a great post and forensic detail. I use Proton, but I was concerned by Yen’s recent support of the Republican party in the US. Does this weaken Proton’s security claims?
This is an excellent post and has given me new tools to work with! Thanks!
Amazingly presented. Learned loads of information.
I see Mullvad recommended a lot. Why is that given it’s in a Fourteen Eyes country? Same with iVPN - Gibraltar is a British territory after all.
Thank you. Great information
Great article, it seems that discussion on VPNs has been drowned out by the multitude of paid advertisements and it still shocks me how many journalists and activists, for instance, are still not using encryption or taking any measures to protect themselves and those they contact.
Anyway I enjoyed your writing and I thank you for the time and work it took to execute!
Thanks for the valuable information. If I may, I have one question. Some time ago, I read that those who stream via Hulu, Apple, and Netflix have had difficulties when using a VPN. Perhaps streaming services themselves are a security risk. What do I need to know?
In life, privacy often comes down to personal tolerance. Streaming services blocking VPNs isn’t necessarily a security risk but more of a privacy issue. They want to prevent VPN use so they can track your viewing habits, enforce regional restrictions, and collect data for targeted ads and recommendations.
If you want to use these services, some level of tracking is unavoidable. One option is to temporarily disable your VPN while streaming, then turn it back on afterward. There are also other ways to reduce tracking, like using browser extensions or network-level blockers, but some data collection is built into the platform itself. It’s all about deciding what trade-offs you’re comfortable with.
Thank you for this!
I have two I use😂😂
Impressed.. A real deep dive.
As a plain User with little to no expertise I' m glad to be a Proton client since 2 years. Highly content