I’ve always been wary of VPNs. Even though I’m security-minded, the concept of funneling all my internet traffic through someone else’s server raised immediate red flags. The idea of entrusting my data to a third-party company—one that could say one thing while doing another—felt risky.
Greate post! I'm a believer in using VPNs, and personally use mullvad. The most important thing for people to know about choosing a VPN (your post is much more detailed) is to NEVER EVER use a free VPN.
Response to Dark Marc's "Why I’ve Avoided VPNs for Years—And Why You Might Need One in 2025"
Excellent recap! Although I have heard arguments against using Tor and a VPN together.
One issue with Tor is we can't be sure half the exit nodes aren't under NSA surveillance by now. Some people distrust Tor simply because it was developed by the Navy labs, although I don't think that's actually an issue since any backdoors would have been found by now.
I use Mullvad myself, but only use it rarely, usually just to access sites in countries that are blocked for some geopolitical reason. The reason is simple: I'm not subject to many of the existing threats.
It's simply that I rely on three things: A good password manager (KeePassXC) which generates good quality passwords for the sites I view as critical such as my banking site, a reasonably secure OS (openSUSE Tumbleweed Linux), and an ability to ignore and immediately delete anything that I didn't ask for coming in my email.
I'm not subject to "phishing emails, identify theft, or social engineering" - because I'm not a moron. I may be an old guy, but I don't fall for scams a lot of elderly people will. Perhaps it's because I'm into computer security (I'm training to be a bug bounty hunter), or perhaps it's because I'm naturally suspicious of any social engagement with people after a lifetime of experience with them. "Trust no one" was a motto I adopted back when I was in high school.
That's one's best protection. All the software and communications tech in the world can fail - and it can all be subverted one way or the other if someone wants to and has the patience and resources to do so - but a suspicious, cautious and analytical mind is the best defense. Despite the classic KGB Colonel statement: "There is no firewall for the mind."
I also don't particularly care about "privacy". As long my confidential documents sit on the computer and don't go over the Internet - to ChatGPT or anyone else - I don't care if Amazon knows everything I've bought. There's zero chance Amazon will ever convince me to buy something I don't need or want. I reuse passwords all the time on sites that don't matter because even if someone collects them all, they're not going to get anywhere knowing I'm on those sites.
I have had my debit card compromised in the past - almost certainly due to shoddy security on the few sites I've used it on that weren't Amazon. It's a pain to replace, but I've never lost any significant amount of money because the bank user ID and password are still secure. I don't even use a VPN to connect to my bank because I trust the random user ID and even more random password to keep that secure (along with the SSL between my browser and the bank.)
It's again a matter of keeping control of yourself and behaving rationally (as much as possible for a human chimpanzee.) Keeping your social engagement with others under control is the best way to remain private. In other words, stop posting everything on Meta or X or Instagram or LinkedIn. You'd be amazed how much an OSINT (Open Source Intelligence) operator can determine about your life from that stuff.
Great post man!
Glad you found it helpful! Thanks for reading. 🙏
Greate post! I'm a believer in using VPNs, and personally use mullvad. The most important thing for people to know about choosing a VPN (your post is much more detailed) is to NEVER EVER use a free VPN.
Thanks, Tate!
Yes, agreed on your free VPN's point.
Response to Dark Marc's "Why I’ve Avoided VPNs for Years—And Why You Might Need One in 2025"
Excellent recap! Although I have heard arguments against using Tor and a VPN together.
One issue with Tor is we can't be sure half the exit nodes aren't under NSA surveillance by now. Some people distrust Tor simply because it was developed by the Navy labs, although I don't think that's actually an issue since any backdoors would have been found by now.
I use Mullvad myself, but only use it rarely, usually just to access sites in countries that are blocked for some geopolitical reason. The reason is simple: I'm not subject to many of the existing threats.
It's simply that I rely on three things: A good password manager (KeePassXC) which generates good quality passwords for the sites I view as critical such as my banking site, a reasonably secure OS (openSUSE Tumbleweed Linux), and an ability to ignore and immediately delete anything that I didn't ask for coming in my email.
I'm not subject to "phishing emails, identify theft, or social engineering" - because I'm not a moron. I may be an old guy, but I don't fall for scams a lot of elderly people will. Perhaps it's because I'm into computer security (I'm training to be a bug bounty hunter), or perhaps it's because I'm naturally suspicious of any social engagement with people after a lifetime of experience with them. "Trust no one" was a motto I adopted back when I was in high school.
That's one's best protection. All the software and communications tech in the world can fail - and it can all be subverted one way or the other if someone wants to and has the patience and resources to do so - but a suspicious, cautious and analytical mind is the best defense. Despite the classic KGB Colonel statement: "There is no firewall for the mind."
I also don't particularly care about "privacy". As long my confidential documents sit on the computer and don't go over the Internet - to ChatGPT or anyone else - I don't care if Amazon knows everything I've bought. There's zero chance Amazon will ever convince me to buy something I don't need or want. I reuse passwords all the time on sites that don't matter because even if someone collects them all, they're not going to get anywhere knowing I'm on those sites.
I have had my debit card compromised in the past - almost certainly due to shoddy security on the few sites I've used it on that weren't Amazon. It's a pain to replace, but I've never lost any significant amount of money because the bank user ID and password are still secure. I don't even use a VPN to connect to my bank because I trust the random user ID and even more random password to keep that secure (along with the SSL between my browser and the bank.)
It's again a matter of keeping control of yourself and behaving rationally (as much as possible for a human chimpanzee.) Keeping your social engagement with others under control is the best way to remain private. In other words, stop posting everything on Meta or X or Instagram or LinkedIn. You'd be amazed how much an OSINT (Open Source Intelligence) operator can determine about your life from that stuff.
Amazingly presented. Learned loads of information.