TorrentFreak.com asks “Which VPN Providers Really Take Anonymity Seriously?” for good reasons: people who share files are being tracked down and sued for high sums of money, far in excess of the commercial value of a copy of the work they’re accused of illicitly sharing.
To avoid being found, some users use a VPN or “virtual private network” that can effectively mask a user’s identity by passing the user’s data through another computer before the data is fed to the file sharing network. VPNs are essentially intermediaries that sit between one network and another or different sets of computers.
So TorrentFreak.net posed some questions to some VPN service providers who ostensibly provide some anonymity for their customers, and TorrentFreak.net reported the answers. But there are a few things you should know when you interpret these answers (or any other claim of online anonymity):
- All of their claims are unverifiable. No service provider verifiably gives all comers access to all of their logs. Some providers claims to log nothing. But how would you determine whether they’re telling you the truth? How much trust can you put in a service provider with no real information about them? We face this challenge all the time: how would you know if that restaurant’s dishes are clean enough to eat from? Will your therapist really keep the details of your session a secret? It’s another gamble you’ll have to decide on your own using whatever information you choose to trust.
- One-time verification attempts are useless without complete source code under a free license. If a service provider attempts to prove their trustworthiness by releasing some of their alleged source code, there’s no way to know if they use that code at all. Even a one-time dump of complete corresponding source code under a non-free license (such as one that allows inspection but not making derivative works) is insufficient to prove anything because code rewrites are easy enough that one could put in new code not listed before.
- Even if you get great service today, will the service provider deliver that level of service in the future? Terms of service change. Seemingly small obscure technical decisions made by system administrators have a dramatic effect on your service. People steal equipment: is sensitive information stored anywhere such that stealing the server hardware would reveal what’s really going on? Service providers can sound promising until there’s real pressure on them from bullying nations like the United States.
Also consider the problems you’ll face with intermediaries you don’t directly do business with: the Internet is a network of networks and your VPN is only one host in the chain of computers that route your data between your computer and your intended destination. What about all of those computers that aren’t run by your trusted VPN provider? Do they log information? If so, what is logged? Who would report data in those logs to others?
It’s not easy to securely anonymize data and determine whom to trust.