The use of commercial VPNs has increased vastly over the last few years, and Privacy and Anonymity are two of the primary reasons for using a VPN today. However, these two terms indicate different things and are often conflated. It is critical to understand the difference between online privacy and anonymity, as are often used interchangeably in the same context but have significantly different meanings. While one of these is reasonably easy to achieve, the other can be quite elusive.

Privacy vs. Anonymity

Let us try to illustrate the difference between Privacy and Anonymity through a simple example. Suppose you meet your friend at Starbucks for a chat over some coffee. After you place your order, the barista scribbles your name on the cup of coffee before handing it over to you and also has your Credit Card details. Evidently, you don’t have anonymity since everyone in the cafe can potentially know your identity. This is a pretty vulnerable situation since you don’t have any privacy either. People sitting at neighboring tables can eavesdrop and listen to all your conversations even if they are not part of those discussions. This situation exposes you, your friend, and your private chats, with an audience you did not intend to invite into this scenario at all. So, how do we solve this?

The lack of privacy is relatively easy to fix. You can invite your friend to your house and have a private talk behind closed doors. You still have no true anonymity, since everyone in your house knows your real identity and your neighbors have seen your friend walk in. However, assuming that there are no bugs in the room, you do have a very strong level of privacy. No one else is privy to the contents of the discussion that happens within your room.

If you wish to obtain both privacy and anonymity, then there are several ways to do it. You can create a fake identity and book a hotel room. However, even then, someone might recognize you by your appearance. Or someone who helped you forge the identification documents might be able to link your fake identity with the actual identity. There are always increasingly sophisticated steps that you can take to increase your degree of anonymity. However, there’s almost always a trail of breadcrumbs pointing to you.

Privacy refers to the security of the contents of your conversation, while anonymity relates to the safety of your identity.

The situation in the online world is not very different from the reality either. Safeguarding online privacy is a plausible goal, but guaranteeing complete anonymity is often impossible. However, there are steps that we can take to increase our online privacy and anonymity, and that is where VPN becomes an essential tool.

Privacy and Anonymity Through VPN

VPNs enforce the security of content by providing a secure tunnel for your data and by encrypting all data exchanged with your system. Once you start using VPN, your ISP will be able to identify that you are on a VPN network; however, it will not know which websites you are visiting or what information you are sending and receiving. A VPN makes this possible by encrypting all your network communications. Some ISPs, especially in the more restrictive regions of the world might block VPN traffic outright. However, there are superior cloaking techniques that can obfuscate or mask VPN traffic bypassing these restrictions.

Apparently, VPNs if used, control all our network communication and unsurprisingly, one of the biggest risks to privacy comes from the VPN provider itself. Your VPN node encrypts outgoing data and decrypts incoming data. This makes your VPN service provider aware of the websites you are surfing and the files you are downloading. In case the site is not using HTTPS, it’s also privy to the information being exchanged in addition to knowing the websites you are visiting. This makes it important to pick a VPN service that is transparent about its logging practices.

Keeping some connection logs is unavoidable if you are providing a VPN service. Without logging network activities, it becomes nearly impossible to implement device number restrictions and bandwidth caps. That is as far as connection logs go. There is another log that some VPN services maintain which is called a user log. You should avoid any service that keeps extended user logs or does not disclose its logging practices and compliance information transparently.

Privacy and Anonymity Issues with VPNs

Do VPNs guarantee absolute Privacy and Anonymity. The simple answer is absolutely not, and here’s why.

VPN Anonymity Leaks

These are some Anonymity leaks that you should be careful about:

Protect Your Real Identity

A critical check when picking a VPN provider is to ensure that it does not ask for your real identity and accepts payment using crypto-currencies like Bitcoin. Once again, Bitcoin doesn’t guarantee true anonymity either; however, using a Bitcoin along with mixers improves the odds.

Zero Log VPN Services: How Safe Are They?

Many VPN providers maintain time-stamped logs containing the user’s IP address and the visited website. This information can often be enough to identify a user uniquely. Even services that publicly claim to maintain zero-day logs, which are purged after a day. Even these logs are sufficient to lead to a user with no guarantee of anonymity.

A few years back, the user of a zero-log VPN service was tracked quite easily by the police due to user logs being maintained by one of the data centers. You can safeguard against these situations by picking a VPN service provider that owns all of its servers and publicly commits to maintaining no logs. Some VPN services save its users from tracking by adding multiple server hops to the destination website. Although this has a significant detrimental effect on speed and performance, it is an effective way of achieving high anonymity with VPN.

DNS Leaks

Another point of weakness when using a VPN is the DNS service. DNS or Domain Name System is responsible for converting the user-friendly domain names (such as TomsVPN.com) to the actual IP address of the server hosting TomsVPN. The VPN provider compromises your anonymity if it relies on an external DNS service that tracks your browsing habits.

VPN Server Location

Any VPN service that’s located countries that have invasive laws might put a user at risk. If you are serious about your anonymity, a good rule of thumb is to avoid services located in the Fourteen Eyes countries or countries flagged as Enemies of the Internet. These countries have invasive SIGINT (Signal Intelligence) programs or have laws that give the Government the power to compel VPN providers to hand over their data.

Additionally, VPN services might also compromise your anonymity due to limitations or oversights in the technology they are using.

VPN Privacy Leaks

There are various kinds of Privacy leaks that you can be susceptible to:

IP Leaks

This is the most dangerous scenario, where a bug in the software reveals your real IP address. Recent examples include the Heartbleed vulnerability in OpenSSL and a bug in WebRTC.

DNS Leaks

A DNS leak exposes the DNS server that is in use for resolving domain names. While this doesn’t uniquely identify the user, it helps in narrowing a user to a small geographic area. This can happen due to bugs in the application as well as OS.

IPv6 Leaks

The IP-address system currently being used is called IPv4. We are fast running out of available IP addresses, and Internet service providers around the world are slowly moving to the next-gen system called IPv6. However, if your ISP supports IPv6, but your VPN service provider doesn’t, then any third-party that simply sends an IPv6 request your way will be able to see your true identity.

Connection Drops

The scariest and the most common scenario is a connection drop. IF the secure tunnel is interrupted momentarily due to a network issue and data is sent from your system without the VPN, your identity might be compromised. Many of the VPN utilities offer a ‘kill-switch’ that disables your internet connection in case VPN connectivity is lost. However, software solutions are not 100% secure. The software solution will jump into action only after it detects an issue in the private network. Even if your system transfers a single packet before the software kills your network, it exposes your true IP address. The only way to avoid this is through hardware firewalls that are configured to block any traffic that’s not destined for the VPN server.

Conclusion

Whether you are concerned about Government surveillance or want to avoid the prying eyes of marketing companies, VPN is an essential utility. While full anonymity is difficult to achieve, using a VPN goes a long way towards keeping you secure and ensuring your day-to-day privacy.

About the author

Tom's VPN

After spending over eleven years in IT and Cybersecurity, we at Tom's VPN have gathered an immense trove of knowledge on computer networks, online security, privacy, user trends and corporate and government practices.
This blog is an outlet for our thoughts and our attempt at creating a security and privacy aware community.

Leave a Comment