The only real evidence they give about not using VPN's is when hidemyass proxy gave up some Anon's in 2011.
Yeah, and you have no evidence that I don't have a nice bridge to sell you, so will you buy it?
Trusting by default and requiring evidence to distrust is a poor way to protect your privacy. VPNs - unlike Tor, for example - have no protection against logging by the operators, so why would one trust them? Because they pinky swear they won't log?
>> Trusting by default and requiring evidence to distrust is a poor way to protect your privacy.
Which is pretty much the default for anything you use on your computer.
- You ever install a software program?
- You ever click on a link in your email?
- You ever go to a site that contains malware that installs itself covertly on your PC?
- You ever open a JPG file?
- Use a cloud service?
- Save your pictures to Flickr?
- Ever use social media of any kind?
- Use any Google product or service?
- Use any Microsoft product or service.
The world is FILLED with UNVERIFIABLE information, the fact that people seem to put so much mistrust in a VPN provider when there's thousands of other ways and means to get to your data is well. . .absurd. Talking like you suddenly need some high level of verification that a VPN doesn't log your information when there's literally thousands of other ways to get at that information is completely myopic.
Just like your example with TOR, which recently has been shown to be not only insecure, but readily hackable, yet you seem to trust that far more blindly.
While there's no absolute security, I don't blindly trust random links and JPGs. JavaScript code running in Chromium and IE is actually "tethered" by two sandboxes, exactly because we don't trust it. Can some evade it? Sure. Is it the same as just trusting a statement in a site? No.
As for Google and Microsoft, I don't trust them. I give them my info with the expectation that it'll be shared with governments and other companies. I use their services despite that.
VPNs, on the other hand, are built in order to protect your privacy, so the same reasoning can't be applied.
As Tor, and beyond the fact that you didn't even bother to understand the links you posted (the first it's not even about any flaw in Tor), sure, it can be hacked if one manages to control 3000 nodes or have NSA-like capabilities in breaking crypto keys ($1 billion dollar custom-made chips, from your link!).
But a VPN doesn't even need to be hacked - though they can, and probably with less difficulty than Tor - all the operators need to do is set "log = True" in their configuration files. There is not even a semblance of a protection. It's just pinky swearing.
1. Not even about Tor, rather about Tor Browser, which is a modified Firefox and is optional to use (and 100% unrelated to Tor as a protocol or daemon). Complaints about this can be directed to Mozilla.
2. Pando loves to fear-monger about Tor and draw 'conclusions' without actually supporting them. Notice how they represent a blog post stating "incapacitated" (ie. affecting availability) as "exposed" (ie. affecting confidentiality)? Notice how Pando nowhere actually describes how a lot of 'fake' nodes could supposedly compromise users?
That's because they are not making a technical argument, and they don't understand the internals of Tor. They are just publishing a hit piece that sounds vaguely to the untrained ear like it might have some technical merit, without ever actually proving the assertion they're making. And their implied argument is wrong.
3. Ah, an actual issue with Tor. But look at the operative phrase: "The problem boils down to this – around 90% of Tor users are still using older software which can be hacked." It's an issue that has long been resolved, and was an implementation error rather than a fundamental issue with Tor.
--
You're really not the first to try and claim that Tor is "broken" by pointing at a bunch of articles like this. The reality is that none of it actually means that Tor is broken, and the one attack on Tor that does exist (and that is very expensive to pull off) isn't even clearly described in any of these articles.
If you're going to argue about the technical merit and security of different proxying techniques (because that's what they all effectively are), then at least inform yourself to a point where you actually understand how they work internally. Right now, you just look ignorant.
I think icebrained nicely covered the other few points, aside from "installing a software program" and "cloud services" - in which case, I'd recommend you look into package/executable signing, how it provides some guarantee of consistency, and how you can use it to avoid dodgy software builds. This kind of thing is also exactly why many people avoid proprietary software and 'cloud services', by the way.
Yeah, and you have no evidence that I don't have a nice bridge to sell you, so will you buy it?
Trusting by default and requiring evidence to distrust is a poor way to protect your privacy. VPNs - unlike Tor, for example - have no protection against logging by the operators, so why would one trust them? Because they pinky swear they won't log?