OK, but then you need to trust the VPS provider, and there's no way to verify that either.

Also, using your own VPN, you're likely the only one using it. There's zero anonymity. And so an adversary would figure that out, and then focus on the VPS provider.

The sad truth is that you can't trust anyone. So your best option is distributing trust. That way, compromise depends on collusion among providers. Or on their joint compromise by your adversaries.

That's how Tor is designed. User traffic gets routed through three relays. User clients pick the relays in advance, for each circuit. The first (guard) relay only knows the IPs of the user and the second (middle) relay. The middle relay only knows the IPs of the guard and the third (exit) relay. And the exit relay only knows the IPs of the middle relay and the internet resource.

And you can do the same thing with VPN services. That is, nested VPN chains. You can do it either using multiple pfSense VMs as VPN gateways.[0] Or less securely, just with routing and iptables.[1,2]

0) https://www.ivpn.net/privacy-guides/advanced-privacy-and-ano...

1) https://github.com/TensorTom/VPN-Chain

2) https://github.com/mirimir/vpnchains

Do DIY clouds give you anonymity? I assume that if I run my traffic through a VPN server in AWS and I am the only one operating and using the server, anything I do on that VPN can be traced back to me.

No, they (usually) don't. In fact, given that your ISP likely rotates your IP more often than your AWS server, rolling your own VPN may in fact be a decrease in anonymity in some cases.

The benefits to privacy would be:

- It may still make it harder for your ISP to track you, which can be worthwhile.

- It can still be useful to help hide your physical location, since your IP won't be in the same county as you. That's also not nothing.

For 3rd-party sites, you'll be making your traffic easier to correlate across domains, locations, etc... Up to you whether or not that's part of your threat model.

I run a VPN server via Vultr, and I've wondered if it would be worth the hassle to rotate instances once a week to solve this issue. So, every week, run a script that spins up a new instance, sets up the VPN, and shuts down the old one. If you use DNS to point to the server instead of a static IP address, this can be automated completely without even touching the VPN clients. Hell, if it works well enough, I don't see why you couldn't do this every night.

I recently saw a comment from someone really dedicated to privacy (I think they said they were a journalist) who scripted this via Streisand. They set up a new instance at the start of each day as part of their normal workflow. So I'm sure it's possible, and maybe not even too much of a hassle once you have the scripting in place.

The ISP retains records. It's not uncommon to get letters from your ISP telling you to stop torrenting that blockbuster movie you torrented last week because some law office reported your IP address at the time. So clearly someone can ascertain your identity through legal discovery if you just use your ISP.

You're right. I divide VPNs up into 3 choices:

- Rolling your own VPN (control your own infrastructure)

- Using an existing VPN service (crowd-based anonymity)

- Doing nothing (privacy nihilism)

Each decision has their own benefits and tradeoffs. If you're someone who torrents, you should probably be using crowd-based anonymity. If you really dislike the trust relationship you have with your VPN and you're technically inclined, you can roll your own VPN. If you don't want to spend the time worrying about this stuff, setting up a VPN on its own and doing nothing else won't make you private anyway.

I (very cautiously) lean towards advising people to use an existing VPN service, but that's not a strong opinion. I do think people who argue that rolling your own VPN is the only sensible choice are either full of crap, or haven't thought through the actual threat models real people face.

There's a big movement in some portions of the security industry to say that moving trust around isn't valuable, and that doing nothing is better than centralizing your trust. I'm not going to mince words, I think that's a really dumb perspective.

Thanks for the perspective. Very interesting.

> your ISP likely rotates your IP more often than your AWS server

Sure, but they retain records.

AWS also has records which IP was associated with which account at any given time.

Yes. As does every provider of servers, VPS and cloud services.

If you're going to mention this point, then you need to mention that by rolling your own single-user VPN, you now no longer have plausible deniability.

If the premise is that you can't trust VPN providers then it may be better to forgo the promise of plausible deniability in the first place.

Some VPN companies have been tested in court. Some have failed. Some have not. The latter group lends evidence to the possibility that they are telling the truth.

It "misses the point" in the sense that it wasn't what the article was about at all, I suppose. Ultimately the point was that people need to be aware of VPN reviewer's practices, it is definitely not encouraging the use of a VPN. Otherwise I'd agree with you, which is why we wrote about and recommend self-hosting with Outline: https://blog.privacytools.io/self-hosting-a-shadowsocks-vpn-...

> VPN providers are asking you to trust them, and there is no way to verify that.

I don't trust my VPN provider. But I do trust Swiss privacy laws. At least more than I trust my American cable provider.

This is why I desperately want Apple to build a VPN service. They are already committed to privacy, and they've got a lot more to lose than some fly-by-night VPN service.

> They are already committed to privacy

They're also already committed to censorship, so I don't fathom how they'd run a VPN service.

Apple is vulnerable to a national security letter. They can stop your ISP from spying on you, but your data will still be shared with any number of 3 letter agencies and will still likely be vulnerable to logging and pressure from the media industry to accept and process DMCA notices for their VPN users. Apple won't say no if the RIAA threatens to pull content away from itunes.

I predict Cloudflare will be the first major provider. If they don't already count (they have already done phones).

I only need to trust them more than my ISP.

...so instead of a VPN provider you put your trust in (a vps hosted by) Amazon or Google?

Think about the risk trade offs: Honest Bob’s VPN and Bait Shack is a niche business, probably an LLC or equivalent which can fail, leaving most of the assets untouchable, and the people behind it can just setup another shell company and start over.

Google, Amazon, etc. are huge businesses which get a ton of scrutiny by large business and government customers: if they get caught cheating, especially in a way which jeopardize customer data, they’ll lose orders of magnitude more money than any VPN user is worth and as a publicly traded company in the United States they’re going to have a much harder time avoiding legal consequences.

I respectfully disagree;

> and the people behind it can just setup another shell company

I think this may be true for the smaller ones, but not for the larger companies, like for example ProtonVpn. They would loose their entire business if they get caught "cheating".

> Google, Amazon... if they get caught cheating... For example Google is getting caught with privacy violations constantly/on a regular basis. For example lately they were caught following Android devices even with Location Services turned off!