> You are in complete control and have to trust no-one.
I mean, you have to trust the VPN for reasons you enumerate in (1):
> This will do virtually nothing for pseudo-anonymity as your original ISP assigned IP will be quickly linked to your new VPN IP by every single shady data broker out there as you lose the benefit of "being lost in the crowd" when you share VPN exit IPs with hundreds/thousands of other people.
It would be suicidal for a commercial "non logging" VPN to keep track of IPs + timestamps. It also costs money to store this (best DB is no DB), and does not guarantee 1:1 mapping even if it was in place as exit IPs are shared by multiple users at any given moment.
It is suicidal only if there's a way to get caught. also, the full picture of the finances involved isn't always clear – the vpn business may be just a front for some other much more profitable shady business.
Besides, post Snowden, it is silly to still believe in such claims as non-logging. there are many high probability possibilities:
– it is a legitimate business but a secret court order compelled it to install a tap and feed it to secret government agency.
- its not a real business but actually a secret govt security agency's slush fund funded cyber intelligence warfare operation.
- its an unscrupulous mafia funded business running a massive hacking/blackmail operation masquerading as a business.
- its an unscrupulous shady business that's harvesting and selling your personal data to black market data brokers.
You're not wrong. All of those are possible. However some countries are better than others for some points you raised. For example, Canada has no NSL (National security letter) equivalents. We cannot be compelled to covertly log some/all of our users with the current laws on the books. Of course this can change in the future.
Shady businesses are out of scope when it comes to laws, but that's true for any industry. There are ways to protect yourself, if your opsec warrants it, by "double wrapping" and using 2 separate VPN providers simultaneously.
Greed is also a huge factor. Dishonest providers can implement all kinds of SDKs into their software and 2-3x their revenues. This is why its important to use VPNs that offer open source apps you can audit and compile yourself which would protect against some obvious violations, but one can do all kinds of evil shit server side without the end user ever knowing.
There’s no way to inspect whether or not a VPN logs IPs, and even if the exit IPs are shared, the VPN necessarily knows that your IP connected to some remote IP and can log that information irrespective of the exit node. As for the cost of log storage, we’re talking about 64 bits of data per connection—you can log a billion connections for less than $0.25 per month.
I mean, you have to trust the VPN for reasons you enumerate in (1):
> This will do virtually nothing for pseudo-anonymity as your original ISP assigned IP will be quickly linked to your new VPN IP by every single shady data broker out there as you lose the benefit of "being lost in the crowd" when you share VPN exit IPs with hundreds/thousands of other people.