Recent Happenings

• Relevant for today’s post: “Technical wizardry used to combat illegal immigration also funnels the personal data and whereabouts of U.S. citizens to federal agents.”

• Why university domains are serving porn websites.

• Science. “The Misinformation Accelerator”

• A ton of screenshots from a celebrity’s phone were floating online.

• Chinese Hackers Spied On Cuban Embassy As US Prepared Blockade. My guess is that they did not use Mythos.

Today’s post is special. Gonzo Lab’s very first commissioned piece. A long time reader timidly posed the question “what VPN do you recommend?” Over here, we pride ourselves in efficient scientific communication. I figured I’d make a quick guide because: the reality of the matter is that choosing a VPN sucks.

Online advice is all over the place. Everything feels like a psyops. There is no way to verify any of their security claims. They might all be owned by the CIA or Peter Thiel or Russia. What does “RAM-only” or “no logs” policy mean. Do you even NEED a VPN???

If your attention span has not yet been obliterated by short-form video content, let me walk you through how you can (try to) prevent Palantir’s surveillance apparatus from inferring what color underwear you are wearing at this exact moment. If your brain has already decomposed, skip to the summary.

What VPNs Do

Commercial VPNs do only one thing: IF the VPN is properly implemented it will route your traffic through their servers so the destination website and intermediaries don’t see what you are browsing. That’s it. Incidentally, because they route your traffic through their servers, you get to spoof your location and access a website as if you are in a different state or country, bypassing geolocation restrictions. Because of this functionality, they can also help bypass censorship both implemented by the destination website or by an Internet Service Provider (ISP).

Does it protect you against malware? No. Does it prevent your data from being leaked online? No. Does it make you anonymous? No.

Pop quiz, what’s the best way to browse the web privately? Answer.

The Technical Bit

When you visit Gonzo Labs, your request travels through your router, your ISP (Verizon, Comcast, whoever), and a few more invisible middlemen before reaching its destination. Think of it like sending a letter through regular mail: each stop reads the address on the envelope.

All intermediaries know you have great taste––since you sent a letter to Substack demanding the epitome of academic journalism on the seedy corners of the Internet. Thanks to modern security standards these pesky intermediaries may not know exactly what you’ve been reading on Substack. But they know you sent a letter to Substack. Eventually, when you leave Substack and open TikTok, they will see that too.

What a VPN does is to act as the recipient of your letter. So instead of your router and ISP seeing that you are contacting Google, Gonzo Labs, Substack, TikTok, etc. they will see you are sending a letter to BigVPN Corp and that BigVPN Corp is replying back. The recipient website will also only see that BigVPN Corp is sending them the letter and not you.

What a VPN Affords You

The main reason you would care about this is if you were afraid that your ISP may be selling your data, or that the Wi-Fi provider at the coffee shop you are working from is selling your data, or that the recipient website is selling your data. These are valid concerns. Advertisers buy your data and know that if you are checking the price of Bitcoin they can advertise to you Finasteride. More concerningly, there is also a big surveillance apparatus (as you can see from the news above) that gobbles your digital crumbs and is ready to weaponize it against you if needed. A VPN could, in theory, make their lives harder.

However, your VPN could also make <their> lives easier. You are essentially entrusting all your browsing traffic to your VPN provider. So if the P in VPN stands for Palantir or Peter Thiel rather than “private” then you are cooked, as the kids would say. By the way, this is part of the reason why schools or companies require you to use a VPN on the machines they issue you: so they can see everything you do.

A big part of choosing a VPN thus comes to a matter of trust. This is also why VPN providers make a fuss about not keeping any logs, for example. The idea is that, if they keep nothing, they have nothing to give to the FBI. The other thing they love to flaunt is the jurisdiction of where they are incorporated. NordVPN claims that Panama is lawless; if it’s good enough for shell companies it should be good enough for VPNs, no? ProtonVPN leverages Swiss ethos. After all, if Switzerland can keep sketchy money in their banks, surely they will keep your sketchy data safe too. Mullvad shields itself under nordic credibility. They also take private cryptocurrencies as payment which is nice to not leave a paper trail.

Unfortunately, a lot of claims from VPNs are hard to verify. There are some external things that you can verify (i.e., whether their implementation is complete ass). For most claims, you just have to take their word for it. We don’t really know whether they keep logs or not or if they feed data directly to Alex Karp’s OpenClaw server. The things that are easily testable are latency and the ability to spoof your location (i.e., performance); the privacy is not.

VPN Advice Floating Online

It came to my attention, when researching VPNs for this blog post, that there’s a lot of trickstery and underhandedness that happens online. The business of VPNs is entirely similar to the business of bogus health supplements: it’s the playground of phony growth marketers.

Most people who spent some time researching VPNs in the 2010s likely came across this famous VPN comparison chart (shown above). This list made a generation of people go for NordVPN. Eventually, the person who created this list stopped updating it. Someone saw an opportunity and hijacked the original URL to now point to a completely phony VPN recommendation website. Similarly, the search “Reddit VPN comparison chart” has been hijacked by threads trying to get you to click their affiliate links, like this one, this one, and this one. I’m showing you these examples so that you are SUSPICIOUS of them, not as an endorsement.

You should be skeptical of these lists because the moment that they are more motivated by money than by giving you actual advice, they put you––dear consumer––at risk. I’m not saying affiliate links = bad. However, they can create misaligned incentives which are exacerbated in industries that are already rife with deceit. In this research, I found this initiative by Consumer Reports very cool. They hired legit academics to do legit research and bring some transparency to the ecosystem (DMs open btw). Wirecutter also has a roundup (although they do make money with affiliate links too). Both CR and Wirecutter recommend Mullvad. Mullvad has not paid me for this review.

Summary

• If you want proper privacy and anonymity. Use Tor.

• If you are tech-savvy, spin up remote virtual machines and make your own VPN.

• If you have Apple devices, iCloud Private Relay (better explained here) is an extremely underrated feature. It’s like an always-on VPN when using Safari.

• Under no circumstances use a free VPN if you want privacy. The only way in which a free VPN makes economic sense is if they sell your data.

• If you want to change your location to access geo-blocked content. Use a paid VPN.

• If you want some mild privacy guarantees:

  • Like hiding from your ISP that you are pirating something (so they don’t send you a scary letter). Use a paid VPN.

• If you use public Wi-Fis a lot. Use a paid VPN.

• If you want to escape advertisers. Use a paid VPN.

  • However, don’t forget that if you use a VPN and log into a website, the website still knows who you are and they can still sell you out :-)

• If you really need a paid VPN, go for Mullvad.

  • They take cold cash and Monero which is nice for privacy.

  • Their client is open source which is nice.

  • And their website’s design seems like it’s made by a company with more technical people than marketers, which bodes well.

Adjacent Reading

• Website: https://vpnalyzer.org/

• Ramesh et al. “All of them claim to be the best”: Multi-perspective study of VPN users and VPN providers

• Ramesh et al. VPNalyzer: Systematic Investigation of the VPN Ecosystem

• Freedom of the Press. An in-depth guide to choosing a VPN