> you replace trusting your ISP with trusting a different group of unknown people with similar motivations
I've always seen this argument but it's never made sense to me.
For starters I absolutely don't trust my ISP. I know they are collecting, storing, likely selling my data and that they are 100% going to comply with any government requests from my government (I don't even trust that they would only respond to legal requests).
Years ago I used to use AirVPN. They claimed:
> AirVPN started as a project of a very small group of activists, hacktivists, hackers in 2010, with the invaluable (and totally free) help of two fantastic lawyers and a financing from a company interested in the project and operated by the very same people.
Maybe they're lying but at least there's some chance they actually care about privacy.
But even if they don't care about privacy at all and are lying, at the very least they are based in Italy and have their servers spread throughout Europe. Additionally you can pay via crypto (which gives you more anonymous payment options than your ISP). Simply being in another country then the one I live in makes it much harder for my government to arbitrarily request my data.
Yes if I want to do highly illegal activity that is going to get my government interested in me I absolutely don't think that would be enough. But if I want privacy from routine surveillance this seems like a fantastically better option that 100% giving up.
Use an alternative DNS server, Firefox/Brave/Ungoogled Chromium, uBlock Origin, and disable JavaScript everywhere you can possibly help it. As far as reclaiming some privacy from routine surveillance, this is probably better advice than "Pay Unknown Company X $9/mo to maybe be slightly better than your ISP in terms of privacy".
Well, except that disabling js doesn't prevent you from having a browser fingerprint. In fact, it will make it even more unique and therefore easier to trace.
So not sure what you are referring to
>*are collecting, storing, likely selling my data and that they are 100% going to comply with any government requests from my government (I don't even trust that they would only respond to legal requests).*
The first one would know that you are talking to the second VPN. The second VPN would know that VPN1 User is talking to facebook.com. In principle, neither of them has the full picture. In practice, you may leak enough information that both of them could get the full picture.
That seems like a great technique if it is correct.
Seems obvious to me that many of the top VPN providers are operated by intelligence agencies or have ties to data brokers: they can afford to operate the services at an initial loss for the benefit of information learned later.
For example, touting that a VPN is operated outside of a country with ties to the “five eyes” doesn’t seem like a benefit, it likely means they can operate with impunity on your data.
But VPN A has to relay the request for facebook.com to VPN B, meaning that VPN A has to be aware of the user's final destination. If my interpretation of this is incorrect, then how does VPN B become aware of the request for facebook.com?
VPN A knows there was a request to VPN B, that's it. The request is encrypted on twice the client. VPN A removed it's encryption but is only left with an encrypted request to VPN B. VPN B then removes it's encryption and then forwards the request to fb.com.
VPN A only sees a request to VPN B. Because of that they don't need to know anything about the final destination or even that there is a final destination beyond VPN B.
VPN A receives a packet that says "carry this (encrypted_ payload to VPN B Gateway IP". VPN B Gateway receives that packet and decrypts the payload. The payload says "send this (encrypted) payload from VPN A customer IP to facebook.com".
I've always seen this argument but it's never made sense to me.
For starters I absolutely don't trust my ISP. I know they are collecting, storing, likely selling my data and that they are 100% going to comply with any government requests from my government (I don't even trust that they would only respond to legal requests).
Years ago I used to use AirVPN. They claimed:
> AirVPN started as a project of a very small group of activists, hacktivists, hackers in 2010, with the invaluable (and totally free) help of two fantastic lawyers and a financing from a company interested in the project and operated by the very same people.
Maybe they're lying but at least there's some chance they actually care about privacy.
But even if they don't care about privacy at all and are lying, at the very least they are based in Italy and have their servers spread throughout Europe. Additionally you can pay via crypto (which gives you more anonymous payment options than your ISP). Simply being in another country then the one I live in makes it much harder for my government to arbitrarily request my data.
Yes if I want to do highly illegal activity that is going to get my government interested in me I absolutely don't think that would be enough. But if I want privacy from routine surveillance this seems like a fantastically better option that 100% giving up.