Privacy - How Your VPN/Private Mail Service could be leaking your identity

There is a new wave of awareness about privacy and personal freedom. Censorship by governments and remote work has increased usage of digital privacy services.

In 2020, users from 85 countries downloaded a VPN product over 277 million times. By 2021 – only one year later – that number had risen to a whopping 785 million downloads Source: Altas VPN

VPN bought via Paypal/Credit Card - Anonymity Broken !

Netflix is not showing you US based shows, or you realize that you do need better privacy when browsing website. You buy a VPN service subscription using Credit Card. It is fast and everything works and you are anonymous now.  Little caveat here - you identity has already been releaved when you made the payment to buy the service!

Your identity has been leaked to VPN service via Paypal which can be easily traced back

Privacy Stack - Its all connected

The important thing here is that all these services on internet are connected. Lets say you are writing an anti goverment article on a blog platform. Obviously it is important to stay anonymous. Here is what you do

  • Connect to internet via VPN
  • Register to blog platform using your email
  • Start writing
  • Make ocassional payments to the blog platform via bitcoin

If you are using a email service like Gmail, establishment could easily request Google to handover over identity and all your email history  which it will do 70% of the time

Any one bad service in the privacy stack could leak your idenity

Privacy Business - Unmasking few White Knights

Digital privacy market is currently worth 1.6 billion  and growing exponentially. Lots of services claim to be the white knight of privacy , however it doesn't take a lots of effort to uncover the skeletons in their closet

Tutanota

Tutanota is the world’s first end-to-end encrypted mail service that encrypts the entire mailbox. It claims

Tutanota is the world's most secure email service

Lets try it out. Looks like the most secure email service requires your real IP address and doesn't allow registration via VPN.

Registered to Tunatota via ExpressVPN

Telegram

Telegram routines claims to be privacy friendly version of whatsapp. The reality cannot be farther than the truth. Few points:

  • Telegram routinely hands over data to authorities
  • Telegram’s usual private and group chats aren't end-to-end encrypted, only secret chats are. This means that your conversations and personal information can be stored on Telegram’s servers and accessed by staff and third parties [Source: NordVPN]
It's amazing to me that after all this time, almost all media coverage of Telegram still refers to it as an "encrypted messenger." Telegram has a lot of compelling features, but in terms of privacy and data collection, there is no worse choice. Here's how it actually works:1/— Moxie Marlinspike (@moxie) December 23, 2021 Signal co-founder and cryptography pioneer Moxie Marlinspike

ProtonVPN

ProtonVPN  routinely features among best VPN services in the world. They claim on their website

Unlike other VPN services, Proton VPN is designed with security as the main focus, drawing upon the lessons we have learned from working with journalists and activists in the field.
ProtonVPN doesn't accept crypto and insists of knowing your identity via Paypal/credit card

Recommendations

Here are some services that we recommend on various levels of the web stack:

  1. VPNs - Express VPN, Nord VPN, Private Internet Access
  2. Secure Email - CounterMail, ProtonMail
  3. Search Engines - Brave, StartPage
  4. Communication - Signal
  5. Blog Platforms - Wordpress, Ghost
  6. Payment Methods - Bitcoin, Bitcoin Cash, Monero

Stay Safe, Stay Private


This is a companion discussion topic for the original entry at https://insights.blockonomics.co/privacy-leaks/