Privacy - How Your VPN/Private Mail Service could be leaking your identity

Privacy -  How Your VPN/Private Mail Service could be leaking your identity
Photo by Tobias Tullius / Unsplash

There is a new wave of awareness about privacy and personal freedom. Censorship by governments and remote work has increased the usage of digital privacy services.

In 2020, users from 85 countries downloaded a VPN product over 277 million times. By 2021 – only one year later – that number had risen to a whopping 785 million downloads
Source: Altas VPN

VPN bought via Paypal/Credit Card - Anonymity Broken!

Netflix is not showing you US-based shows, or you realize that you do need better privacy when browsing websites. You buy a VPN service subscription using a Credit Card. It is fast and everything works and you are anonymous now.  A little caveat here - your identity has already been released when you made the payment to buy the service!

Your identity has been leaked to VPN service via Paypal which can be easily traced back

Privacy Stack - It's all connected

The important thing here is that all these services on the internet are connected. Let's say you are writing an anti-government article on a blog platform. Obviously, it is important to stay anonymous. Here is what you do:

  • Connect to the internet via VPN
  • Register to blog platform using your email
  • Start writing
  • Make occasional payments to the blog platform via Bitcoin

If you are using an email service like Gmail, an establishment could easily request Google to hand over your identity and all your email history which it will do 70% of the time

Any one bad service in the privacy stack could leak your identity

Privacy Business - Unmasking a Few White Knights

The digital privacy market is currently worth 1.6 billion and growing exponentially. Lots of services claim to be the white knight of privacy, however, it doesn't take a lot of effort to uncover the skeletons in their closet

Tutanota

Tutanota is the world’s first end-to-end encrypted mail service that encrypts the entire mailbox. It claims

Tutanota is the world's most secure email service

Let's try it out. Looks like the most secure email service requires your real IP address and doesn't allow registration via VPN.

Registered to Tunatota via ExpressVPN

Telegram

Telegram routines claim to be a privacy-friendly version of WhatsApp. The reality cannot be further than the truth. Few points:

  • Telegram routinely hands over data to authorities
  • Telegram’s usual private and group chats aren't end-to-end encrypted, only secret chats are. This means that your conversations and personal information can be stored on Telegram’s servers and accessed by staff and third parties [Source: NordVPN]
Signal co-founder and cryptography pioneer Moxie Marlinspike

ProtonVPN

ProtonVPN routinely features among the best VPN services in the world. They claim on their website

Unlike other VPN services, Proton VPN is designed with security as the main focus, drawing upon the lessons we have learned from working with journalists and activists in the field.
ProtonVPN doesn't accept crypto and insists on knowing your identity via Paypal/credit card

Recommendations

Here are some services that we recommend on various levels of the web stack:

  1. VPNs - Express VPN, Nord VPN, Private Internet Access [If you are looking to buy a VPN service subscription you can find out more at Privacy Journal]
  2. Secure Email - CounterMail, ProtonMail
  3. Search Engines - Brave, StartPage
  4. Communication - Signal
  5. Blog Platforms - WordPress, Ghost
  6. Payment Methods - Bitcoin, Bitcoin Cash, Monero

Stay Safe, Stay Private