There is a common misconception when it comes to anonymity and privacy for users and VPNs that we felt we should try to clarify. When the goal for a user is to handle all their things as private as possible, or be completely anonymous, the most (seemingly) harmless little detail can make a tremendous difference and compromise every effort made. So given this fragile balance of everything, lets start by the very first thing that needs to be clear, what does it mean to be anonymous online and what does it mean to have privacy.

ANONYMITY

If you are one of those readers who note every subtle use of words (I am not) you may have noticed that I said “be anonymous” and “have privacy”.

That’s the first and one of the most important details: anonymity is not retroactive. Which means, if you know what you are doing, you are going to become anonymous from one point and only from that point that “property” of your identity will be valid.

Before that point in time, you might as well have streamed a live recording of your whole life. Being anonymous basically works as follows: there are certain countries that assign an ID number to all its citizens, so every person born in it can be reduced on paper to that number. If we remove that ID, we are left with all the other details (hair color, height, etc) that aren’t unique, but combine them and you’ll have what we might call a pseudo-ID. Which is quite close to be as good as the actual ID number.

So being anonymous online implies that your pseudo-ID or identifying characteristics make you no different than a big enough group. It’s basically like saying that you are called John Smith, and 90% of the John Smiths of the world have a certain skin color, hair color and so on, and you are one of those. If you are a John Smith with a hair color from the other 10%, you could dye your hair and you’ll be becoming anonymous from that point on (i.e. unrecognizable from the other billion John Smiths).

Being anonymous online basically means becoming a part of an even bigger group of “John Smiths”, so once you are anonymous you should be really complicated to locate in the world. But it’s also a lot harder to become. You might use all the software in the world for anonymity, but at some point you might behave in a certain way (write a word more than another, or type at a certain velocity, or always appear online in the same time frame) and you will be blowing away the cover that you created.

PRIVACY

Privacy works a little different, you can “enable” and “disable” privacy as you wish (if you know what you’re doing and you’re being careful).

An eavesdropper will know you are you, but you can choose whether to let that person see what you are doing or not (hint: use HTTPS or HTTP). Privacy is the concealing of data from people other than you. This data might be a file, or it might be what you are sending and receiving through your WiFi connection every second. Privacy is the door you close when you go to the bathroom, or rather, the door you choose to close.

The main problem with privacy though, is knowing where those doors are and knowing how to close them properly. The main argument against wanting privacy I’ve heard is “I have nothing to hide”. To which I say: do you let other people watch and record you while you’re in the bathroom?

So it’s a matter of boundaries and knowing that those boundaries cannot be broken. It’s knowing that even if you are being recorded in while your bathroom, that camera won’t be capturing anything worthwhile, i.e. the video will be all static. It doesn’t matter which camera you use, it’s not possible for you to see me where I don’t want to be seen. That’s “privacy by design”, but we’ll talk about it more in another post.

HOW DO VPNS WORK?

VPN stands for Virtual Private Network. The idea behind it is not really complex: when you open your browser and enter an URL like google.com and hit the return key, your computer starts sending “network packets” to some other computer, which in turn sends them to some other computer, which in turn… well, and so on, until it reaches one of the computers behind the URL you want to access.

There, it reaches the content you asked for and goes all the way back to your home computer. Jumping from host to host in the middle. Now say you are in a cafe and they have WiFi, if you connect to it and start doing internet things, your “network packets” will go first to the WiFi router and then to the big chain of computers we discussed. So if someone is “standing” in the WiFi router, they can see what you are doing (or part of it). “Oh! Mary is accessing her Gmail account”.

If you use a VPN, what you are doing is basically presetting the first computer your “network packet” will reach once it goes out of yours. Well, not exactly right, but the VPN serverwill be the first computer that will understand what you want to do. So now the person standing in the router can only say “Oh! Mary is accessing this computer” (which will be the VPN server), and that’s all they will be able to see.

If someone is “standing” in the VPN server, they will have the same power the person standing in the router in the non-VPN scenario has. But may be the only person standing there is you, because it’s your computer at home acting as a VPN server, or the computer of someone you trust. Which is great! right? You don’t have to trust all the random coffee lovers that might sit right next to you in that particular day in that particular coffee shop.

WHAT DOES A VPN GIVE ITS USERS?

So VPNs sound really neat, and indeed they are. You can control an important portion of how you are being seen by the outside world. But be careful! “outside world” in this case means something along the lines of “random people in the same coffee shop as you”, not “everyone in the whole wide world”.

VPNs are like ensuring that when you take a shower, only your husband or wife can open that bathroom door, and that’s ok, because you truly trust that person – you choose him or her.

WHAT DOES A VPN NOT GIVE ITS USERS?

Well, what if your significant other lets somebody else inside? That would be an enormous betrayal of your trust!, but it is possible, is it not?

VPNs work kind of in the same way, the people behind the VPN server are the ones in control. If you play your cards right (i.e. use HTTPS all the time), they won’t have complete control, but they will still have some.

Privacy and anonymity do NOT go hand in hand with VPNs, and that’s the end of the story. If you are looking for those two particular words, you must not trust a VPN. If someone tells you “you will be completely anonymous, you’ll have VPN running all the time”, that’s a lie. You’ll have this really neat and handy service called VPN running, and it’ll “save” you from a lot of thing, but it won’t anonymize you, it will just give you some privacy, SOME.

The problem with privacy is that it’s not a binary state, it’s not an ON/OFF switch. It has different scales of ON and OFF. So what do you want to protect? Ask yourself that multiple times, answer it carefully, and then and only then decide whether VPNs give you the privacy you want or not.

THIS IS TOO MUCH INFORMATION, JUST TELL ME HOW TO MAINTAIN MY ANONYMITY AND PRIVACY!

Well I’ve got bad news for you, being truly anonymous might even be called an art. It’s really hard, it has a lot of layers. So if you want to be truly anonymous, I suggest you start reading about all the ways you can compromise your anonymity. Read about how to attack anonymity so you’ll know how to defend yourself.

But first things first! What do you want to protect? For privacy, things are a bit easier. You just need to be careful what software you use and how. Pick software or services that have privacy as their main goal. Always maintain your paranoid alarms in a healthy level. Do not give your trust away easily. You’ll want to use services that use cryptography in some way, they might be using it wrong, but that’s a good start at least. You don’t want to use a service that the only privacy related thing they have is the privacy policy.

So, what do you want to protect?