this post was submitted on 19 Jun 2026
41 points (100.0% liked)

Privacy

10051 readers
352 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 3 years ago
MODERATORS
iopq@lemmy.world
41
How will a VPN aid in privacy? What will a VPN not do for privacy? (lemmy.dbzer0.com)
submitted 2 days ago by west2seven@lemmy.dbzer0.com to c/privacy@lemmy.world
21 comments fedilink hide all child comments
 

As the title says. Im trying to migrate towards privacy based choices all around. A VPN has been tough, I cant access some websites and i dont think i could convince my wife to adopt using it. I still use it anyway.

top 21 comments
sorted by: hot top controversial new old
[–] AmbitiousProcess@piefed.social 12 points 1 day ago (2 children)

A VPN will protect you from your ISP, your router, or any public network you connect to knowing which specific domains you go to. (HTTPS protects the rest, so without a VPN they might be able to see you visit socialmedia.com but not socialmedia.com/thisspecificperson/thisspecificpost, and with a VPN, all of your traffic would just look like your computer > VPN company)

A VPN won't protect you from the places you visit online fingerprinting you with anything other than your IP address. If a site can see your screen size, installed extensions and fonts, what graphics capabilities your computer has, the username of your account, your typing style, browser version and type, etc, it's not gonna be hard to figure out that you're the same person whether or not your VPN is on.

Use a VPN if you don't trust your current network, or your internet service provider to not log what domains you go to. (or to circumvent region-blocked content by connecting to a server in that region) Don't use a VPN if that doesn't matter to you. Everything else about your privacy will likely remain identical otherwise.

[–] voxel@feddit.org 3 points 1 day ago (1 children)

Best comment so far.

[–] minorkeys@sh.itjust.works 2 points 1 day ago (1 children)

Is there anything that blocks all that other stuff, too?

[–] AmbitiousProcess@piefed.social 4 points 22 hours ago* (last edited 21 hours ago) (1 children)

There's no way to "block" it, as it's components that are inherent to how the web works. If you have a screen, it has a size, and if you go to a website, it can tell what size it is, for example. However, you can obfuscate or normalize some things.

Your best bet would be using something like the Tor browser (or Mullvad browser if you also use Mullvad VPN and don't want to deal with all the baggage the Tor network has), since it can limit your screen size so EVERYONE using the Tor browser has the exact same size "screen" to any website you visit, thus eliminating that as a data point, and all the Tor browsers are also running the same browser engine, going through the same overall network, etc:

https://support.torproject.org/tor-browser/features/fingerprinting-protections/

But at the end of the day, there's no way to reliably block all of it. The internet just relies on a lot of different things, and even a couple consistent data points can identify you. Hell, even using a VPN identifies you as "person using a VPN" vs just "person using the internet without a VPN", which is one more data point that could be correlated with the others.

[–] minorkeys@sh.itjust.works 2 points 21 hours ago (2 children)

So we need a new internet then?

[–] AmbitiousProcess@piefed.social 1 points 8 hours ago

A "new internet" wouldn't really fix this.

For example, if a site wants to display a page, it NEEDS to know how wide your screen is, otherwise the page will just look fucked up because everything will either be so wide it's past your screen's width, or so short it's a narrow bar in the middle.

Same goes for if a site wants to display certain rendered content. It can't do that without using some form of rendering engine like WebGL (and a "new internet" would still need some kind of engine to have that kind of rendered elements, even if it wasn't WebGL specifically). Your exact, specific hardware, current program utilization, and minute differences in power usage will ALWAYS produce some form of unique fingerprint. You can use extensions like CanvasBlocker to help with this, but it's not a guarantee and will break some rendering functionality. Then, the fact your browser blocks these functions is another data point that could track you. The lack of something is just as identifiable as having something as a data point.

Essentially, you can't have the features of the web without also making it known to a site that your browser supports (or actively doesn't support) those features. Even a "new internet" or entirely different set of browser and web frameworks wouldn't remove fingerprinting, it would just mean fingerprinting is done by whatever new methods now exist.

Even if you as a person simply type a given way, you can be identified by your typing styles. For example, I tend to use both "simply" and "for example" a lot more than other people, as you literally just saw. If you tend to use the internet around a given time, your time zone can be inferred. Unless you want technology that fully rewrites everything you say in a standard, robotic tone 100% of the time, and also delays some of your web requests by 12 hours to throw off time fingerprinting, you can't avoid that.

Try https://coveryourtracks.eff.org/ and it'll give you a good sense of how many different things could fingerprint you. If you want to block ads, a site can know you block them. If you want to stay logged into ANY website after you close a tab, it'll know you save cookies, etc.

As someone else mentioned, legal protections are best here, as the largest actors that use these fingerprinting techniques are usually corporate, legally registered entities that run ad networks, and if fingerprinting as a concept can't be "blocked", then people's legal right to do so is your next best option.

[–] mirshafie@europe.pub 3 points 19 hours ago* (last edited 19 hours ago)

Yes, or atthe very least laws that forbid fingerprinting outright.

[–] PP_BOY_@lemmy.world 23 points 2 days ago

A VPN prevents your ISP from seeing exactly what websites you're visiting. Depending on your local laws and censorships, this can be either the difference in a jail sentence or a letter saying "don't download Green Day America Idiot again >:("

A VPN doesn't prevent digital fingerprinting, user accounts/profiles from being created, or dark tracking. It's entirely possible to be identified even with a VPN; you can't eat your cake and have it too.

Tl;dr you should really consider your VPN as just a shield from your ISP seeing where you go. It's not a one-click solution to anonymity, it's just one layer of many in a good opsec solution

[–] megopie@lemmy.blahaj.zone 13 points 2 days ago (1 children)

It hides traffic from your ISP or cellular provider. Who are monitoring your traffic and location and selling that information in aggregate to 3rd parties.

It also conceals your location from websites and makes it a little harder to ID you. Websites have other methods of identifying you, cookies, device specs, the type of browser you’re using, patterns of usage, ect ect. Hiding your IP takes one point of data away from them but is basically useless if you’re not taking other steps like disabling certain browser functionality.

I found that a lot of sites will throw a lot more of a fit from VPN usage on a mobile device than they do from a desktop.

[–] voxel@feddit.org 3 points 1 day ago (1 children)

A VPN does not strictly hide your location. There is a lot of information that is shared with the websites you visit, e.g. your preferred language, timezone, etc.

A VPN can only change the IP-Address which also reveals information about your approximate location. In my case it is often times a city in another state, not very accurate.

[–] megopie@lemmy.blahaj.zone 1 points 19 hours ago

I know, I’m just trying to speak in generalities for the sake of clarity.

[–] artyom@piefed.social 8 points 2 days ago (1 children)

VPN encrypts your traffic and obscures it from your ISP, as well as the server you're reaching out to.

Unfortunately a lot of people use VPNs to hide their malicious activity, and for that reason, many sites will block the connection. It's unfortunately just the way it is.

[–] voxel@feddit.org 2 points 1 day ago (1 children)

(...) as well as the server you're reaching out to.

No, the server you reach out to sees the full traffic because that is the server your device is communicating with. It is only routed over the VPN, which acts as a middle person.

[–] artyom@piefed.social 1 points 1 day ago

I meant your request origination is obscured.

[–] mufkin@lemmy.zip 2 points 2 days ago

https://en.wikipedia.org/wiki/Virtual_private_network

[–] unitedwithme@lemmy.today 1 points 2 days ago* (last edited 2 days ago) (1 children)

OK, I've posted this elsewhere and took a moment to find it:

  1. Phone on airplane mode (eliminates WiFi/BT cellular & GPS tracking)

  2. run physical mobile hotspot device for data (like Calyx hotspot - +1pt if you pick Moxee or Orbic model to also run rayhunter from EFF)

  3. connect to hotspot over WiFi with random MAC addresses (effectively eliminates IMSI tracking)

  4. Enable a solid VPN with Kill switch. (Helps hide location and other usage from ISP)

  5. Use e2ee chat/text/phone apps over WiFi like Signal, SimpleX, XMPP server or app (servers=Jabber, Prosody, Snikket, etc apps are Cheogram, Snikket, Conversations - eliminates carrier tracking to an extent unless you can also get your friends and family on it)

  6. Run a degoogled OS with profiles capability

  7. Run alt app stores - preferably F-Droid or something without Google services

  8. Run Firefox forks like Librewolf or Waterfox or even Ironfox with Port Authority and Privacy Badger extensions

  9. Use a more private search engine or host your own. I like Ecosia which does have some ads, but they're not evil (yet) and help with reforestation. There are others, I forget names. Someone can add to this list.

  10. Something you can do to help your wife though, without running anything additional, run an adblocker like Pi-hole, Adguard, eBlocker, or Technitium

Bonus: focus on FOSS and/or other non-US tech based companies. Proton, Mullvad, Nord, and US/CAN based goodness are EFF, Calyx Institute, Privacy4Cars, so many more

That's a solid start, some easier than others obviously. Others should add to this list!

Edit: duh, forgot to say use a private email like Proton mail where you can use aliases and also SimpleLogin for additional domains/addresses that forward. I use those for insurance shopping, car shopping, or other stuff you have to have an email to communicate, and when you're done, just delete or deactivate the alias to cut spam or data being sold.

[–] iopq@lemmy.world 2 points 1 day ago (1 children)

I just use a VPN app on the phone. You can prevent the phone from connecting directly and always to connect through the VPN

[–] unitedwithme@lemmy.today 1 points 1 day ago (1 children)

Yes, that sounds like the kill switch so no connections go through without the VPN.

[–] iopq@lemmy.world 1 points 21 hours ago

You can select always on VPN for the same effect. It's not 100% guaranteed, but going directly is basically considered a bug

[–] NutinButNet@hilariouschaos.com 3 points 2 days ago

A VPN is kind of like sending a letter through the post office using someone else’s address. Like if you put the grocery store’s address on it and then stuck it in with their outgoing mail.

It gets your letter there and the post office doesn’t know your actual address, they think it came from the grocery store. Likewise, the person receiving your letter thinks it came from the grocery store too.

And the VPN handles it in reverse by taking a letter from that person and even though it gets to the grocery store, it gets delivered directly to you and no one else except you and the grocery store know that’s not actually your real address.

For privacy, this is great at protecting you from websites you don’t want knowing your real IP address which can reveal things like your exact location in the world, say Facebook. You want to use Facebook to talk to granny but you don’t want Facebook knowing your real public IP.

Some people also use them for tricking websites into thinking they are elsewhere. When you subscribe to a VPN service, they often show you different servers around the world and you can choose to appear like you’re in the UK even though you’re in the US. A site like Netflix may show Rick and Morty only to UK residents so you use a VPN to trick them into showing you shows like that.