We'll Never Get a VPN Sponsor After This

It's five o'clock somewhere, time for the security cocktail hour. I'm Joe representing North Jersey.

I'm Adam Roth, representing Staten Island. Hello.

Wow. Very good. All right. We're getting better on the intro. Okay, so we got an interesting topic today. We're going to be talking about VPNs. And people might think that VPNs are a new thing, but they've actually been around for quite a while in many different guises. Really, as long as the internet's been generally available. Maybe even earlier, I don't know. But Adam, you have been a network security engineer, dare I say forever, but for many years, I would say 20 plus. Is that accurate?

I don't appreciate you. I don't appreciate you dating me. I'm not a dinosaur.

It's a compliment. I'm trying to say you've been doing this for a long time. You're experienced.

Yeah, I think I've been doing it for a long time. Yes, VPNs have been around quite a while. I mean, I remember even 15 years ago setting up VPN on my phone. Was it 15 years ago? Yeah, I think so. 15 years ago, just so I can be able to get my files in my house when there really wasn't the technology out there where you can put an agent on your home machine and put an agent on your phone or something like that. But yeah, it's been around a while.

All right. Well, since you're the expert here, why don't you give everyone a little overview of just what a VPN is and how it works?

Oh, wow. So we're going to get a lot of feedback on this because people are always going to have many different opinions. But a VPN is a virtual private network. And the intention for a virtual private network is to create connectivity from the source device to the destination network. And part of that VPN connectivity allows you to encapsulate or to make that information in a way kind of encrypted. So as it traverses from your device, your phone, your computer, wherever it is, to the endpoint or the destination network, nobody can see that traffic. And it's done for many different reasons. We're not even talking about VPNs yet for people who wanna anonymize their connections. We're talking about maybe you wanna force all your traffic from that device through the egress of that network where you're gonna end up on for many different reasons, whether it's security reasons, or you just wanna be able to get a file or get data without having to have a physical connection to that network. Is that a good answer?

Yeah, that's good. I mean, I'll give you maybe seven out of 10, I suppose.

8 out of 10, please, thank you. 8 out of 10, okay.

Basically, a VPN, it is a virtual private network. It's not a private network, it's virtual. In the old days... Even when I was around, when two companies wanted to talk, or you had like two sites, two buildings, two locations, you got lease lines, essentially private. Well, lines you would rent from a service provider, from a telecommunications company. Those were quite expensive. I don't know to what extent they use now, probably for some applications. But when the internet came along where you had really cheap connectivity to the world then you then people started using VPNs and basically it gives you a private connection over a public network a Trusted connection over a non trusted network and like you were saying it's it works with thumb you know, by essentially doing encryption. And there are a couple of use cases for it, which is like you were talking about remote access, you want to get to your home or your employees want to, you know, need to connect to the office remotely, that everyone's doing now, even without VPNs, but we're going to talk about that. There was also the site-to-site VPNs. Again, replacing a lease line now, they're very popular also to connect to your cloud. If you got stuff in the cloud and you want to have a dedicated connection from your office to there or from your data center to there. So there are a lot of uses for VPNs. And you don't even realize they're there.

I want to add one other part. One and once working for an organization, I was asked to implement VPN over a lease line. And the reason why we implement a VPN over a lease line is that there's no eavesdropping. So unless you seize that connection and you're able to be a man in the middle and then continue that connection on, you really can't eavesdrop. And even seizing that connection is, at a level of nation states, but so if you have an organization located in Florida and you have an organization located in Massachusetts and you're leasing an MPLS or any other line, you still might want to implement the VPN so the carrier does not have the access to that data, especially if it's privileged data that you're really concerned about. What do you think of that?

Oh, I think you're right. You know, in the old days we used to say, oh, lease lines are, you know, we can consider them essentially private. Even though we knew that the telco had access to it and we thought maybe the government had access to it, which ended up being true. But yes, you're right now, even with lease lines, general best practice has become you encrypt over them, except for the extremely, extremely rare case where you are putting down your own fiber, say. And even in those cases, you probably want to encrypt it anyway, just to be careful.

So yeah, there's a rumor that US and Russian submarines go to the bottom of the ocean and are able to, and I know people are going to challenge this, but are able to intercept fiber communications by scraping the fiber and being able to look at the refraction or the generation of light. I can find the article and we can post it with this with this episode. But, you know, just the main thing is security and layers. You want to implement a VPN wherever possible, especially when you're concerned about your data.

Right. Well, remember, you know, that's another case where it's like, you know, it sounds very very Cold War, very James Bond to say, oh, we're going to send a submarine down and scrape the fiber and refract the light, which has been demonstrated and is done. But it ends up it's a lot easier to just get the telco to give you all the data, which is true. But in any case, but that's going a little off. We're going to talk a little more about the really focus on the consumer VPNs that you see everyone talking on YouTube or whatever, which are you know, which are useful. So, a little background. So, I mean, a lot of people probably know this if you're watching, but when you go to a webpage that's a secure webpage, that's, you know, got SSL, now it's called TLS, and you got the little lock on your browser, your connection to that site is encrypted. That is a VPN of a sort, a very, very simple one. So, you know, you talk to your bank, your, you know, stuff is encrypted. You're talking to just about any email service now. Your stuff is, you know, it's encrypted and it's pretty safe. There are ways around it, but, you know, they're pretty safe. As you said, you might want more layers, but even if someone cannot see your communication or cannot see the contents of the communication, just seeing the connection carries a lot of information. Don't you think, Adam?

Yes, but I want to, I love interjecting and adding all this beautiful stuff. Keep in mind that, not you, but our listeners, that there's something known as SSL Intercept. And if you work for an organization, that organization, might intercept certain traffic to make sure that you're not exfiltrating, which means basically removing data from your organization off-site, and that SSO intercept might or might not show that your lock is the correct color. They'll give a certificate to you and then provide that certificate to the endpoint, but certain data like banking and medical are not supposed to be intercepted.

Well, that's right, but that gets to something that is sort of related to this, that when you're doing something at work or on someone else's machine, particularly if you're working for your corporation or something, you have to assume that they are monitoring everything. They absolutely are. Especially if you're in a regulated industry like finance, banking, that sort of thing, certainly defense. They're watching everything. They know what you're doing. You're right. They are supposed to. not be watching things like your health care and stuff, but they have the capability to do it and may not be very transparent about it. And that's kind of what you need to worry about even if it's for your personal use and you're going from home or going from your phone or something just the fact of seeing the connection to a place gives people a lot of information you know if you know what your what your what your source ip address is you know your origination point you know, that can be tracked right to your house or right to your physical location and tied to you very easily. Obviously, your ISP who assigns you that address, they know it's you. And, you know, a lot of other companies that are doing tracking, they're tying that to you also. So they know it's you. And, you know, places can tell who you're talking to. You know, they may not be able to see you know the conversation you're having or reading your mail but they say hey you use gmail or hey this is your insurance company and you know you're interested in these new sites and not these other new sites maybe here are the things that you like that is a tremendous amount of information and we can pretty much guarantee you at this point that all of that is being hoovered up and being sold by your isp and whoever you're talking to on the other end they're keeping track of all that stuff too

So I want our listeners to keep in mind, having a VPN does not mean you're always 100% protected if you use a consumer VPN. As a matter of fact, one of our friends, which is part of a well-known incident response company, was working an investigation where that VPN user, it's actually posted in the public, but I don't want to start naming names. And the VPN user- Please don't name names. That VPN user, that perpetrator, somehow or another had a loss of connectivity with that VPN provider. And that one moment revealed their actual IP address. So, and I know this is part of our podcast. One, please don't do any illegal activity. Number two, whatever you do, you know, and I, and I, and I read some of our notes, Joe, right. You know, people use VPN, uh, VPNs for many legitimate uses, especially if you're a journalist or somebody who's maybe making a complaint to an authority and you don't want to reveal who you are, but at the same time, you want to do the right thing. Keep in mind that there's no hundred percent. when using a VPN, it's at your own risk. So it does help you, but just be careful.

Well, it's like everything. We'll get into that more. But one of the things that it can be very helpful in doing, besides, first of all, it does add another layer of protection onto your traffic, which can be helpful. But also, the big thing that a lot of them pitch in here is not so much that. And there are some other services that Ed will talk about too. But the real thing is hiding your location, helping you be more anonymous, hide your browsing patterns, and things like that. And there are a number of reasons why you might want why you may want to do that, and not all of them are obvious. You know, the one thing is, you know, we talked about some people, I must admit, like myself, am not phenomenally thrilled about the idea of our ISPs and, you know, others we're buying service from. basically collecting everything we do and, you know, and selling that. I really, I just don't like that. Frankly, you know, given that I feel like they should be paying me for using the service, not the other way around.

Well, I mean, collecting data is one thing, but there's always those rumors. And I don't think it's ever been substantiated that some government agencies actually are behind some of these commercial VPNs and they use it to track data. Not sure if it's true or not, but You know, I'll mention rumors without.

Well, those are I mean, those are rumors. I don't know if it's true, but, you know, I don't know if it needs to be true to tell you the truth. You know, I don't know if they need to, because the truth is, you know, one of the things, you know, so there let's go through. So there are some legitimate things you might want to be using this for, you know, so, you know, protect yourself from marketers. You don't like a lot of spam and everything. you know we use it as security research actually because when you're going up against some bad guys and hitting their site and messing with their malware and deliberately executing it which you gotta be a pro you really gotta know what you're doing to do that safely a VPN is one thing you can use to hide your location you know we we joked in another episode about you know going down to a cafe down the street or something but using a VPN is Actually a lot easier and you can make it look like you're coming from you know other countries and other locations So they not only can't attack you back, but you can you know become someone else for legitimate purposes And there are people who use it to you know trick streaming services in fact a lot of them advertise it You know like Netflix or something if it's not available in your country or certain things aren't available into your country or in your country It makes you look like you're somewhere else That's a little questionable, depending on what the laws are. We don't necessarily condone that, but you've got to understand your laws and everything. But the other thing that's a very big thing that's actually a big issue and very important is, you know, it can, there are people who use it really in almost a, you know, a life and death kind of way, or when there are really serious stakes. People like whistleblowers, journalists, dissidents, who really have a significant need to protect their identities. And they will use various types of VPNs that we'll talk about to do that. Few things need to make sure you're picking the right one that it's trustworthy and it's not the only thing you need to do I don't think a VPN does not make you invincible But you know, there are people who count on that level of anonymity to protect themselves Now all that said if you're going to be a whistleblower or a journalist or whatever There are rules around doing that correctly and doing it in a way that protects yourself That you want to follow Because, you know, and the other thing we get to is if you're trying to do something illegal and hide it, please don't. First of all, also, it's not going to work. You know, particularly in the U.S., you know, the government will figure out who you are. You cannot beat law enforcement. You cannot beat intelligence agencies. You think you can? Don't. Think again. Put it that way.

Well, and that brings up another interesting point. Unfortunately, a kid say or young adult was in Israel making really bad phone calls within the US and Not only did the US government but the Israeli government was able to track him even though he was anonymized in his traffic So that goes to prove the fact that you know, if you do something and it's a life safety issue They're gonna do whatever they can to pursue that and I guess stop the risk of you creating that terrorist actions. It's considered a terrorist action when you threaten people, so it's not good to do.

Well, depends, you know, that's kind of the most extreme cases, but there are other things too, you know, the, you know, you need to keep in mind that, you know, protecting your identity is, is not easy. And when you're using, you know, electronic stuff, it's, you know, it's particularly difficult because you're counting on service providers and, you know, it's like they say, no, no kind of encryption can defeat a subpoena. And you need to look, a lot of VPN providers will say, oh, we don't, you know, we don't keep logs. We don't do things, you know, we don't, we don't track you. We don't record anything. You need to be very, very careful and read. And if you're concerned about that, read the terms of just what they're providing you, um, because, and because, you know, it's very difficult, particularly in this country for a company to say no to law enforcement. And, you know, it may also be because, you know, even if you're not a criminal, like we say, if you're a whistleblower, you know, you're someone who's worried about intimidation or maybe you're worried about, you know, someone in law enforcement who, you know, who knows you personally is going to harass you. You know, these VPNs can be, you know, can be essentially, you know, they can get records of those things. And then again, also, they may not be perfect. They leak data. The technology is not perfect. So understand

just what it is that you're that you're getting and what the limitations are well i mean let's put it this way right even if your ip information is 100 percent anonymized and you're using a browser and you're connecting to a site who's to say those cookies or other um personal identifiable information within your browser is not going to be or is going to be passed to the destination that you're connecting to. So you would need to use a clean computer for cash in a place where there's no cameras, connect to an ISP. that you can't be identified by that has no cameras to connect via VPN that you paid either by cash or a card that you bought, a prepaid card at a grocery store or drugstore that had no cameras. I mean, the point I'm making is you're probably going to get caught.

Well, yeah, it's extremely difficult to fully anonymize yourself. It's really hard. And doing all that goes beyond just using a VPN. We'll look at some more of those at some more of those things in the future podcast and probably talk about a whole system. And, you know, we're talking about some of these things that like, you know, real, you know, real journalists and real dissonance. You know, we're talking about people in, you know, very countries with not such great policies or records on human rights. You know, people who are speaking out against the government there. They, you know, it's not paranoia for them. They need to be very, very careful about what they're doing. And the VPN is just the start. It's one of the things that they do. All right, so what does it actually provide to you? Do you want to talk a little bit about how it does hide your location to the extent that it does? See, I'm going to give all the technical stuff to Adam because I'm just, well, lazy. I know it too, but he's the engineer.

Oh, I don't know about that. So a VPN, depending on how it's set up, is either going to take all your traffic or split your traffic. And what that means is, that certain traffic can go over the VPN that's defined by the policy of that VPN provider. So typically, a commercial VPN that you buy or a personal VPN, however you want to call it, that you use to anonymize yourself, all your traffic is going to be sent over that path, that tunnel, toilet tunnel. And when that traffic is passed over that tunnel, they're passing that traffic to the destination, which means that their VPN IP address or their IP address is going to be provided to that destination network. So for example, you open your PC, you download, you know, XYZ VPN, you put your credit card information in, you buy it, you connect. Now you have a connection to that VPN. And then from there, you're opening up a web portal and you're surfing the internet. That destination network only sees the IP address of that VPN provider. They don't see your address. Of course, your address is known to them. And then they pass their address to that destination. Is that a good explanation?

Yeah, pretty much. I mean, you see, when you connect your VPN, often it either randomizes it or it says, use the fastest one or lets you pick a country and you'll say, OK, you're going to be. Yeah, your country. So you're going to look like you're coming from this provider's, I don't know, New York number 39 machine that's got some IP address. So all your traffic, that's where it exits the VPN and goes back onto the internet. So they don't know where you are, but you look like you're coming from there. Now, here's the tricky part. That can be useful, but it can break some things. If you break another city and want to use anything with location, that can break stuff. If you're, say, going to your bank and you start popping up all around the country or around the world, You can get flagged for a possible fraudulent connection, although it can also be useful when you're overseas, you're on vacation. You can access things as if you're home. The other thing too is like Adam was saying, it is kind of funny. It's like, you can seem like you're somewhere else, but they may very well still know it's you. One of the things that's so important to understand when you're using the internet, you're going to sites and everything, there is so much analytics there is so much data collection and analysis like you go to uh well first of all if you read your if you go and you read your mail like you connect to your gmail account it's like well they obviously know it's you and you know and now google knows too you go from a vpn node they're like oh you're using nordvpn or proton they're gonna they're gonna figure that out virtually instantly you're not you're not fooling them that much um they know these things and if you keep using it unless you keep changing it and popping it around You know the site the sites are gonna know and it's a bit of a cat-and-mouse game But they're still figuring these things out and how to and how to track you with it So the benefit is it's it's certainly not Absolute anything you get there are specific use cases.

Yeah, I'm throwing that term out and I'm sure you're gonna define it where you would use a VPN anonymizer?

Yeah, yeah. Sorry, but for everyone, use case is a technical term for something you want to do, basically. Right.

So, you know, sometimes when you're using the VPN, you don't really care that they know you. You just don't want that organization to collect your data. So what do I mean by that? Right. I don't remember how many years ago there was a law passed that the ISPs can mine or look into your DNS traffic to provide certain things to you. So if you're looking for certain sites, and it doesn't have to be nefarious, right? It could be anything. It could be that you're looking at sites for vacations, but you don't want your ISP to always know what you're surfing. You would use a VPN. Now, you have to hope or assume, but don't assume, that the VPN provider is not mining your traffic either. They might anonymize your traffic also, just to collect statistics. Like, we had 4,533 people visit myc.gov. They might do that. They might not put your name in there, but they might collect your data. But there are reasons why you might wanna anonymize your IP or pass your traffic through your ISP. And again, it does not have to be something that you're doing where you're trying to protect yourself as much as you don't want to give your surfing data to your ISP. They can put two and two together and then start sending you targeted information and emails.

You don't want to give it to your ISP. Another thing too is remember, you're not always using your ISP. VPN is really useful if you're using public Wi-Fi, like if you're in a Starbucks or a cafe or at the airport or something, or a hotel. There are a lot of people sniffing for stuff. And especially, I know I'm always talking about hotels. Hotel networks are cesspools. You know, they really, stuff is being tracked and, you know, do you want some bad guys figuring out, you know, hey, such and such, he's going to the site, whatever. Maybe there's a, you know, a honeypot, you're being tricked to go to a site and they say, this person is in a hotel. That means he's not home. Or maybe I can help, or maybe this can be used to scam him. Or, you know, there may be attacks there that the security on the network is not so good. A VPN will protect you. give you more protection in those cases. So it's very useful for traveling for that. I like them a lot for traveling. I'm often very uncomfortable these days connecting to public Wi-Fi, knowing what can be done with it.

And that's a really good point, right? Some machines out of the box had certain ports open on your PC or laptop. It might be 445, which is SMB. SMB is your shares. So if you have a public share on your machine, And you put data in there unbeknownst to you, like you're saving it to a share where you have your medical records. I don't know why you did it. You did it by mistake. But you go to a hotel or to an airport Wi-Fi. People could be scanning for 445, which is that port where you can get that data. They find your machine. They connect to your machine. They don't have to authenticate. And then they grab your data, and now your data is in somebody else's hands. So VPNs will protect your ports. People can do certain things.

Well, VPNs will help with that. You shouldn't have exposed ports or things that aren't protected correctly. And I don't want anyone to think, oh, I'll just get a VPN. I'm good. Like, you know, no, if you've got some bad things like some remote services that, you know, that are constantly getting scanned, that have a lot of vulnerabilities, it's like, don't worry about the VPN. Just turn that stuff off.

I mean, Joe, do you think everybody. At home, and I know you're going to say yes, I shouldn't say, but do you think everybody at home does not take their PC and plug it into their ISP's router and they all have a Linksys or some other kind of wireless firewall? There are people who connect their PCs directly into the provider's modem, which exposes all their ports. Now, I'm not saying that every port is open. You can have no ports open and then a keyword you know, zero day and then somebody's scanning the internet and finds your PC. And then I'm not saying that you really going to be part of a vulnerable zero day, but somebody could write a mass script to do this. And now they're accessing your, your, your, your shares because they know a vulnerability. Is that possible?

Joe? I'm guessing yes. Of course it is. You need to look, you need to practice, you know, do good practices regardless and be a little careful. You know, a lot of these things, it seems like a theme we keep coming up with over and over again is you need to have some understanding. of what's going on. Like, gee, what is on your PC? And you do it. It's like, you know, with these VPNs or any other service you get, they promise you all this stuff. But, you know, encourage people. I encourage people. to be, you know, almost as paranoid as me, I suppose, and, you know, look into it and see exactly what it is that you're getting. What does this thing actually do and how does it work? You know, a lot of sites, especially for security products now, they figured out how to sell security stuff by putting nice, you know, they have those nice templates, everything is, you know, looks like a slick marketing side that's so cool, it's so easy. Well... You know, you still gotta understand, you know, to drive a car, you gotta understand some basic physics.

Are you exposing your data to the threat actors and the malicious people on the internet? If so, get a VPN and protect yourself so those threat actors can't get your data. Is that what you're talking about?

Yeah, it's like Napoleon Dynamite. It's like, you know, vote for me and all your wildest dreams will come true. That's it. Buy this security thing and everything will be fixed. Well, unfortunately, it's a little more complicated than that. Another nice thing with the VPNs now, after I've been knocking them, I'll say they do provide some other things that are useful. Like they typically will include some extra capabilities like malware blockers and adware blockers and tracking blockers and stuff like that. So if you're into that stuff, that's very good. And I found that to be really, really useful.

I've seen features where you can buy or pay for monthly for a VPN, where it helps you network your own family. So if you're in New York and you're part of this VPN provider, And then you have a family member in Florida and you have a family member in Washington, D.C. You can all be on the same network, virtual private network, while still being at home, share printers, share files and data. In that way, it's really nice. I've even seen businesses that have VPN on their portable tablets, where when they want to print something in the office, Like they go to a client and the client signs, they can put the invoice right in the office. They'll be processed right away. So there's a lot of good advantages to these VPNs.

Well, there's a lot of stuff there, but you know, a lot of things that used to be done with VPNs, and this kind of gets to some wider trends in the industry, the cloud is actually replacing a lot of it. You know, fewer and fewer, it used to be that, you know, you had a laptop, how do you connect to work? You opened it up, you connect to the internet, and then you turn on the VPN and you got to log in. And it was kind of a pain, it was kind of expensive too. That is, and there's a home version, like you were saying, but that's kind of going out of style, especially since there were so many. applications and stuff that are really websites and now you got, you know, Microsoft 365 or, you know, 90% of what you're going to be doing for work is in the cloud already. Um, so that's keyword use cases. That's kind of going out of style. And you know, I would love, and I would love to say that for the paranoid use of VPN, because you know, you're not using the cloud, you're using your own stuff, you know, it's all your things at home, you're in control, but If you're using the VPN service, unless you're running your own VPN, which is not easy, you know, you're still trusting someone.

So, you know, these days, it's gotten easier. If your home router supports OpenVPN, you can actually create that download really quickly. But There's still some knowledge that you need to have when using OpenVPN, but it's gotten easier these days. But I want to add that we should probably do a podcast on how to tune your PC so that it is not as exposed to threat actors and when traveling. A different type of episode for that.

Okay, I'll translate. How to set up your PC so you're not completely screwed.

That's a good translation. That's Adamese into English. They don't have that on Google Translate.

You know what? If we, I'm going to go off topic, but if we get enough of these episodes and like the AIs start, you know, you know, start indexing them and listening to them and learning, we'll, we'll be able to say, translate this into Adamese. Oh, you know, that'd be cool.

That's very flattering. Thank you.

Okay, now there's another thing we ought to talk about, and we cannot talk about VPNs and anonymity without talking a little bit about Tor. Tor is the Onion Routing Network, and it is an open source software project, protocol, technology, whatever you want to call it, that is probably the most secure VPN out there and the most trusted one. It is easier to use than a lot of people think, but it's free. People set it up. They do it. People host it themselves. It's actually pretty easy to use. You can get it for your Windows, for your Mac. For Linux you can even get specialized Linux versions that are secure Linux versions that just you know that that will use it So it is a very very good. I would say That it's the gold standard of getting anonymity if you want to get on the Internet even even Even it's your best bet going up against nation states.

It's still not a good bet, but it's probably your best So I want to add some context there also, right? TOR doesn't direct your traffic through one direction, it breaks your traffic up, and then it reassembles your traffic. Keep in mind that the exiting nodes of TOR, if they're compromised, they can know who you are, plus your ISP will know.

And there have been rumors And there have been rumors that some of those exit nodes are run by the people you might be trying to avoid, but those are rumors. I don't know if we know that's true.

And I understand. I'm the same, but it is compromised. You will know who you are. Plus your ISP will know you're using Tor and doesn't know what you're doing on Tor, but those are using Tor and If you use Tor for regular browsing, you can pretty much, if you're using Google, you can pretty much expect to use your capture every 13 seconds. I mean, that's an unscientific number, but they're gonna say, oh, you're using, go ahead, I'm sorry.

Yeah, yeah, a lot of sites will make you do a capture or whatever, do another verification, or just block you completely because they think you're a crook or a hacker or something. I mean, Tor is interesting because, you know, like so many things, it can be used for great good, but also for great evil. And it is. It is the favorite VPN of, you know, journalists, dissidents, Snowden types, all that kind of things. It is also the favorite VPN of some bad people. And it has something that's the ability to host sites. And there is a bit of, if you know what the dark web is, is hosted and accessible through Tor. And there are some not very good people out there misusing it.

Didn't Edward Snowden use Tor?

Yeah, I think he uses Tor. I think he's big on Tails. It's a privacy-focused Linux distribution that uses Tor automatically.

Every time I've ever used Tor, I'm just putting it out there. I purposely made sure that my machine but separate from my normal machines because I'm one of those guys that is paranoid and I'm afraid that my machine can get compromised when using Tor, but it's just me.

Yeah. Well, I'll tell you, I use Tor very infrequently and really when I'm for security reasons, you know, for, for business stuff, when I'm going to very questionable sites or when, or when I get a very questionable email, And I'm trying to analyze whether it's phishing or whether it's got malware. I will often use Tor to really hide my location like we were talking about before. For general use, unfortunately, it's really slow. It's not so good for general use. But when you need the Ferrari of VPNs, of privacy, You've got that, but you need to couple it. You need to understand the limitations. It's not perfect. There may be some bad actors hosting nodes. And you also need to remember, you've got to think about protecting your PC. Most people use it with a specialized Linux distribution. Like tails or like cubes OS That will really give you a lot of the protection that you need also on you to also on your device. So But something you might want to look into it's actually pretty easy to use It is not difficult at all Yes That's my answer

That's your answer? Yes. Well, I mean, I mean, how many people here are going to use Tor? How many people are going to set the machine up to use Tor? By the way, I welcome any feedback. If you're using Tor currently, or you're going to use Tor, send us an email. Or if you're using VPN or other than your corporation and you have your own personal VPN, I would like to know.

Yeah, what's, I am very curious to know what's really popular out there. Cause there are a ton of them. There are the, there are the big ones, you know, like, like I think Nord VPN is the biggest and Proton and some others, but there are like, didn't you pull together a list for this of like 105 different VPN companies?

Like, God, that's staggering. What they're saying is that the plethora of VPN providers.

Plethora? Yeah.

Why?

Another $5 word.

No, that's a $10 word. You have to give me some credit here. What I try to do is I try to look up these words. I want to exercise my vocabulary before we do these sessions so I can sound really knowledgeable. Did that work?

You know, I didn't realize that. I guess you're very fluid. I didn't realize you had a list of big words that every time you say one, you're like, are you like crossing off saying, okay, I use, I use that one.

Well, that's, that's very impressive. You never know when you're going to enter into a spelling bee. I'll probably lose to a fifth grader, but it's fine. What they're saying is 105 of the VPNs out there are run just by 24 companies.

Is that right? So these things are all just, I guess, white labels or they market them as different stuff, but they're really all just 24 companies.

That's what they're saying.

Well, that's interesting.

Almost a third of the popular mobile-only VPNs are actually Chinese, according to this article. Can you imagine that?

Oh, Chinese VPN, wow. Think about if you want to use that. Not that there's anything wrong with that.

If you're using TikTok, you don't have to worry. You already gave your data, right?

That's right. You're giving them, well, that is very true. You're giving them your data directly, you know? So don't worry about it.

But you know, like, like they're saying that a lot of these VPNs were all run by the same companies, it is have, you know, labeling for different geographical areas, and they target certain organizations or people that would want to use it based on the keywords within the advertising advertisements.

Yeah. Well, that's not necessarily a problem if a company is just for different regions or whatever, has different brand names, and maybe they're adapting the product a little bit. That's not much of a big deal. I think it's much more important to say, OK, these companies, who are they for real? Who's really behind them? Who are their investors maybe even? you know, track down their shell companies, who knows? Let's get extra tinfoil hat.

By the way, you don't need to purchase VPN or use Tor to anonymize yourself per se. There are free VPN SSL Connections you can use what I mean by that is you can go if you Google like VPN. I'm sorry Let me do that right now VPN Anonymizer there are sites that you can actually it opens up a window within a window and you can search this up the internet Without having to pay but you don't get a lot of features. They're hoping that you buy the extended features. I

Yeah, that's true. Or, you know, Adam, whether you realize it or not, there's a little box under your desk. That's my server. I just use yours when I got to do something dodgy.

That's fine. It's okay with that. Because I route the traffic through your ISP.

Oh, are you? No, we don't sit here hacking each other while we do these podcasts. It would be kind of funny, though, if it ended up we were just going in circles around each other. Alright So this has been interesting another topic we can talk about for for hours and it gets into some heavy-duty stuff But we are we are hitting time. So last call other Your final thoughts last call.

I mean With great power Comes great responsibility. I think that was spider-man or in that movie spider-man um

It was Spider-Man's uncle.

Yeah, that's what I was going to get at. Just be careful. VPNs have its purpose, but you have to keep in mind, as long as you don't really do anything bad with the VPN, there's nothing to worry about. You're just protecting yourself from additional scrutiny if you're filing complaints and certain things like that. Go ahead.

I was going to say, well, you know, know, know what you're getting, you know, know the limitations because, you know, not only do you not want to get a nasty surprise when you find out that something wasn't doing what you thought it was, but also if you're paying money for something, you should know what you're getting, you know, make, make sure it's, uh, you know, makes sense.

And that's exactly also the point I'm going to bring up again. You're not completely anonymized because if you're buying the VPN, you're paying for a credit card, most likely in your name. if you're buying the VPN and you're connecting to certain sites and you're using sites that you normally would use, they know who you are because the ISP is the, I'm sorry, the IP is put within that portal. So VPN to have a very specific purpose or you should have a specific use case of why you want to use a VPN, not because it's cool, not because it makes you feel like James Bond or I guess Jane Bond, the original Jane Bond, right? Or, or not because, You think you're being 100% protected. Know why you're doing it before you're doing it.

That's right. Although I must admit, I do use it because it's cool. You know, I'm security. I got to tell people I use it. Nobody's as cool as you.

You know that.

Yeah, I wish. All right. That's all we got time for today. So Adam, always fun doing this with you.

Yeah, you too as well.

All right, and everyone, thanks for listening, and we will be back. Take it easy.