Hello all,

I always thought that a VPN is a VPN and that’s all about it. The privacy aspects can differ, the connection speed can differ, the price can differ but that’s about it. I mean a VPN works like a VPN should work, right?

Unfortunately I learned it is not.

Let me simplify (very much!) the idea behind a VPN:
– you get a different IP than the one from your ISP
– traffic is diverted over several servers
– your identity is unknown because the new IP is not to be traced back to your original ISP given IP and so not to you

So far, so good. I use NordVPN and I am satisfied. I use it for torrents and it works great.

Now I red an article about the browser Vivaldi. It comes with a new added feature: a builtin VPN, and they claim as well that the speed would hardly be reduced.

So I downloaded Vivaldi and checked it out.

Turns out: the download speed is only 10% max.
But, it is free and I have all the time in the world.

I checked whether I got a new IP and I did.
Just for fun I checked my IP in Chrome.
Turns out, in Chrome I still have my regular ISP given IP!

So I checked in Firefox.
The same!

To be sure I checked what NordVPN is doing.
When starting NordVPN, it does not matter what browser I use: all browsers show the same new IP.

Now I am puzzled. I thought a VPN gets you a new IP and all traffic is being diverted via that new IP, whatever browser or program you are using.

Obviously I am wrong, but what is happening in Vivaldi?

 

Why IP Checks Show Different Results Vivaldi: Shows the VPN-assigned IP only for its own traffic. Other browsers: Remain unaffected unless they use their own VPNs/extensions. NordVPN: System-wide rerouting ensures all apps reflect the VPN IP. If you want to ensure that your IP address is correctly hidden, you can perform an IP check while connected to the VPN and ensure there are no DNS leaks.

 

VPN is a virtual private network, it's designed to provide "local" network over internet,
if it's exclusive (all traffic goes through it) or not (for ex. traffic between local devices/servers goes through it but internet traffic goes through your ISP directly) depends on configuration.

if you think anything else you misunderstood it completely,

your identity is never really private, because your ISP still sees unknown traffic activity and you using VPN for it (but not sources/destinations),

Vivaldi uses own VPN and so the speed depends on their VPN infrastructure

- just as if you had VPN server at home its max theoretical speeds would depend on your DL/UL because traffic goes through it

 

I am afraid that is true for more than only the VPN knowledge.....

 

What VPNs aren't suitable for

There's no such thing as complete security online, and a VPN service is no exception. Essentially, the attack surface shifts one level: instead of between your device and the website, data can be read between the VPN server and the website.

The VPN services themselves may also be able to view your data. And even if the VPN service of your choice handles your data reliably and meets the highest security standards, data leaks can occasionally occur.

... want to ward off malware
A VPN is not a substitute for antivirus protection. So don't consider it a security tool that can't protect you from phishing or virus-infected downloads.

 

Thanks for answering. I did not know that IP's could be different for two browsers. I thought the IP was the one and only communication point for internet traffic. Obviously my knowledge turns out to be insufficient to really understand how internet traffic is working.....

It was also just to be sure that when using torrents, my IP must be different from my ISP given IP because uploading stuff is forbidden in my country. So I must be sure that when using torrents, my IP has changed!

 

Opera browser has the same sort of vpn feature, for free. But they also have a paid service.

The speed is fine for browsing, but if you download anything it is very slow. Some sites, like Dropbox, do not function correctly at all due to the low speed connection.

It's more of a proxy server than a true vpn.

 

You are on Linux right, which distro? For an example, you can add a command line tool called Proxychains. If you are on Debian, you can install it by issuing the command : sudo apt install proxychains , and it will download and install from repo.

You setup a list of SOCKS or HTTP proxy servers inside its configuration file. Any command you issue in the command line can be prefaced with "proxychains" which will then pipe the output of that command through the list of proxy servers. They basically become additional hops. The computer at the end of the transaction will only see the very last server's ip address. For purpose of explanation, to some extent, it is similar to TOR.

None of this changes your real IP address. You either have a static ip or a dynamic ip, which is assigned by your isp. These connections are like a sidechain in audio. The difference is the protocol, and wether the tunnel is secured, or not.

 

Well, the 10% is not bad. I mean, it's free.

Still on MX21. I will skip MX23 which has some strange "features" and wait for MX25.

The rest of your story is way too high for my pay-grade and considering I don't have a pay-grade at my age anymore, you can fill in the blanks.
But I really appreciate you taking the time!

 

no, not so good. Nord is known to have collaborated with authorities. Therefore their claims on collecting/storing users logs are b.s.. IMO, nord is a waste of space. A VPN, i.e. why you pay them, makes certain your activities stay private and are never, ever EVER, logged and saved, anywhere. A VPN that strays from any of that is useless and a waste of time & $$..

I would be more concerned about what they log and who they collaborate with and what their track record is... The truth is if you're wanting speed thru a VPN you'll need a dedicated router with the firmware for the vpn running on it. You'll also need vpn protocols that are optimized for speed and privacy. This "vivaldi" thing has neither.

Your "identity" is unknown to sites you go to or places you log into, etc. Your "id" as far as your ISP goes is known because you have an account with them that makes it so... There is a data stream passing thru their system associated to you which they cannot penetrate or trace. With regard to your "comings and goings" and what you are doing, where you are going, etc, they do not have a clue. Which is the way it should be...

 

NORDVPN is banned in Myanmar ... only few working here
better to use deep seeker dpn instead

 

No, "data leaks" do not "occur" or better not. That's not what you pay a VPN for... IF the vpn is true to what you should have been looking for in a vpn - .i.e. ram only based servers that never collect, save, or log ANY users activity data then this "occasional data leak" thing is b.s.. When there's nothing logged, there's nothing to leak and nothing for authorities to stick their ugly snouts into...

 

And don't forget about the '5 Eyes, 9 Eyes, and 14 Eyes Alliances'. Read about it here: https://allaboutcookies.org/what-is-the-five-eyes-alliance

And there's also something called like 'a unique browser ID' that will always be identifiable regardless if you're using a VPN or not. So thinking you're completely save when using a VPN is a fairy tale that's promoted by the companies that want to sell you one!

Of course if you're not engaged into extremely illegal activities and just want to download some warez you're perfectly fine with a VPN. They won't bother to track you down. But if for some reason they want to find you? You can be sure that not any VPN will keep you save!

 

You're right that a good VPN service shouldn't collect or store data to protect user privacy. If a VPN truly operates on RAM-based servers and doesn't log activity, there should indeed be no data leaks. It's important to choose a provider that adheres to these standards to ensure your data remains secure and private.

Your perspective raises valid points about VPN design principles, but the relationship between logging policies and data leaks requires careful distinction:

Core Privacy Protections
A properly configured no-logs VPN (RAM-only servers, no persistent storage) ensures there's no historical activity data to leak or subpoena. However, "data leaks" in this context refer to real-time exposure risks, not retrospective breaches of stored logs.

Operational Realities
Even with strict no-logs policies:
- Connection metadata (timestamps, server locations) might exist temporarily in RAM during active sessions
- Network-layer leaks (DNS/IPv6/WebRTC) can expose activity during active use if not properly mitigated
- Legal compulsion could theoretically force live monitoring, though this is mitigated by RAM-only infrastructure

Key Security Layers
- No-logs architecture - Eliminates historical data retention risks
- Leak prevention - Mandatory DNS/IPv6 protection, kill switches, and WebRTC blocking
- Encryption standards - Protocols like WireGuard® with perfect forward secrecy

Verification Essentials
Users must:
- Audit logging claims through independent security reviews
- Test for live leaks using tools like BrowserLeaks/Wireshark
- Verify jurisdiction (avoid Five Eyes countries for servers)

The ideal VPN combines zero-persistence infrastructure with real-time leak prevention - these are complementary protections, not mutually exclusive features. While you're correct that proper no-logs design nullifies retrospective data risks, the "occasional leak" concern refers to operational security during active usage.

Source: AI

 

because browser cookies, cache and extensions aren't a thing, right?

 

Yeah they're a thing. And if you clear cache regularly, reject/clear cookies regularly, and keep very tight reins on extensions, it's really only as much a of problem as you allow it to be...right? Sites you go to and do a login only know who you are if you tell them. With a very small handful of sites you are obligated to use correct PII and with those you erase traces immediately rather than leave them there for other sites/services to possibly exploit. Most others you can use fake info, if you even have to login at all. This is where a lot of monkeys fall short. They figure no one will exploit them if they aren't exploiting anyone themselves. Wrong...

 

Your perspective on minimizing tracking risks through disciplined browser hygiene is valid, but modern tracking methods require additional layers of protection. Here's a breakdown of key considerations and enhancements:

Core Privacy Practices

- Cookie/Cache Management: Regularly clearing cookies and cache disrupts tracking continuity, but session cookies can persist if browsers restore sessions, and some trackers use "zombie cookies" to regenerate.

- Login Anonymity: Using pseudonyms or fake PII (except where legally required) limits exposure, though device fingerprinting can still link activity across sessions.

Technical Limitations

- Browser Fingerprinting: Even without cookies, trackers use browser/device characteristics (screen resolution, fonts, etc.) to create unique identifiers.

- Server-Side Tracking: Modern analytics bypass browser-based restrictions by processing data directly on servers.

Spoiler: Enhanced Protections

Enhanced Protections

1. Anti-Tracking Tools:
- Ghostery Privacy Suite: Blocks trackers, manages cookie consents automatically, and provides tracker visibility.
- Tor Browser: Neutralizes fingerprinting by standardizing browser characteristics across users.

2. Network Security:
- VPNs: Mask IP addresses but don't block trackers; pair with dedicated anti-tracking extensions.
- HTTPS Everywhere: Prevents network-level snooping (implied by secure site recommendations in).

Behavioral Adjustments
- Photo Metadata: Strip GPS coordinates before sharing images.
- Social Media: Avoid posting identifiable details (schools, workplaces, family members).
- Password Hygiene: Use randomly generated credentials stored in a password manager.

Counterarguments to Complacency
While your methods reduce attack surfaces, advanced tracking operates at multiple levels:
Third-Party Scripts: Embedded social media buttons or analytics SDKs track users even without logins.
Behavioral Profiling: Machine learning algorithms infer identity from browsing patterns alone.

For maximal protection, combine your rigorous habits with tools like Firefox Enhanced Tracking Protection (blocks cryptomining/fingerprinting scripts) and Never Consent auto-cookie rejection. The ESET survey confirms that identity theft remains a top concern, necessitating proactive rather than reactive measures.

 

yep read about the eyes...

Ok. Use common sense here. This is only compromising to your real-world PII if you linked your browser somehow, i.e. made it traceable to your real-world information. Who in their right mind would rig that up? Otherwise the only thing sites can use is cookies (easily user manageable), or some locally installed code (i.e. an exploit), that would give a permanent machine/browser ID to a site asking for it. Which is why you use active and passive solutions to prevent exploits in the first place. If you're not already doing this then you're a duck sitting in the pond. The only other types of things left to use are generic non-PII compromising types of infos like OS version, browser brand, IP, etc, none of which are threatening to your real PII, assuming you're properly vpn'ed... Os type/ver, font's, browser brands, etc, are all parameters that are too generic and are really non-concerning with regard to revealing your real identity or PII. Should any user really care if something matching their os version with their browser brand using generic x,y, or z fonts checked a website 12 times in a month or logged in with totally fake information? Nothing there I am concerned with anyway... Personally I kinda dig fucking up their collection databases where they log all this crap that they sell to the highest bidder.

Adjunct to everything else, if you are using any stock browser(s) that still contains all the reporting and telemetry and update information that it came with from the factory then much of this is on you. Browsers can be made much safer (reverse engineering once again) to use in general by removing all the reporting, update, and telemetry gizmo's that they ship with. Then plug the exploit holes with active and passive solutions. Web browsers are a user beware type of tool. If used with the right mindset they can be used safely for the most part.

 

Last edited: Apr 6, 2025 at 11:59 AM

Are you safe from the police with a VPN?

Police cannot track encrypted VPN traffic in real time. However, if a court order exists, the police can request connection and activity logs from the Internet service provider.

The provider is permitted to store the IP address for up to seven days based on the Telecommunications Act (Section 100 (1) and Section 109). This is permitted for billing purposes and to ensure technical security. With a VPN, the whole thing becomes a bit more complicated, because the authorities only have the IP address of the VPN server. If you also have a provider that doesn't store logs, then you're in luck, because in that case, there's nothing the VPN provider can provide to the police. This is why it's so important to use a VPN service that adheres to the no-logs policy.

However, caution is still advised, as there are also VPN services that leave backdoors open for government agencies to monitor users. For example, there are also VPNs that are permitted in China – a country whose population is strictly monitored in all areas. However, in these cases, you can pretty much assume that one or another backdoor has been built in for the government.

Tunnelvision: Attackers can bypass VPNs and redirect data

With a 22-year-old DHCP option, attackers can cause data traffic to bypass the VPN.
Neither users nor VPN operators are aware of this.

www.heise.de/en/news/Tunnelvision-Attackers-can-bypass-VPNs-and-redirect-data-9710725.html

 

a VPN is a technique for tunneling packets, a well is a hole in the ground filled with water, though some will tell you, a well is a large mammal that spouts water out of a hole in its head. - so there may be some controversy over spelling etc.

But I'm not an expert, all these fun facts were taken from "The Official Rather Large Book of Troubling Facts and Obvious Problems, 2023 edition (north america)"