The Truth About VPNs: Beyond the Marketing Hype - The Sovereign Computing Show (SOV012)

Tuesday, April 22, 2025

Jordan Bravo and Stephen DeLorme break down the reality of Virtual Private Networks (VPNs) beyond the marketing hype. They explore what problems VPNs actually solve—hiding your IP address from websites, concealing your browsing from ISPs, and encrypting traffic—while addressing their limitations and downsides. Jordan and Stephen compare VPNs with Tor, examine trusted providers including Proton VPN, Mullvad, IVPN, and the innovative Obscura, and discuss the frustrating trend of websites blocking VPN users. Learn practical advice for incorporating VPNs into your digital sovereignty toolkit and why you should stand up for your right to privacy online.

Chapters

00:00 Introduction to The Sovereign Computing Show
00:35 ATL BitLab Sponsorship Information
01:55 Welcome and Episode Overview
02:07 Updates and Errata from Previous Episodes
05:06 White House Signal Group Security Mishap
12:17 Amazon Echo Privacy Changes
15:24 Main Topic: Understanding VPNs
16:33 Problem #1: How VPNs Hide Your IP Address
17:56 VPNs vs. Tor: Centralization and Trust Models
21:30 VPN Performance vs. Tor Performance
23:05 Problem #2: Hiding Browsing from ISP Surveillance
24:49 Problem #3: Traffic Encryption Benefits
25:35 VPN Provider Reviews
25:57 - Proton VPN: Features and Netflix Compatibility
27:32 - Mullvad: Privacy Features and Cross-Platform Support
30:08 - IVPN: Privacy-Focused Alternative
32:07 - Obscura: The VPN That Can't Log Activity
36:46 Downsides of Using VPNs
38:12 Website Blocking and VPN Discrimination

Transcript

Jordan Bravo: [00:00:00] The worst is they will gaslight you into thinking that you're doing something wrong, like you said, and or they'll try to make it seem like you are a criminal or guilty of something just because you're using a VPN.

So I say we band together stand up for our right to be anonymous and private and not take that crap. You know, stand up for yourself. There's nothing wrong with using a VPN. You're not trying to hide anything, you just are trying to not dox yourself to the whole internet.

Jordan Bravo: Welcome to the Sovereign Computing Show, presented by ATL BitLab. I'm Jordan Bravo, and this is a podcast where we teach you how to take back control of your devices. Sovereign Computing means you own your technology, not the other way around.

Stephen DeLorme: This episode is sponsored by ATL BitLab. ATL BitLab is Atlanta's freedom tech hacker space. We have co working desks, conference rooms, event space, maker tools, and tons of coffee. There is a [00:01:00] very active community here in the lab. Every Wednesday night is Bitcoin night here in Atlanta. We also have meetups for cyber security, artificial intelligence, decentralized identity, product design, and more.

We offer day passes and nomad passes for people who need to use the lab only occasionally, as well as memberships for people who plan to use the lab more regularly, such as myself. One of the best things about having a BitLab membership isn't the amenities, it's the people. Surrounding yourself with a community helps you learn faster and helps you build better.

Your creativity becomes amplified when you work in this space, that's what I think at least. If you're interested in becoming a member or supporting this space, please visit us at atlbitlab. com. That's A-T-L-B-I-T-L-A-B dot com. Alright, on to our show.

Jordan Bravo: Welcome to the Sovereign Computing Show. I'm Jordan Bravo and I'm here today recording from ATL BitLab with Stephen DeLorme. [00:02:00]

Stephen DeLorme: Hey, how's it going.

Jordan Bravo: Today, before we get into our main topic, and it's a good one, I assure you, we've got a couple of updates and errata that we want to comment on regarding some previous episodes.

In our App Store episode, we were talking about some of the vulnerabilities or the downsides of the centralized app stores and native apps in general. And we kind of waxed nostalgic about back when browsers were the only way to get those types of apps or native apps on desktop. But basically the pre-mobile app era, App store era, and we kind of, at least I felt like I might've given the impression that browsers don't suffer from the problems of downloading malware, that they're magically immune from issues. But that's definitely not the case. I think we can remember the peak era of toolbars that would install themselves and slow everything in your browser down [00:03:00] to a crawl.

I mean, you had toolbars upon toolbar upon toolbars. I remember I would help my grandma out with her computer and she would have Internet Explorer. And literally three quarters of the entire screen of the browser was toolbars, just spyware installed. And there was this one little sliver of the actual webpage at the bottom and it was just riddled with popups and it, it was barely functional. I just wanted to put that out there because it was not all sunshine and rainbows back then. We kind of have a different set of problems now with the native apps and the app store censorship. So I think, like you alluded to, Stephen, the problems were different because when you don't have a curation from an Apple or a Google, for example, you might get something like a crypto miner installed or you might get something like Chinese spyware, but now we get spyware from Google or Apple, and they're less likely to do something [00:04:00] like install a crypto miner on our, devices. But at the same time, there's downsides as well.

Stephen DeLorme: Yeah.

Jordan Bravo: The other update I wanted to talk about, or just make an amendment, which was that during our browser episode, and search engines.

We forgot to mention that DuckDuckGo has both a browser and a search engine, and they are privacy focused and that the DuckDuckGo browser is actually based on WebKit. So that's important to know because there're another browser out there that's fighting the Chromium monoculture. We talked about this in depth in the episode, how basically there are only three major browsers under the hood, even though there's a bunch built on top of them. And so you had the Firefox and its forks. You have Chromium and its forks, and then you have WebKit, which is safari basically, and its forks. So it sounds like DuckDuckGo being based on WebKit might actually be a good thing just in terms of more diversity in the [00:05:00] ecosystem.

Stephen DeLorme: Absolutely.

Jordan Bravo: All right, today, we have a couple of news articles we're gonna get into, and the first one is something y'all might have heard about in the news lately, and this is about the Trump administration accidentally, including a journalist in its Signal messaging group, when they were communicating about war plans in Yemen or with Yemen.

Stephen DeLorme: And wait a minute, the White House Signal Group, it's so funny to hear somebody say those words out loud. Like, I think of like a Signal group as just like, something with me and my friends or something. And it's like very casual. So it's, I don't know. It's kind of funny to imagine a bunch of like federal government officials just like starting a Signal room together.

Jordan Bravo: Yeah. And while we aren't really interested in covering politics, per se on this. I think it's interesting because we've definitely discussed Signal and we've discussed how you see that the governments at least what they [00:06:00] talk, what they say in public is "Don't use encryption." And then Chinese hackers happen and they say, "Use encryption." and then they say, "But just kidding, not really. We wanna be able to backdoor it." And so it's the, it's funny to see them now using it at the highest levels of the government.

Stephen DeLorme: Yeah, absolutely. I mean, it's clearly a useful tool and for anyone who maybe is, uh, just listening and hasn't, um, you know, read the article yet or hasn't heard about it, basically, um, this journalist from the Atlantic, um, suddenly found himself invited to, uh, a Signal chat room, and all these people, uh, start entering the Signal chat room with like the initials of like key people in the federal government, including the vice president. And they basically start planning, um, in the Signal room, like a bombing on Yemen. And you know, the journalist initially thinks, "Well, this is probably some kind of um, you know, people trying to, uh, entrap a journalist, this is probably all fake." But then, you [00:07:00] know, the bombs actually, you know, fell on Yemen and he is like, "Oh, wow, this is probably real." So, reaches out to the White House and gets confirmation that yes, that was a real Signal chat room. yeah, so it, it, you know, I think the thing that's interesting about is, obviously this is, I mean, I, I think it's an embarrassing, you know. Security mishap. Um, I don't think, uh, and anyone would really disagree about that, to just like accidentally invite somebody, you know, who doesn't have security clearance.

Like, it's a mishap. Right. it is interesting though because like, I'm kind of putting myself in their shoes for a little bit. Like, you've got these like, busy government officials and like, you know, work, probably work in different physical buildings. Have a full schedule of different meetings with different people.

Um, they should be, I guess, I don't know how this stuff works, but they're probably supposed to be going to like a skiff, which is like one of these like government faraday cage rooms to like talk about sensitive stuff. So it's like one of these rooms that like nothing could get, get in and get out of.[00:08:00]

But they're not doing that. they're finding the UX of just downloading Signal, way more appealing to them. I'm guessing it probably fits into their busy schedule a little bit. They're getting these assurances of like, "Oh yeah, we can just use this encrypted messaging app and then we can all just, you know, plan this from our respective offices and all that."

So I think when you're just like planning for like any organization, company, government, club, whatever, and it's like. If your processes are like slow or your processes, for dealing with stuff in a secure and private way is, too complicated or too slow or too difficult, then people will try and route around that and find a different solution.

This seems to me like a, an example of people trying to route around kind of a legacy process to, do something that feels more convenient to them, and obviously it backfired because of the human element. It [00:09:00] wasn't the encryption that was broken, just like someone accidentally invited someone to the chat that wasn't supposed to be there, which could happen to any of us.

Right. but it, it, it just kind of goes with the show. If you don't, you know, build in a process that's like both private and secure and also easy to do, people will route around it and try to do something that maybe isn't as secure.

Jordan Bravo: Yeah. It, it's very common in cybersecurity that you have a system set up with end-to-end encryption and all kinds of excellent security features from a technical standpoint, but then the human element comes into play and you have either human error or somebody just gets socially engineered. Um, somebody writes their password on a sticky note and leaves it out, that kind of thing.

Stephen DeLorme: Yeah. But hey, it's kind of nice to know that, uh, you know, Signal's technology is, good enough for these people in the government.

Jordan Bravo: Yeah, it is encouraging. You know, they, they're at the top levels of the government, so [00:10:00] in theory they have access to the best technology for this kind of thing, and they are using Signal. So that is encouraging like you said it tells us that it's not compromised as some people think. Uh, of course we have no way of knowing for sure because we, we can't see the code that's running on the Signal servers and you have some people, like Tucker Carlson has famously declared that Signal is backdoor because he said that when he was gonna go to Russia to interview Putin, he, uh, the only person he ever mentioned it to was via Signal. And then the people that were spying on him, he said that they had known, you know, they were talking about it. And so if I had to guess, I would say that they probably just got physical access to his phone.

Stephen DeLorme: Yeah.

Jordan Bravo: In which case, it doesn't matter what app you're using, if you physically compromised someone's phone, you can basically listen to everything that they're doing on it.

Stephen DeLorme: Yeah. It could have been, the other person's phone was physically compromised too. I mean.

Jordan Bravo: Exactly.

Stephen DeLorme: That's the thing about it. It's like in this situation, it's like, [00:11:00] "Whoa, everything's all encrypted."

But it's like, "Well, you invited if, you know, if the wrong person gets invited to chat or the wrong person sees the phone screen, they can just take a screenshot of it," which is exactly what happened here. So, and it's like, yeah, the, you can't, you can't control for all those variables.

Jordan Bravo: Alright, well. Let's move on to the next article and this one.

Stephen DeLorme: Oh, wait, before we move on to that.

Jordan Bravo: Yes.

Stephen DeLorme: We should probably hit this meme real quick.

Jordan Bravo: Yes.

Stephen DeLorme: This dank meme. So this, for anyone who, uh, is just, uh, listening, uh, we've got a screenshot of the Signal disappearing messages, menu, which lets you choose between, you know, off all the way to, you know, four weeks, down to like 30 seconds.

And, and, and all of that. And so, uh, for lunch plans, that's right around off or four weeks. Uh, if you wanna make war plans, that's around one week to one day. Uh, if you wanna send nudes that's around one hour to five minutes. And, uh, plans to lie about sending war [00:12:00] plans are 30 seconds disappearing messages.

Jordan Bravo: Yeah. Good stuff. We'll, we'll upload it and put a link in the show notes.

Stephen DeLorme: I'm not sure who to credit this to, but thanks to whoever. All right. Next article.

Jordan Bravo: The next article we're gonna talk about briefly is about the Amazon Echo. If you are an owner of an Amazon Echo, you'll wanna know this.

The Amazon has released a, they send an email out to Echo owners, saying that on March 28th, 2025, which is two days away from this recording, that you will no longer be able to opt out of having all of your recordings sent to Amazon server. So currently you can select an option where when you talk to the Echo, it only processes, it processes it locally - your voice recording, and that option is going away in two days. So everything from that time on that you say to Amazon will be [00:13:00] sent or to your Echo rather, will be sent to Amazon servers and you are, you will no longer be able to opt out. So I think if you did not already have a good reason to get that spyware out of your house and out of your life, this might be the push that you need in that direction.

Stephen DeLorme: I actually didn't even know they had a do not send option. This is actually one of the reasons I've never gotten an Alexa, because I actually thought that, uh, it was by default all recordings went to Amazon. But they're actually, they had a way where they could process it on device.

Jordan Bravo: Well, it might be that it was defaulted to sending it.

Stephen DeLorme: Yeah.

Jordan Bravo: But you could go out of your way and opt into local recordings.

Stephen DeLorme: And so the local recordings, do they actually, like, would they, were they like transferring the recording- speech to text locally or something like that?

Jordan Bravo: That's what it sounds like.

Stephen DeLorme: Oh, interesting. Well, we don't have access to the full article here.

I think because I'm not logged into wired.com because I stopped paying for [00:14:00] wired.com during Covid. But we can, you know, get the headline and get the basic gist of it from here.

Jordan Bravo: Yeah, I mean, I mean, I think the takeaway here is pretty clear. You know, if you're concerned about your Echo spying on you and you were relying on the fact that it was processing locally, it's, that's no longer an option.

Stephen DeLorme: Yep. Well, you know, for me, I can just, uh, I'm fine with just good old fashioned clicking on Amazon in a web browser.

Jordan Bravo: What you said though, you said that you never bought this because you didn't know that the local transcription was an option. But I would say that goes to show that even if it is, it might not be forever. So

Stephen DeLorme: Yeah.

Jordan Bravo: If you put a piece of spyware in your home and it's, they're, they're pinky swearing that they're not gonna be using it for nefarious purposes, but the terms in of service say that they can change those terms at any time and you have no choice but to either accept them or stop using the product.

So I would just [00:15:00] rather only use something that I have control of and not some other third party.

Stephen DeLorme: Yeah. Makes sense.

Jordan Bravo: Before we move on, I just wanna say that this will also tease an upcoming episode that we're gonna do about local AI and LLMs and home assistant type stuff. So keep an eye out for that.

Stephen DeLorme: Awesome.

Jordan Bravo: All right. Today's main topic that we're gonna talk about is VPNs, Virtual Private Networks. Most people have heard of VPNs. Many people even use them. You've probably seen a million YouTube advertisements for Express VPN and Nord VPN. They really hammer the podcast scene hard with, with their advertisements and their, their sponsorships.

Um, but I think the problem with a lot of VPN messaging is that they are supposed to be a panacea for security and privacy. And they, that is certainly not the case. Uh, I would say VPNs have an important [00:16:00] place in our sovereign computing toolbox, but it's important to know what problems they solve and what problems they don't solve and how to use them properly.

And then when we do wanna use them, what are some providers that we can use that are better than others? And what, you know, what has good reputations and which ones have more, uh, technical advantages. Let's talk about the problem that VPNs actually do solve, and then we'll talk about what they don't solve.

VPNs, in my estimation, they have three real uses. One is they will hide your IP address from sites that you visit. Normally, when you visit any kind of website or have any kind of internet traffic in general, by the nature of the way that the internet and the IP stack works is there's a destination IP and a source IP.

And so the source IP, that's you, that's your home typically. And so everywhere that you visit, [00:17:00] their servers, they see where that traffic is coming from, and IP addresses can be easily mapped to physical addresses, and so if somebody has your IP address, they can get a pretty good idea of geographically where you're located.

So if you want to hide that from the sites that you visit, then a VPN does a good job of that because you are actually tunneling through to the VPN provider and then the VPN provider is going to your destination. And so your destination, they only see the VPN provider's IP address. And when you have an a VPN provider that is a large provider with a lot of customers, you get a good anonymity set because it could be, the traffic could come from thousands or tens of thousands or however many customers they have. It could be any of anybody using their service.

Stephen DeLorme: So on that note, maybe before like getting into like services specifically, it would be good to contrast to [00:18:00] this, compare and contrast to this, with something like Tor.

Jordan Bravo: Tor is more decentralized than a VPN provider. With a VPN provider, you're just designating a single company's servers and you're saying "I'm routing all my traffic through that."

Whereas Tor is there's a network of nodes out there running Tor relays and your Tor browser, let's say, is going to on the fly, find a path to your destination, and it's gonna do that going through three hops. You have your entry, your middle, and your exit. And by doing so, none of the relays have full information. So the entry node knows your IP address typically, but then they don't know what, where your destination is. Conversely, the exit node, the last one in the chain, knows your destination, but they don't know where you [00:19:00] came from. And the middle one doesn't know either.

Stephen DeLorme: And I think something worth noting with Tor and versus VPN might be the kind of UX of it, like why you might choose one over the other.

Because I think with, uh, you know Tor, so like, and you know, apologies if I'm jumping the gun a little bit here, but like, one of the, like drawbacks I think of with VPNs is that, as you pointed out, I am hiding the IP address from the sites I visit. I'm hiding my I IP address from my ISP. Um, and, and yes, I'm getting this encrypted tunnel, but I, there is a bit of trust involved in that VPN provider.

I am hoping that they're not going to, you know, keep logs of the sites I visit and hand that over to somebody else. If they do, then, you know, they'd lose my trust and, you know, and, and lose me as a customer. But I'm kind of having the trust, they won't do that, which I think makes reputation [00:20:00] very important for a VPN, whereas I, I don't have quite the same trust assumptions with Tor, right? Like I, I can log onto Tor for free. All the nodes in the Tor network are kind of just doing a, a public service and randomly creating a different circuit every single time and that's good and that's cool.

And so you might think, "Well, why not? Why not just use Tor all the time, Stephen?" And the reason is because it's, you know, frankly, it's a huge, you know, I mean, it's, it's slow. It's just a, it's kind of a pain in the ass, right? Like, if you, if you go visit a site over Tor, it's gonna be way, way slower.

And you're not gonna get, like, especially if you're trying to, scroll through social media or, you know, go look at something on YouTube or whatever. Just like the bandwidth for videos and image download and all that, it's gonna be noticeably slower. So yes, you might have, you know, some better privacy guarantees.

There may not be nearly as much trust involved, but, uh, it is kind [00:21:00] of this like free public resource and it can be, you know, slow to use and you know, if you're not dealing with something super sensitive, super critical, like you, you choose your own threat model, right? If your threat model is not, you know, super high and super paranoid.

Then, you know, maybe you're better off just paying a VPN for an exceptional level of fast internet performance.

Jordan Bravo: Yeah. When you pay a VPN provider, you are paying for their costs of running a server with a lot of bandwidth. And so depending on your provider, you can get bandwidth speeds that are close to approaching normal internet browsing speeds. You're always gonna take a bit of a performance hit, but you can still get acceptable speeds. Whereas Tor is a network run by volunteers for free. And sometimes this is just people who have an extra computer sitting around and they decide to plug it into their home internet and run [00:22:00] a Tor relay.

And so you don't have this huge commercial operation providing tons of bandwidth, rather it's in incredibly constrained. And so I would typically only use Tor for text-based things in very sensitive situations, but I find that day-to-day it's, it makes the UX so slow. It's, it's not really usable for a lot of tasks.

Stephen DeLorme: One quick, sidebar is that, uh, I have the timechaincalendar.com up, uh, as a pleasing visual while we're recording this episode and something is going on on Bitcoin right now. Blocks are coming in like super fast. I'm kind of curious to look after the episode is over. Uh, we're still in the middle of a difficulty adjustment apex. So I wonder if like, some new hashrate just came online, or maybe some people are just getting lucky, but it's been like a block, like I feel like every two minutes or something looking at this.

Jordan Bravo: All right. It's, it's a good time to get some transactions in.

Stephen DeLorme: Yeah, [00:23:00] exactly.

Jordan Bravo: Going back to the problem that VPN solved, you briefly mentioned this already, but I wanna emphasize it a bit, which is that we talked about how it hides the IP address of the site from the sites you visit, your IP address. The other thing it does kind of on the other end of the spectrum is that, it hides the sites you visit from your ISP. Normally without a VPN, everything that you visit, your ISP sees that traffic and we know this is not a guess because we've seen the leaks and the, the breaches that ISPs, such as At&T and Comcast, et cetera, they surveil everything that you do and they sell that to data brokers and they also give it over to government agencies. And so while VPNs certainly have their own downsides, and we talked about how you have to place your trust in the VPN provider because you're basically shifting it from all of your traffic being visible from your ISP to now all of your traffic being [00:24:00] visible to the VPN provider. The difference is VPN providers, at least the good ones with, with good reputations, they're in the business of providing a service where they don't look at your logs, like that's their whole reason for existence, whereas your ISP, they're under no such contract. In fact, they have tons of contracts with data brokers and, and people who will buy your data, and they just do it all the time. So you either go with the company that you know is siphoning your data, your ISP, or you go with the company that's their whole business model is that they're not doing that. And so while you're trusting either way, I feel like the one with the, going with the VPN provider is a lot lower bar to get over.

The last thing that VPNs provide which is not so important these days because is that they encrypt all of your traffic. So back in the day when we ran stuff over HTTP unencrypted without SSL or [00:25:00] TLS, this was a big deal because otherwise all of your traffic going to your given site is unencrypted. And then if you use the VPN, it would be encrypted. Today, with SSL, that's less of a problem, but it's still useful, especially when you're traveling. Let's say you're on a public wifi, then all of your traffic can be snooped. So, because somebody can perform in a man in the middle attack. So using a VPN, in a public wifi is definitely, a good practice.

So let's talk about now some specific providers that we've known and or used. And I think the first one we wanna talk about is Proton. And I've used Proton. I have a Proton free account, but I am going to ask you, Stephen, if you, what you think about proton? Because I know you use it a lot more often than I do.

Stephen DeLorme: Yeah. I love Proton VPN. It's, uh, really cool. I mean, you're not familiar with working with like OpenSSL and [00:26:00] you know, WireGuard and applications like that, you don't have to worry because it's got like a really, you know, easy to use application. You can download it on your phone, you can run it, on your desktop or laptop.

Um, and you know, you can choose your country and like which server and which country you want to connect to and randomize it and all that. I think the reason I switched, I started using it to begin with was because I was already paying for, um, you know, like a, a business account with them. And so it, I realized A. account comes with my plan, but B. the VPN provider I was using before I could not use with Netflix, which was kind of annoying.

And so at the time you could actually Yeah, tunnel through Proton VPN and still watch Netflix, which, was really cool. I think that has since changed. I've run into some issues, recently with that, and I'm not sure if it's Brave Browser or Proton or maybe both, but [00:27:00] at least in the past you could use Netflix with it, which was, uh, really cool.

But yeah, overall great experience. It's easy to use. It works. I like it.

Jordan Bravo: I really like that Proton VPN has a free account and it's just a constrained bandwidth version of their paid accounts, so I I, I like that. It lets you test it out, see if you like the UX, and then if you want faster speeds, you can just upgrade.

Stephen DeLorme: Yeah, absolutely.

Jordan Bravo: The next provider I wanna talk about is called Mullvad. Mullvad has a great reputation in the privacy community, and they offer all the things you would expect from a top tier VPN. They have desktop apps for all, for Mac, Windows, and Linux. They have mobile apps for iOS and Android, and they also have WireGuard profiles if you wanna get, uh, super hacker and get under the hood and install things manually.

They also have an integration with Tailscale. [00:28:00] For those of you unaware, Tailscale is a different kind of mesh VPN, that's used more for networking rather than privacy. But what's cool is by using Mullvad with Tailscale, you can have both at the same time so that you get the advantages of both.

The next VPN provider we wanna mention is, I Oh us. Go ahead Stephen.

Stephen DeLorme: I was just gonna say, uh, if you've had a good experience with Mullvad?

Jordan Bravo: I have.

Stephen DeLorme: Yeah.

Jordan Bravo: I've been using them off and on for the past couple years. I'm currently using Mullvad via Tailscale. And I find it to be really useful and good bandwidth most of the time. They have servers all over the place.

Stephen DeLorme: I used to use them as well a lot. And before I switched to Proton there, I, I thought they were really cool. One kind of interesting quirk about them is they, uh. I thought the account number feature, they don't take an email address from you. Mm-hmm. Uh, I don't, I don't think you mentioned that [00:29:00] already, did you?

Jordan Bravo: I didn't, no.

Stephen DeLorme: Yeah, it's like they basically just like when you sign up, you know, typically you give an email and a password and they're just like, " Nope. Here's your account number we generated for you. Don't forget this". So obviously you want to put that in your password manager, but if you, um, sign up for Mullvad, you just store your account number which you can think of as just kind of like a password. And if you want to top up your ability to use the VPN, then you can send them Bitcoin or pay with like PayPal or credit card or something like that which, you know, is o obviously a little less private. But yeah, you can pay with Bitcoin and uh, just have an account number and just go completely anonymous, which is really cool.

Jordan Bravo: Thanks for bringing that up. I, I almost forgot to mention that. I like that feature because if you don't want to use a email address, let's say you don't have an alias service or you just don't want to give Mullvad any information, like you said, you don't have to. They generate an account number for you and that's all you need.

And paying with Bitcoin is also a [00:30:00] huge feature. I believe they accept lightning as well.

Stephen DeLorme: I think they do.

Jordan Bravo: The next provider we're gonna talk about is IVPN. And they're very similar to Mullvad. I would put them neck and neck in terms of competing features. They're very privacy focused and they, they have servers all over the world, including the US and they also accept Bitcoin. And they also have the account feature that where you only need an account number and you don't have to use an email or, um, set one up like that.

Stephen DeLorme: Hmm. I've never used this one before. That's cool.

Jordan Bravo: Yeah, I, I don't have much to add except that they're great. They have a good reputation in the community. I've used them personally, and I would certainly use them in the future. The only reason I'm not currently is because they don't have an integration with Tailscale yet. Hmm. I see.

Stephen DeLorme: Credit card, [00:31:00] PayPal, Bitcoin, Lightning Network. Good. Monero, and Cash.

Jordan Bravo: I forgot to ask, does Proton accept Bitcoin?

Stephen DeLorme: That I don't know. Um, though if they don't, I would hope they would. They actually, now have a product called Proton Wallet, which has some really cool features. It's basically an Onchain Bitcoin wallet that runs in the browser and you know, it, it's got some pretty clever integrations with Proton Mail, uh, that maybe I won't get into right now. Uh, I don't wanna nerd out over it too hard and, uh, send us too far off track, but. so I, yeah, I'm not sure if they accept Bitcoin or not, but that'd be cool if they did.

Jordan Bravo: Maybe we'll do another episode on Bitcoin wallets and we can discuss that in further detail.

Stephen DeLorme: Yeah.

Jordan Bravo: Anything else on IVPN before you move to the next provider?

Stephen DeLorme: Uh, I haven't really used IVPN, so I don't really have anything to add there.

Jordan Bravo: Okay, well the next VPN provider is Obscura, and I'm gonna let you talk more about this [00:32:00] because I have not personally used this yet.

Stephen DeLorme: Well, so this is an interesting one. It's actually kind of under the hood. It uses Mullvad, which we've already talked about. But Obscura's whole pitch is, well, I'll just read out what it, there says what it says on their website. "Privacy, that's more than a promise. Meet Obscura, the first VPN that can't log your activity and outsmarts internet censorship."

So the idea is that like we mentioned earlier, you pay for a VPN provider, you're kind of trusting that when they say that, "Oh, we don't log your activity, you're trusting them to not log it." And also if they did log it, you're trusting them to not share those logs with anyone.

So Obscura's whole thing is, "Well, we've built this in a way to where we provably can't track your activity." And the way that they do that is that I, I don't, you know, fully understand, the exact details, but it's something to the effect of they use Mullvad under the hood and the idea [00:33:00] is that you are encrypting your traffic, I guess, against Mullvad's public key or something to that effect.

So it makes it so that they can't actually decrypt any of your packets and they're just kind of acting as this relay that forwards your packets over to Mullvad. It's almost like a little bit of like the, the same way the Tor works, where you have these kind of like multiple hops.

It's just that instead of like randomly choosing all these different Tor nodes around the world and forming a circuit, you're just sending it directly to Obscura and then they're passing it on to Mullvad. That's my understanding of it. And um, you know, they say, "Hey, we have a, you know, Obscura is purely private by design. They never see a encrypted packets and it's impossible for us to log this activity. You can even verify this yourself." So you can go to their like GitHub and uh, like look at the code 'cause it's open source. I think that because this is you know, kind of like a, almost like a white labeled Mullvad.

They also accept Bitcoin and Lightning Network. And they [00:34:00] similarly don't keep track of your email address and all that. They just give you an account number. It's pretty easy to use. I just downloaded the client, uh, on my Mac. It has, I think it's only Mac OS right now.

Let's see. Downloaded for Mac OS? Yes.

Jordan Bravo: Yeah.

Stephen DeLorme: So I guess there, there's hopefully there's talk of, you know, getting more platforms supported in the future. But right now it's a Mac OS thing and it works pretty good.

Jordan Bravo: I look forward to trying it out when it comes out for Linux. If I'm understanding it correctly,

normally, like we said, you're trusting the VPN provider. So if I'm using Mullvad, they're seeing all of my traffic and because they have to decrypt it in order to send it, so, so I have Mullvad's key in my client and I'm encrypting my traffic, sending it to Mullvad, then Mullvad decrypts it and sends it to my destination whereas with Obscura, it sounds like there's two levels of encryption there. So I [00:35:00] encrypt my data with or I encrypt my traffic with Mullvad's key, I believe, and then I send that to Obscura and then Obscura encrypts it. And I don't know, there's two levels of encryption there. I might be getting the order wrong, but it sounds like the, the gist of it is that Mullvad can't see where it's coming from, so they don't know it's me. And then Obscura, they don't know the destination.

Stephen DeLorme: Yeah, I think that's about right. I mean, it, it's almost like you're constructing a, an onion request. You're just like encrypting to Mullvad and then encrypting to Obscura's key, sending to them might be how it works. But we could, uh, you know, I'm sure Carl, the author would love to answer any questions about this if anybody has them.

Jordan Bravo: Yeah. We'll, uh, we'll try to get him on the show. Boost in and let us know if you're interested with either, uh, using Fountain or you can email us at [00:36:00] sovereign@atlbitlab.com and let us know if you are interested in this topic. We can do a further dive into it. I'm personally looking forward to when it's available for Linux, and the only skepticism I have is I'm wondering if the bandwidth would be constrained. Have you noticed good bandwidth with it?

Stephen DeLorme: Yeah, I mean, I haven't like rigorously stress tested it though. I haven't gone and like, you know, gotten on like you know, video call while also streaming a YouTube video. Right. So I'm not sure in that regard, but I didn't notice any noticeable performance hit with it, so that that part aspect of it was fine.

Jordan Bravo: Okay. Let's talk about now the downsides of VPNs. We already covered a couple of them, which is trust. You're putting your trust in one centralized party. Another would be the cost. Any VPN provider that is trustworthy and has [00:37:00] high bandwidth servers, they're not gonna provide that for free. We talked about Proton has a free account, but it's constrained bandwidth. So the cost is a second, uh, trade off with it. And the last one is something that I don't hear talked about too often, which is that when you are browsing the internet with a VPN, you're treated as a second class internet citizen. A lot of sites of big companies, they have anti-spam and anti-scammer prevention-

Stephen DeLorme: Mm-hmm.

Jordan Bravo: software running that automatically flags any traffic with the VPN, as a scam or spam. And so they block it. And so as you mentioned earlier, sometimes you're trying to watch Netflix or some other streaming site and they will say, "Sorry, we don't allow VPNs to connect." And so you have to turn it off or just not watch it.

Another thing that I think is even worse is when sites just straight up won't load with a VPN. Mm-hmm. And I see that happen sometimes and it is so frustrating. And [00:38:00] at this point I just I, I'm in the habit now where if a site is not working and I think it should, I just turn off my VPN and try again.

But I'm, I'm also trying to stand up for my internet citizen rights by choosing my providers carefully. So if I have, if I'm working with a company and they don't allow VPNs to connect, I'm gonna consider finding an alternative in the future. So, if it's easy for me to pick a, a competitor. And the competitor does allow me to connect with a VPN, I'm gonna go with that competitor.

Stephen DeLorme: One time I was trying to sign up for a Bitcoin exchange and their marketing website looked really nice and I clicked, you know, like the login button or whatever, and I kept giving me like a white blank page where it'd be like, uh, you know, we're, you know, emailing you a confirmation code and I'd be like, "Okay, get confirmation code, enter it in." Oh, and then it would redirect me to a white page, given all these problems I got on like a chat with support, [00:39:00] was trying to figure it out and uh, you know, they were kind of blaming the problem on me and or you know, you know, saying that everything was working fine on their end.

Then I finally figured out, turned my VPN off, and suddenly it worked. I'm like, "what the heck? It's like a Bitcoin exchange and they won't let us go through a VPN like that's annoying."

Jordan Bravo: Yeah, it's ridiculous. And the worst is they will gaslight you into thinking that you're doing something wrong, like you said, and or they'll try to make it seem like you are a criminal or guilty of something just because you're using a VPN.

Stephen DeLorme: Yeah, absolutely. I mean, yes, we should stand up for our rights and our use VPNs. It is just like, broadly speaking, I think a tricky problem. [00:40:00] It's very similar to problem with email like we've touched on briefly in the email episode where like there's such a spam problem that a lot of the, you know, sometimes for like company spam filters, it's just like easier for them to just like kind of gray list or blacklist things that don't come from a known major email provider like Microsoft or Google. And I think it's kind of a similar thing where there's like, obviously if you're going to commit some kind of crime, you're gonna wanna obscure your identity. So it's like, uh, not condoning it, but just, you know, putting that out there that you would want to if you were a criminal. So if you're gonna try and perform some kind of crime on a website or you're gonna try and DDoS it, you know, uh, DDoS attack it, hack it, something like that, you're probably gonna try and use some kind of method, VPN or otherwise to obscure your identity. So there's these problems were for companies, it's not right necessarily, but it's like, I think it's just a kind of like a, it's like a [00:41:00] lazy fix. It's like, it's easier for them to just be like, "Well, let's ban all VPNs because if we ban all VPNs, then like we're probably gonna ban any bad person as a result. Like you're probably not going to have a situation where someone's going to try to attack us or harm us without a VPN."

Jordan Bravo: Right.

Stephen DeLorme: And so because the, the non VPN group of users probably doesn't include a bad guy. Even though they may recognize that the VPN group doesn't necessarily mean they're all bad guys, the bad guys are probably going to be in that VPN group, and so it's just easier for them to block VPNs.

Jordan Bravo: Sounds like they're profiling us as VPN users.

Stephen DeLorme: They are. They're profiling us as VPN users. Yeah.

Jordan Bravo: I think it's also, like you said, a lazy approach because good security would not have to resort to that. I think sometimes it's also a matter of overzealous regulation or, or [00:42:00] rather overzealous compliance with regulation because they just wanna prove ahead of time that, "Oh, we're doing everything in our power to block bad actors." And to me that's kind of, uh, despicable.

Stephen DeLorme: Yeah. Yeah, so it's annoying, but at least some sites are kind of nice and they'll just put up a caption and say, "Okay, solve a caption and prove you're a human. If you're behind a VPN." It's like, all right, I'll, I'll show you my papers. I'll prove that I'm a human. You know, every time I switch VPN nodes-

Jordan Bravo: I'll, I'll train your AI for you.

Yeah. So we talked about the downsides, but I think overall, the takeaway that I would say is VPNs are very valuable. It's good to have one, you know, choose one of these providers or do your own research on another trusted provider and have one on your phone, on your laptop, on your desktop, and know how to use it and get comfortable with it because it's [00:43:00] important to have this tool in conjunction with all of the other privacy and digital, self sovereignty approaches that we take.

Stephen DeLorme: Yeah. And if you can find a VPN provider that will work with Netflix, boost in and let us know, uh, when the next season of, uh, Rick and Morty comes out. If, uh, if it continues to go on Korean Netflix, uh, on a weekly basis, you could use that VPN. Um, to, watch Rick and Morty on Korean Netflix as it comes out every week.

Jordan Bravo: Sweet.

Stephen DeLorme: That's a life choice available to you, but you gotta find a VPN that'll work with Netflix. So let us know.

Jordan Bravo: That would be the dream. All right. Thanks a lot everybody. We'll see you next time.

Stephen DeLorme: Catch you later.

Hey, thanks for listening. I hope you enjoyed this episode. If you want to learn more about anything that we discussed, you can look for links in the show notes that should be in your podcast player, or you can go to atlbitlab.com/podcast. On a final note, if you found this information useful and you want to help support us, you can always [00:44:00] send us a tip in Bitcoin.

Your support really helps us so that we can keep bringing you content like this. All right. Catch you later.

The Truth About VPNs: Beyond the Marketing Hype - The Sovereign Computing Show (SOV012)

Tuesday, April 22, 2025

Chapters

Links

Transcript