I remember reading arguments against using VPNs with services that already know who you are such as Instagram and Snapchat.
However, I have a counter argument for this and want to know people’s opinions on it.
An IP address is a universal data point that is not tied to a specific service unlike your friend list for example. IP addresses are also almost always unique to you and can be used to correlate data about you specifically.
Therefore, even if Meta knows everything I do on Instagram and builds a relatively thorough profile on me, they will not be able to tie that profile to me when I browse the web. Same goes for Snapchat. This is why I believe using a VPN for these types of services is still a good idea.
Are there any flaws to this or anything that I haven’t considered?
If you remember, would you paraphrase the reasoning of the people recommending against that?
While I don’t see a super compelling upside to using a VPN with true-identity social media accounts (beyond eliminating one identifier/datapoint), I don’t really see any strong reasons not to (personally I’m much too forgetful and lazy to disable my VPN just to check some social media account).
I suppose by using a VPN with (e.g.) Facebook, I’m at minimum telling them that (1) I use a VPN (2) the VPN I currently use is [some_vpn].
Mullvad Browser Extension users have one additional option. You can configure per site proxies or per browser/browser profile proxies so that each domain or each browser/profile exits from a different VPN server (even concurrently)
I do not unfortunately. Thinking more about it, I see definite reasons for not using Tor with known identities, but not much for VPNs. Maybe the person had confused the two of them. Still, I would like to see if anyone has any arguments as to why to avoid doing this. I believe it is more beneficial to do it honestly.
It could definitely be that. Another possibility that is pretty common in tech communities is people can often be more absolutist in their language than they probably intend to be. Non-recommendations and anti-recommendations are often conflated (as in “I don’t see the benefit of X” or “personally I don’t do X” often gets phrased as “Don’t do X”
(or their are legitimate risks that neither of us have identified yet)
I agree with you on the topic of Tor (and for threat models that rise to the level of needing Tor level of anonymity), a clean and full separation of identities is much more important in that context. As well as additional security concerns.
I used to not care about VPNs as I had no reason to use them.
Then my IP got leaked in a data breach for a site I used once (one of those forums that requires you to create an account to be able to see anything). The leak included a geolocation that was within a few hundred feet of my house (surprising to me because most IP geolocations think I’m in another town because that’s where my ISP is).
I can only assume it’s to do with other fingerprinting methods — Canvas, WebGL, Javascript, etc — assuming your browser doesn’t have the protections, and reducing the chance of the corporations finding some overlap between your KYC and non-KYC identities/habits.
I have never understood the suggestion to disable your VPN when using services that know your identity. The big problem is that if you disable your VPN to use a particular site, you expose your IP address to everything else currently using your network as well. So, anything using the internet in the background will now know your real IP address.
I use a VPN inside a virtual machine for casual web browsing where I don’t need to prove my legal identity (either because there’s no log in requirement or where the only identifier I need is an e-mail address). I use my raw ISP connection with a different browser on the host for stuff where my legal identity matters (banking etc).
This is partly habit, partly to avoid sites like banks getting stroppy about my use of a VPN and partly to avoid linking my VPN IP address with my real identity. I don’t think the latter is a huge deal, but I guess it’s something.
