The common advice is to sign up to a VPN provider anonymously, and to pay it anonymously too, with something like Monero. Mullvad is a great example, where they don’t ask the user for any data, not even a password, and they allow for Monero payment to avoid asking for payment details.
But you connect directly to the VPN provider, so the VPN provider can know your IP address. Similarly, your ISP can know that you are using that VPN provider. So with enough coordination and access, like law enforcement can have, your traffic could be tied to your identity. I’m not saying anything new here, that’s why it’s commonly said that VPNs are for privacy from your network manager and your ISP, while TOR is for anonymity.
So what’s the point of using anonymous payment methods for VPNs if VPN usage isn’t anonymous? Isn’t paying the VPN provider anonymously giving a false sense of anonymity? What use case or threat model am I missing?
Payments, accounts, and emails are common ways LE associate you with the VPN. Correlation attacks involving netflow data is more common in a Tor situation (no bridge) not a VPN unless the VPN themselves are logging. IP’s talking to each other doesn’t really mean anything. We are connecting to tons of IPs at any given moment.
If we assume no network logging from the VPN provider, shouldn’t we also assume no payment detail logging? So the same mechanism that can force the VPN provider to log the payment details of a specific account for later disclosure, would be used to log the origin IP addresses for that account. Getting the identity behind the payment details might be easier than getting the identity behind an IP address, but the IP address would get logged much frequently than the payment details, so they would be able to get the information they need quicker by forcing to log the IP address.
Not really. Your ISP may keep a log of IPs it assigned a group of routers (or, in the case of IPv6, it may uniquely assign IP ranges to each router). If your VPN provider also keeps a log of client IPs, then (correlation attacks mean) using a VPN made no difference (in terms of “hiding IP” / privacy, at least).
You can’t. The usual digital payment instruments are extensively regulated and KYC (know your customer) is a norm in many jurisdictions.
Yep. Reason why PG doesn’t recommend VPN providers[1] where law makers can coerce them in to secretly logging customer data/metadata.
Note that, even the “no log” providers may still log identifiable data to prevent abuse.[2]
“There is an additional accounting service whose goal is to prevent abuses and ensure the continuity of the Proton VPN. Its actions are performed by a dedicated external system, owned, and managed solely by Proton Team. These servers are kept in a secure location in Switzerland. User data is not logged or stored there in redundant, unnecessary amount. The accounting service was outside the scope of the audit.” securitums-security-report-for-proton-vpns-no-logs-policy-2024 : SECURITUM : Free Download, Borrow, and Streaming : Internet Archive↩︎
If using a laptop away from home, e.g. cafe, hotel, their ISP knows that a connection to a VPN is being made, but they don’t know which customer/guest is making it.
I understand your argument though, if talking about a home ISP when it’s in your real name. But in some places multiple VPN companies are using the same data centers to route your traffic. In my country (Germany) it’s like that. My ISP knows I’m connecting to a VPN, but they don’t know which VPN provider I’m connecting to. It could be any of the VPN companies renting the same servers and rotating traffic through the same IP addresses.
Generally, this is correct. Even if you pay anonymously, you are not anonymous. They know your ip address, and you have to trust them not to log that or sell that or tie that back to you.
However, you can theoretically set up a You > Tor > VPN > Website tunnel. If you only connect to the VPN while already under the protection of tor, the VPN provider does not know your ip address.
This may hurt your anonymity compared to just using tor, since you will not have stream isolation. Your activity may be correlated together over time. However, this might be necessary in order to connect to websites that block tor but allow at least some VPN servers.
In the above scenario, anonymous payment to your VPN provider is useful.
Let’s say you have 100% trust in the VPN provider not storing your credit card transaction details and they perfectly shred all evidence.
Well, they are a merchant, and have a merchant account, and must be registered with some payment processing service like Stripe (at least for credit cards…). When you pay with a credit card, your transaction is sent to the payment processor, but they need to talk to the bank associated with the card. They pass this along to the payment network like Visa. Let’s say the merchant disposes all data relates to you, the payment processor will still keep that data, and that data also is sent to the payment network. Fraud vendors and banks utilize all of this information, and more, about you to determine if a credit card was stolen or not. This also means if this is in your threat model, they will know what VPN you use.
If you pay with cash, that information isn’t shared with anyone but the VPN provider. If you pay with crypto, the info is on the blockchain (ymmv depending on which coin you use, and anonymization steps taken), but isn’t shared outside of that.
Makes sense. The point I was missing was that using anonymous payment methods for paying the VPN isn’t for anonymity, but for privacy, reducing the amount of parties involved in the transaction between me and the VPN provider. In which case, paying with anonymous but not private methods like Bitcoin, still don’t make much sense to me, because the point isn’t using anonymous payment methods, but private ones, like cash or Monero.