Why a VPN Is Bad

16 Nov 2021

  1. All the pros aside, is it a good anonymization tool, after all?
  2. Why Are VPNs Bad?
  3. How Can I Hide My Digital Fingerprint?

All the pros aside, is it a good anonymization tool, after all?

It might come as a complete surprise, but do you know a VPN is one of the most unreliable tools in the matter of anonymity? We have already explained how a VPN works and what it hides , and we also compared the technology to proxy servers and anti-detect browsers . So, let’s get straight to the point and expound on why using a VPN is a bad idea.

For the record, no VPN is an ultimately useless technology. It helps us access websites banned in our countries for no reason and secures our connection when using public WiFi. It certainly does a bunch of good things. But what else? Well, nothing else. And no, it doesn’t concern only free VPN services — just about any VPNs, even expensive ones, have very little to nothing to do with anonymity.

We’ve already mentioned in our previous articles that VPNs do not spoof your digital fingerprint. Now we’re going to have a closer look at what even a good VPN may not hide at all and why you risk getting uncovered in the very end.

Why Are VPNs Bad?

Websites collect and parse a lot of data outside of geolocation stuff. It’s never just your location but plenty of other different things. Worst-case scenario: they might unveil just about everything about your PC, including its OS and even hardware. One of the few things many VPNs don’t conceal in this regard is the HTML5 canvas element that, for instance, renders 2D shapes when you’re visiting a website.

The thing is that different operating systems and video cards do that in their specific ways, and many websites can collect this kind of data without having you even think about it. You’ve probably guessed it — that’s how many websites may presume what operating system and even a video card you might have.

Another thing that VPN services fail to hide is WebGL metadata (Web Graphics Library), a JavaScript API used for rendering interactive 2D and 3D graphics. Like Canvas, this technology helps websites learn your OS and hardware. When having just your canvas hash, a website can merely juxtapose your data to other users and guess (although with a high percentage of certainty) what kind of PC you’re using. Spicing it up with some additional info about WebGL data makes them almost sure about what device you have.

This data, combined with the user-agent (a kind of software agent exploited by many web browsers), gives an exhaustive insight into what web browser you’re currently using and finally makes it 100% clear what your OS is. Again, different hardwares process everything differently, so your user-agent will be containing another bit of information that may get closer to your real personality.

"Alright, let’s say they’ve figured out I’m on Windows 10 and am using Google Chrome, so what? How many people like me are there? Based on StatCounter, it’s, like, 50% out of all the Internet users? Lol, good luck finding me among them all! Besides, I can easily cover up my user-agent. The two things that do indeed matter are traffic encryption Alright, let’s say they’ve figured out I’m on Windows 10 and am using Google Chrome, so what? How many people like me are there? Based on StatCounter, it’s, like, 50% out of all the Internet users? Lol, good luck finding me among them all! Besides, I can easily cover up my user-agent. The two things that do indeed matter are location. And a good VPN deals with that pretty well. Period!"

Fair enough. And you can, of course, fake up a user-agent. True. The problem is, there are dozens of technologies websites use to get to know you, not just the canvas, WebGL, and user-agent. Another problem is that even if you spoof a few things, you must be sure your digital fingerprint is consistent enough. What does it mean?

Imagine you’ve managed to falsify your screen size, WebGL vendor (a company that basically supplies video cards), and RAM on your MacBook Air M1. If you were not cautious enough and, say, made your RAM 4 GB, WebGL Vendor Google, and screen size 7680 x 4320, you’re done. Why? Because such MacBooks do not exist.

Even one mistake is more than enough here — Google doesn’t supply Apple with video cards. So before you run to spoof anything on your own, make sure that every single configuration and parameter correlates with one another. Otherwise, you do nothing but create a device that doesn’t exist and instantly draw a lot of unwanted attention to yourself.

"Okay, I got it. But I don’t need to change everything. Fine by me, I don’t care if somebody knows what PC I have."

It’s not just your PC, though. Let’s imagine you’re Vietnamese using a VPN. You’ve selected the US. Okay, great! Now everyone thinks you’re in the US. But you’ve forgotten to change your language preferences and system timezone. How many Vietnamese are there now traveling across the US with the Vietnamese timezone and language preferences? Well, probably almost none.

These two little details you didn’t bother about when choosing another location may easily lead to you. For your information, it’s not only your language preferences and timezone. There are some other workarounds through which one may learn your location. Sometimes it might be even a piece of new hardware installed at a local repair shop. Knowing that you’re Vietnamese sitting in front of a new MacBook Pro and browsing the Internet in Mozilla Firefox cuts the search down to around 0,01% (probably much less) of the world population.

"Okay, suppose it’s true, but this is an easy case. Even using Mozilla Firefox on macOS tells a lot without knowing they are Vietnamese (around 100 mln people in total). But what if my language preference is English (over 1 bln people, at least 7 or 8 countries having it as an official language), my OS is Windows 10, and my web browser is Google Chrome? It’s going to be, at least, like, 5% out of the world population! That’s about 400 mln people in a few countries. It’s impossible to check them all. Besides, even 0,01% is still going to be a lot!"

Also true. But keep in mind that we’ve so far discussed just a few things in this article. There is much more stuff websites use to uncover your real personality when you open their pages. And the more information they have, the closer they are to you.

No need to lie here. A particular PC model, country, and timezone is a lot, but not enough to find exactly you. That’s why VPN services come in handy when you just want to change your location to, say, access an entertainment website. Even to watch Netflix. Fine. They don’t care — in fact, they are even happy you did that and finally subscribed.

But what if you want to work or retrieve some secret information about something? At this point, you’re not doing this in the interests of those companies and are walking into the territory of big shots that do know well what real security is.

Amazon, Google, Facebook, YouTube, Instagram, Baidu, betting companies, governmental institutions, and many others do not only track your location and reveal all the details about your device. Tech giants also allegedly analyze your behavior, habits, and interests. And they watch you across not just the Internet but many apps and platforms, mustering all the information.

Although good VPNs’ encryption prevents websites from tracking headers and cookies, there are still things that might help websites understand it’s you regardless, such as content preferences, passwords, and even the way you click. On their own, they do nothing. But combined with the information about your digital fingerprint, it significantly simplifies the job of finding you.

Believe it or not, even a college student studying cybersecurity is able to cut the search right down to 1% of the population with you using the best VPN service. Just imagine what tech companies can do. But you know what’s the funniest thing about using a VPN? Quite often it even fails to spoof your exact location.

The WebRTC (Web Real-Time Communication) technology activated by default in many web browsers allows third parties to straight away get your real address despite you using a VPN. You should use a really good VPN to handle that issue. But again, even in this case you still have to keep an eye on many other things — the more information gets leaked, the higher the chance you may get completely uncovered.

Reputable VPNs do indeed encrypt your traffic and hide your location, but they never mask your device fingerprint sufficiently, which along with behavioral factors may easily uncover your real personality. It’s merely a matter of time and amount of data collected you were not cautious enough to hide.

How Can I Hide My Digital Fingerprint?

Spoofing a digital identity isn’t just a whim of multi-accounting geeks — it’s a must for those seeking absolute anonymity as well. A VPN is bad at handling that since it only takes care of your location and encrypts your traffic. To achieve maximum, real anonymity, you have to cover up every single detail of your digital identity. And so far, the only thing that does it is an anti-detect browser.

We’d love to hear questions, comments and suggestions from you. Contact us support@gologin.com or leave a comment below.

Are you just starting out with GoLogin? Forget about account suspension or termination. Choose any wed platform and manage multiple accounts easily. Click here to start using all GoLogin features