I've never had an issue using my private WireGuard VPN. I can always access iPlayer / ITV and other UK services when abroad.

I’m using VPN Unlimited for the last 3-4 years, so definitely a commercial service.

They have a couple of streaming points in the US that until last year worked pretty flawlessly. Disney, HBO, Hulu, Peacock, AMC+, Amazon Prime, Freevee, etc.

This is slightly off topic...

What exactly does a VPN do? (I am being a bit facetious, of course, but also curious.) I have SurfShark on my phone and Norton on my notebook. The Norton version allowed me to login to my bank; I set the location to US when I was in Philippines. I also use DuckDuckGo as a search engine; in Edge 'InPrivate' mode, FWIW.

Interestingly enough, I went to a website two days ago to obtain support for a product that I recently bought. Now Facebook is showing ads for that particular product. And today, I posted a review in TripAdvisor. At the end of the review, I was encouraged to review other places I had been. A chain restaurant in Manila that was a spontaneous decision, paid with my credit card - no research on TripAdvisor, no other discussion with anyone - online or verbal. And a hotel in the Middle East that I booked directly with Marriott - no searches outside of the Marriott site as I knew exactly where I was going to stay.

Aren't VPNs, alternate search engines, and/or 'InPrivate' mode supposed to protect against these things to some degree?

Yes and no. I find all the hype that most Youtube creators promote about VPNs complete garbage (eg, it does not protect you against viruses). They REALLY do not understand what a VPN can and can't do. A VPN can make you look like you are somewhere else... and it can make it harder for a man-in-the-middle (like your ISP) to identify what you are doing. And that's about it.

So... back to your other stuff... why were you tracable in the other two situations... Facebook... if you had logged into Facebook during the same session as you visiting the product web site (eg, visit facebook, do your stuff then go to or search for stuff related to the product without closing the browser), it is likely the product manufacturer likely has a facebook analytics link somewhere on their page which means Facebook now has your interest in their system. Doesn't matter if you were using a VPN or the "private" mode in your browser. For TripAdvisor, it's a bit more random in that they predict where you have been by comparing where you reviewed with other users and guessed where you might have been. Marriott likely has an analytics link as well (or potentially a data sharing agreement... there was a bit of a privacy issue recently here in Canada about Home Depot sharing in-store purchasing data with Facebook which is similar).

So, how do you reduce/avoid much of this tracking stuff? If you visit any site where you have to sign in, close all "privacy" windows (they're often linked) and open it fresh. Periodically close off all browser windows and clear your cache. Do not use the "stay signed in" stuff or the save password function of your browser (which could potentially sign you back in). This is one way law enforcement tracks down people. When you actively interact with a site, you leave traces of data (eg, posting in a forum will contain your post, your forum ID, the data and time of your post as well as the IP you posted from). Do it enough times and someone who has access to that data can build up a profile about you. And with all those analytic pages (eg, Google Analytics or FB analytics), done intelligently enough, can track you down.

You should also check the logging data of the VPN providers you use. I suspect (read: too lazy to check) that Norton's VPN does keep logs... Surfshark claims they don't, but I haven't kept up to date to see if that has been tested. If they log, technically you can still be traced.

There are a number of other things you can do, but they may interfere with your use of various web sites (but would keep your privacy)

Cookies, Facebook Pixels, your browser fingerprint, being logged in to sites, etc. can all identify where you are. So can your phone. Your IP address (which your VPN hides) is just 1 single identifier among many. It does make your browsing activity more secure from prying eyes when you use public hotspots, but it's not the only security measure you'll need if you really don't want to be identified.

Do you never stay logged in on sites like FT? You're always signing in for each session?

Actually I do log in every time I reboot (and use a separate browser for general browsing vs. my web-based email). And recent examples show it's not a bad practice (ala LinusTechTips among others)

InPrivate and private mode browsing indicates to your browser to not store information on your computer or more likely, delete it when the browser session ends. It can be useful if you must use a computer not your own, eg: Hotel, Lounge etc, notwithstanding the other reasons and cautions to not use public computers. The reality is browsing the web leaves traces all over the local computer, the server at the other end and often at points along the way.

Agreed and the ads are just as bad. The best video I ran across was by Tom Scott a little while back. It is about 8 minutes long.


In it he describes what a VPN can and can't do for you. The 'wrapper' of the video was why he was not going to take the sponsorship. About a year after he made that video, he finally did take a VPN sponsorship but is very careful about what he says it does for him. He uses it more for the change-location feature for booking travel or getting better car rental rates. If you don't want to click the video link, you can probably find the video on his channel.

For Common VPN client services: If your traffic was going from LAX to NYC to BOS on routers, each point in the path can basically know where your traffic is going, but not the contents, assuming a modern browser and website. if you had a VPN from LAX to NYC, each point in the path from LAX to NYC would only know you were going to NYC. Each point in the path from NYC to BOS, where the traffic is no longer 'inside' the VPN could know about your traffic, and the computer in BOS would think you were in NYC, not at LAX.

Anyone read the T&C's for 'Free' Wifi in the Amex Centurion Lounge? At least as of late last year, it said they could monitor your traffic. A VPN would make it more difficult for them to do this.

VPNs are good for:

Changing your location to better interact with web sites.

If your school or office or free Wifi is nosey, a VPN can help them MYOB. This may be against policy, don't get fired.

Open Wifi access points in restaurants and so forth, that do not use encrypted Wifi can be made more secure if you turn up a VPN. Otherwise the first mile may not be encrypted. This can help if the local neighbor calls his wireless "Starbucks" your laptop already 'trusts' so connects to "Starbucks", but in this case it's not really Starbucks.

Online advertising privacy: Your home IP address may change very slowly over time, enough that advertiser can use it to target ads if they can't by other means such as browser cookies, phone apps and so forth.

VPNs are bad for:

Planning crimes. If they want to find you, they will find you.

Concealing what websites you went to: You need a private mode and VPN and your client needs a properly configured DNS client. It makes no sense to try to hide from your local ISP but continue to use their DNS. Even with this the server at the other end knows you were there.

VPNs are not bullet proof. Apple has had some problems where their devices sent traffic out unencrypted even though VPN was active. Not intentional, just bad code. If your computer has Malware on it, the VPN can be bypassed. If you run a VPN it does not stop you from getting malware.

Multicast and Multipoint. It can be done with extra work. Doesn't apply to commercial client VPN products, tends to more be for corporate site to site VPN. You can probably ignore this and live a full and happy life.

Apple Reference https://9to5mac.com/2022/08/18/ios-vpn-apps/ article using https://www.michaelhorowitz.com/VPNs...S.are.scam.php as source. Geek speak: looks like split tunneling is not properly set up. If your company centrally manages your Apple devices, they may be able to change the configuration.

I got an email yesterday from Google touting their new (?) VPN.

Anyone have informed opinion about it?

Heard about it, but not a lot of news before. I see Android Authority did a review. If it's accurate, it likely won't fit most people's use cases unless you just want to obscure your location within the country you're in (assuming you're in a country that supports the VPN). I'm also doubtful about the logging aspects that Google provides as well as the decoupling of ID to the VPN token.

Some of the highlights...

o The exit point of the VPN depends on the entry point (eg, if you're in the US and you activate the VPN, you're still showing as in the US.... you do not have the choice of exit points). If you're hoping to bypass geoblocking of content, this isn't for you.
o There is logging of data so there is a possibility for associating you to your data (eg, you can send feedback for example)... So if you do anything nefarious, it is possible to link it despite them saying they don't log a lot of data. In the article, there is also no mention of how long any logs are retained (they do mention something about how often you use the VPN within a 28 day period, but no mention of how long that logging is retained)
o It's not a separate service, but bundled into Google One. Depending on your use case, this can be a good or bad thing.
o They don't mention if there is a bandwidth or transfer limit (some VPNs like TunnelBear have transfer limits)... It's not a great idea to not investigate depending on what you're transferring though... if it's a lot of data and there is a cap, you could find yourself in a bad spot.
o They don't mention the encryption method. While this isn't always a dealbreaker (it should be) you have to wonder how secure are the channels against man-in-the-middle attacks.

This all presumes you take Google at their word. Also consider, the logging and association of your data hasn't been tested yet. This is really a rudimentary VPN that can only really be useful if you're just sticking around one country and trying to make it a bit harder to track. Compared to the other big VPN providers (eg, Nord, Express, PIA, etc.) it lacks in many features you're more likely to use.

If you do get it, I would highly recommend you still follow many of the tips some of us have posted above. Especially for this VPN as it really only obfuscates your exit point (and only by a small bit). If you log into any site, they can still trace you through cookies (at the very least) and any data logging they do themselves (and the analysis of that data).

Other reviews: TechRadar, ZDNet,

Overall, if you use a dedicated commercial VPN provider, I'd keep using that instead. I'm not violently against Google and how they handle security (there are some reviews out there that are), but this one just reeks of a bad idea.

I'm in Europe now. I've only used my own VPN server, running on a T-Mobile Cell Spot router.

I have Surf Shark but have barely used it.

For one thing, if I don't use a VPN of any kind, all the sites I frequently visit all ask me to select cookies again. Very annoying.

So I use my home VPN server and I have the same IP I use all the time from home.

Surf Shark is just too wonky with many sites including FT.

This most helpful. The only time I need a VPN is for occasional domestic U.S. air travel and connecting to airport/hotel/etc. wifi, or locally when using, say, Starbucks. I don't need to be able to shift countries.

I also have the Cloudflare 1.1.1.1 VPN for the iPhone.

Any comments on comparing these or if either is fine for my occasional need?

Thank you.

Any recommendations for a good VPN for mainland China? By the way, interesting reading! Not that I need to hide anything, but probably would rather keep private my frequent searches for "defund the IRS," on DuckDuckGo.

I'm not in the tech industry, but have been a little ahead of the curve. From the onset, I was always advised to never use any "free" email service, Google, FB & its many incarnations, etc...the only exception was Twitter for 4 years. So, aside from FT, completely 100% social media free. Even now, when it's important, I call from a landline, and would never text or email.

We have a Google Chromecast that we have setup to automatically connect to a Swedish VPN server.

A few years ago, TorGuard stopped working with Swedish TV providers. We switched to NordVPN. There are occasions when content is geoblocked when on VPN, but it seems to clear up within a few days.

So, a VPN is not end to end encryption. It just encrypts the first "few" legs your data travels. It's encrypted on your computer and then decrypted once it hits you VPN provider so anyone in between (such as a hacker or whoever's ISP you may be using) can't see what it is you are sending, to who you are sending or exactly how much you are transmitting. In effect, you're just shifting who can potentially see your stuff (assuming it's not encrypted further). In your use case where you just don't want Starbucks' (or anyone else) or their ISP to see your stuff, you're happy with not shifting countries, then it's fine. You fit their use case. But if you want to watch Netflix [insert random country here that isn't the US], then you're SOL. If you want to follow the advice of travel vloggers telling you to choose another country where the tickets might be priced cheaper (often a waste of time IMO, but you do you) then you're SOL.

As for 1.1.1.1, that's not a VPN. That's a DNS service (think address book). It's just one additional service that you don't necessarily need to hide from your provider. I suspect you had to download software as I don't think you can set the DNS lookup otherwise (never looked into it). 1.1.1.1 is really just marketed as being faster and might hide some elements of your traffic from your provider (always new methods coming out) as you can encrypt your DNS lookups to 1.1.1.1.

Most VPNs need to be registered with the CCP to legitimately operate in China. Whether they actually have access to the decryption keys to decrypt the packets, I have no idea. But back to the point, Nord and ExpressVPN are the two that are mentioned the most with the expat community. They are constantly swapping IPs in a whack-a-mole game with the people who run the GFWC so your success rate is hit and miss. Just be careful though as while they might not be able to see what you're transmitting, they can certainly identify you connecting to an unregistered VPN provider. You're likely not to get into a lot of trouble (at least used in the shortterm), but thing could change.

Nord and Express both swap out their IPs on a constant basis because they're playing games with (in your case) Swedish provider (but they also do with streamers as well). The thing is it takes time to detect the swap (and no-one I know does it on a daily basis). Once they (any reputable VPN provider) hears reports about being blocked (on top of their own scans) they start the process to obtain new IPs and trading out their old IPs.