I hope you're not paying for worse security or the VPN Myth

29 Apr, 2026

If you’ve watched a YouTube video in 2026, you’ve seen the script. Right between a segment on Ground News and a deep dive into your niche hobby, they stare down the lens and tells you that without a VPN, hackers are out to get you.

Useful idiots who are in some cases intelligent people in other aspects of their lives, aren't just giving the impression of security; they are reading teleprompters that claim a VPN "prevents identity theft" or "stops hackers on public Wi-Fi."

The "Supplement-ification" of Digital Privacy

The VPN industry has borrowed the immoral playbook of the dietary supplement world.

Never mind that such things are trivially easy to debunk

For instance in the UK to legally sell a dietary supplement you have to use accepted evidence to the FSA that everything in your pill cannot exert any impact pharmacologically, immunologically or metabolitically yet that is all the entire industry is propped up on!

"Helps protect": This is the "Supports immune function" of tech. In the consumer's mind, helps protect becomes protects.

"Military-grade encryption": This is the "All-natural" of the software world. AES-256 is the standard for almost everything online today (including the site you're on right now without a VPN). It’s the norm and not a special feature.

"Virtually anonymous": Whilst virtual may conjure visions of a digital world a-la tron - the word "virtually" is the legal escape hatch. It’s the "may reduce risk" that saves them from a lawsuit when they eventually hand your logs over to a government agency.

When you connect to a VPN, you aren’t magically becoming invisible; you’re just shifting your data from one pipe to another.

The Illusion of "No-Logs"

The "No-Logs" marketing pinky-promise is the biggest vulnerability in the industry. If a provider owns the hardware, they own the view.

And sometimes a VPN can actually degrade security!

One of the core parts of the internet is BGP which control hops between servers of the internet. Without the provider be it your ISP or VPN implementing verfication and security at this level it would be easy for a malicious actor (or a rogue government) to perform a BGP Hijack, effectively telling the internet, "Hey, I’m the fastest route to Google!" and rerouting your traffic through their surveillance.

Why a VPN can be a Security Downgrade

If you’re at home using a secure, modern ISP, but you connect to a VPN server moving data with garbage BGP security, you’ve just moved your traffic from a safe neighborhood to a digital dark alley. You’re paying a tenner a month to make your data easier to hijack.

Although my current home ISP the little known Grain Connect is not BGP Safe, Virgin Media is.

Check with Is BGP Safe Yet

The Tor Project: Actual Anonymity at zero cost.

The Origin Story: Ironically, Tor (The Onion Router) was created by the US Navy so intelligence officers could communicate without being traced. It uses "Onion Routing," where your data is wrapped in layers of encryption and bounced through different volunteer nodes.

1. Android (Orbot)

Don't just use the Tor Browser; use Orbot. It acts as a proxy for your entire phone.

• Grab it on the Play Store or F-Droid.

2. Windows (via Scoop)

If you aren't using a package manager yet, you're working too hard.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression

scoop bucket add extras

scoop install extras/tor-browser

Linux (The Big Three)

Debian:

sudo apt update && sudo apt install torbrowser-launcher

Fedora:

sudo dnf install torbrowser-launcher

Arch:

sudo paru -S torbrowser-launcher

3. Pro Tip: Forced Country Origin

Want to look like you’re in Iceland for free? You don't need a "Premium" VPN subscription. Just edit your torrc file (found in your Tor data folder):

1. Open torrc in a text editor.
2. Add these lines:
   • ExitNodes {is} StrictNodes 1 (Change is to us, de, jp, etc.)
3. Restart Tor.

You are now "teleporting" your exit point to any country you want, powered by the volunteer-run web rather than a corporate machine. And you can do this in orbot from the front page via change exit node.

Note to self be mindful of AI touch-ups or slop can easily slip in.