Bulletproof privacy in one click
Discover the world's #1 privacy solution
Coming soon
Coming soon
Coming soon
Blog1 minutes read
November 19, 2022
How Governments Track VPN Users
Through the power of legal subpoenas, governments can request information from tech giants in order to track your online activities.
Most tech companies have agreements in place with their local governments. This lets them grab details about your devices that they can use to track you. If they use this technique, a VPN won’t protect you.
Need an example?
Using ISP And Google Analytics To Catch VPN Users
If a government wants to track your Internet usage, the first thing they’ll do is pull your ISP records. If you’re using a normal VPN, they’ll be able to tell because all of your requests will be going to one destination: The VPN itself.
VPN servers that use multiple hops are slightly more annoying to track. But once the government sees huge amounts of traffic being redirected in certain patterns, they’ll quickly figure it out.
The government’s next stop is Google Analytics. They’ll subpoena Google to get a history of the traffic flowing to the VPNs they discovered from your ISP history, and the ISP histories of millions of other people. Even if a user always blocks Google Analytics requests, something as innocent as Google Fonts can be used to get similar results. If you use any Google services at all (Docs, GMail, Fonts, YouTube, Search, etc.) you’re probably at risk.
Next, device and browser fingerprinting is used to sort this traffic. Remember that VPNs do nothing to stop fingerprinting. Soon enough, the government will have fully fingerprinted traffic that they can use to find patterns.
They have a ton of ways to link device and browser fingerprints to your real identity. They can pay for the information that advertisers have collected over the years. They can use data scraped from tapped undersea fiber optic cables. They can get the information from the big banks by saying they’re looking into money laundering.
Once a match is found, the government just needs to cross reference your device or browser fingerprint to any real-life activity you’ve made: Banking, E-mail, social media activity, location data left on images. Anything that will provide an address to go along with this massive profile they’ve built up.
Depending on what they find, the next subpoena they request could be for home wiretapping, property search, seizing hardware and software, or even personal surveillance prior to an arrest warrant.
Don’t Get Caught Out
The lesson is clear: Don’t rely on VPNs for privacy. They’ll always let you down. Instead use a dedicated privacy app like Hoody to obscure your device and web browser fingerprint, before it’s too late.
Will RWill is a former Silicon Valley sysadmin and award-winning non-functional tester. After 20+ years in tech, he decided to share his experience with the world as a writer. His recent work involves documenting government hacking methods while probing the current state of privacy and security on the Internet.
