VPN INSIDERS MYTH-BUSTING! Separating Fact from Fiction: How VPNs Really Work

➡ Elon Musk’s dispute with Brazil’s Supreme Court over VPN usage has raised questions about the safety and privacy of VPNs. This article explains how VPNs work, their limitations, and their importance for internet privacy. It also discusses the potential risks of using VPNs, such as being fined for illegal activities or being tracked by authorities. However, the author, a VPN service provider, assures that while VPNs are not foolproof, they are a crucial tool for protecting one’s online privacy and accessing censored content.
➡ Websites often block VPN servers, assuming they’re used for illegal activities, but many people use VPNs for privacy. Cell carriers and Starlink also hide IP addresses, but they don’t encrypt data, so your website visits can still be traced. VPNs can protect your data, but some providers may keep logs of your activity. To protect your privacy, don’t give location permissions to your browser or apps, and consider using a VPN router at home to ensure all internet use is secure.
➡ Mobile carriers like T-Mobile, AT&T, and Verizon have been selling IP addresses and locations to data aggregators, which is a privacy concern. Although the FCC has fined these companies, the data already collected is still accessible. Using a VPN can help protect your online activities and location, but it’s not foolproof. For better privacy, consider using other tools like Tor, and products from privacy-focused companies like Brax.

If you’ve been following the news, you may have heard of Elon Musk’s ongoing battle with the Supreme Court of Brazil, which banned access to x in Brazil. Elon then said you can still access X from Brazil, just use a VPN. And then quickly judge Moriaz countered with a ruling that says anyone using a VPN would be fined $9,000 a day. And then this was refined further to say anyone using a VPN to access X and perhaps because this judge was confused by the technology, then refined it further to say anyone with a VPN and posting fascist comments on X.

The clear takeaway from this is that many people, especially the people of Brazil, need to understand clearly what the risks are of using a VPN and to see if it really is safe. Will the average citizen be charged in their attempt just to have uncensored content? Many people truly dont understand the importance and limitations of a VPN and some actually think that using iCloud private relay from Apple is the same thing. You might notice that iPhones are not banned in China, even though China bans VPN’s and iPhones use iCloud private relay. And there’s more. Many people think VPN’s block location and are surprised when they find the truth or the counter argument.

IP addresses themselves are not supposed to point to specific locations, but yet they do. Do they really? If some country starts banning your Internet access to censored content, is it safe to use a VPN and ignore whatever law bans you from doing this? Are VPN’s actually private? Can’t the VPN service provider track all your activity and provide them to authorities? There’s a lot to cover here and this timely news event gives us the opportunity to tell you all. So stay right there. I’m in a unique position here. As many of you know, I’m actually a VPN service provider myself with my bytes VPN service and it would be in my best interest to tell you that VPN’s are perfect and you need to subscribe to my service.

But I won’t tell you that. Instead I will tell you how VPN’s work as an insider and what the limitations are. I will even tell you what to do if you do not have access to a VPN but but need to feel safer, you will be surprised to find out that you dont need a VPN all the time and not everything you access on the Internet requires VPN protection. There are also absolutist know it alls on the Internet that claim that vpns are all unsafe and that you shouldnt use one ever. People who say this are also very misguided.

The fact is that a VPN is a very important tool, in some instances perhaps irreplaceable, and in other instances it becomes optional. But there is never a case where you say you never need one because whoever says this must be an idiot about privacy. Then there are those that ask will this VPN protect me? Well? Protect from what? That is the gist of the problem here. A VPN protects you from something specific by itself. It doesn’t protect from all threats and that is what we will explain today. In general, the purpose of the VPN is very specific.

It hides your IP address from the target platform. Let’s start out with the mechanics of how a VPN works. First, the two software pieces of a VPN are a VPN client and a VPN server. The VPN client begins the VPN leg. This can be installed on a user device. VPN clients can also be installed on specific devices called VPN routers. We for example, have a device called a bracs router that does this. The only difference between a VPN client on the device and the VPN router is where the VPN lag starts. Having a VPN router is more convenient since no setup is required on the device.

You just connect to the router and the router handles the VPN. VPN clients need to connect to a VPN server the usual approach with any VPN provider is that you’re given a choice of profiles or really just configuration files with an OVPN extension and these files are pre configured to connect to specific servers. The server can be anywhere and the location of the server and the port used to communicate with that server is provided in the configuration or OVPN file. Now the protocol for a typical VPN is called the OpenVPN protocol which is a default and most commonly used protocol for consumer VPN’s.

There is another protocol which some are beginning to use and it is called wireguard. Either way, these two protocols will achieve the same thing in the end, so I won’t get into differences for our purposes. Let me just show you this chart here of what happens. The VPN client connects to the VPN server and creates what is called a private tunnel. So over the open and exposed Internet, the VPN creates a connection that is completely encapsulated. So all Internet traffic, including metadata, is funneled through this tunnel. And this tunnel is powered by AE’s 256 or AE’s 512 encryption.

The only thing visible from this connection is the source and target IP address, which is the VPN client, the VPN server and the port number. That’s it. But if you look at traffic past the VPN server, your traffic appears like normal. Though the IP address will appear to come from the VPN server. So if some entity has the means to spy on everything that exits from a particular VPN server, let’s say some three letter agency, then it could see all the outgoing traffic. However, it will not know the source. So let’s say you wanted to access x from a brazilian VPN server.

Then x will see the traffic coming from the brazilian VPN server. That’s it. If this same user decides to connect to x from a London VPN server, then x will see the traffic coming from London. And there’s no actual way to see if the traffic is coming from Brazil. Now this is not foolproof. Let’s say you’re a government agency and you have physical access to the server. You can then plant a listening device on incoming traffic of this VPN server and recalled all the original IP addresses of the sources. This is how they could then record who is using the VPN in that country.

But you need access to this VPN server to do this. So some brazilian spy agency could do this or order ISP’s to do this for them. Thus, if I were a brazilian, I would not try to connect using a brazilian VPN server. Besides, that server is being censored anyway. So no point in using it. To get around this, you must connect to a server outside of this censored country. In the brazilian case, you could connect to a USA server. But it is even stealthier to connect to another country like the UK. In my example, the less the connection between the government controlling Internet traffic and the VPN data center than the chances of someone installing a listening device on a server become extremely improbable.

Remember though, that thousands of people may be using a single VPN server. So this is very labor intensive for the spy agency. Unless you’re a dangerous terrorist, the likelihood of anyone doing this is very low. Now, what does the ISP in Brazil to stick to this example, know of the VPN traffic? Frankly, what the ISP will see is a connection made between the IP address of the client device and some computer elsewhere. And the main clue of what is happening is based on the port number of the communications. The Internet has standardized on certain ports. So port 443 is HTTPs, port 80 is HTTP, email is 993 587 465.

Two, five and so on. VPN’s are 1194. That’s a typical way traffic is categorized. But nowadays you’d be foolish as a VPN to use 1194. It is too obvious. A few years back I did a video where we identified that port 1194 was intentionally being blocked in the USA, presumably to block VPN use. It must have been a test since it lasted only a few days. Fool me once, shame on you. Fool me twice, shame on me. So I guarantee that no VPN provider is going to be fooled. We all use different port numbers now to appear like different traffic.

Even my VPN works in China where it is officially banned. So generally speaking, VPN traffic is not particularly obvious other than the fact that there is encrypted traffic. But even that is not a particular indicator since 99% of the traffic now on the Internet is HTTPs. Encrypted VPN traffic does not particularly stick out. The only way someone could know is that they know that a particular server is a VPN server now at the other end, meaning the target platform or website, do they know you’re using a VPN server? For example, what does x know? They can make guesses.

One of the ways to guess is if they record how many users use the same IP address. You will find that if many people use the same IP address then it is likely that the IP address is a VPN server. The more inaccurate way used by many sites is to block traffic that does not originate from consumer carriers like T Mobile, Verizon at and T or DSL provider like spectrum and so on. This is a bludgeon type of approach and it’s very inaccurate. It can easily block a business. Many sites block everything they consider to be a VPN server because they assume incorrectly that these people are hiding because they’re doing something illegal.

Very stupid of these sites because most users of VPN’s and are just interested in privacy, the idea of looking at larger numbers of people using the same IP address is no longer accurate. The reason is that cell carriers and even Starlink uses ipv six inside their network and route all their Internet traffic through only a few servers. So naturally large numbers of people will be using the same ipv four address. This is important to understand. Starlink and sale carriers already give the same benefit as a VPN when it comes to hiding IP addresses since they don’t reveal the originating ip address.

So in the absence of VPN use Starlink or cel data or even iCloud private relay. However, this does not have any encryption so inside the cell carrier or Starlink, someone could specifically look at their records to show which websites you visited. This is the same advantage and disadvantage of icloud private relay. Thus it depends on what risk is involved. This kind of data is often only visible to the government where the cell carrier, Starlink or Apple server resides. Fortunately, this is not accessible by non government third parties like Google or meta. The specific data that concerns us that is protected by the VPN is DNS, meaning your query on which website you’re going to.

So without a VPN, someone could trace which website you are going to. This is going to be easily done on an iCloud private relay where the relay just covers your IP address to the destination platform but does not encrypt the traffic or DNS. In fact they capture it. So the main metadata visible here is the IP address of the source and destination and the domain of the destination. Aside from this, even without a VPN, as long as you’re on HTTPs, no one can see what you’re actually doing on the destination site. For example, no one can see what actual transactions are, what you’re looking at on a bank site.

On a VPN, though, only a single connection is visible you to the VPN server and that’s it. Thus no one can tell what websites you are watching. So in the Brazil case, even if the government could tell that you’re using a VPN server at some location outside of the country, if they don’t have access to that VPN server’s output, that being out of their jurisdiction, they will not have any way of proving that you are visiting a particular platform like X. Assuming of course you don’t post on x with your real name. Now let’s talk about VPN logs.

VPN’s could in theory record all incoming and outgoing traffic. Let me just say that with a typical VPN server that log would be massive, potentially thousands of users recorded. Will a VPN server company ever have a VPN log? I would say that most companies will claim that there is no log. There could be some rogue VPN providers out there who are lying, or there could be countries where the VPN log is required by that country. In my case, I can assure you that as a us company I’m not obligated so far to abide by any rules requiring that I have a log.

So to prove that point, my server are made for throughput. I’m concerned about the speed of the servers and the pipe going in and out. However, my own servers have so little disk space that if asked to log, they would quickly run out of space. Aside from recording logs, I actually do something more on my servers and that is to set the logs to not record IP addresses. So outside of the VPN service, I don’t even record IP addresses of any other service in the logs. This ensures that if some government requires me to supply a log or IP address, I have nothing and I don’t want to ever provide anything.

So I make sure I don’t collect anything. Let me warn you though that some of these VPN providers are big multinationals. Some of them are based in eastern Europe. I won’t mention names, but they’re the most popular ones. You know, they’re driven by profit and I they have enough data that someone could go to them and ask for the logs for a price. This is the problem when someone big accumulates too much data. This is the advantage for me as a small provider. Since I will never have that much data for it to have value, I’d like to keep it that way.

I just want to be frank with you, since as a VPN service provider, I will let you know what we are all thinking now let me address something that many of you completely misconstrue. And that is the assumption that if you hide your IP address with a VPN, then you are hiding your location. To analyze this point, I wrote a little utility website which you can check out and it is Bracs Mercury Geo. This website does multiple things. It is used to prove something called browser fingerprinting and it is also used to show geolocation tracking. Don’t worry about testing with this site, it’s not recording your interactions at all.

By the way, this site tracks your IP address and then will show you your location based on Google’s Geolocation API as well as the reported location based on your IP address. As you will see, the IP address location is typically very general and really represents the location of the owner of the range of IP addresses which is typically your ISP. Some IP addresses are owned by other countries, like Bahrain for example will appear as a location because these countries have invested in pools of IP addresses. However, what is not understood is that location is device specific and is passed separately to the receiving website.

So here, the bracs me geo site is getting the location data directly from your browser, not from your IP address. If you have a phone that’s the same thing that’s happening, the phone will pass the location. To solve this is pretty simple. Do not provide location permissions on your browser. Again, this is not connected to the VPN. You must always do this when you use apps. Be careful which app is given location permissions. If you enable permissions for the app then they will see it. I’m particularly angry about sites like Yelp that block VPN’s then forcibly require location permissions.

This makes it a very dangerous app and it’s not even a Google property. The reason this is important to these apps is because they sell your IP address and location data as a data pair. So although originally your IP address at your home may not be directly connected to your actual location, this is no longer true with apps like Yelp, weather channel and so on that will actually sell your zucking data. All a site needs to do then is to subscribe to the providers of this reverse IP address lookup like here.com, comma, Skyhook wireless and so on.

Once you appear on this database, then you are sucked if you ever show this IP address. Now let’s look at another scenario. Let’s say that you always used a VPN at this location like your home DSL. Then if such an app captured your data, they would have the VPN server’s address with your actual location. This data would be meaningless since other people are using the same VPN server which will give a location that’s completely different than yours for that same IP address. If you’re using cell data or Starlink, same effect. Your location will not be pointed to a unique IP address since many others will be using it.

So this is one of the biggest benefits of AVPN or VPN alternatives is that you are using a shared IP address and if there’s enough of you, you obscure the data. A scenario that many of you don’t realize is that your guests at your house that borrow your wifi may compromise you. So my sister comes to my house and immediately connects to ducking Instagram. Then Instagram captures my IP address and of course, as usual, my sister will not protect her location and then I would appear in the reverse IP lookup database. But fortunately I knew in advance that this was going to happen.

So my house is protected by VPN routers. Thus the only available Internet is through a VPN router. So she cannot mess me up. She will always be on a VPN, even if she doesn’t know it. And if you have a family with lots of users, this is the way to do that. If you’ve accumulated a lot of Internet history with a particular IP address, and you are just now considering a VPN router, perhaps you should contact your ISP and ask that they change your ip address. That will at least break the connection between IP address and location one time and then you can prevent further data collection in the future with a VPN router.

Now there’s another new thing you need to know about. Apparently the cell carriers themselves, specifically T mobile at and T and Verizon were selling IP addresses and locations directly to the same aggregators that I talked about. Normally the only location directly available to the carrier is the cell tower triangulation data, so it is not as accurate, maybe to within one quarter mile at best. Still, this data is now in the hands of these aggregators, though the FCC has fined these companies. So in theory this will stop in the future, but it has no effect on data already collected.

It is entirely possible that this data collection occurs even when using AVPN, since the data will be from the phone connection and not interception of cell data. Although a VPN could not have prevented this, at least when you are using a VPN, your real IP address is not visible to the endpoint platform, so they cannot find your location using these reverse IP lookup databases while on the VPN. So here a VPN offers a solution retrospectively. In summary, there are many threats to our Internet connectivity. A VPN is a particularly unique solution and it will protect you directly from the end platform, identifying you or even allowing them to look up your location assuming you blocked location permissions.

A VPN protects you from spying on what websites you visit as long as the VPN server is outside that ISP’s control. A VPN cannot necessarily hide that you are using a VPN, but in many cases it will unless a country spy agency has mapped out the location of every single VPN, so this can be hit or miss. A VPN can reveal a lot of your activities if the VPN provider is a rogue company and wants to sell that data, a VPN server is vulnerable if an ISP is ordered by some government to track incoming traffic and then simultaneously track outgoing traffic.

If you fear this kind of threat, then you should only use Tor instead of a VPN. A VPN cannot block fingerprinting your device, fingerprinting your browser, or getting browser or application if you allow it. For this, you need other privacy approaches. A platform can guess that you’re on a VPN if the server is from a data center rather than a cable company or cell phone provider. This is not 100% accurate for them, but it is done frequently. Hopefully this will guide you to the value of VPN’s and their limitations folks I created a company that offers privacy solutions for you.

These solutions are products available on the store on my platform Brax may some of the solutions include the BytesVPN product which I discussed in this video which is very competitively priced. This is also used with our Brax router product which is a VPN router. We have the Brax virtual phone which gives you calling and SMS using phone numbers that are not identified and can be used even without a phone. We have the Google phones that are important to invisibility on the Internet as it prevents device tracking and is an essential tool for privacy. We have Braxmail which is an identity free email with no metadata and many included domains and unlimited aliases.

You can use this to obscure your identity online. All these are on my platform Braxme. Come join us there and be part of this privacy community. The store is there when you join the site. Thank you for watching and see you next time.
[tr:tra].

See more of Rob Braxman Tech on their Public Channel and the MPN Rob Braxman Tech channel.