News

Expert Untangles VPNs as Brazil’s Twitter Ban Sparks New Interest

Last week, the government of Brazil banned X, formerly Twitter, cutting off millions of users from the Elon Musk-owned social network. It is one of the more high-profile examples of restrictions placed on platforms, and disputes around the world span a multitude of reasons: free speech (at least in the U.S.), political dissent, copyright, and illegal activity.

While alternate social media platforms like Bluesky saw a surge in new users from Brazil after the ban, some still insistent on using X have turned to virtual private networks (VPNs)—though doing so is also forbidden by the Brazilian government, and violations could come with a hefty daily fine.

Other sophisticated tools for obfuscating your location include the Tor Browser .

Not all VPNs are created equal. Decrypt spoke to the executive director of Unredacted Inc. , a 501(c)(3) non-profit organization that provides free and open services that help people evade censorship and protect their right to privacy.

What is a VPN?

IP addresses—numbers assigned to every network on the internet—are like a digital fingerprint. They reveal a considerable amount of information, including physical location, what internet provider you use, and so on. They are typically the way access is “geofenced” or restricted to or from specific regions or jurisdictions.

VPNs obscure this information as well as encrypt connections to prevent snooping by third parties.

“For example, if you are in Brazil and X is blocked, you can use a VPN to tunnel packets destined for X inside of a VPN tunnel to another country,” Zach, the executive director of Unredacted Inc., told Decrypt . (He asked that his last name not be used.) “An ISP or government couldn’t inspect what’s inside that tunneled traffic without the encryption keys from your VPN provider or device.”

A mega thread about how Brazilians (& others) can circumvent the censorship of X, and any subsequent attempts to censor other services & platforms ??

There are several options at your disposal, but first we want to make it clear that it's not particularly safe to use a raw VPN…

— Unredacted (@unredacted_org) September 1, 2024

The problem, Zach said, is that many VPNs don’t try to disguise the fact that they are VPNs.

“Common VPN protocols such as OpenVPN or WireGuard can easily be fingerprinted based on common port numbers or via DPI (deep packet inspection) by a government or ISP,” Zach said. “The use of typical VPN protocols is no secret to your ISP and government, and in some situations, it could endanger the user.”

As Zach explained, it's also common for VPN providers to get pressured by government entities to share user data in order to investigate criminals and terrorist groups who may be attempting to hide their activities using a VPN.

“People can use VPNs for malicious purposes, as is true with any tool,” Zach said. “Governments will often send subpoenas trying to discover the true origin of VPN traffic and request subscriber details for a specific timestamp where an offense occurred.”

Instead of using a “raw VPN,” Unredacted points people to “obfuscated protocols.”

Zach noted that protocols like Shadowsocks—which is used by Outline VPN—and Tor transports like webtunnel, snowflake, meek, and obfs4 are harder to fingerprint than traditional VPNs, making them safer alternatives.

VPNs are not a silver bullet

Zach cautioned that all traffic can be fingerprinted if it shares observable patterns, however. More advanced government censorship operations often try to block VPN protocols, but doing so can cause collateral damage, like disrupting legitimate websites and communication platforms.

“These requests are generally made with good intentions,” he acknowledged. “What’s worrying is broad requests for more data than is truly necessary.”

The less data collected by a VPN provider, the better. Zach recommended that when choosing a VPN, one look for verifiable no-logging claims and review the provider's security policy and privacy stance. Check to see if they are open-source and have undergone third-party audits, he added.

“Many VPN providers use affiliate marketing and social media to promote their service, but it’s important to research their claims and look for how they’ve handled past requests for data,” he said. “In a technical sense, it’s possible for any provider to turn on logging at any time without your knowledge.”

Private options

Popular VPNs include NordVPN , ProtonVPN, SurfShark , and ExpressVPN . There are also decentralized VPN (DPN) options from companies like Mysterium Network , Orchid , Deeper Network , and Tachyon .

Beyond those basics?

“There are many great options—for less technical people, Tor Browser and Tor’s Orbot (which acts like a traditional VPN) are very easy to use and understand,” Zach said. “Outline VPN is another fairly easy option to understand, with easy-to-use cross-platform apps.

“Our service, FreeSocks, helps people in heavily censored countries connect to the Outline servers for free that we operate,” he added.

Zach explained that both Tor and Outline help circumvent censorship in many countries worldwide.

“It's important to point out that using Tor Browser or Orbot is inherently one of the safest methods to circumvent censorship and protect a user's privacy because of the fact it hops your connection through three randomized nodes when accessing the regular Internet through it,” he said. “This makes correlation attacks very difficult.”