Let me enlighten you guys a bit....
As
@pes says, Tails uses the Tor network. You could say you are secure from prying eyes since you go underground to an exit node, and continue on the clear web from there. There is no way the exit node knows who you are, but the exit node knows where you're going. Routing your data through several nodes makes it slow as hell and watching videos posted here will be a challenge.
Now for the important bit : Tor is under heavy attack. The destination might block exit nodes, exit nodes are sometimes compromised, the .onion network is used for drug trafficking, illegal firearms, hitmen and indecent material concerning minors. Marketplaces like Silk Road are being taken down by LEA months afer they pop up. LEA also takes a lot of effort to de-anonymise Tor users by inserting scripts. Tor developers on the other hand, choose to lower the security curtain by enabling java script by default. Java script is a requirement on some sites to even see content, but it is also an attack surface. This year, at least 12 updates for Tor have been released. It is a constant battle to address vulnerabilities.
In other words, if you want to use Tails for browsing, you need to keep track of newer builds and keep downloading them. Downloading Tails does not get unnoticed by your ISP, as is connecting to the Tor network.
As for VPNs, this is also known by your ISP. They know where you are going and which protocols are in use. Hiding your VPN usage is not possible. What's inside the tunnel can't be seen by your ISP so you should be safe. Or aren't you? The point is, every VPN provider says they don't keep logs. It says on their website. But as time progresses, news
like this pops up. Rumors say LEA even runs some VPN providers. So, are you safe using VPN? You might but I guess most VPN providers keep logs and they can keep up appearances until they get subpoenaed to hand over some logs, or the logs are found on an insecure server.
As for ProtonVPN : they also
can find you when they want to.
You could think of something else. There are providers selling a VPS (virtual private server) which can be bought by using cryptocurrency. Then you create a VPN to you VPS and go onto the web from there. They can track your activities from the destination to the VPS, but from there it might be unknown. This construction could raise all red flags and they might be on your tail faster than you think.
Then there are ways to protect your home network without all above. The first security problem is a relic of the past, called DNS. DNS is the Internet phone book, and it is the last service that has no encrypted service. So every site you want to visit is queried for it's location using unencrypted data sent to the DNS servers you have set up in your DHCP server at home. To tackle this, you could use Pi-hole, blocklists and
DNS-over-HTTPS. Then direct all DNS queries to your pi-hole and your ISP is none the wiser. Using blocklists you are also freed from advertisements on all your devices at home.
There is just one caveat : the web address you want to connect to is then send in a readable format to the destination server. This is called SNI or server name indicator. This is because several websites can be hosted on one server. In order to fix that hole, ESNI has been developed. There is an
easy check to see whether your configuration is correct. This means that only 2 parties know where you went. You and the destination server. This is, if the destination server supports ESNI.
Conclusion : Tor is a bit of a hassle, and you might be under attack since LEA swarms over Tor and exit nodes might be not so friendly. VPN could be trusted but if they want to find you, they can. DNS-over-HTTPS and ESNI will at least keep your ISP in the dark. LEA also has a problem, since every bit is encrypted. A subpoena directed to your destination might rat you out though.
gist.github.com
drewdevault.com
schub.wtf
