If you liked this guide and want to see more OPSEC content in the future, feel free to support it by tipping shards below.
EightZBlue's | OPSEC Guide #2: Using VPNs (on NV) | [Beginner Friendly]
Part II of the NV OPSEC Series
EightZBlue's | OPSEC Guide #2: Using VPNs (on NV) | [Beginner Friendly]
Part II of the NV OPSEC Series
This is the second guide in the OPSEC series. The first one covered Tor — if you haven't read it, it's worth going back to, since some of what's here builds on it.
This guide focuses on VPNs. They're one of the most widely used privacy tools, and also one of the most misunderstood. A lot of beginners connect to one and assume they're now private. Sometimes they are — but often the configuration is wrong, the provider is untrustworthy, or their own habits undo everything the VPN was supposed to protect.
Accessing NV Through a VPN
Connecting to NV through a VPN follows the same rules as Tor. You can only do so if you:
- have Vault+ (premium rank), or
- have reached Level 3 on NV
What is a VPN?
A VPN puts an encrypted server between you and the internet. Normally your traffic goes directly through your ISP to the website — and your ISP sees all of it. With a VPN, your data is encrypted before it leaves your device and tunneled through a VPN server first:
Code:
Normal: You → ISP → Website
VPN: You → VPN Server → WebsiteYour ISP can see that you're connected to a VPN — but not what you're doing inside it. The website sees the VPN's IP, not yours.
Why Bother?
VPNs tend to get associated with grey-zone activity, but they're genuinely useful for anyone:
- Public WiFi — Open networks are easy to snoop on. A VPN encrypts your traffic so nobody on the same network can read it.
- Geo-restrictions — Streaming services and websites are often region-locked. A VPN lets you appear as if you're connecting from elsewhere.
- General data minimization — Your browsing habits are yours. A VPN is the simplest way to act on that.
The Most Important Thing to Understand
A VPN doesn't remove exposure — it relocates it.
Before a VPN: your ISP sees everything. After a VPN: your VPN provider sees everything. You've replaced one set of eyes with another. The question is whether your VPN provider is more trustworthy than your ISP — and that depends entirely on who you're using.
This is the core of how VPNs work. Everything else in this guide is secondary to it.
VPN vs. Tor
- Tor splits your traffic across three independent relays. No single node knows both who you are and where you're going. Trust is distributed.
- A VPN routes everything through one provider. Trust is centralized — that company sees your real IP and knows where you're going.
Running VPN + Tor Together
Connecting to a VPN before launching Tor (
Code:
You → VPN → Tor → WebsiteConfiguring It Correctly
Most VPN clients — Mullvad, ProtonVPN, and others — look and work similarly. You get a server list, a connect button, and a settings panel. The features are largely the same across providers. The difference is whether you use them.
Kill Switch
Cuts your internet the moment the VPN drops. Without it, your device falls back to your real IP silently — during a dropped connection, server switch, or your computer waking from sleep. Not a rare edge case. Always keep this on.
Split Tunneling
Lets some apps bypass the VPN. If something slips through the wrong path it exposes your real connection without any warning. Route everything through the VPN unless you have a clear reason not to.
Other Features Worth Knowing
- Multi-hop — Routes traffic through two VPN servers instead of one for an extra layer of separation
- Onion over VPN — Combines VPN with Tor routing inside the client
- Interface binding — Forces an app to only communicate through the VPN adapter. If the VPN drops, the app loses connection rather than falling back to your real IP. Useful for torrent clients.
Verify That It's Working
A quick check takes under a minute:
- Search "what is my IP" — should show the VPN's, not yours
- Check dnsleaktest.com for DNS leaks — a leak means your ISP still sees every site you visit
- Enable the WebRTC leak blocker in uBlock Origin under "Privacy"
Never Use a Free VPN
Running a VPN costs real money. If you're not paying, the provider recovers costs elsewhere — usually your data. Logging activity, selling browsing history, injecting ads, reselling bandwidth. There are documented cases of free VPN apps functioning as spyware.
Your ISP is a regulated company accountable by law, making money from your subscription. A free VPN is an unregulated service with a direct financial incentive to monetize your traffic. One is accountable by law. The other isn't.
Using no VPN is safer than using a free one.
If cost is a concern, Tor is free and doesn't require trusting any company with your connection.
Choosing a Provider
Every VPN claims to be private. What matters is whether it holds up when tested.
Two community-maintained comparison spreadsheets cover a wide range of providers across jurisdiction, audits, protocols and payment options — Spreadsheet 1 and Spreadsheet 2. Useful as a starting point, but read critically — many entries include referral codes, meaning the creator has a financial incentive to inflate ratings for certain providers. Use them to compare technical specifics, not overall rankings.
What actually matters:
- Audited no-logs policy — third-party audits of logging practices, not just the app code
- Real-world track record — subpoenaed or raided with nothing to hand over is stronger than any policy claim
- Minimal signup requirements — email and payment details upfront means they already have data on you
- Jurisdiction — determines which government can compel them to hand over data, regardless of their privacy policy
ProtonVPN — Switzerland. Four independent no-logs audits including 2025. Has produced nothing under legal pressure because nothing is stored. Best general-purpose option, especially backed by its broader privacy ecosystem.
Mullvad — Sweden. No email, no name — just a random account number. Accepts cash and Monero. Swedish police raided their office in 2023 and left empty-handed. The strictest choice for those who want minimal data collected from the start.
Final Thoughts
A VPN has a specific and limited job: hide your activity from local observers and change what IP you appear to use. It doesn't make you anonymous, it doesn't fix a bad provider, and it doesn't matter if your own behavior undoes it — reusing usernames, logging into personal accounts in the same session, or mixing identities will give you away regardless of what IP you're connecting from.
Used correctly — right provider, right configuration, right habits — it's a meaningful layer of separation, whether you're on public WiFi, keeping browsing private, or accessing NV without a trail back to your home connection. Just don't ask it to be more than that.
Feedback
This is the second guide in the OPSEC series. If it was useful, a like or a shard at the top goes a long way and helps keep the series going as this took a few hours.
If anything was unclear, if you have questions, or if something here sparked a discussion — drop a reply. I'll do my best to answer where I can.
And if there's a topic you'd like to see covered next, suggest it below. The direction of this series is partly shaped by what people actually want to read. More guides are on the way.
This is the second guide in the OPSEC series. If it was useful, a like or a shard at the top goes a long way and helps keep the series going as this took a few hours.
If anything was unclear, if you have questions, or if something here sparked a discussion — drop a reply. I'll do my best to answer where I can.
And if there's a topic you'd like to see covered next, suggest it below. The direction of this series is partly shaped by what people actually want to read. More guides are on the way.