Passionate write up, very well put and beautifully presented.

However, I think that worrying about your IP address and encouraging the same as a major "Security Thing" is missing way more important aspects of IT security. For many people who follow your line of thinking via your blog and say the ads for VPNs and the like, they might feel they have achieved "security" by obfuscating or hiding one small aspect of their on-line life.

Online profiling is generally way more detailed than an IP and will include browser finger printing (agent string) and fonts loading, and much much more with some pretty impressive Javascript tricks.

I live at 1 Eldonthingie Road, BendInARiverTown, Summersetshire - I have obfuscated that lot quite a bit but not too much that a determined person could work it out and see where I live. Back in the day it would be published in the phone book for all to see.

There are way more important security enhancements that you can deploy before you worry about VPNs and that. I only use a VPN when off site and need to get back to the office or home.

Today, I was working on a customer site and they have a TLS man in the middle box which buggered up my VPN (OpenVPN on 443/tcp) That costed them an additional four hours of my time at my rate!

You turn on VPN meanwhile your OS, Adobe CC, Office, etc is busy phoning home with all kinds of fingerprintable if not personally identifiable data. Even Firefox phones home with tons of data at launch and exit with telemetry off.

Getting real anonymity online is way more complicated than I think most people realize. Then again maybe that’s fine, it depends on your threat model.

I just have been using alternative firewall softwares such as simplewall (Windows) and Little Snitch (Mac). You can configure them such that you are alerted every time any process makes any form of network request, and either temporarily or permanently blacklist/whitelist as well as even have fine-grained control over specific hosts/domains/etc.

Really a must have, for me.

Do those firewalls block all network activity? Would a DNS lookup trigger an alert?

I had an application that was phoning home and after some digging I found that it was doing so through DNS. It would lookup something like $KEY.some.domain.com and the response would decode to the value.

My data isn’t up for grabs for profiteering/aggregating/snooping on, sorry.

EDIT: Your comment made me curious so I will do more due diligence and return with an update.

EDIT2: So after not that much investigation--mostly just rereading what's shown on their project page (https://github.com/henrypp/simplewall) -- it confirms my belief that this adequately shields me from any and all networks without my knowledge or consent. In my opinion, it's kind of dystopian that The Industry basically operates on the assumption that most people will in fact just not care, but maybe more would care if it was presented as more of a choice than a concession.

Like, I don't mind sharing for the purpose of analytics. I read through privacy policies (is this being an adult?) kind of frequently these days, and as much as I hate to say it, Apple is still probably what I consider the poster child for big tech data privacy, they are doing the absolute bare minimum by clearly and plainly disclosing what data is used for what and how, and it allows my mind some rest.

EDIT3: Proof shown here https://github.com/henrypp/simplewall/issues/980