Why does this matter for anyone not doing something that would attract the attention of a government agency? If you're running illegal weapons, sure. But if you're just trying to connect to your company's server or prevent Comcast from seeing your search history, this shouldn't matter. It reminds me of the recent uproar over Facebook supposedly listening though the mic at all times. It sounds like a severe lack of appreciation for how much data we leak at any given moment.
What I mean is that just by reading this thread, we've all been added to whatever VPN user list the (insert bad guy name here) has set up. From there it's just simple data mining. One of the easiest ways to link user to VPN service might be through tracking scripts, but that's not specific to the VPN sites. Presumably your're researching which VPN and then reading more on specific VPNs as you narrow down your choice. Then you want to be "anonymous" so you search for bitcoin info. Then you suddenly stop searching for bitcoin and VPN info. So, you have the data from all those searches (specific breadcrumbs), the length of time searched (length of time correlated to how serious and educated you are about the topic), the time the searches stopped (correlated to VPN subscription start), your previous un-anonymized topics of interest that led to the search for VPNs, the exit nodes of the VPN you probably chose, etc. That's on top of all the physical variables - when you're likely to be awake, schedule of connections, location, etc.
I would argue that just having a tracking script on the VPN provider's website is a drop in the bucket, even from a legal perspective - it's better to have a preponderance of evidence. You're not giving 'them' any more information than they'd already need for a search warrant, which is the real danger threshold for this conversation.
What I mean is that just by reading this thread, we've all been added to whatever VPN user list the (insert bad guy name here) has set up. From there it's just simple data mining. One of the easiest ways to link user to VPN service might be through tracking scripts, but that's not specific to the VPN sites. Presumably your're researching which VPN and then reading more on specific VPNs as you narrow down your choice. Then you want to be "anonymous" so you search for bitcoin info. Then you suddenly stop searching for bitcoin and VPN info. So, you have the data from all those searches (specific breadcrumbs), the length of time searched (length of time correlated to how serious and educated you are about the topic), the time the searches stopped (correlated to VPN subscription start), your previous un-anonymized topics of interest that led to the search for VPNs, the exit nodes of the VPN you probably chose, etc. That's on top of all the physical variables - when you're likely to be awake, schedule of connections, location, etc.
I would argue that just having a tracking script on the VPN provider's website is a drop in the bucket, even from a legal perspective - it's better to have a preponderance of evidence. You're not giving 'them' any more information than they'd already need for a search warrant, which is the real danger threshold for this conversation.
It's conflating an annoyance with a threat.