VPNs have become a huge market in recent years, with all of them offering essentially the same service but branded differently.

I’ve talked about VPNs before and how you likely don’t need one if all you care about is “privacy”. Otherwise it has some usecases for like downloading torrents or accessing geo-blocked content but that’s about it.

To synthesize, the VPN owners can see what you do instead of your ISP when you use a VPN. You better trust that they don’t keep logs and encrypt your traffic.

Who do you trust more, some VPN company, or your ISP? That’s a personal question only you can answer.

Privacy and “security” is what VPNs advertise heavily on. Security is nonsense from their part; there is no additional security to using a VPN. NordVPN for example likes to talk about the evil hackers in starbucks that will hack your wifi, but that literally never happens (not never never but not enough to justify paying them money for it).

In any case, all VPN rankings omit one very important fact: fed involvement. that’s security 101.

The CIA controlled an encryption company for decades (established after WW2): Crypto AG. They sold encryption machines to embassies around the world under this name, and it was only found out they were CIA in the 2010s.

We’ve known since Snowden about backdoors in Windows that allow the NSA to bypass encryption and spy on anyone they want.

And it’s a very glaring issue. Look at any of those rankings and they’ll talk about privacy and encryption protocols, and never once mention potential fed involvement or other causes for concern.

Even worse, if they do talk about it, they often talk about “Chinese” involvement. How the fuck did the discourse get so bad in just 10 years? They don’t even have anything to back it up. Meanwhile we have evidence of NSA and CIA involvement in encryption and surveillance.

NordVPN especially is strange. They advertise a LOT and always sell at a discount (which makes the VPN cheaper than most competition). ProtonVPN too, I don’t trust anything Proton ever since they surrendered info to the feds about one of their clients (an eco-activist). Secondly they are a “Swiss” company like Crypto AG, but were not founded by Swiss people.

So again, who do you trust more? Some VPN company trying to sell you a product under false pretences, or your local ISP company?

  • I wouldn’t dismiss VPNs for general use – I’m significantly less suspicious of my VPN than my ISP for a variety of reasons. OTOH, when it’s actually important, you should definitely be using Tor or something similar. This also assumes that you’re using HTTPS (or the equivalents for whatever protocols you use) for everything

  • Arsen6331 ☭
    link
    81 year ago

    I agree with mostly everything you’ve said. However, not all VPN providers have the same issues. Specifically, Mullvad doesn’t require any details at all to make an account, and accepts cryptocurrency payments. There are ways to acquire crypto, even in the US, without going through KYC and handing over your info, such as “crypto vending machines” that can send XMR to a given wallet address. This way, your identity will not be known by the VPN provider. Since many people use the same VPN, this will make it difficult to find you even if law enforcement had info about when you visited a site and its IP. Of course, it is definitely still possible, but it makes it much more difficult, especially since Mullvad is not under US jurisdiction and doesn’t have your identity, so it couldn’t provide it even if it wanted to.

    A better way to gain privacy is TOR, but it is often blocked by sites, and often extremely slow, making it impractical for every-day use. Also, if you’re using any proprietary OS such as macOS, Windows, iOS, Android, etc., don’t even worry about using a VPN or TOR, because Microsoft/Apple/Google will just send over all the info anyway.

  • @darkcalling
    link
    81 year ago

    Proton may or may not be an intelligence OP. They popped up conveniently in the aftermath of the Snowden leaks. On the one hand a bunch of physicists who care about privacy would have a good time launching a privacy company that moment and from a pure business logic point of view it makes sense, on the other hand with NSA operations exposed they/CIA would have great interest in a new honeypot to draw all the new users of encryption into.

    Put it this way. My ISP as do all ISPs in US and 5-eye states cooperates with the NSA. They scan all traffic, they save all traffic, they hand it over in bulk and will hand it over to less privileged groups like feds and local cops with a simple and badly done warrant application. In other words your ISP is 100% spying on you. Not only for the feds but many of them surveil you to sell your info and interests to ad companies as they occupy the ideal position to snoop. They also retain logs for all data for at least a year in most jurisdictions (NSA logs of the same are retained forever).

    By contrast a VPN may be compromised by the feds. But as it is a plausibly deniable, hidden asset it cannot be directly used against you (because doing so would expose it, cause the rats to flee the ship and incur expenses for setting up a new one plus permanent increased paranoia from targets which makes surveillance harder). FBI can’t in open court charge you without complicated, expensive and time consuming parallel construction that can be uncovered by good lawyers which will result in them throwing the case. Oh if it’s an NSA op it all goes in your seditious person file for sure but if you don’t use one they put it in that file anyways direct from your ISP. Those who claim not to retain logs cannot help the feds nail you for activity done months before a search warrant to them without immediately exposing the fact they are liars and causing all rats to jump ship and so on and so forth as set out above.

    So a VPN may or may not be spying on you but your ISP absolutely is.

    The one downside to a VPN is if it is a honeypot you’re placing yourself in a self-selecting smaller group of increased interest persons/targets and if you don’t have a target on your back already, then using one and doing interesting things may paint one if you’re using a honeypot service.

    If you are particularly targeted services like tor are your best bet. BUT tor is very likely partially compromised to a certain extent as it is widely understood/believed that Israeli intelligence, NSA, and eyes partners run or have compromised a large number of exit and other nodes to allow timing correlation attacks and de-anonymizing. However that is top, top secret and not something they will ever risk blowing in open court. If you’re fair game for a drone strike based off it I’d be worried but if you’re not they probably won’t notice you.

    All in all VPN services (setting aside certain sketchy ones owned by ad companies) do not hurt your privacy or safety. At least ones not targeted explicitly towards serious criminals, I would be very wary of any such service marketed not to pirates but to serious criminals as likely being a police sting likely to roll up on all users within a few years. But your general purpose long-standing ones are either legitimate companies or deeply concealed intelligence fronts.

  • @TheAnonymouseJoker
    link
    71 year ago

    There is an authentic group of people at r/vpntorrents that address precisely this, without any affiliations. They are on the anti-capitalist pirate periphery of things, so fairly outcast, and is a reason why I recommend their port forwarding guides for VPN torrenting.

    https://teddit.net/r/VPNTorrents/comments/rikthc/list_of_recommended_vpns_2022/ This contains the VPNs (besides them, Windscribe seems okay for now) I recommend myself to people as the owner of r/privatelife, by far one of the only authentic privacy subreddits, since mainstream privacy subreddits are mostly filled with half tech literate conspiracy theorists and mods/posters that shill US/Western government agendas all day.

    • @CriticalResist8OPA
      link
      71 year ago

      Yeah to be clear there are some specific use cases for VPNs. Torrenting has never been a problem for me though (never once got a letter) so I don’t see myself paying for a service that doesn’t seem to add any value to my internet browsing. In fact getting websites switched to Japanese or whatever because I use a VPN sounds more like a negative.

      All VPNs I have found in the imperial core are imperial-aligned and they only have servers there. NordVPN, despite being headquartered in Panama (the place that the US invaded to build a canal so, yknow), has no servers there.

      Like ProtonVPN free only offers servers in the Netherlands, USA, and Japan (you unlock c/alwaysthesamemap if you pay for it). If you want privacy those three countries are exactly those you should not connect in.

      • @TheAnonymouseJoker
        link
        71 year ago

        you unlock c/alwaysthesamemap

        Good humour.

        It is something I do tell people myself, what use VPNs hold – safe torrenting or geoblock bypassing. You have to be clever with how you choose and use VPNs, or Tor if you use that. I have enlisted guidelines for people about these nuances in my threat modelling, smartphone and computing guides.

        There is also an unspoken challenge in that it is a bit more mingled in how the majority of privacy community is dominated by Western citizens, and most of those people prefer to push Anglo hegemony protectionist propaganda. While they readily recommend good things for privacy, they simultaneously force you to see exclusively and become part of Western corporate tech ecosystem (non West ecosystems are undemocratic bad, yadayada brainrot). The push for FOSS ecosystem is catching up, and I helped push that myself a fair bit. This paragraph otherwise sounds off track but is essential in understanding the imperial part you are correctly concerned with.

        I do plan on writing about this one day, as I have seen no privacy advocate write about the intersection between imperial/anti-imperial politics and digital privacy, atleast nothing like what I would want to see. And only a socialist that opposes Anglo hegemony can ever do it justice I think. The Venn diagram barely has any overlap there.

        • relay
          link
          21 year ago

          Please do go into detail on this. I’d like to hear a Dialectical Materialist description of what is going on in terms of privacy. I hear many things online but I’m not sure where the line between tin foil hat and what the imperial core actually does is.

          I’d buy a book if you made one.

          • @TheAnonymouseJoker
            link
            21 year ago

            I cannot promise, however, what I want to do is enough research to cover the political parts in this respect, before I do write. This is a very tough one to crack, because you have to lay out not just how Anglo surveillance apparatus works, but also the surveillance that exists in socialist or AES or such countries. The privacy part is easy for me, so is operational security, the political part and how to lay out such a writeup is hard. I am already currently working on another writeup exposé.

            • relay
              link
              21 year ago

              I appreciate whatever you do. I know that theoretically mass surveillance is used to suppress reactionaries within a socialist country and preventing external enemies of socialism from disrupting the governments’ good work. Practically when you are working in enemy territory and organizing, it is sensible to cover your tracks for plausible deniability.

              I’m not sure what you mean by the “political part”. I don’t think it is wrong to criticize AES countries for dragnet surveillance if you think that it is ineffective in those aims. Discussing what to do to build socialism in your country requires different actions than what countries that have a socialist government need to do once they achieve power. Perhaps surveillance, police, and prisons are 20th century tools that socialist states only copied from bourgeoisie states without considering better alternatives.

              I’d like to know the effectiveness of surveillance for suppressing dissidents in countries with consent of the people vs countries that work against the consent of the people. I suspect (maybe idealistically) that you don’t really need to keep tabs on everyone around you if everyone around you trusts you to work in their interests, and that the general citizen can and will protect the country from external threats coming in from outside of their country.

              I think it is good for everyone to have as much privacy as possible as a general paradigm. Ethnic, sexual, and political minorities are harder to target in such a system of general privacy. This also helps with labor organizing. If good work needs to be done for the good of all In AES, we can stop reactionaries by meeting people’s material needs. In bourgeoisie countries, workers live in enemy territory. The further the contradiction of power and wealth between the bourgeoisie state and the workers, the more sensible it is for the state to surveil the populous, and socialists should know how to do important work without that state knowing.

  • @knfrmity
    link
    71 year ago

    This whole VPN thing is so weird to me. All the PC subreddits are loaded with people asking “what VPN should I use?” Nobody can say why they personally need a VPN. They just parrot the “it’s more private” marketing bs. I wouldn’t be surprised at all if at least some of the VPN providers are compromised or wholly owned intelligence subsidiaries. Not to mention the commercial data collection possibilities.

  • relay
    link
    61 year ago

    Don’t we also have to worry about DNS’s?

    • @TheAnonymouseJoker
      link
      51 year ago

      DNS providers only “translate” (resolve is the correct technical term) the websites you type in address bar to correct IP addresses, since websites are IPs and not alphabetical names. Nothing else is possible for DNS provider to know or provide. This translation service is what needs to be trusted i.e. DNS is not involved in spoofing or redirecting you to malicious websites for purposes like phishing or hijacking or script payload attacks.

    • @knfrmity
      link
      31 year ago

      Yes but I think the risk is lower.

      I personally run my own DNS server, both to block ads/trackers/telemetry and because local DNS servers in my region cooperate with state censorship schemes.

      That being said, the most information a DNS service can realistically provide is the domains you’re requesting. They can’t tell which pages you visited at that domain or what other information you may have exchanged.

      Another theoretical concern is a malicious DNS provider which sends you to a fake version of the domain you want to visit - similar to those websites hosted at miss-typed versions of the actual URL, but with a malicious DNS you’d think that you’re on the correct page.