>We don't typically jump into Reddit or other forums but this topic is too important to me. I'm the CEO of StackPath and we acquired IPVanish in February, 2017 (more than a year after the lawsuit from 2016). With no exception IPVanish does not, has not, and will not log or store logs of our users as a StackPath company. Most important, StackPath will defend the privacy of our users regardless of who demands otherwise. I can't speak to what happened on someone else's watch but Technology is my life and I've spent my career helping customers build on and use the Internet on their terms. StackPath takes that even further—security and privacy is our core mission. I also happen to be a lawyer and I will spend my last breath protecting individuals' rights to privacy, especially our customers.
Bottom line: don't do illegal stuff. These services (if they are actually telling the truth about not logging) are good for protecting your privacy as a law abiding citizen but they don't really provide any shield for criminal activity.
I wonder if it qualifies as unlawful false advertising.
Regarding illegle activities, if there is a will strong enough that warrents Powers that be to track down something, one way or another, it will happen. No matter, how much one deludes himself into a sense of security. The idiot in the article shoudln't have been posting shit in a fucking irc channel to begin with.
Pardon my english, am very tired and not my mother-language.
I'd also like to add that I don't have an ethical problem with a VPN company that keeps logs and turns them over to law enforcement with a valid warrant. Lying about keeping logs, though, I do find unethical, as well as not requiring a warrant for access.
I also think that explicitly not keeping logs to protect users from law enforcement is shady to say the least. If law enforcement has a valid warrant, I don't have an issue with providing them with the data they need to find and prosecute.
I guess that depends on which law enforcement you are talking about. An FBI agent going after someone distributing child pornography is a rather sympathetic police action. What about a Chinese officer going after someone for "treason"? What about a Russian cop looking for someone who tweeted pics taken at a protest rally? Or what about a Canadian cop asking questions about a teenager in Sweden, someone well outside Canadian jurisdiction? Or what about the FBI agent asking for some celeb's home address? Rather than pick sides, the best answer is to just not collect the data in the first place.
VPN companies operate at an international level. The cops from some countries cannot be trusted. Cops in all countries make mistakes. A few of them our there are corrupt. And often times the person claiming to be a cop is either well outside their authority, or just lying about being a cop. I tell my client's to not even respond to communications from any sort of law enforcement or intelligence agency. Pass it to your lawyers. Let them first verify who and what authority is making the request. Do not leave such determinations to engineers and support staff.
> VPN companies operate at an international level. The cops from some countries cannot be trusted. Cops in all countries make mistakes. A few of them our there are corrupt. And often times the person claiming to be a cop is either well outside their authority, or just lying about being a cop. I tell my client's to not even respond to communications from any sort of law enforcement. Pass it to your lawyers. Let them first verify who and what authority is making the request. Do not leave such determinations to engineers and support staff.
Totally agree with everything here.
All Law Enforcement is corrupt. The only unknown is the level of corruption. As a service provider in any country, we have no idea whether we will be dealing with a good cop or a bad cop, and the safest assumption to make is that they are all bad cops. Don't let the good cop set a precedent for interaction that the bad cop can abuse.
The system will work to abuse your trust. If the first warrant tou get is to help catch a pedophile who has been kidnapping children, and you sgree to provide logs for that, the Government will be upset when you don't comply with the next warrant which is a wife beating cop trying to track down his estranged wife who is due to appear in court tomorrow.
You have shown that you have the required data, the purpose of the warrant doesn't have any impact on the legal requirement to comply.
That statement. That because it's an authority they will be just, law abiding, and acting in everyone's best interest. That op has no problem with it because surely no one would ever abuse that power! That's a logical failure if you don't have your head in the sand.
But, I'm sure it makes no sense if you've been raised to believe the "government is here to help".
For example: "You should vote Joe for Sheriff because my uncle--who is a private detective and knows these things--says to."
That said, logical fallacy discussions are irrelevant to your actual point: Keeping logs implies you trust the government entirely. Not keeping logs implies you trust your users entirely. Neither option is healthy for the other in and of themselves and requires "everyone else" (aka civilization) to be doing their jobs to stop bad guys and/or governments.
> Not keeping logs implies you trust your users entirely.
No. It means your business is to provide a proxy service, and not to monitor what users do with it. Trust has nothing to do with anything.
It's a special type of ignorance to say, "well, governments won't overreach, they're here to help" if you've been alive before and after 9/11.
1) You're capable of discerning what is, or is not, a valid warrant, or
2) You trust the L.E. to do so for you.
I cannot discern what is or is not a valid warrant. That's why companies have lawyers. I don't trust law enforcement to do this either. That's why we have courts. There's a lot of room for nuanced opinions about our warrant system not being perfect but being better than nothing.
No logical fallacy, simply a strict reading of the words chosen.
Correction made, what's the third option, if those aren't exhaustive?
You're still considering a just and fair government/system, you've just moved the "just and fair" bit from "the police" to "the judge issuing the warrant". There are a fair number of people who have absolutely no trust in their (or any) government and consider the potential for government overreach. The best way to prevent government overreach is to make sure there is nothing they can reach for.
Some people have no issue with the government knowing their "harmless personal activities". While another group of some people believe the government has absolutely no right to know what's going on in their personal lives no matter how mundane.
Oh, well, if we're limiting the conversation to hypotheticals...
How about the idea that your bad behavior doesn't forfeit my right to privacy? I don't care if every other VPN user starts money laundry drug money by selling child porn - when it comes to my VPN logs, you can get lost, and I do nothing unusual or illegal. I have a very American attitude about personal freedoms and privacy.
I don't believe that every opportunity for data collection should be implemented just because an authority says it's for "the greater good".
If I require a valid warrant for a carefully scoped query, law enforcement would have to have probable cause, demonstrate that in a court, and get approval from a judge. Note the "carefully scoped" part: they can ask "who was using this IP address at this time to visit this site" but they don't get unlimited access to the logs data. The only way they would be able to get data about you is with probable cause that you are doing something illegal. Even if everyone else using that service is using it for illegal things, that does not constitute probable cause for them to get your data.
> I don't believe that every opportunity for data collection should be implemented just because an authority says it's for "the greater good".
This is not entirely a rhetorical device. I really don’t want to provide the government with a video feed of my neighborhood.
What's the difference between your scenario of a house with cameras vs. a VPN service not logging things? I'll be honest here, I could list out a bunch of differences between those two scenarios (houses tend to have a reasonable expectation of privacy while internet services may not, the likelihood of catching criminals and the severity of their crimes, the potential for abuse, in the case of your house you could always serve as a witness to a crime so cameras might be overkill, etc.) but I honestly don't know which one of those differences is the reason why I find one scenario to be ethical and the other unethical, or if it's some difference I haven't thought of (or I might be wrong!).
I'll admit my opinion here isn't fully fleshed out. Another thing is that I consider Tor to be ethical, even though that's essentially a VPN that doesn't log anything (from the perspective of not being able to respond to law enforcement requests, I know there are significant technical differences). In that case, I think the distinction is that Tor is meant to help fight censorship in authoritarian countries, and the fact that it can be used for nefarious purposes is an unfortunate side effect that doesn't outweigh the benefits.
Anyway, I do think there is a line between valuing the privacy of users and shielding them from legitimate law enforcement requests, but I'm open to discussion on where exactly that line falls.
You could have or you would have?
The logs are there, we usually have them, they don't cost much and they are pretty useful. Like his previous comment said, if you had never intended to have logs there or have reasons not to have logs (replace logs by camera in your situation), then there's nothing unethical about it.
As he said it's not the result but the intent that make it unethical. In the same situation, it could actually be ethical to not have logs, let say to allow people to communicate behind a corrupt government that want to silence them.
"Law enforcement" covers a variety of entities, from Mr. Friendly offering fatherly advice to fresh-scrubbed teens in Neverwas, IN to the people who brought us COINTELPRO and other folks throwing journalists out of windows in Russia.
I think it is more accurate to talk about "not keeping logs to protect users from entities who routinely traffic in violence" (among other things).
Ethics is hard.
What makes you think your law enforcement is different?
And, with data potentially held in perpetuity, any past action may become grounds for prosecution, depending upon how law at the time of prosecution is defined.
People in the U.S. -- mainstream, as opposed to "minorities" -- have spent that past couple of decades waking up to the fact that laws and law enforcement are tools, not paragons of virtue. And those tools can be and are used for evil and harm.
This may not mean turning your back on the system -- nor even having the opportunity to. But it can mean being proactive to limit your exposure to potential abuse.
Not to mention all the commercial interests, who would love to have those logs. And, if your VPN company gets sold, including if it goes bust, all those logs become "assets" that will be monetized, regardless of any "promise" that was made. If there's enough value in them, lawyers will spend time and energy breaking any contractual obligations to same. And it's not like the company itself is around anymore to take the other side in such a dispute.
P.S. A bit of personal perspective: I've taken to using a VPN all the time -- as opposed to just while on public WiFi, like I once did -- to a) Keep Comcast out of my browsing, both their monitoring and their JS injection; b) Keep Verizon out of my mobile data use, again both monitoring and injection (that header they keep wanting to inject for tracking/advertising, among other things).
HTTPS is finally becoming widespread enough to prevent some of this, but that change has come years after the above abuses started. And it still doesn't mask domains, nor inappropriate GET's.
Good security isn't just reactive. It's pro-active. Another precept is to always provide minimal information to get the job done.
If I had to guess, it would be PIA: the most popular, the most accessible, and the most affordable US-based VPN.
When a VPN is run by NSA, of course it will stand up in all courts. How would a state surveillance agency let its tool be so publicly destroyed? And it doesn't have to keep any logs at all. They can just be forwarded in real-time, based on a set of filters and rules ("URLs that are requested by <IP>", "IPs that are requesting <URL>").
We know from leaks that the steal industry secrets.
I would also like to know the motivation for a US intel agency to want to run a VPN. It seems to me like it wouldn't be worth the bother: VPNs aren't illegal in the US, so it would be too hard to convince everyone to use theirs. Spies, etc. could just use private ones they control. They'd just see a bunch of crap from unsophisticated people.
Seems to me like it would be more likely for US law enforcement to want to do something like that, but I'm skeptical they have the resources.
> If I had to guess, it would be PIA: the most popular, the most accessible, and the most affordable US-based VPN.
If I had to guess, the state surveillance agency-run VPN would be one that's still accessible from China. I understand (but I could be wrong) there are still a few that manage to evade the blocks and provide good service despite all the crackdowns. Chinese state security has many more reasons to want to watch domestic VPN traffic than the US does. Their motivation is proven by the fact that they've spent the effort to build and maintain the "Great Firewall," and crack down on VPNs that bypass it.
It would be reasonably clever for the Chinese to crack down on all the VPNs that they don't control, funneling all the "illicit" traffic to the few VPNs they do control. It would make spying, monitoring dissidents, etc. much easier for them.
The NSA and other US intelligence agencies probably don't care very much about anyone that's dumb enough to need to use public VPN. Seems like the only people who would care in the US are domestic law enforcement, like the FBI.
Where do you plan to announce when you're ready to name names? I may have some need in the future to use a VPN in China and would like to be aware.
Also props on your mail service, it's very impressive. If it had been released a bit earlier, I think I'd have been a customer.
I wasn't that familiar with your company before today but I can tell you that I won't be a customer at any time in the future based on your comments.
As Algirdas was formally employed through Tesonet, he put Tesonet into the cert, and nobody noticed it until recently. Unfortunately Google does not permit the cert to EVER be changed, so we are stuck with this cert forever:
Google says it is a "feature", but most likely it is a "bug" especially when considering how many 1024-bit certs are still out there...
I'll take this opportunity to dispute Bart's contention that we compete with Tesonet. I prefer to say that instead of buying IT infrastructure from them, we built our own :)
So you, a privacy company, outsourced your IT to countless third parties in all sorts of countries? "Sounds secure," said nobody ever.
> I'll take this opportunity to dispute Bart's contention that we compete with Tesonet. I prefer to say that instead of buying IT infrastructure from them, we built our own :)
I want to take this time to let everyone know that the facts I am providing contradict protonmail's statement.
Turns out there was a plan to use Tesonet infra in Switzerland for this before we built our own infra in the Zurich area. What's interesting is that they weren't removed in RIPE when we decided to use our own infra instead, and this definitely needs to be corrected.
> So you, a privacy company, outsourced your IT to countless third parties in all sorts of countries?
You might have misread: "Third party IT companies were used to handle payroll and HR." This is not an uncommon practice for small companies and we still do this in countries where we have just 1 or 2 employees. It's a way to ensure employees get full benefits instead of being contractors with no benefits: https://en.wikipedia.org/wiki/Professional_employer_organiza...
- ProtonVPN UAB lists Tesonet's CEO as a director
- ProtonVPN UAB is operated from Tesonet HQ in Vilnius, Lithuania
- ProtonVPN UAB uses previous Tesonet's technical employees
- ProtonVPN uses IP address blocks that belong to Tesonet
- ProtonVPN mobile app is signed by Tesonet
It seems, that ProtonVPN is a free VPN service by a data mining company from Lithuania.
Like ProtonMail, the ProtonVPN team is distributed, split between Geneva, Skopje, Vilnius, and San Francisco. Tesonet (one of the biggest IT firms in Vilnius) was previously used as outsourced HR before we incorporated our own entity in Vilnius. We have similar arrangements for our staff in San Francisco, Prague, and Skopje. The above poster's intentions are a bit suspect, given that he's the co-founder of PIA...
But your entity's business address in Lithuania is still Tesonet's HQ. And Tesonet runs the entire technical infrastructure needed for a VPN service. So, are you partners or competitors?
Tesonet is actually a massive network and connectivity provider with a LOT of IP addresses, and we did in fact consider renting some servers from them. Like most VPN services, most of our servers are rented. In fact, we only completely own the VPN servers within our Secure Core network (we do this for security reasons as part of the rationale behind Secure Core, but that's another topic).
In the end though, Tesonet wasn't selected to provide servers and IPs. Our biggest server and IP provider is actually Leaseweb, which is also a popular choice among many VPN providers. However, we have some concerns about Leaseweb so we are reducing the number of servers we rent from them. Generally speaking, our VPN threat model does not trust ANY servers outside of our own Secure Core network.
It's a bit of a stretch to go from that to Proton == Tesonet. It's not like the group of us that left CERN to create ProtonMail were also able to go to Macedonia, Lithuanian, Czechia, and the US and just employ people. HR is not exactly our expertise, so we had assistance from local partners in each country.
I would like to take this moment to show that, once again, you are trying to sell privacy under false pretenses and have no idea what you are doing both in terms of jurisdictional privacy nor technological privacy.
Switzerland is a BAD place for e-mail.
Any actual cypherpunk knows that . I'm not sure they teach privacy and activism at "CERN,"  so I'm not sure why that's ever relevant yet you keep talking about it. It's like that Fresh Prince episode where the guy kept saying "I'm from Harvard."
 https://home.cern/search/node/privacy%20language%3Aen (lol)
Chemin du Pré-Fleuri, 3
Furthermore, ProtonVPN UAB was created by Tesonet, and has Tesonet’s CEO Darius Bereika listed as director.
Because we are a small startup, we don't have our own dedicated office space in most of the countries we operate in, and instead have office in shared spaces.
Vilnius is no different, and the incorporation of ProtonVPN LT was outsourced to Tesonet due to their experience in handling these types of matters. Of course, now that our Vilnius office (and Proton as a whole) has grown, most things are now done internally.
The problem is that, without a publicized investigation, there is absolutely no way for users to verify no-logging claims by VPN providers. The same is so for Tor relays. And Tor deals with that by using three-relays circuits. In order to connect users with online activity, adversaries would need access to logs from multiple relays.
One can do the same, albeit more crudely, using nested VPN chains. It's quite easy, using pfSense VMs as VPN gateways.
One privacy tool that I'd like to see is a program that takes a .ovpn file and user credentials and outputs a pfSense config file which the user just has to import.
Following a guide like yours is quite a bit of work and somewhat error prone. Few users will be able and willing to do that.
There is the argument that, in doing the setup manually, users come to understand what they're doing. But yes, it seems that most are put off by it all.
Can you elaborate on this? I am not familiar with the term "nested VPN chains", is this a specific configuration supported by pfSense?
Tor still does better than anything else. I don't think it's worth scaring people away from using Tor, because whatever else they'd be using instead is certainly worse.
EDIT: Parent comment originally said words to the effect of "Reminder that Tor has no defence against global traffic analysis".
It's possible to guard against global traffic analysis by establishing permanent fixed-bandwidth links between each node and sending traffic along them even when they aren't assigned to a circuit (or the circuit is idle). Then there is nothing to passively analyze because the amount of traffic between each node is always the same.
The problem is that this consumes a very large amount of bandwidth.
If you instead ask yourself "how many Tor nodes are out there", and then ask yourself "what is the NSA's annual budget", the concept of a global active adversary makes me a bit nervous.
And does not run 100%bandwidth all day and all night.
Resisting global traffic analysis for the purposes of deanonymization is not so easy. The issue is that if every time Alice sends ~476MB of traffic, Bob promptly receives ~476MB of traffic, it's not hard to deduce that Alice is talking to Bob. To fix that, the amount and timing of the traffic Bob receives needs to be independent of the traffic Alice is sending him. Which is possible but inherently comes at an efficiency cost.
I can imagine a global passive adversary that could log all Internet traffic, and make it searchable. The NSA can somewhat do that. But even the NSA can't retain everything for more than a few days, if even that. So even retaining necessary data for a match would be a stretch. Let alone having the processing power needed to do the matching.
We're talking about an attacker that can see every byte going over the wire, encrypted or not it's still able to measure the volume of data itself.
> Well, first thing, you don't send many MB directly to someone. You put it on a Tor onion file-share site, and PM the link via Tor.
In that example the attacker wants to determine the location/IP of the hidden service itself. It's pretty well known that high traffic / volume hidden services are some of the easiest targets for global traffic analysis.
> I can imagine a global passive adversary that could log all Internet traffic, and make it searchable. The NSA can somewhat do that.
They don't have to log the data itself simply the meta data and in specific the volume of data sent between vertices in the graph. Various agencies have openly admitted they keep this information and it's not considered "protected" in their view.
This is simply a graph analysis problem, similar to how Bitcoin is pseudo-anonymous unless you use specific methods that aren't built into the core protocol.
And about onion file-sharing sites. With OnionShare, you can create a site just for that transfer.
If Alice uploads the file and Bob downloads it immediately then you haven't gained anything. Bob has to wait some time for it to work, which means you didn't actually need a low-latency anonymity network to begin with. You can't use it for things that actually need real-time communication, like for live streaming or anything interactive.
I agree about unworkability for real-time communication. But there, you want to keep messages small. And use padding. Trying to make live streaming anonymous is nontrivial.
I mean, if only 100 people use I2P, and some traffic has gone over I2P, you can quite easily narrow it down to the set of 100 people.
I'd be delighted to be proved wrong.
I quote sound because as another commenter mentioned, without trusted third party audits it's all marketing...
And as the Snowden leaks have shown being located outside the US is not even a speed bump to the NSA being able to access your communications.
Mullvad gets around this by not storing customer information. As others have pointed out, your "account" is just a long number. You top it up any way you want (including sending cash in an envelope if you are truly paranoid).
So I do believe that it stands a better chance of being fully anonymous & private than a US counterpart.
If you click on the Almanac News source in your link, it states:
>"John Allan Arsenault, general counsel for London Trust Media, a VPN company, testified about how many VPN companies, including his, intentionally don’t retain logs of internet activity of their clients so that they cannot be produced in response to subpoenas from law enforcement or others."
Note it doesn't say they don't log only that they don't retain them. So it's quite possible that the subpoena process simply lagged behind the log retention window. Also the claim in only for "internet activity" and nowhere do we see that defined. Does that include client authentication?
Then article then goes on to state:
>"Arsenault said he could not find any record of Ross Colby subscribing to the VPN service when he searched using Ross Colby’s two known email addresses, which he received from law enforcement."
Could not find is not the same thing as there was nothing to search.
Also the first link continues its insistence on using the phrase "user activity" logging. That's a rather nebulous term. Nowhere is "user activity" defined and it's certainly not a term that meaning in the context of syslog/journald. Does "user activity" logging preclude RADIUS authentication?
We don't log, period. By stating that we don't retain logs, it means that we don't EVER retain them, not even for 0.001ms.
Hope this helps.
I am also very curious how support and operations troubleshoot client issues in the absence of any logging.
Furthermore an independent audit is still far more credible than believing something is true simply "because the CEO said so."
OTOH, I don't like the way (ie. tone) the co-founder is discussing in this thread. I find that unprofessional.
That said, I'm biased; I'm a ProtonVPN customer.
Here's the catch: I don't assume I'm anonymous with it. Just enough anonymous to use it for copyright infringement.
At this point though I am so impressed with WireGuard when my ProtonVPN sub expired I really just want a good VPN provider which supports that.
But anyway, there's no way to know. So your best bet is nested VPN chains. Including providers from jurisdictions where cooperation is less likely. Insorg is Russian, for example. Also, AirVPN, IVPN and Riseup have said that they'll shut down before they'll log.
It is possible to set up an anonymous DigitalOcean account funded by a Visa gift card and associated with an anonymous email provider.
Perhaps the best privacy-preserving tool would be a pool of anonymous, public accounts to public and private VPN services, and a client app that dynamically builds and connects via nested VPN chains.
Cash bills are marked with unique codes, and the trip from bank->(consumer->seller)*->bank tends to be relatively short, often 1 or 2. Systematic/sustained transfers are easily detected with graph theory & statistics... Especially if most other actors are carrying their cell phone with them all the time!
I.e. is the code printed at the time of buying? Or does it have a scratch-off code and packaged in plastic wrap? Is it scanned under a device while selling?
Even if there dont seem to be any unique codes, an IR fluorescent barcode could be used on the card, or its plastic wrap.
Even if there are no unique codes, the cards might come from a rack or pack in sequence, and the cashier instructed to scan a new pack of cards when opening a new pack!
Yes, they have unique numbers, and the time/date/location of purchase is known for each card's number. Like I said, this is not secure enough to defend against targeted attacks by well-resourced actors, but good enough to stay out of the dragnet, at least for now.
Sorry for my English. I hope my question is understandable.
Even if they did, how would they associate those serial numbers to your identity?
When you buy a prepaid card does the cashier link the serial numbers to the transaction?
If other actors have their cell phones with them, how does that allow graph theory to tie the prepaid card to you?
Bank knows: Alice-17.
Alice buys cell phone charger from cashier/seller Bob with bill 17.
Seller Bob deposits his cash (including bill 17) to the bank, and only the bank needs to scan the unique number, and associate with who brought it in:
Bank predicts: bill 17: Bank->Alice->Bob->Bank
For a lot of people even this simple automatable case is controversial, or supposedly too expensive to be true...
average joes and janes do not need to track and note down serial numbers for this to work...
Most convenience stores have a unified interface for printing the unlock codes for each type of product, and print the unlock code at time of buying. If you carry a cell phone, then the space-time event of cell phone position at the same location as the convenience store at the same time as printing the code identifies you. If other actors have their cell phones with them, the path of their bills is very much revealed. One is then trying to hide in among a very small set of unexplained connections...
Really we should have some kind of open source simulator of a market, and the surveillance state perspective of it, so we can prove in practice what is possible to deduce...
A variation of https://en.wikipedia.org/wiki/Random_forest might get the job done (the risk is an overfitted model).
If another customer comes in and gets Alice's note in their change (which is fairly likely since it's sitting at the top of the stack) then that note becomes entirely disassociated from the original purchase.
Random citizen Randy who does not try to anonimize carries a 10$ bill will hence call Randy's bill
Random citizen Rachel who also doesn't try to anonimize carries a 5$ bill.
Both carry phones gossiping location history to surveillance state. If any of those bills are brought to a bank by some seller, neither Randy nor Rachel will have visited the sellers store recently, so the spooks know it switched hands.
Find any consumption place (bar/shop/...) which both Randy and Rachel have visited "shortly" after each other (location history), since they were last known to carry the bill.
They apparently both went to the same bar.
1) You better not carry your cellphone when anonimizing your 20$ dollar bill in the bar.
2) You better (in the bar) not be within the "light cones" of 2 events: going absent from your phone (forward speed cone), rejoining your phone (reverse speed cone). So locomote very fast!
1) and 2) frustrate each other,
better just don't own a phone.
Your phone can detect from noise, motion (accelerometer/gyro),etc if its owner has left it behind or returns, and you will be one of only few people in a large radius who is not carrying his phone like a good boy.
They are not directly interested in tracking Randy and Rachel, they track them to track those who anonymize.
They are not directly interested in tracking you probably, they track you to track the hard targets. When most substantial (i.e. bills) money flows are fully explained, only a sparse amount of bill transmissions, and a sparse amount of suspicious behaviours need to be matched.
1) When you anonimize a large bill by splitting it, and you get multiple bills back, you must destroy the lower amount bills. (EDIT 2: CORRECTION better keep it and leave it on a train, different trains for each superfluous bill)
2) Lets pretend the introduction of smartphones was the start of surveillance state, say 15 years ago. Individually we have potentially 15 man-years of experience with surveillance, on the other hand a 250 million population nation state has 15*250 million man-years of experience with surveillance!
3) Given a sequence of hypothetical events, it is easy for me to attack a known strategy, but how can the state collect anonymizing strategies? "Easy" : for each flawless execution of anonymization, there will be hundreds of flawed executions: a person not realizing he shouldnt carry a smartphone but correctly splitting his bill after ATM: if enough cases like this are found, you can try find other patterns in their common behaviour, for example after using the anonymized $10 bill on whatever, doesnt see harm in using the extra $5 bill (in conjunction with say his phone, or in conjunction with a fresh $20 bill from ATM)
From all the known (but failed) attempts, we can try and look for alternative ways we could have anonymized them. Some will turn out to be aware of other side-channels and will have found original remedies for one problem, introducing a second sidechannel, which can be taken into account in the future
I love that idea. Algo creates IKEv2 servers using mainstream VPS. There are also scripts for creating clients for iOS and macOS devices. However, in my experience, it's hard to get IKEv2 with strong crypto working on Linux. There's also streisand, which creates OpenVPN, WireGuard, etc servers.
Also, there is VPN-Chain, which alters default routing pushed by OpenVPN servers, to create nested VPN chains, without using pfSense etc VMs. And it does create iptables rules to prevent leaks.
However, although compartmentalizing VPN clients in different VirtualBox VMs is far more resource-intensive, it's arguably more secure. Indeed, sometimes I compartmentalize VPN clients in different hardware. But anyway, perhaps there are lighter compartmentalization approaches with adequate security. And one could use vagrant etc to create and configure the compartments.
Even so, client apps for nested VPN chains would be nontrivial. They're far more complicated than simple VPN clients, and so far more error-prone. You'd clearly want them to fail closed overall.
You'd also want feedback to diagnose failures, but nothing that connected directly to "inner" VPNs, which would normally be reached through other VPNs. In my experience, you optimize at each stage of building the nested chain. You may have a general plan. Which VPN services to use, in which order. But to minimize latency and maximize bandwidth, you need to experiment with various combinations of servers. It's likely a BGP-routing thing.
But sure, that could be automated. Most VPN clients have an automatic mode, where they identify servers with lowest latency and maximum bandwidth, within some constraint for exit location. So your app would just need to do that recursively, in building the nested VPN chain.
> It is possible to set up an anonymous DigitalOcean account funded by a Visa gift card and associated with an anonymous email provider.
I'd rather pay with Bitcoin. You can arbitrarily anonymize by using multiple mixing services, with independent local wallets. I use Whonix instances in VirtualBox, each with an Electrum wallet.
Each Whonix client can hit Tor through a different nested VPN chain. So you have some anonymity, even if Tor has been compromised. Even after the first mix, you should have different Bitcoin. But with three mixes, you've got anonymity even if one of the mixing services is a honeypot.
If you want better anonymity, just mix more times. And Whonix instances require very little setup, so they're disposable. Mix some Bitcoin, then nuke the intermediate Whonix instances.
There are still some legal restraints on US agencies and military conducting signals intelligence within the United States.
But they are unrestrained outside the US. And we've seen that foreign networks are thoroughly compromised by US agencies.
So wouldn't it actually be safer for a US resident to select a provider based in the US?
That is likely a fantasy. The NSA is a military organization. And the US is always at war. So there's no expectation that the NSA will respect US law. At best, it will pretend to do so.
> So wouldn't it actually be safer for a US resident to select a provider based in the US?
It is true that there's no mandatory logging requirement for VPN services in the US. And PIA has prevailed so far on that basis. However, there are also National Security Letters, which might require logging without public notice.
Personally I can recommend Autistici/Inventati. More smaller services/servers seems like a much better way to go.
I assume you mean anonymizer.com? If so, can you point me to some reliable source for this info? Would like to know more...
> Abraxas Corporation focuses on services, system and technology solutions, and training programs across the United States National Security community, the United States Government, and the United States military markets.
It was founded in 2001
> by a group of former high-ranking agency employees, led by Richard "Hollis" Helms, a longtime overseas officer in the Middle East and onetime head of the CIA's European division, and Richard Calder, who was the agency's deputy director for administration.
I mean, it's still not consistent with "no logging", but it still protects "backwards" privacy of connections happening in the past, and crucially it's a kind of logging that will always be technically possible to implement for a VPN provider, and probably legally trivial for law enforcement to mandate with a court order (or national security letter) - regardless of how strongly a worded policy the provider has in place.
> The only real solution is running your own Streisand node on an anonymous VPS paid with crypto
Why would VPN providers need to log but VPS providers don't?
It's a question of obfuscation. A private VPN provider is receiving explicit logs of every single URL request you make, and has access to the actual machine processing the request. A VPS provider cannot. With an IPSEC tunnel terminated inside the VM, there's no way they can see your incoming traffic. They could monitor your outgoing traffic in theory, but would have to be specifically looking for this and targeting you.
I'm just curious why VPNs would be required to log but VPS aren't if they can be used for the same purposes. Is it just because VPNs are more likely to be used for illegal purposes?
Take a look and let me know what you think or if you disagree.
I use a vpn to reduce tracking and keep my ISP in the dark - and so have gravitated to the names in the space that seem to be more solid corporate citizens
F-secure - https://www.f-secure.com/en/web/home_global/freedome
Proton Tech - https://protonvpn.com
You keep using that word, "impossible". I do not think it means what you think it means.