Hacker News new | past | comments | ask | show | jobs | submit login
IPVanish “No-Logging” VPN Led Homeland Security to Comcast User (torrentfreak.com)
231 points by placatedmayhem on June 7, 2018 | hide | past | web | favorite | 173 comments



CEO's statement on Reddit : https://www.reddit.com/r/Piracy/comments/8ogup1/ipvanish_cla...

>We don't typically jump into Reddit or other forums but this topic is too important to me. I'm the CEO of StackPath and we acquired IPVanish in February, 2017 (more than a year after the lawsuit from 2016). With no exception IPVanish does not, has not, and will not log or store logs of our users as a StackPath company. Most important, StackPath will defend the privacy of our users regardless of who demands otherwise. I can't speak to what happened on someone else's watch but Technology is my life and I've spent my career helping customers build on and use the Internet on their terms. StackPath takes that even further—security and privacy is our core mission. I also happen to be a lawyer and I will spend my last breath protecting individuals' rights to privacy, especially our customers.


Too stupid for words. They know they are working with customers who barely understand the technology and they are outright lying to them. I'm not here to defend kiddie porn addicts or idiots on the internet, but it's definitely worth pointing out 1) that's an empty statement and 2) they know it guarantees nothing.


I would have to say that any company in the world can pretty much state whatever it is that they want regarding logging/not logging. Unfortunately if it ends up being a lie, they can be sued by people directly suffering damages (in this case probably when the kiddie porn person is out of jail - I am assuming he will go up against a lot of judges and may have to go to the supreme court which would likely end up siding with him - lucky for us, he's probably not that passionate about fighting his cause). And secondly the FTC could sue the company just the same for not being truthful in the advertising. But it sounds like IPVanish had previous owners, so who knows how that will go.


Whether a company promises not to keep logs or not they can and always will comply with legal requests (court order, warrant, national security letter, etc, etc) to monitor specific targets. Otherwise they will be out of business.

Bottom line: don't do illegal stuff. These services (if they are actually telling the truth about not logging) are good for protecting your privacy as a law abiding citizen but they don't really provide any shield for criminal activity.


The problem with that argument (just like "If you have nothing to hide...") is that the line for "illegal" moves over time. It's not entirely unreasonable to expect something that I do legally today will lead to prosecution (in certain countries) or heightened surveillance tomorrow. Them keeping any logs of what I do today is a risk, even if my conduct is legal.


So you're just going to ignore the fact that they explicitly promised their users that they don't keep logs, while keeping logs?

I wonder if it qualifies as unlawful false advertising.


If they didn't keep logs and aren't lying, they could still be asked or warranted to allow LEO to monitor their system live during a suspect's usage in order to identify them.


Indeed, they could be compelled to do that, but according to the article they were keeping logs in this case, despite explicitly advertising that they didn't.


This is exactly the issue that should be stressed repeatedly. When a firm advertises itself as such, that values customers' privacy,etc etc. There should not be any logs, espeically if they make it their number one selling-point.

Regarding illegle activities, if there is a will strong enough that warrents Powers that be to track down something, one way or another, it will happen. No matter, how much one deludes himself into a sense of security. The idiot in the article shoudln't have been posting shit in a fucking irc channel to begin with.

Pardon my english, am very tired and not my mother-language.


An important thing to note here is that they were served with a "Summons for Records," not a warrant. With a warrant the DHS has to provide probable cause, it has to be signed off on by a judge, and cannot be refused. A summons has none of those things; it can absolutely be refused, at which point they would have to get a warrant.

I'd also like to add that I don't have an ethical problem with a VPN company that keeps logs and turns them over to law enforcement with a valid warrant. Lying about keeping logs, though, I do find unethical, as well as not requiring a warrant for access.

I also think that explicitly not keeping logs to protect users from law enforcement is shady to say the least. If law enforcement has a valid warrant, I don't have an issue with providing them with the data they need to find and prosecute.


>>> I also think that explicitly not keeping logs to protect users from law enforcement is shady to say the least.

I guess that depends on which law enforcement you are talking about. An FBI agent going after someone distributing child pornography is a rather sympathetic police action. What about a Chinese officer going after someone for "treason"? What about a Russian cop looking for someone who tweeted pics taken at a protest rally? Or what about a Canadian cop asking questions about a teenager in Sweden, someone well outside Canadian jurisdiction? Or what about the FBI agent asking for some celeb's home address? Rather than pick sides, the best answer is to just not collect the data in the first place.

VPN companies operate at an international level. The cops from some countries cannot be trusted. Cops in all countries make mistakes. A few of them our there are corrupt. And often times the person claiming to be a cop is either well outside their authority, or just lying about being a cop. I tell my client's to not even respond to communications from any sort of law enforcement or intelligence agency. Pass it to your lawyers. Let them first verify who and what authority is making the request. Do not leave such determinations to engineers and support staff.


I agree that it depends on who the law enforcement is. I think operating a VPN service for Chinese citizens to evade censorship and not doing logging to protect those users would be ethical, for example. Like I said in another comment, you have to think about the odds of dealing with an LE request you consider unethical, and balance the consequences of providing logs or not providing logs. Personally, I trust the US justice system enough that I wouldn't have a problem with complying with a valid warrant (after legal due diligence, of course). But that's subjective and I understand others may not feel the same way.

> VPN companies operate at an international level. The cops from some countries cannot be trusted. Cops in all countries make mistakes. A few of them our there are corrupt. And often times the person claiming to be a cop is either well outside their authority, or just lying about being a cop. I tell my client's to not even respond to communications from any sort of law enforcement. Pass it to your lawyers. Let them first verify who and what authority is making the request. Do not leave such determinations to engineers and support staff.

Totally agree with everything here.


> I agree that it depends on who the law enforcement is.

All Law Enforcement is corrupt. The only unknown is the level of corruption. As a service provider in any country, we have no idea whether we will be dealing with a good cop or a bad cop, and the safest assumption to make is that they are all bad cops. Don't let the good cop set a precedent for interaction that the bad cop can abuse.

The system will work to abuse your trust. If the first warrant tou get is to help catch a pedophile who has been kidnapping children, and you sgree to provide logs for that, the Government will be upset when you don't comply with the next warrant which is a wife beating cop trying to track down his estranged wife who is due to appear in court tomorrow.

You have shown that you have the required data, the purpose of the warrant doesn't have any impact on the legal requirement to comply.


Or Obama trying to uncover who in the White House is talking to journalists.


Agree with first half, but second half is an appeal to authority, which is a fallacy. By not keeping logs, a VPN would take themselves out of a situation where corrupt authorities could exploit their power.


Logical fallacies are mistakes in logic. The appeal to authority fallacy is when you say something of the form "X is true because authority Y says so". I don't see how supporting warrants falls into that. What statement do you think is being fallaciously supported here, and which authority is being used to support it?


>I also think that explicitly not keeping logs to protect users from law enforcement is shady to say the least. If law enforcement has a valid warrant, I don't have an issue with providing them with the data they need to find and prosecute.

That statement. That because it's an authority they will be just, law abiding, and acting in everyone's best interest. That op has no problem with it because surely no one would ever abuse that power! That's a logical failure if you don't have your head in the sand.

But, I'm sure it makes no sense if you've been raised to believe the "government is here to help".


I agree with everything you've said, but it's still not an "appeal to authority" argument.

For example: "You should vote Joe for Sheriff because my uncle--who is a private detective and knows these things--says to."

That said, logical fallacy discussions are irrelevant to your actual point: Keeping logs implies you trust the government entirely. Not keeping logs implies you trust your users entirely. Neither option is healthy for the other in and of themselves and requires "everyone else" (aka civilization) to be doing their jobs to stop bad guys and/or governments.

Tricky stuff.


His argument is literally "it's ok because they are an authority."

> Not keeping logs implies you trust your users entirely.

No. It means your business is to provide a proxy service, and not to monitor what users do with it. Trust has nothing to do with anything.

It's a special type of ignorance to say, "well, governments won't overreach, they're here to help" if you've been alive before and after 9/11.


I am inclined to agree, but this isn't an example of appeal to authority[1] it's just a willingness to believe in the status quo ("police should always be able to catch the bad guys, shouldn't they?").

1: https://www.logicallyfallacious.com/tools/lp/Bo/LogicalFalla...


"I don't have an issue with obeying a valid warrant" does not imply that the government is always "just, law abiding, and acting in everyone's interest." I would strongly disagree with the latter while agreeing with the former.


It implies that either:

1) You're capable of discerning what is, or is not, a valid warrant, or

2) You trust the L.E. to do so for you.

Which?


These are not exhaustive options. The name of the logical fallacy you're committing here is a "false dilemma". See https://en.wikipedia.org/wiki/False_dilemma

I cannot discern what is or is not a valid warrant. That's why companies have lawyers. I don't trust law enforcement to do this either. That's why we have courts. There's a lot of room for nuanced opinions about our warrant system not being perfect but being better than nothing.


"You" implies your organization. You and your corporate attorneys are on the same team.

No logical fallacy, simply a strict reading of the words chosen.

Correction made, what's the third option, if those aren't exhaustive?


One other option is that I trust the courts. Another is that I don't trust law enforcement or the courts but I still think that an imperfect rule of law is better than not being able to have warrants at all. These things don't have to be absolute.


I said "valid warrant." If I found the warrant to be an over-reach, was on a flimsy pretext, or the request is not properly scoped I wouldn't consider that valid, and would appeal.


"Your appeal has been denied."

You're still considering a just and fair government/system, you've just moved the "just and fair" bit from "the police" to "the judge issuing the warrant". There are a fair number of people who have absolutely no trust in their (or any) government and consider the potential for government overreach. The best way to prevent government overreach is to make sure there is nothing they can reach for.

Some people have no issue with the government knowing their "harmless personal activities". While another group of some people believe the government has absolutely no right to know what's going on in their personal lives no matter how mundane.


But they'd also take themselves out of a situation where non-corrupt authorities could use their power appropriately. You have to do the ethical math on the likelihood of either possibility and the consequences, which is subjective.


>But they'd also take themselves out of a situation where non-corrupt authorities could use their power appropriately.

Oh, well, if we're limiting the conversation to hypotheticals...

How about the idea that your bad behavior doesn't forfeit my right to privacy? I don't care if every other VPN user starts money laundry drug money by selling child porn - when it comes to my VPN logs, you can get lost, and I do nothing unusual or illegal. I have a very American attitude about personal freedoms and privacy.

I don't believe that every opportunity for data collection should be implemented just because an authority says it's for "the greater good".


> I don't care if every other VPN user starts money laundry drug money by selling child porn ...

If I require a valid warrant for a carefully scoped query, law enforcement would have to have probable cause, demonstrate that in a court, and get approval from a judge. Note the "carefully scoped" part: they can ask "who was using this IP address at this time to visit this site" but they don't get unlimited access to the logs data. The only way they would be able to get data about you is with probable cause that you are doing something illegal. Even if everyone else using that service is using it for illegal things, that does not constitute probable cause for them to get your data.

> I don't believe that every opportunity for data collection should be implemented just because an authority says it's for "the greater good".

I agree.


Don't advertise with "no logs" then.


I completely agree, and said so in my original comment.


The parent explicitly said that would be unethical, so you agree with them.


What’s unethical about not keeping logs? I explicitly don’t have external security cameras at my apartment: is it unethical because I can’t provide law enforcement with video in case something happens on my block?


I didn't say not keeping logs is unethical, I said " explicitly not keeping logs to protect users from law enforcement" is unethical. The difference is subtle. If you just happen to not keep logs that's fine, or if you don't keep logs because you don't want to have to pay for storing them or something that's also fine. But explicitly saying, "I could have logging here, but I don't want to because I don't want to provide evidence to law enforcement serving a valid warrant" is, in my view, unethical. Not tremendously unethical, mind you, but unethical. The morality is about the intent rather than the result.


I could have cameras, but I legitimately don’t want to provide footage to law enforcement. Am I now acting unethically? And what the difference if I simply don’t have them because I don’t want to spend money on them (or any other reason)?

This is not entirely a rhetorical device. I really don’t want to provide the government with a video feed of my neighborhood.


I'll start by saying that intent can matter a lot in ethics. Intent is the difference between a tragic accident and cold-blooded murder. I'll also add that I think your scenario is ethical, you don't have any obligation to put cameras around your house.

What's the difference between your scenario of a house with cameras vs. a VPN service not logging things? I'll be honest here, I could list out a bunch of differences between those two scenarios (houses tend to have a reasonable expectation of privacy while internet services may not, the likelihood of catching criminals and the severity of their crimes, the potential for abuse, in the case of your house you could always serve as a witness to a crime so cameras might be overkill, etc.) but I honestly don't know which one of those differences is the reason why I find one scenario to be ethical and the other unethical, or if it's some difference I haven't thought of (or I might be wrong!).

I'll admit my opinion here isn't fully fleshed out. Another thing is that I consider Tor to be ethical, even though that's essentially a VPN that doesn't log anything (from the perspective of not being able to respond to law enforcement requests, I know there are significant technical differences). In that case, I think the distinction is that Tor is meant to help fight censorship in authoritarian countries, and the fact that it can be used for nefarious purposes is an unfortunate side effect that doesn't outweigh the benefits.

Anyway, I do think there is a line between valuing the privacy of users and shielding them from legitimate law enforcement requests, but I'm open to discussion on where exactly that line falls.


You say that houses tend to have a reasonable expectation of privacy, but not internet services, why is that? Possibly because they keep their logs? I don't understand why we should not have reasonable expectation of privacy for our internet activity. Seems like we could have a reasonable expectation of privacy if internet services don't keep their logs. So intent might be there, but one could view their lack of logs as upholding our privacy, not hiding criminal activities.


I think your reading of my comment is confused: I would not be installing cameras in my house (where I have a reasonable expectation of privacy), but outside my house (where anyone can get a clear view of the entire block and what's happening there.


Do you market your house / front yard as a good place to do illegal things (even implicitly) and then take payment from the people doing them while turning a blind eye to whatever conduct is happening?


> I could have cameras, but I legitimately don’t want to provide footage to law enforcement.

You could have or you would have?

The logs are there, we usually have them, they don't cost much and they are pretty useful. Like his previous comment said, if you had never intended to have logs there or have reasons not to have logs (replace logs by camera in your situation), then there's nothing unethical about it.

As he said it's not the result but the intent that make it unethical. In the same situation, it could actually be ethical to not have logs, let say to allow people to communicate behind a corrupt government that want to silence them.


This presumes that law enforcement always represent the enforcement of ethically correct directives. This is demonstrably not the case, and categorically deferring to them is likely ethically irresponsible.


> I also think that explicitly not keeping logs to protect users from law enforcement is shady to say the least.

"Law enforcement" covers a variety of entities, from Mr. Friendly offering fatherly advice to fresh-scrubbed teens in Neverwas, IN to the people who brought us COINTELPRO and other folks throwing journalists out of windows in Russia.

I think it is more accurate to talk about "not keeping logs to protect users from entities who routinely traffic in violence" (among other things).

Ethics is hard.


Many people in the U.S. see nothing wrong with "logless access" as a way of avoiding law enforcement, when it is practiced in other countries whose law enforcement can -- including within the scope of their laws -- be quite abusive.

What makes you think your law enforcement is different?

And, with data potentially held in perpetuity, any past action may become grounds for prosecution, depending upon how law at the time of prosecution is defined.

People in the U.S. -- mainstream, as opposed to "minorities" -- have spent that past couple of decades waking up to the fact that laws and law enforcement are tools, not paragons of virtue. And those tools can be and are used for evil and harm.

This may not mean turning your back on the system -- nor even having the opportunity to. But it can mean being proactive to limit your exposure to potential abuse.

Not to mention all the commercial interests, who would love to have those logs. And, if your VPN company gets sold, including if it goes bust, all those logs become "assets" that will be monetized, regardless of any "promise" that was made. If there's enough value in them, lawyers will spend time and energy breaking any contractual obligations to same. And it's not like the company itself is around anymore to take the other side in such a dispute.

--

P.S. A bit of personal perspective: I've taken to using a VPN all the time -- as opposed to just while on public WiFi, like I once did -- to a) Keep Comcast out of my browsing, both their monitoring and their JS injection; b) Keep Verizon out of my mobile data use, again both monitoring and injection (that header they keep wanting to inject for tracking/advertising, among other things).

HTTPS is finally becoming widespread enough to prevent some of this, but that change has come years after the above abuses started. And it still doesn't mask domains, nor inappropriate GET's.

Good security isn't just reactive. It's pro-active. Another precept is to always provide minimal information to get the job done.

Anyway...


In the mean while it looks like PIA is still standing it's ground (for now): https://torrentfreak.com/private-internet-access-no-logging-...


ProtonVPN (operated from Switzerland) claims[1]: "Our security team has also identified at least one VPN service which is working on behalf of a state surveillance agency."

If I had to guess, it would be PIA: the most popular, the most accessible, and the most affordable US-based VPN.

When a VPN is run by NSA, of course it will stand up in all courts. How would a state surveillance agency let its tool be so publicly destroyed? And it doesn't have to keep any logs at all. They can just be forwarded in real-time, based on a set of filters and rules ("URLs that are requested by <IP>", "IPs that are requesting <URL>").

[1] https://protonvpn.com/blog/threat-model/


Honest question: Is there any reason to believe that PIA is a US intel operation vs, say a Russian one? I ask because my main privacy concern is state sponsored industrial espionage. I have often thought that if I wanted to gather kompromat on high level professionals, I would probably start an "anonymous" VPN service to further that effort. Say what you will about the NSA, but I am not worried about them in that space.


>Say what you will about the NSA, but I am not worried about them in that space.

We know from leaks that the steal industry secrets.


> Honest question: Is there any reason to believe that PIA is a US intel operation vs, say a Russian one?

I would also like to know the motivation for a US intel agency to want to run a VPN. It seems to me like it wouldn't be worth the bother: VPNs aren't illegal in the US, so it would be too hard to convince everyone to use theirs. Spies, etc. could just use private ones they control. They'd just see a bunch of crap from unsophisticated people.

Seems to me like it would be more likely for US law enforcement to want to do something like that, but I'm skeptical they have the resources.


if you're a spy using it to hide your identity from websites when you visit, it would be good for your VPN to have a mix of normal activity and spy activity. If you run your own, it's going to have a weird pattern of traffic that might stand out to a website with decent analytics.


This is exactly why Tor is publicly available.


> ProtonVPN (operated from Switzerland) claims[1]: "Our security team has also identified at least one VPN service which is working on behalf of a state surveillance agency."

> If I had to guess, it would be PIA: the most popular, the most accessible, and the most affordable US-based VPN.

If I had to guess, the state surveillance agency-run VPN would be one that's still accessible from China. I understand (but I could be wrong) there are still a few that manage to evade the blocks and provide good service despite all the crackdowns. Chinese state security has many more reasons to want to watch domestic VPN traffic than the US does. Their motivation is proven by the fact that they've spent the effort to build and maintain the "Great Firewall," and crack down on VPNs that bypass it.

It would be reasonably clever for the Chinese to crack down on all the VPNs that they don't control, funneling all the "illicit" traffic to the few VPNs they do control. It would make spying, monitoring dissidents, etc. much easier for them.

The NSA and other US intelligence agencies probably don't care very much about anyone that's dumb enough to need to use public VPN. Seems like the only people who would care in the US are domestic law enforcement, like the FBI.


We're not ready to name names at this point, but you're actually correct. If one looks closely at what China lets through the Great Firewall in terms of the major VPN providers, there is something that stands out.


> We're not ready to name names at this point, but you're actually correct.

Where do you plan to announce when you're ready to name names? I may have some need in the future to use a VPN in China and would like to be aware.

Also props on your mail service, it's very impressive. If it had been released a bit earlier, I think I'd have been a customer.


[Comment retracted and removed by author's request.]


You aren't doing much in terms of brand ambassadorship for PIA by muck raking and bickering with a competitor. It's quite petty. The comment about PIA wasn't put forth by ProtonVPN. They clarified the discrepancy you raised and did so in a civil manner.

I wasn't that familiar with your company before today but I can tell you that I won't be a customer at any time in the future based on your comments.


We've unfortunately had to deal with a lot of this recently. The issue is that we have turned the VPN industry upside down by providing a free service, and that is likely hurting profit margins across the entire sector so everybody is trying to hit ProtonVPN now. We just aren't very profit driven, and that's the type of competition that brings down prices (and profit margins).


We used Tesonet as a local partner before we had an official Lithuanian subsidiary, and rented office space from them. We don't share employees, infrastructure, etc. We have had a similar temporary arrangements with local companies when we opened offices in other jurisdictions where we didn't have an official presence yet.


Your Android APK has a certificate signed by Tesonet[1]. So do they control your Android VPN application or do you?

[1] http://apkforandroid.org/com.protonvpn.android/34007825-prot...


We do. That was an error made during the time Tesonet was doing our HR which we are attempting to correct.


Your most recent update (yesterday) was still like this. Was this something decided today?


This is an unfortunate mistake made by Algirdas, our first (and amazing) Vilnius team member. Back when he first joined us several years ago, we outsourced HR to a third party as it didn't make sense to incorporate a new company for just a single employee.

As Algirdas was formally employed through Tesonet, he put Tesonet into the cert, and nobody noticed it until recently. Unfortunately Google does not permit the cert to EVER be changed, so we are stuck with this cert forever: https://stackoverflow.com/questions/18357909/anyway-to-chang...

Google says it is a "feature", but most likely it is a "bug" especially when considering how many 1024-bit certs are still out there...


Why was something so critical (managing your code signing key) outsourced to someone you specifically called a competitor [1]? Basically, what I'm asking is are you incompetent or are you the same developer team?

[1] https://news.ycombinator.com/reply?id=17259627&goto=item%3Fi...


This is actually explained above. In the early days of Proton, none of our employees outside of Switzerland were directly employed by us. This includes some key employees, including a co-founder. Third party IT companies were used to handle payroll and HR in these cases, and in Vilnius, it was done by Tesonet.

I'll take this opportunity to dispute Bart's contention that we compete with Tesonet. I prefer to say that instead of buying IT infrastructure from them, we built our own :)


> This is actually explained above. In the early days of Proton, none of our employees outside of Switzerland were directly employed by us. This includes some key employees, including a co-founder. Third party IT companies were used to handle payroll and HR in these cases, and in Vilnius, it was done by Tesonet.

So you, a privacy company, outsourced your IT to countless third parties in all sorts of countries? "Sounds secure," said nobody ever.

> I'll take this opportunity to dispute Bart's contention that we compete with Tesonet. I prefer to say that instead of buying IT infrastructure from them, we built our own :)

I want to take this time to let everyone know that the facts I am providing contradict protonmail's statement[1].

[1] https://bgpview.io/prefix/185.159.157.0/24#whois


Now that last part IS a super interesting find. You guys really did a lot of digging. Proton NOC did some digging also and 185.159.157.0/24 is the IP block we use for our Zurich servers, which is now announced by AS59898 by AllSafe Sarl (Switzerland).

Turns out there was a plan to use Tesonet infra in Switzerland for this before we built our own infra in the Zurich area. What's interesting is that they weren't removed in RIPE when we decided to use our own infra instead, and this definitely needs to be corrected.

> So you, a privacy company, outsourced your IT to countless third parties in all sorts of countries?

You might have misread: "Third party IT companies were used to handle payroll and HR." This is not an uncommon practice for small companies and we still do this in countries where we have just 1 or 2 employees. It's a way to ensure employees get full benefits instead of being contractors with no benefits: https://en.wikipedia.org/wiki/Professional_employer_organiza...


I feel like the PIA guy is providing a lot of sources for his position. I feel like the counter arguments aren't providing anything, but words.


I checked out the provided links. It is weird. Even if it were a wrong conclusion, it seems fishy.


What PIA co-founder proofed in this thread so far:

- ProtonVPN UAB lists Tesonet's CEO as a director

- ProtonVPN UAB is operated from Tesonet HQ in Vilnius, Lithuania

- ProtonVPN UAB uses previous Tesonet's technical employees

- ProtonVPN uses IP address blocks that belong to Tesonet

- ProtonVPN mobile app is signed by Tesonet

It seems, that ProtonVPN is a free VPN service by a data mining company from Lithuania.


That is what I mean. It looks like these things are facts and combined it doesn't look good.


I wasn't aware that ProtonVPN was not run by ProtonMail, even though I happen to be from Vilnius, Lithuania myself and even have a close friend working at Tesonet. If this is true, that makes me question how much anything branded Proton* can be trusted in general.


ProtonMail team here. The above is not correct. ProtonVPN is developed and operated by ProtonMail. However, it exists as a separate legal entity for security reasons. This is to avoid ProtonMail getting banned in jurisdictions where VPNs are illegal. An example is China where ProtonVPN is banned, but ProtonMail is permitted. Had they been the same company, both would have been banned together. So from the legal standpoint, we put as much separation as possible between ProtonMail and ProtonVPN.

Like ProtonMail, the ProtonVPN team is distributed, split between Geneva, Skopje, Vilnius, and San Francisco. Tesonet (one of the biggest IT firms in Vilnius) was previously used as outsourced HR before we incorporated our own entity in Vilnius. We have similar arrangements for our staff in San Francisco, Prague, and Skopje. The above poster's intentions are a bit suspect, given that he's the co-founder of PIA...


> Tesonet was previously used as outsourced HR before we incorporated our own entity in Vilnius

But your entity's business address in Lithuania is still Tesonet's HQ. And Tesonet runs the entire technical infrastructure needed for a VPN service. So, are you partners or competitors?


If it helps, Tesonet lists itself as a business that helps "collect business intelligence data" and has "machine learning solutions" [1]. They also say they do "cybersecurity."[1]

[1] https://tesonet.com/about/


The address probably hasn't been changed since the time of incorporation. We plan to update everything all at once later this summer when all of Proton consolidates under the ProtonLabs name. We save a bit of money this way by not using the lawyers multiple times.

Tesonet is actually a massive network and connectivity provider with a LOT of IP addresses, and we did in fact consider renting some servers from them. Like most VPN services, most of our servers are rented. In fact, we only completely own the VPN servers within our Secure Core network (we do this for security reasons as part of the rationale behind Secure Core, but that's another topic).

In the end though, Tesonet wasn't selected to provide servers and IPs. Our biggest server and IP provider is actually Leaseweb, which is also a popular choice among many VPN providers. However, we have some concerns about Leaseweb so we are reducing the number of servers we rent from them. Generally speaking, our VPN threat model does not trust ANY servers outside of our own Secure Core network.


We still lease office space from Tesonet at the moment, though that is changing soon. We don't have a business relationship with their VPN unit--we are competitors there.


[flagged]


Actually Proton and Tesonet still have ties to this day, some company administration services like accounting is still outsourced to Tesonet. That is simply not a role we have taken in house yet (it's actually still outsourced in all countries that we operate in).

It's a bit of a stretch to go from that to Proton == Tesonet. It's not like the group of us that left CERN to create ProtonMail were also able to go to Macedonia, Lithuanian, Czechia, and the US and just employ people. HR is not exactly our expertise, so we had assistance from local partners in each country.


[flagged]


> We don't share personal information with third parties. Furthermore, all user data (payment details, etc) resides on servers in Switzerland, controlled by our Swiss entities, under Swiss legal protection. This is why in our opinion, ProtonVPN is safer than PIA which is under US jurisdiction.

I would like to take this moment to show that, once again, you are trying to sell privacy under false pretenses and have no idea what you are doing both in terms of jurisdictional privacy nor technological privacy.

Switzerland is a BAD place for e-mail.[1] Any actual cypherpunk knows that [2]. I'm not sure they teach privacy and activism at "CERN," [3] so I'm not sure why that's ever relevant yet you keep talking about it.[4] It's like that Fresh Prince episode where the guy kept saying "I'm from Harvard."

[1] https://arstechnica.com/tech-policy/2013/12/switzerland- wont-save-you-either-why-e-mail-might-still-be-safer-in-us/ [2] https://en.wikipedia.org/wiki/Data_retention#Email [3] https://home.cern/search/node/privacy%20language%3Aen (lol) [4] https://news.ycombinator.com/reply?id=17260425&goto=item%3Fi...


We don't share personal information with third parties. Furthermore, all user data (payment details, etc) resides on servers in Switzerland, controlled by our Swiss entities, under Swiss legal protection. This is why in our opinion, ProtonVPN is safer than PIA which is under US jurisdiction.


Yet, the fact is, that the entire ProtonVPN mobile traffic passes through an app signed by a dating mining company from Lithuania.


What does me being the co-founder of PIA have to do with anything other than I'm trying to protect the people from shady f*s? Facts are facts.


They may be separate “legal” entities, but they share the same exact office. Both ProtonVPN and ProtonMail’s Swiss entities are purportedly located here[1][2]:

Chemin du Pré-Fleuri, 3 CH-1228 Plan-les-Ouates, Genève, Switzerland

Furthermore, ProtonVPN UAB was created by Tesonet, and has Tesonet’s CEO Darius Bereika listed as director.[3]

[1] https://protonmail.com/imprint [2] https://protonvpn.com/support/ [3] https://www.visalietuva.lt/imone/protonvpn-lt-uab


This is correct, both Swiss companies are colocated in the same office building, which is home actually to 60 other companies as part of FONGIT (fongit.ch)

Because we are a small startup, we don't have our own dedicated office space in most of the countries we operate in, and instead have office in shared spaces.

Vilnius is no different, and the incorporation of ProtonVPN LT was outsourced to Tesonet due to their experience in handling these types of matters. Of course, now that our Vilnius office (and Proton as a whole) has grown, most things are now done internally.


How did their security team identify that?


Probably someone venting over beers at a convention?


connect to VPNs, make illegal traffic, see which traffic triggered an investigation ... ?


Yes, and good for them!

The problem is that, without a publicized investigation, there is absolutely no way for users to verify no-logging claims by VPN providers. The same is so for Tor relays. And Tor deals with that by using three-relays circuits. In order to connect users with online activity, adversaries would need access to logs from multiple relays.

One can do the same, albeit more crudely, using nested VPN chains. It's quite easy, using pfSense VMs as VPN gateways.


> It's quite easy, using pfSense VMs as VPN gateways.

One privacy tool that I'd like to see is a program that takes a .ovpn file and user credentials and outputs a pfSense config file which the user just has to import.

Following a guide like yours is quite a bit of work and somewhat error prone. Few users will be able and willing to do that.


This is available within pfSesne. There is a package called openvpn-client-export that exports the pfSense config to .ovpn and a number of other config/packages.


I agree that it's tedious and error-prone. Perhaps someone could automate it. But that's over my head.

There is the argument that, in doing the setup manually, users come to understand what they're doing. But yes, it seems that most are put off by it all.


>"using nested VPN chains. It's quite easy, using pfSense VMs as VPN gateways"

Can you elaborate on this? I am not familiar with the term "nested VPN chains", is this a specific configuration supported by pfSense?


1) You create a VPN. 2) Over that VPN connection, you connect to another VPN... Repeat until your tinfoil hat feels secure.



What a great resource, thanks for sharing. Might you have any feedback on IVPN as a provider as well?


I've freelanced with IVPN for five years. IVPN was "[f]ounded in 2009 by a group of security professionals at the prestigious Information Security Group at the University of London (Royal Holloway)".[0] In my experience, their CEO Nick Pestell is fundamentally a privacy activist.

0) https://www.ivpn.net/aboutus


.


Nothing has any defence against global traffic analysis.

Tor still does better than anything else. I don't think it's worth scaring people away from using Tor, because whatever else they'd be using instead is certainly worse.

EDIT: Parent comment originally said words to the effect of "Reminder that Tor has no defence against global traffic analysis".


> Nothing has any defence against global traffic analysis.

It's possible to guard against global traffic analysis by establishing permanent fixed-bandwidth links between each node and sending traffic along them even when they aren't assigned to a circuit (or the circuit is idle). Then there is nothing to passively analyze because the amount of traffic between each node is always the same.

The problem is that this consumes a very large amount of bandwidth.


This works against global passive adversaries.

If you instead ask yourself "how many Tor nodes are out there"[1], and then ask yourself "what is the NSA's annual budget"[2], the concept of a global active adversary makes me a bit nervous.

[1]: http://torstatus.blutmagie.de [2]: https://www.theverge.com/2013/8/29/4672414/leaked-snowden-do...


The scary thing about a global passive adversary is that the attack is undetectable. Active attacks are harder to defend against but they're also harder to keep secret.


You may want to investigate i2p which is resistant to traffic analysis.

And does not run 100%bandwidth all day and all night.


I think you're referring to traffic analysis for protocol identification, which is something else entirely, and Tor handles that as well. Resisting protocol identification can be done very efficiently -- you basically get the same information theoretical efficiency as the protocol you're mimicking does, and the primary failure mode is to not be mimicking it completely accurately. It's theoretically possible to mimic the target protocol perfectly, and each time someone finds a way to distinguish them is one step closer to there not being any more ways left.

Resisting global traffic analysis for the purposes of deanonymization is not so easy. The issue is that if every time Alice sends ~476MB of traffic, Bob promptly receives ~476MB of traffic, it's not hard to deduce that Alice is talking to Bob. To fix that, the amount and timing of the traffic Bob receives needs to be independent of the traffic Alice is sending him. Which is possible but inherently comes at an efficiency cost.


Well, first thing, you don't send many MB directly to someone. You put it on a Tor onion file-share site, and PM the link via Tor. Unless your adversary is lucky enough to pwn the guard for that onion site, they can't even see the correlation.

I can imagine a global passive adversary that could log all Internet traffic, and make it searchable. The NSA can somewhat do that. But even the NSA can't retain everything for more than a few days, if even that. So even retaining necessary data for a match would be a stretch. Let alone having the processing power needed to do the matching.


> Unless your adversary is lucky enough to pwn the guard for that onion site, they can't even see the correlation.

We're talking about an attacker that can see every byte going over the wire, encrypted or not it's still able to measure the volume of data itself.

> Well, first thing, you don't send many MB directly to someone. You put it on a Tor onion file-share site, and PM the link via Tor.

In that example the attacker wants to determine the location/IP of the hidden service itself. It's pretty well known that high traffic / volume hidden services are some of the easiest targets for global traffic analysis.

> I can imagine a global passive adversary that could log all Internet traffic, and make it searchable. The NSA can somewhat do that.

They don't have to log the data itself simply the meta data and in specific the volume of data sent between vertices in the graph. Various agencies have openly admitted they keep this information and it's not considered "protected" in their view.

This is simply a graph analysis problem, similar to how Bitcoin is pseudo-anonymous unless you use specific methods that aren't built into the core protocol.


Sure, the NSA can arguably see every byte on every wire. But that wouldn't do them much good, unless they knew what to compare with what, over what time period. But OK, say that they had the processing power to compare every traffic stream with every other traffic stream, with time offset up to a week or so. That still wouldn't tell them whether Mirimir had shared something with someone else. Because we'd all be using Tor.

And about onion file-sharing sites. With OnionShare, you can create a site just for that transfer.


What you're describing is equivalent to a dead drop, which is an old school anonymity method. It's not that it doesn't work, it's that it's completely independent of Tor and it doesn't work in all the contexts where Tor is supposed to work.

If Alice uploads the file and Bob downloads it immediately then you haven't gained anything. Bob has to wait some time for it to work, which means you didn't actually need a low-latency anonymity network to begin with. You can't use it for things that actually need real-time communication, like for live streaming or anything interactive.


True. But Tor is the large anonymity network that we have. I2P is cool, but it's too small. For high latency, perhaps Mixmaster remailers via alt.anonymous.messages is still workable. Last I checked, there was a Tor onion news server.

I agree about unworkability for real-time communication. But there, you want to keep messages small. And use padding. Trying to make live streaming anonymous is nontrivial.


I'm not against Tor but I think it's an important fact if we're going to discus how using multiple relays is a way to obfusticate traffic.


What about i2p?


I don't personally know anything about i2p but my spidey senses suggest that until it becomes about as widely-used as Tor, it's not going to have as good an anonymisation factor as Tor.

I mean, if only 100 people use I2P, and some traffic has gone over I2P, you can quite easily narrow it down to the set of 100 people.

I'd be delighted to be proved wrong.


Also problematic is that from my understanding i2p is not used by any honest actors, since it doesn't have clearnet access. Tor is used by lots of people for honest things or at least less-than-completely-shady things like getting around IP blocks or geo-fencing whereas i2p is used exclusively for people that require perfect privacy for their communications.


I've recently switched to Mullvad from PIA, mainly because it's not US based and they "sound" more privacy focused.

I quote sound because as another commenter mentioned, without trusted third party audits it's all marketing...


The US has some of the laxest data retention and filtering laws in the world. Especially compared to most European countries. Mullvad is based in Sweden which has much more strict data retention and filtering requirements for ISPs than in the US and the government has already expressed a desire to expand these to VPN providers.

And as the Snowden leaks have shown being located outside the US is not even a speed bump to the NSA being able to access your communications.


I understand your point, but I believe in this case it doesn't apply necessarily because Sweden/Europe are only concerned with privacy related data.

Mullvad gets around this by not storing customer information. As others have pointed out, your "account" is just a long number. You top it up any way you want (including sending cash in an envelope if you are truly paranoid).

So I do believe that it stands a better chance of being fully anonymous & private than a US counterpart.


Mullvad has gateways in the US. Does this help?


But Mullvad is not an ISP.


Mullvad allows for cash in mail payment. They also don't really have accounts in the traditional sense. Just a long account number that is associated with the payments. Really ticks all the boxes for me.


I know PIA likes to talk a big game here but I didn't see anything in your link that would instill overwhelming confidence in their marketing claims. Specifically:

If you click on the Almanac News source in your link, it states:

>"John Allan Arsenault, general counsel for London Trust Media, a VPN company, testified about how many VPN companies, including his, intentionally don’t retain logs of internet activity of their clients so that they cannot be produced in response to subpoenas from law enforcement or others."

Note it doesn't say they don't log only that they don't retain them. So it's quite possible that the subpoena process simply lagged behind the log retention window. Also the claim in only for "internet activity" and nowhere do we see that defined. Does that include client authentication?

Then article then goes on to state:

>"Arsenault said he could not find any record of Ross Colby subscribing to the VPN service when he searched using Ross Colby’s two known email addresses, which he received from law enforcement."

Could not find is not the same thing as there was nothing to search.


It's all marketing claims when all is said and done. PIA is still the only VPN company that has proven its no log policy not once but twice.

[1] https://torrentfreak.com/vpn-providers-no-logging-claims-tes... [2] https://torrentfreak.com/ipvanish-no-logging-vpn-led-homelan...


I'm not sure why you are providing that second link as proof that they don't log. That is just a link to the same story being discussed here and the same one I am quoting in my comment.

Also the first link continues its insistence on using the phrase "user activity" logging. That's a rather nebulous term. Nowhere is "user activity" defined and it's certainly not a term that meaning in the context of syslog/journald. Does "user activity" logging preclude RADIUS authentication?


Interesting analysis, but it's wrong.

We don't log, period. By stating that we don't retain logs, it means that we don't EVER retain them, not even for 0.001ms.

Hope this helps.


And nobody has any way of knowing if this is actually true do they? There is no independent third-party verification of your assertions is there? So why not commission such an audit then. Why not make actual verification your distinguishing characteristic then?

I am also very curious how support and operations troubleshoot client issues in the absence of any logging.


An audit only proves the claims were valid at the time the auditor was present. I see them as the health inspections at the local greasy spoon.


No, health inspections are instaneous spots checks. Audits are far more extensive and look at historicals. This is how nearly all audits work - financial audits, tax audits, compliance audits etc. They are not the same at all.

Furthermore an independent audit is still far more credible than believing something is true simply "because the CEO said so."


What I also like about PIA is their continued support of Open Source projects. I have been a PIA customer for a while now and will remain for the time to come.


That doesn't make them more or less secure though. NSA and privacy activists both love open source.


While you’re right, this is a point to me which made me choose PIA over competitors. I like when companies give back to open source communities.


Agreed.

OTOH, I don't like the way (ie. tone) the co-founder is discussing in this thread. I find that unprofessional.

That said, I'm biased; I'm a ProtonVPN customer.

Here's the catch: I don't assume I'm anonymous with it. Just enough anonymous to use it for copyright infringement.

At this point though I am so impressed with WireGuard when my ProtonVPN sub expired I really just want a good VPN provider which supports that.


How many VPN services are run by the government three letter agencies through decoy companies? Seems like a match made in heaven.


There's no way to know that, either. One of the first VPN services, Anonymizer, morphed into a CIA operation. And Tor, after all, is still heavily funded by the US government. However, as cynical as I've become, I believe that the US freedom vibe is more than PR.

But anyway, there's no way to know. So your best bet is nested VPN chains. Including providers from jurisdictions where cooperation is less likely. Insorg is Russian, for example. Also, AirVPN, IVPN and Riseup have said that they'll shut down before they'll log.


> your best bet is nested VPN chains

It is possible to set up an anonymous DigitalOcean account funded by a Visa gift card and associated with an anonymous email provider.

Perhaps the best privacy-preserving tool would be a pool of anonymous, public accounts to public and private VPN services, and a client app that dynamically builds and connects via nested VPN chains.


But how do you buy the anonymous gift/prepaid whatever card?

Cash bills are marked with unique codes, and the trip from bank->(consumer->seller)*->bank tends to be relatively short, often 1 or 2. Systematic/sustained transfers are easily detected with graph theory & statistics... Especially if most other actors are carrying their cell phone with them all the time!


In this case, a little obscurity goes a long way. A $5/month droplet is more than enough for a single household’s internet use. If you make cash purchases with any frequency, it’s very possible to make your once-every-10-months $50 Visa gift card purchase nearly untraceable (at least by dragnet/mass methods). Your cover is far more likely to be blown by other things, like which IP address connects to the droplet most frequently.


Hi, I live in europe, and am not familiar with visa gift cards in specific. Would you mind describing exactly how they work, what form you buy them in, and how you use or enable them?

I.e. is the code printed at the time of buying? Or does it have a scratch-off code and packaged in plastic wrap? Is it scanned under a device while selling?

Even if there dont seem to be any unique codes, an IR fluorescent barcode could be used on the card, or its plastic wrap.

Even if there are no unique codes, the cards might come from a rack or pack in sequence, and the cashier instructed to scan a new pack of cards when opening a new pack!


It's just a prepaid credit card. Looks and behaves like any normal credit card, except that it has no name or address associated with it (and will validate against any).

Yes, they have unique numbers, and the time/date/location of purchase is known for each card's number. Like I said, this is not secure enough to defend against targeted attacks by well-resourced actors, but good enough to stay out of the dragnet, at least for now.


Question: wouldn't it just be more feasible for American govt to request to have all the numbers to be handed to them prior to the sale? That way they would know, where it was bought and be able to track down by whom.

Sorry for my English. I hope my question is understandable.


They could do that, but I’ve never heard of it. And compelling companies to do it long-term would be illegal (AFAIK, IANAL).


When you pay cash for a drink from the convenience store do they log the serial numbers of the banknotes they give you as change?

Even if they did, how would they associate those serial numbers to your identity?

When you buy a prepaid card does the cashier link the serial numbers to the transaction?

If other actors have their cell phones with them, how does that allow graph theory to tie the prepaid card to you?


Alice withdraws bill number 17 from the ATM.

Bank knows: Alice-17.

Alice buys cell phone charger from cashier/seller Bob with bill 17.

Seller Bob deposits his cash (including bill 17) to the bank, and only the bank needs to scan the unique number, and associate with who brought it in:

Bank predicts: bill 17: Bank->Alice->Bob->Bank

For a lot of people even this simple automatable case is controversial, or supposedly too expensive to be true...

average joes and janes do not need to track and note down serial numbers for this to work...

====

Most convenience stores have a unified interface for printing the unlock codes for each type of product, and print the unlock code at time of buying. If you carry a cell phone, then the space-time event of cell phone position at the same location as the convenience store at the same time as printing the code identifies you. If other actors have their cell phones with them, the path of their bills is very much revealed. One is then trying to hide in among a very small set of unexplained connections...

Really we should have some kind of open source simulator of a market, and the surveillance state perspective of it, so we can prove in practice what is possible to deduce...


> Really we should have some kind of open source simulator of a market, and the surveillance state perspective of it, so we can prove in practice what is possible to deduce...

A variation of https://en.wikipedia.org/wiki/Random_forest might get the job done (the risk is an overfitted model).


The problem with tracking cash that way is it only works if the shop closes right after Alice leaves.

If another customer comes in and gets Alice's note in their change (which is fairly likely since it's sitting at the top of the stack) then that note becomes entirely disassociated from the original purchase.


Insert 'Alice walks to cashier and asks "can I get this in 10s and 5s?"' between withdrawing the money and spending the money and it throws a wrench into things.


Or uses that tracked 20 to buy a 1-dollar item from a vending machine that dispenses change in dollar coins, buys a transit ticket, and many other ways to get large amounts of change in a single transaction. Until cash becomes illegal?


That's a small wrench:

Random citizen Randy who does not try to anonimize carries a 10$ bill will hence call Randy's bill Random citizen Rachel who also doesn't try to anonimize carries a 5$ bill.

Both carry phones gossiping location history to surveillance state. If any of those bills are brought to a bank by some seller, neither Randy nor Rachel will have visited the sellers store recently, so the spooks know it switched hands.

Find any consumption place (bar/shop/...) which both Randy and Rachel have visited "shortly" after each other (location history), since they were last known to carry the bill.

They apparently both went to the same bar.

1) You better not carry your cellphone when anonimizing your 20$ dollar bill in the bar.

2) You better (in the bar) not be within the "light cones" of 2 events: going absent from your phone (forward speed cone), rejoining your phone (reverse speed cone). So locomote very fast!

1) and 2) frustrate each other, better just don't own a phone.

Your phone can detect from noise, motion (accelerometer/gyro),etc if its owner has left it behind or returns, and you will be one of only few people in a large radius who is not carrying his phone like a good boy.

They are not directly interested in tracking Randy and Rachel, they track them to track those who anonymize. They are not directly interested in tracking you probably, they track you to track the hard targets. When most substantial (i.e. bills) money flows are fully explained, only a sparse amount of bill transmissions, and a sparse amount of suspicious behaviours need to be matched.

EDIT: 1) When you anonimize a large bill by splitting it, and you get multiple bills back, you must destroy the lower amount bills. (EDIT 2: CORRECTION better keep it and leave it on a train, different trains for each superfluous bill)

2) Lets pretend the introduction of smartphones was the start of surveillance state, say 15 years ago. Individually we have potentially 15 man-years of experience with surveillance, on the other hand a 250 million population nation state has 15*250 million man-years of experience with surveillance!

3) Given a sequence of hypothetical events, it is easy for me to attack a known strategy, but how can the state collect anonymizing strategies? "Easy" : for each flawless execution of anonymization, there will be hundreds of flawed executions: a person not realizing he shouldnt carry a smartphone but correctly splitting his bill after ATM: if enough cases like this are found, you can try find other patterns in their common behaviour, for example after using the anonymized $10 bill on whatever, doesnt see harm in using the extra $5 bill (in conjunction with say his phone, or in conjunction with a fresh $20 bill from ATM)

From all the known (but failed) attempts, we can try and look for alternative ways we could have anonymized them. Some will turn out to be aware of other side-channels and will have found original remedies for one problem, introducing a second sidechannel, which can be taken into account in the future


> Perhaps the best privacy-preserving tool would be a pool of anonymous, public accounts to public and private VPN services, and a client app that dynamically builds and connects via nested VPN chains.

I love that idea. Algo[0] creates IKEv2 servers using mainstream VPS. There are also scripts for creating clients for iOS and macOS devices. However, in my experience, it's hard to get IKEv2 with strong crypto working on Linux. There's also streisand,[1] which creates OpenVPN, WireGuard, etc servers.

Also, there is VPN-Chain,[2] which alters default routing pushed by OpenVPN servers, to create nested VPN chains, without using pfSense etc VMs. And it does create iptables rules to prevent leaks.

However, although compartmentalizing VPN clients in different VirtualBox VMs is far more resource-intensive, it's arguably more secure. Indeed, sometimes I compartmentalize VPN clients in different hardware. But anyway, perhaps there are lighter compartmentalization approaches with adequate security. And one could use vagrant etc to create and configure the compartments.

Even so, client apps for nested VPN chains would be nontrivial. They're far more complicated than simple VPN clients, and so far more error-prone. You'd clearly want them to fail closed overall.

You'd also want feedback to diagnose failures, but nothing that connected directly to "inner" VPNs, which would normally be reached through other VPNs. In my experience, you optimize at each stage of building the nested chain. You may have a general plan. Which VPN services to use, in which order. But to minimize latency and maximize bandwidth, you need to experiment with various combinations of servers. It's likely a BGP-routing thing.

But sure, that could be automated. Most VPN clients have an automatic mode, where they identify servers with lowest latency and maximum bandwidth, within some constraint for exit location. So your app would just need to do that recursively, in building the nested VPN chain.

> It is possible to set up an anonymous DigitalOcean account funded by a Visa gift card and associated with an anonymous email provider.

I'd rather pay with Bitcoin. You can arbitrarily anonymize by using multiple mixing services, with independent local wallets. I use Whonix instances in VirtualBox, each with an Electrum wallet.

Each Whonix client can hit Tor through a different nested VPN chain. So you have some anonymity, even if Tor has been compromised. Even after the first mix, you should have different Bitcoin. But with three mixes, you've got anonymity even if one of the mixing services is a honeypot.

If you want better anonymity, just mix more times. And Whonix instances require very little setup, so they're disposable. Mix some Bitcoin, then nuke the intermediate Whonix instances.

0) https://github.com/trailofbits/algo

1) https://github.com/StreisandEffect/streisand

2) https://github.com/TensorTom/VPN-Chain


Algo also supports WireGuard these days.


> jurisdictions where cooperation is less likely

There are still some legal restraints on US agencies and military conducting signals intelligence within the United States.

But they are unrestrained outside the US. And we've seen that foreign networks are thoroughly compromised by US agencies.

So wouldn't it actually be safer for a US resident to select a provider based in the US?


> There are still some legal restraints on US agencies and military conducting signals intelligence within the United States.

That is likely a fantasy. The NSA is a military organization. And the US is always at war. So there's no expectation that the NSA will respect US law. At best, it will pretend to do so.

> So wouldn't it actually be safer for a US resident to select a provider based in the US?

It is true that there's no mandatory logging requirement for VPN services in the US. And PIA has prevailed so far on that basis. However, there are also National Security Letters, which might require logging without public notice.[0]

0) https://www.calyxinstitute.org/sites/all/documents/08_28_201...


Problem with Riseup is, that they're invite-only and at the same time becoming the most centralized email service for anonymous left-learning political use.

Personally I can recommend Autistici/Inventati. More smaller services/servers seems like a much better way to go.


Yes, Autistici/Inventati are excellent too.


Using a VPN service from a non-US friendly jurisdiction doesn't guarantee the CIA isn't operating the service, hasn't compromised the service (via human or technical), or doesn't have taps to monitor the service in/out flows giving them the metadata needed to retrace your connection back through the platform.


There are no guarantees. That's why you use nested VPN chains plus Tor.


> One of the first VPN services, Anonymizer, morphed into a CIA operation

I assume you mean anonymizer.com? If so, can you point me to some reliable source for this info? Would like to know more...


Abraxas Corporation bought Anonymizer in May 2008.[0]

> Abraxas Corporation focuses on services, system and technology solutions, and training programs across the United States National Security community, the United States Government, and the United States military markets.[1]

It was founded in 2001

> by a group of former high-ranking agency employees, led by Richard "Hollis" Helms, a longtime overseas officer in the Middle East and onetime head of the CIA's European division, and Richard Calder, who was the agency's deputy director for administration.

0) https://www.socaltech.com/anonymizer_acquired_by_abraxas/s-0...

1) https://www.bloomberg.com/research/stocks/private/snapshot.a...

2) http://articles.latimes.com/2006/sep/17/nation/na-abraxas17


Riseup will also shut down before not handing over the details of an extreme right winger that somehow slipped through their vetting process.


The user sounds like he was a regular on the IRC channel. Did they perhaps add particular logging on the IP/port combo when asked to, rather than having always logged, and lied about it?

I mean, it's still not consistent with "no logging", but it still protects "backwards" privacy of connections happening in the past, and crucially it's a kind of logging that will always be technically possible to implement for a VPN provider, and probably legally trivial for law enforcement to mandate with a court order (or national security letter) - regardless of how strongly a worded policy the provider has in place.


I spent some time looking into building a VPN business. It's a real bottom feeder industry. The margins are tiny and the bulk of your traffic will be malicious. Anyone who says they don't log is simply lying to your face; the liability is insane if they don't. I'd rather use a provider that at least is honest about their logging policy, although even that is a terrible idea. The only real solution is running your own Streisand node on an anonymous VPS paid with crypto.


> Anyone who says they don't log is simply lying to your face; the liability is insane if they don't

...

> The only real solution is running your own Streisand node on an anonymous VPS paid with crypto

Why would VPN providers need to log but VPS providers don't?


>Why would VPN providers need to log but VPS providers don't?

It's a question of obfuscation. A private VPN provider is receiving explicit logs of every single URL request you make, and has access to the actual machine processing the request. A VPS provider cannot. With an IPSEC tunnel terminated inside the VM, there's no way they can see your incoming traffic. They could monitor your outgoing traffic in theory, but would have to be specifically looking for this and targeting you.


If you're the only one using a private VPN run on a VPS then they effectively have access to the same information: your IP address and all of your traffic.

I'm just curious why VPNs would be required to log but VPS aren't if they can be used for the same purposes. Is it just because VPNs are more likely to be used for illegal purposes?


Anyone looking for VPN suggestions, start here:

https://www.privacytools.io/#vpn


Care to elaborate why this particular site is notable?


It's run in the open by a group on reddit, with relatively detailed explanations on why they make their recommendations and timely changing of recommendations. A strong place to start, though you may wish to do further research before a large decision.


It's a decent all-in-one site with links and explanations. Good for the average user.

Take a look and let me know what you think or if you disagree.


Do not use any of these. Never ever ever trust a 3rd party VPN for any use whatsoever. Period.


Beginner's mistake: Choosing a VPN-cloak based in one's own jurisdiction.


To be honest, The US' federal arm is far-reaching


Still it's a lot harder to convince a, lets say, Chinese court to order that kind of surveillance on a local company over an allegation of a crime that happened half a world away. Add a couple more vpn layers over multiple international jurisdictions and it's a huge effort that can easily take years.


VPN companies don't care too much about customers that are concerned about privacy - too small a percentage of their customer base. Catering to those trying access geo-blocked content is where the money's at.


Seems pretty naive to risk jail timeover the commercial claims of some internet company...

I use a vpn to reduce tracking and keep my ISP in the dark - and so have gravitated to the names in the space that seem to be more solid corporate citizens

F-secure - https://www.f-secure.com/en/web/home_global/freedome

Proton Tech - https://protonvpn.com


« It’s impossible for me to speculate or comment about what may have happened under different ownership/management. »

You keep using that word, "impossible". I do not think it means what you think it means.


Would it be possible to sue a lying company for damages in a case like this? Especially if (as it seems) they were not forced to give traffic data by a warrant but instead complied on their own?


This is why I host my own open vpn instance on AWS EC2. If the government is going to come after me/my IP, they are going to get it one way or another (I know Amazon will hand over my account info if asked for it) so I might as well cut out any security risks in between (are the servers that my VPN providers using secure?).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: