I’m not so keen on the VPN by default thing though.. I hope they plan to upstream metasploit back to ports at least.
>We are security enthusiasts from China, Germany, France, Netherlands, Norway, Switzerland, Mexico, India and Russia. Some of us have used *nix systems since 1999.
>Coding && DeCoding && Talks && Beers && Wine && Pizzas && Good Music && Stuff && Hacking.
So at least nine contributors, unless they're counting one person as being from multiple countries.
> WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come.
I agree that WireGuard will be great when it's done. Is there something I'm missing?
Personally, even if there isn't anything actually shady going on, I would want my VPN provider to be beyond reproach. Any smart VPN provider wouldn't want even tenuous connections to data mining companies.
It feels a bit dirt to recommend Private Internet Access since they were the ones who pointed this out on HN, but so far AFAIK they are the only ones that have have been court-tested. Other options would be TorGuard or Mullvad VPN. Mullvad even already supports WireGuard!
> ProtonVPN has a pretty shady reputation on HN due to their business connections to TesoNet, which is a data mining company
Does that mean ProtonMail also is no longer trustworthy?
I guess that depends on your threat vector. I mainly want copyright hounds and data miners (including my ISP) to stay out of my way. For this a public VPN is perfect. Hell, in a weird way, if PIA somehow turned out be a NSA honeypot they would be even better for that purpose since they'd essentially be untouchable by copyright holders.
In general, I guess a personal VPN is more private on a micro level (no VPN provider that can spy on you) but less private on a macro level (any determined actor can trace your DO VPN back to you since you are the only user)
> Does that mean ProtonMail also is no longer trustworthy?
That is, again, for yourself to decide.
Personally I think the Proton company isn't malicious and just really bungled up the launch of ProtonVPN by going at it together with / through TesoNet, and their VPN efforts will forever be tainted by that.
But, that has very little to do with their mail branch, which preceded ProtonVPN and which so far seems a pretty good offering to me if you want your mail to be encrypted-at-rest.
For most VPN companies, you basically have to blindly trust them that they aren't doing anything nefarious. ProtonVPN is different because it's been thoroughly checked and vetted by Mozilla (https://blog.mozilla.org/futurereleases/2018/10/22/testing-n...) and also because there is full transparency regarding who runs the service. You can find the names of the former CERN scientists who created the service, along with their past scientific publications, and things that prove who they are.
Good call IMHO. That’s what I would do as well if I felt the need to use a VPN.
It seems to me that 'zx2c4 just hasn’t come around to reword that paragraph yet.
If Wireguard is good enough for Latacora then I would feel safe using it.
This question has come up before, see e.g. https://news.ycombinator.com/item?id=16326421 and https://news.ycombinator.com/item?id=17848471
Can’t take it seriously from a security perspective, then.
This one. I mean sure, that lock-pick you bought from a guy in the pub, he said it was only for testing padlocks, but now you see other people testing doors along the hall and you're wondering what you just walked into...
Huge TCB, they already fucked up. So much for security.