Well I didn’t until now.
I feel that if your government really wanted your secrets, they’d just send goons to your house to beat the fuck out of you.
I have a VPN to protect me from nosey bastard piracy lawyers.
100% this. OP is describing a great plot for an B-tier Hollywood movie, but reality tends to be much less thrilling. Obligatory xkcd.
Yeah and the bonus text is how I think. The CIA, NSA or whoever think you’re too boring to bother with. Even if the VPN was directly owned by the NSA, they don’t really care about whatever fetish porn you’re jerking off to. If you’re some kid still in your edgy socialist phase, they don’t care. Sorry, you’re just a basic bitch to them.
Of course, besides the people who fall for the basic “VPN are some magic security device” most people (in particular those that know what they’re getting) always looks for the same thing “which one can I actually trust”.
Even if it’s not government owned you have no idea whose keeping logs, sharing data etc.
So you can really only base your trust on whether the company has come up to any issues with the government and have refused, or has run for a number of years and provide a positive track record. With the changing of laws and how companies work, you also need to regularly check that your they stay respecting privacy and security.
For what it’s worth, a VPN company worth is if it private, security and stands up to scrutiny. The moment trust is lost, the company is meaningless. So that’s something for those that are long lasting.
all it’s exaggerated but they are outside yes…
Nah, most governments can just buy that data from the most of the VPNs if they need to - no need for secrecy.
If you think nord VPN is protecting you from government surveillance I have a bridge to sell you - it’s really affordable.
“from the most of the VPNs”
Aah, which VPN is “the most”?
That’s a good question. If you don’t know and trust the VPN owner you should be careful… that’s why a lot of folks who specifically use a VPN for security reasons and have very good reasons to need to do that often just self-host a private VPN/tunnel exit.
Also considering you don’t know me (still waiting on that coffee you said we’d grab) you probably shouldn’t trust any list I gave you anyways.
That all said - Nord is probably on that list.
No one is dumb enough to get scammed buying a bridge, but word is convective real estate is going to be the next hot investment. The buyers who get in early are going to pocket the most cash. Now’s the time.
Fuck that sounds exciting. Could I timeshare that shit?
How about Mullvad?
(https://www.theverge.com/2023/4/21/23692580/mullvad-vpn-raid-sweden-police)Now that they’ve finished going RAM only it’s even more secure
And for $5 a month you’re losing money not using them.
For commercial offerings this is probably true for at least some of them, but creating your own VPN isn’t terribly difficult if you are serious about your privacy. I typically just use them when I travel to countries like China where I can’t get to a bunch of necessary services, so I don’t mind if they route my YouTube traffic through CIA headquarters, but if I was doing anything more than that I would just set up my own.
Part of the point of a VPN is there’s not a dedicated IP tied to you (or at least tying all of your activity together). That doesn’t provide any benefit besides a corporate/government firewall bypass unless a mass of people are using your server.
What homespun protocols you using from China? The regular ones like OpenVPN get blocked yeah.
There are a ton of obfuscating protocols that a VPN can run. obfs is one of the most popular. You can configure your VPN to appear as basically any traffic. HTTPS, DNS, QUIK.
Which vpn have you found to work in china? Nord used to but doesn’t any more
Less and less vpn and vps companies provide services for mainland citizen. The main reason I heard of is when their server got blocked by the great firewall, those customers would immediately perform chargeback to get their money back even though it’s not the fault of the providers. You lose money on chargeback fees which means accepting mainland customers is very risky for them.
I almost never trust any site that advertises any kind of VPN service (it’s always ranked by the best paying referrals) but this mirrors what I’ve seen in discussions.
From https://www.cloudwards.net/best-vpn-services-for-china/
Preferred VPN Choice: The general consensus among VPN users in China is that Astrill VPN is the most reliable option. However, it’s an incredibly expensive VPN, so it’s worth trying other cheaper options first. Surfshark is our top choice for best VPN for China as it has a solid reputation for working in the country while also offering affordable plans.
Alternative VPN Options: Other good options for China include CyberGhost, Proton VPN, Widscribe and Mullvad. NordVPN is also an option, but it’s not as reliable in China as the other six, so we only recommend it if you already have an account.
Censorship Evasion Strategy: Since VPNs are in a running battle with censorship, we recommend subscribing to multiple VPNs to ensure you have coverage at all times. No matter which VPNs you use, make sure you download them before going to China, as the download pages are often blocked.
No problem, just use a VPN to connect to it from another country! Wait…
Astrill is the only consistent one and I have to server hop at times.
But then you don’t get the benefit of having increased privacy due to lots of people using the same IP.
Linka? Long shot, but message me if it’s you.
Fun fact, TOR was created by the US navy.
As a way for spies to communicate anonymously and securely.
That’s what they want you to think 😉
Nope, that’s literally what onion routing is about in case you aren’t being facetious. It’s in the whitepaper and in the code. It’s also in the Snowden leaks.
and hidden services may be much more easily compromised now
In the end it’s still just a site on a server, if it’s poorly configured or not secured well it’s as vulnerable as any other on the clear net. Once they’re able to work out where it is it becomes a honey pot shortly afterward.
Yes, but with the amount of darknet markets and CSAM hidden services that have been taken down within a relatively short span of time compared to the last decade of tor’s more widespread history, it seems they may have a new vulnerability (or perhaps just a new covert post-snowden-acceptance surveillance court ruling) that allows them to identify hidden services real IP addresses. It’s speculation, but they wouldn’t use it bluntly or everyone would know there was a vulnerability and thousands more eyes would be on the tor code (or awareness of nation-state level traffic omniscience in the case of something as simple as a timing attack). A CSAM hidden service has been run by the federal governments of a few countries, so there’s no question of ethics or law in that case.
The “users” are probably the weak point. Badly configured setups leaking info, aggregation using that info to fingerprint a user, etc. When they have a user account with access they can use it to keep collecting data and digging. I imagine it’s a slow process. Nothing networked can be 100% secure though.
Edit: I’m not sure why I stayed up typing this. Maybe someone will read this comment and learn something.
I am speaking more specifically about hidden service server compromise, happening via court order if possible once the IP address is obtained through technical (not opsec issue, but perhaps parallel reconstruction) means.
Just in the last year (most last 2-4 months)… after tor DoS was ‘more fixed’ with PoW mind you… teams of government agencies have seized the following hidden services and or taken down of the teams behind them: LockBit, Hive, Blackcat/ALPHV, Ragnar, Genesis Market, xDedic, Kingdom Market, Piilopuoti, Qakbot, Skynet Market, ChipMixer, and the list goes on. I didn’t even mention all the CSAM and drug related seizures. Those are only ransomware, fraud and drug markets.
But yes /.env, /.well-known, /server-status, not verifying server ssh hash with password login in an amnesiac operating system, not running an amnesiac operating system and having multiple ssh keys (remember that GitLab fiasco)… All OPSEC mistakes an intermediate operator c(w)ould make.
I agree 80% of it is user error and plain and simple OPSEC mistakes. SANS teaches a course on darknet OSINT and there are plenty of FOSS OSINT projects.
But tor is not foolproof even with perfect OPSEC and state actors are constantly finding ways to weaken or break it. An adversary with global passive network capabilities can and will defeat tor anonymity, as the tor projects admits itself.
Recently, there was almost a full year-long denial of service attack against tor and i2p, and it was likely a state actor identifying tor users and hidden services. Force enough connection resets, knock good guard nodes offline, and soon enough you know who’s who and where they’re connecting to with a little traffic shaping. Thankfully there is work being done to identify bad actors (PDF warning) but it IS being done.
There is much ongoing work to unmask tor users and hidden services…
https://link.springer.com/chapter/10.1007/978-981-99-7356-9_22
https://wurzel.io/Deanon-Murmur
https://dl.acm.org/doi/epdf/10.1145/3618257.3624997
Of course there is work being done to enhance tor at the same time.
https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-services/
https://restoreprivacy.com/torkameleon-strengthening-tor-against-deanonymization-attacks/
All corporations are owned and funded by governments. A corporation must be incorporated somewhere by some government. These corporations benefit from services, grants, and special benefits (e.g. limited liability) provided by that government.
However, I don’t think governments are using this to do mass surveillance on people with VPNs, if only for the reason that there’s not much to be gained by such an action. Most privacy invasion is of the kind people freely allow. Using a VPN doesn’t make logging into Google meaningfully more private. The only groups I can think of that would really want to be able to spy on VPN users would be the MPAA, RIAA, etc, and I don’t think they have the kind of sway to get governments to do that.
But yeah, if you are doing something a three letter government agency will target you over, a VPN ain’t going to cut it.
Incorporation and ownership/funding are very different things. How are they all “owned and funded by governments”?
They are owned by governments in the sense that they exist at the pleasure of the governments they depend wholly upon. Corporations are legal entities; who administers the law? To use a tech analogy, I’m pointing out that though a file has an “owner”, which is a user account, the true owner is the operating system itself.
I have to admit I’m surprised this is as controversial a take as it is.
Yes i guess most of them could be but i don’t think proton is because they are open source and comes under swiss law just to be safe use tor.
Wasn’t Proton forced to log and handover an activist’s data, after a Swiss court order? I feel I read something to that effect a year or two back.
Source ?
- https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/
- https://www.privacyaffairs.com/protonmail-surrenders-user-logs/
- https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/
It is about mail they have different laws for vpn and i guess this confirms they are not owned by government or this would’ve been hush hush.
All I know is that if you’re very worried about being surveilled by governments, the Fediverse is the absolute last place you should want to be.
This is one of the most transparent platforms we have come up with yet. Instead of all your data only being viewable by a host company, it’s viewable and able to be analyzed by basically anyone who puts some effort in. This makes it economically worthless, can’t really sell something that everyone can already just get for themselves.
We’re all out in the open here. So, wave to all the national security agencies everyone. Hiiiii! Hope you’re all enjoying the memes!
What data does Lemmy log?
Very little in its current form, I think mainly just IP address.
Most of the big social networks are owned by US companies. Those are forced to disclose user data to the US intelligence agencies, by the PATRIOT act and CLOUD act. And those will share it with the 14 Eyes.
So, you are right about Lemmy, but it’s not true that data on traditional social media is only viewable by the host company.
Let’s not forget that classic corporate social media companies generally have way more information on their users as well.
I’ve gotta get busy posting dick pics then
👋👋👋
VPNs provides limited privacy and some security. For example, your traffic might be correlated to the traffic exiting at you VPN provider if enough netflow data is collected. Theoretically data from your ISP and your VPNs ISP would be enough. Today, countries and their agencies are probably collecting/trading enough netflow data for this purpose.
As a rule of thumb; since companies these days are very keen on getting in to the data trading market; you can safely assume that most of them has access, if it is legal.
I believe protonvpn is no log. I hope they make their servers ram only like mullvad eventually though, it would be a great improvement.
Is mullvad good? Are they no log?
Very. They’re probably the best out there. Fully anonymous payments, no log, ram disk servers, audited, I believe they’re open source. I think some downsides they have that I’ve heard is no port forwarding and they don’t have too many servers. However, they’re still very good nonetheless.
Mullvad is the most private a VPN company can get. They literally accept cash by mail.
Mullvad is RAM only for a few months by now, no log since forever and regularly contributes to privacy related topics.
The thing is: you can’t trust a company when they say they are no log or RAM only. But you can trust what info you give them. Mullvad only has my IPs. No info about who I am otherwise. I send them 30€ twice a year and that’s it.
BUT: they don’t allow port forwarding anymore, if you need that, so they are not perfect.
This isn’t a community for speculation or conspiracy theories
This isn’t a community for speculation or conspiracy theories
Based on your comment history it seems as if you think you are some kind of community police. You want to go around and tell others what they can post.
The voting system is used for curating content, not you!
This post has 80 upvotes. So, those people have no issue with the post topic.
Read the rules in the sidebar. This post is not violating any of them.
Keep your opinions to yourself or go create your own alternative community.
People will upvote anything to the point that communities have no identity. Unless you think lemmy is somehow different than reddit and won’t share the same fate?
Also it’s weird behavior to read through someone’s comment history
it’s weird behavior to read through someone’s comment history
No it isn’t. It’s the best way to get an idea about the person you’re talking to. If their post history is nothing but obvious trolling, no reason to engage. If they never argue in good faith, don’t argue with them. Etc.
You must have gone pretty far into my history to make that claim about me and just ignored all my other comments which are mostly positive/jokes lol
I didn’t look at your history nor did I make any claims.
It’s not weird when they are saying weird things and you want to find out about their motives.
Reading someone’s comment history when they didn’t say anything “weird” and then cherry picking a couple in a sea of others to make a claim about someone’s character is definitely weird. It’s not like my last 10 comments were the same
Not to mention that most of the time I’ve made comments like this, the post in question gets removed
I fear false privacy because a corporation runs it. I’ve never been afraid of a government but I worry about corporate shittery all the time.
*History entered the chat *
I’ve never been afraid of a government
That’s stupid. Government is the one with the guns and prisons.
What “corporate shittery” are you actually afraid of? Having your Netflix cancelled for password sharing?
Or maybe going to jail for torrenting? If that’s the kind of thing you’re afraid of, then who exactly do you think enforces that corporate shittery? It’s the DOJ that investigates your IP and analyzes your traffic and signs the warrant. It’s the cops who kick in your door, take your computer, and put you in cuffs, not Warner Brothers.
Government and capital are two sides of the same coin, but government has the monopoly on violence. You want to give all of them as little on you as possible.
I use a VPN to stop work camps I stay at from knowing what porn I watch, to stop media companies from sending me copyright infringement notifications, and to stop public wifis from having as much info on me.
Its all about threat model. If you’re concerned with government actors then you need to be more secure than just a VPN.
My countries intelligence agency is not working with media companies like that. The cops and courts would eventually enforce some order against me if it ever went to court but more likely is my ISP just ditches me as a customer if I get too many strikes.
to stop media companies from sending me copyright infringement notifications
I mean, your reasons are perfectly valid. Your boss shouldn’t be able to fire you for your porn, but he can. There is no reason any corporation should profit from data you didn’t consent to their collection, but they do. Fuck em, privacy FTW. But this one is specifically my point. Who gives a shit about copyright notices? Hell, why would your ISP disconnect you over some media company’s copyright claim? Why bother avoiding them? Just ignore it and keep torrenting and hop to new ISPs forever, right? Whatever.
It’s because those notices are backed by government force. When the time comes that you’ve violated enough corporate policies, it’s the government that enforces your compliance.
Well there are only three isps here and yes I understand what you are saying but. It never gets as far as government force it doesn’t have too. The ISP will drop me.
Also the ISP is the media company lots of the time, and its only a crime that will go to court and win if I made money distributing copyrighted material.
I don’t want my ISP to know much about what I’m doing either. They aren’t trustworthy, they often get caught illegally shaping traffic and such too.
Yeah see you’re missing the point, which is: While Government and corporate power are to be feared, your ISP is powerless without Government. You want to protect yourself from both.
The ISP will drop me.
Why? That’s losing them money. Seems stupid of them. Because the government forces them to on behalf of another company.
its only a crime
Government determines what a crime is.
that will go to court
The court is the application of government force, and the government is who will get the evidence that turns you from defendant to convict.
and win if I made money distributing copyrighted material.
Oh sweet summer child. I will never understand how that myth remains after the RIAA campaigns.
Besides, even if you win you lose. Lawyers are expensive.
Don’t condescend to me. I understand the link between government and capital and am not an american.
What are you even proposing anyways? I am against government oppression and copyright law in general. All private property is theft from the commons. But in the meantime I will use a VPN because I trust Mullvad in Sweden more than I trust my own ISPs.
If I was committing crimes that were more serious then I would not use a VPN I would use a more robust security model.
My ISP is not powerless without government. They have massive power, they control 1/3rd of all cellular and internet communications. And like I said also control large amounts of satellite TV and cable broadcasting.
Sorry, I thought we were discussing my reply to the comment about (paraphrasing) “I’ve never feared a government, but corporations scare me.” Which is why I focused on that side of things.
I don’t think I said anything that doesn’t apply to non Americans, but ok.
You do know that a corporation who stole bananas convinced the US government to go to war over just profits, right?
Fuck Milton Friedman, by the way.
Still the government you should be afraid of as well in this case, though.
Sure do. That’s literally what my post is about. (or are you addressing OP?)
Why is “governments” the boogeyman that comes to mind? Scammers and thieves would have much more interest in your everyday consumer internet usage.
What exactly do you mean by “scammers and thieves”? The only protection you get from a VPN is privacy from your ISP. That ISP obviously operates in your country (there has to be some physical connection) and is regulated by your government. It’s easy for the government to demand data from the ISP about you (or about certain usage patterns and which users have them) without you knowing, not to mention how easy it is for the ISP itself to monetize your usage data.
A scammer or thief can’t as easily grab hold of that data. If you’re imagining a hacker gaining access to the ISP’s database or network, that’s certainly plausible but it’s just as possible with a VPN provider. I personally don’t think the big commercial VPNs are much more secure than ISPs. Maybe a little.
Haha, nice try governments