Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Can You Decide Which VPN To Trust? (slate.com)

Posted by EditorDavid on from the it's-complicated dept.

Slate's senior technology writer reports that his hunt for a reliable ISP "led me on a convoluted journey through accusations and counteraccusations, companies with shadowy leadership and those with conflicts of interest, and VPN ratings sites that might be even shadier than the companies they're reviewing." Many VPNs appear to be outright scams. Others make internet browsing sluggish. Free versions bombard you with ads. It's a world so thicketed that the leading firms and experts can't agree on the basic criteria for what counts as "reputable," let alone which companies best meet that description. The CEO of one top VPN company, Silicon Valley-based AnchorFree, told me in a phone interview that he suspects one of his top rivals is secretly based in China -- which would raise a red flag for many privacy advocates because of the Chinese government's aggressive surveillance regime... [But] many VPN users consider offshore providers preferable to U.S.-based firms. AnchorFree, for its part, has been dinged by reviewers for running a free, ad-supported VPN, which some privacy experts consider a conflict of interest. (It also offers a paid VPN service.) The two companies point to dueling trust reports by outside groups, each of which appears to reflect well on the firm that's touting it, thanks to different methodologies. "It is fascinating the amount of sniping that goes on" between VPN companies, said Joseph Jerome, who has closely studied VPNs in his role as policy counsel for the Privacy and Data Project at the nonprofit Center for Democracy & Technology. "They are very quick to pull out knives and shiv each other...."

If it's so hard to assess the credibility of the industry's top names...you can imagine how difficult it might be to suss out the myriad lesser-known alternatives. A January investigation by the site Top10VPN found that more than half of the top 20 free VPN apps on the iOS and Android app stores either have Chinese ownership or are based in China. That's all the more suspicious given that China officially banned VPNs last year. The concern: If China is allowing them to continue operating, it could be because they're sharing data on their users with the Chinese government. When you use a VPN, you're trusting that VPN with the same deep level of access to your online activity that you'd normally give your ISP. In other words, now they can see what you're up to whenever you're using the internet. VPNs may be more privacy-focused than big, corporate ISPs, but they're also smaller, more opaque, and less publicly accountable.
"I just wanted internet privacy. I hadn't bargained on a knife fight..." the author writes, concluding that "Several weeks, dozens of calls, and thousands of words later, I can't say I'm much closer to a clear-cut answer... One of the only definitive takeaways, besides 'steer clear of free VPNs,' is that your choice of VPN should depend on what you're using it for.

"If you're just trying to stay safe online, it may make sense to steer toward a larger, U.S.-based company that's clear about both who owns it and how it treats your data."

69 of 134 comments (clear)

  1. Ones you by oldgraybeard · · Score: 4, Insightful

    setup, manage and monitor yourself!

    Just my 2 cents ;)

    1. Re: Ones you by Anonymous Coward · · Score: 2, Insightful

      It really depends on the threat model you are working from.

      Use to hide from communication tracking. This sort of thing happens on open free WiFi networks, as well as home internet connections in countries with draconian monitoring of internet use (like Australia and UK). This kind of VPN requires anonymity at the end point, which must operate without tracking or logs.

      Use to avoid geolocation fences around online content. This is a clear advantage offered by many VPN companies.

      Use to avoid state level monitoring. The problem is to do this you need to basically hack the end point, since no commercial provider can be trusted. If you rent a VPS and set up the VPN yourself then you need to be damn sure the payment cannot be tracked. This is why hacking nodes and dropping a VPN (of any kind) end point is basically the only way to do this safely.

    2. Re:Ones you by Aighearach · · Score: 3, Insightful

      Never trust. Never.

      Even if I set it up myself, I don't trust it. It still might have been compromised.

      Even if I set up the VPN myself, I still need to encrypt the traffic. Because trust is for fools.

      And if I already encrypt the traffic, I still need a VPN. Because trust is for fools.

    3. Re:Ones you by 93+Escort+Wagon · · Score: 1

      setup, manage and monitor yourself!

      That’s somewhat more difficult to do if you’re trying to “VPN” out of your home country.

      But for, say, accessing work materials when you’re away from your home base... definitely.

      --
      #DeleteChrome
    4. Re:Ones you by WCMI92 · · Score: 1

      Bingo. I only trust servers that I set up and manage. Involve any other party and you cannot trust it.

      --
      Corporatism != Free Market
    5. Re:Ones you by Yaztromo · · Score: 1

      That’s somewhat more difficult to do if you’re trying to “VPN” out of your home country.

      That entirely depends on the reasons why you want to use a VPN in the first place.

      If you're trying to VPN for the purpose of evading geo-restrictions on video, then setting up a VPN out of your home country is easy (for most people in the world at least): sign up for Amazon AWS/Microsoft Azure/Google Cloud Platform, fire up a Linux instance, install and configure OpenVPN, and you're done. You can go from nothing to having your own VPN in another country in less than an hour (if you know what you're doing, at least).

      If you're primarily looking for privacy and security, then I suppose it depends on what country you're in. If you're in Saudi Arabia and want to hide your porn browsing, then the above method will also work just fine. If you're worried about foreign governments intercepting your communications, then you shouldn't need to setup a VPN outside your home country in the first place (unless you're unlucky enough to live in a country where you don't trust your own _or_ foreign governments, in which case you need a complete end-to-end encryption and data traffic masking solution beyond what your typical VPN provides anyway)

      Yaz

  2. There can be no privacy when... by blahplusplus · · Score: 1

    ... all states and their respective corporate elites fear the political awakening potential of the internet and mass communication technology. Privacy under a capitalist model is a fantasy when the state actor on behalf of the corporate elite will use the state against other businesses who enable resistance to their authority.

    All states are preparing for the political awakening of the masses of the globe, they are expecting conflict. Zbigniew Brezinski former nationa security advisor of the united states:

    https://www.youtube.com/watch?...

    1. Re:There can be no privacy when... by Aighearach · · Score: 1

      Fear-based responses are unlikely to produce outputs like "privacy."

    2. Re:There can be no privacy when... by phantomfive · · Score: 1

      .. all states and their respective corporate elites.....All states are preparing for the political awakening

      There is almost certainly a state somewhere that is not preparing for that. When someone tells you "All" whatever, they are usually being intellectually lazy, and don't deeply understand the topic they are talking about.

      --
      "First they came for the slanderers and i said nothing."
  3. I'm behind 7 proxies by rsilvergun · · Score: 2

    you insensitive clod!

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  4. My own VPN search was also a nightmare by macraig · · Score: 1

    There's so little objective information available to make an informed decision, and that absence is largely at the discretion of the VPN providers. Forcing people to choose randomly or base their decision on non-objective criteria serves the interests of the VPN providers. It's like voting for President these days, given how candidate campaigns are run.

  5. Re:BytzVPN by macraig · · Score: 1

    Says the Anonymous Coward. Hmmmm....

  6. SSH on a remote server by phantomfive · · Score: 2

    If you have SSH on a server you can set up a proxy using SSH: ssh -D 8080 user@server -p 443 You can configure your browser to go to your local port 8080 using SOCKS. The remote server can be something at home, or on AWS, or on Cloudflare, etc. More info. Don't trust any proxy, build your own.

    --
    "First they came for the slanderers and i said nothing."
  7. Opera by darkain · · Score: 2

    "Free versions bombard you with ads." Opera Browser has a built in VPN without any ads whatsoever. *shrug-emoji*

    1. Re:Opera by williamyf · · Score: 4, Informative

      Opera is Owned and run by a Chinese company. If you trust them, fine, but chinese ownership was a concern raised in the article.

      I live in Venezuela, and for what is worth my choice is ProtonVPN

      JM2C, YMMV

      --
      *** Suerte a todos y Feliz dia!
    2. Re:Opera by Anonymous Coward · · Score: 2, Interesting

      What a fucking retarded response. He has the most to lose if his government finds out, asshole.

  8. Re:If you aren't using CowboyNeal's VPN ... by Anonymous Coward · · Score: 1

    I know CowboyNeal VPN doesn't keep logs, because CowboyNeal eats them all.

  9. Comment Subject: by Falos · · Score: 3, Informative

    https://thatoneprivacysite.net... is an attempted chart of jurisdictions, practices, etc. so reference away. I think torrentfreak or such also do a top-ten or something, every few (12?) months.

    I went PIA (supposedly keeps no logs, has anonymous payment models) but for casual use, don't come to me if your drug/human trafficking gets busted. Service is mostly stable, occasionally sites are inaccessible (or just blacklisting). They got bonus points for calling out repu- er, congressmen voting on ISP tracking bills and such.

    It's a sick joke that I have to pay two web-connecting services to connect to each other, but here we are.

    1. Re:Comment Subject: by fafalone · · Score: 1

      The thing is, if the service retains the information that allows the 'drug/human trafficking' people to get busted, you effectively have as little privacy as them. That is the modus operandi of government, they develop the tools and access under the guise of busting serious, horrible crimes, then immediately start using that to go after less and less serious stuff, and monitoring everyone 'just in case' or 'to detect hidden criminals'.
      There is absolutely no way to trust any service that allows killing privacy "but only when the government tells us they're looking for someone doing something really really bad." Either everyone's activity is safe or no ones is.

  10. Re:SSH on a remote server by basketcase · · Score: 1

    That isn't a VPN. It is just a proxy and it only works with stuff that supports SOCKS.

    OpenSSH can make a VPN with ssh -w but it kinda sucks at it.

  11. Chinese VPN ban by Solandri · · Score: 2

    That's all the more suspicious given that China officially banned VPNs last year. The concern: If China is allowing them to continue operating, it could be because they're sharing data on their users with the Chinese government.

    Isn't that obvious? The Chinese government doesn't want its citizens using a VPN, because they'd probably pick one hosted outside China and thus pierce the Great Firewall. But it's more than happy to let people from other countries pipe their traffic through Chinese VPN servers, so they can figure out who's visiting where..

    Remember, with most of the web switching from http to https, most of your traffic is already encrypted. So a VPN doesn't help in that regard. What a VPN does is obfuscate you as the source/destination of that traffic, by making it appear as if the traffic is coming from the VPN server instead of your computer (acting as a proxy). But the company running the VPN obviously knows who you are, and has to know which traffic is yours in order to function properly. If the VPN provider is logging that info or handing it over to the government, that defeats the purpose of using a VPN.

  12. More than ads by xlsior · · Score: 3, Interesting

    Many of the 'free' ones don't just throw ads at you, but work by a reciprocal agreement -- your traffic has an exit point in a different country, and you become a random other user's exit point in return... So even if you are on the up-and-up yourself, who knows what shady shit other people are doing and which now appears to originate from your IP address.

  13. Re:SSH on a remote server by phantomfive · · Score: 1

    Obviously that doesn't meet the needs of people who want to be able to have "local" access in foreign countries.

    You can spin up an AWS in many different foreign countries.

    --
    "First they came for the slanderers and i said nothing."
  14. Re:SSH on a remote server by phantomfive · · Score: 1

    You are right, but most of what people use a VPN service for is to act as a proxy. They don't want their country or their company to know what they are browsing to on the internet.

    --
    "First they came for the slanderers and i said nothing."
  15. Only trust VPN where P == Private by Morgaine · · Score: 1

    Public is not the same as Private. Most commercial "VPNs" are actually Virtual Public Networks. Rule of thumb:

    - Any VPN in which a corporation or an untrusted individual is a participant node should be regarded as Public.

    - Any VPN running code which you haven't compiled yourself from known-good sources should be regarded as Public.

    - Any VPN using non-standard encryption or pre-generating keys for member nodes should be regarded as Public.

    If you really need to trust a VPN then don't deceive yourself --- don't play Security Theater, ensure that Private really means Private. Convenience is the enemy of security, and trust is almost always inversely proportional to convenience because convenience tends to introduce untrusted elements.

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
    1. Re:Only trust VPN where P == Private by AHuxley · · Score: 1

      Most people just want to be safe from NGO, city, state, federal governments collect it all and crypto removal efforts on their nations ISP services.
      A VPN keeps their ISP connection encrypted until out of their own nation.
      That month after month of IP logs by their ISP and gov show nothing.

      --
      Domestic spying is now "Benign Information Gathering"
  16. you're better off with a foreign VPN by edris90 · · Score: 2

    Your own government that's much more incentive to utilize your information against you. better that your information is stolen by China who doesn't give a f*** about you personally, then by your own government who may use it to take action against you.

    1. Re: you're better off with a foreign VPN by dwater · · Score: 1

      Exactly. I started reading "Silicon Valley based" and thought, "God no. The US government are *proven* to be terrible at spying and privacy"... And then the sentence went on to complain about China for some reason!?

      --
      Max.
    2. Re:you're better off with a foreign VPN by jwhyche · · Score: 2

      This exactly. I really don't believe the Chinese government gives two shits and a Popsicle if I'm leaching the latest season of The Flying Nun or some shit. But that being said, I'm not really worried about my government. I figure that if I'm on some list to be watched it wouldn't matter if my internet traffic is going through vpn or not.

      I use a vpn to keep my local isp from seeing what I'm doing. I don't want them seeing what I'm leaching, if I'm leaching, then turning me over to MPAA or some shit. I also use a vpn when I'm on the road and using some coffee shop or airports wifi. These I trust less than my ISP. An a good vpn can get you around unreasonable blocks that some people place on their wifi.

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
    3. Re: you're better off with a foreign VPN by DNS-and-BIND · · Score: 1

      There are a lot of racists who are delighted to finally have a socially acceptable outlet for their vile hatred. Sinophobia is back in a big way.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    4. Re: you're better off with a foreign VPN by edris90 · · Score: 1

      China has never sent cops to seek me harm. China has never tried to sue me. China has never directly tried to control me. And if they do then I'll change my opinion accordingly. But I have been harassed by US cops on behalf of US politicians, despite the fact that I am no threat to anyone or anyone's property. I've been chased out of areas simply for style of clothing. China has never done anything to hurt me. And China has not attempted to sacrifice me to maintain itself. China has never done anything to me so remains a neutral party. But I've been betrayed and had my freedoms and autonomy placed under siege by the US government more times than I can count. which is a stupid waste of resources because it cost more to f*** with me then to ignore me seeing as I'm no threat to anybody.

  17. PIA by Anonymous Coward · · Score: 1

    privateinternetaccess.com is a good vpn.

  18. None by Artem+S.+Tashkinov · · Score: 2

    You shouldn't trust any except the one you've set up on your own and then you still need to use TOR over VPN 'cause otherwise the company which is renting you a server will know all the IP addresses you ever connect to. And then the same company still has full access to your server, so consider yourself burnt.

    In short, use TOR over VPN if you want to remain incognito, or/and chain several VPN providers and hope they are not under the same jurisdiction.

    1. Re:None by AHuxley · · Score: 1

      A VPN is good for keeping an IP and ISP logs issues away within a nation.
      Once the mil/security services/police notice a comment, IP, they will find the VPN IP, contact the VPN and put in a request to that nation.
      To find that account next time the VPN is used and on that site.
      The next time a VPN user is online trusting that secure VPN IP, their ISP IP will be discovered and recovered by law enforcement in the VPN nation.
      The VPN will work until someone starts a real time police investigation into that VPN ip.
      The security services just have the keys around much of the VPN crypto too, but never want to use that for direct law enforcement.

      --
      Domestic spying is now "Benign Information Gathering"
  19. Totally not starting a rumor, but ... by fahrbot-bot · · Score: 1

    The CEO of one top VPN company, Silicon Valley-based AnchorFree, told me in a phone interview that he suspects one of his top rivals is secretly based in China ...

    Uh-huh.

    "Look, it's totally not that they're one of my *top rivals*, but ..."

    --
    It must have been something you assimilated. . . .
  20. Re:SSH on a remote server by phantomfive · · Score: 1

    Your endpoint is AWS. You think that isn't monitored lol.

    There is no endpoint that is not potentially monitored. VPNs are not effective at preventing that kind of monitoring, that is why TOR was invented. (Whether TOR is successful or not is another question).

    --
    "First they came for the slanderers and i said nothing."
  21. You're already hooked to the trust chain, moron. by Anonymous Coward · · Score: 1

    You're also incompetent, trust a known traitor apologist and liar, and have no idea what handshake methodology is at all secure or even which that you're currently utilizing. FTFY. And since you didn't write your own compiler, it's pointless.

  22. VPN where you don't control ... by janoc · · Score: 2

    VPN where you don't control both endpoints is not a VPN, by definition.

    What these companies are offering are only glorified traffic tunneling services and proxies, not a true private network. Good for bypassing region restrictions on stuff like Netflix but not for anything where privacy is actually required.

    1. Re:VPN where you don't control ... by thegarbz · · Score: 1

      I completely disagree with you lumping everything into an english word "VPN".

      The point you're trying to achieve if privacy and encryption. There are many facets to this. Some of them are absolutely beneficial if you control them e.g. knowing if log files are kept on the server, knowing what is running on the server etc. Some of them are absolutely beneficial if they are completely communal e.g. obfuscating your data in a massive mess of other customers, knowing that the IP address at the endpoint is associated with a VPN and thus likely to get thrown into a "too hard" basket for most tracking cases out there that don't involve tracking serious criminal activity.

      Sometimes the best thing you can do for privacy is blend in a giant public crowd.

  23. None by Ol+Olsoc · · Score: 1

    The internet is not private. VPN's are pretend security.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  24. Pure FUD... by VeryFluffyBunny · · Score: 1

    VPNs may be more privacy-focused than big, corporate ISPs, but they're also smaller, more opaque, and less publicly accountable.

    "All governments lie." -- I. F. Stone

    VPNs are more accountable than the NSA, CIA, DEA, DHS, & FBI with their "National Security Letters." And those guys are just as untrustworthy as the Chinese security agencies. The main advantage is that the Chinese agencies have far less power over US citizens than the US ones.

    How you hide your IP address depends on why you're doing it. If you don't want US corporations to monitor your web traffic, then a VPN in any country that is non-compliant with US corporations & has a privacy reputation to maintain, e.g. Switzerland, is probably a safe bet. If you think you might be interesting to a government security agency from any country, a VPN won't help you at all: You'll need a whole new level of evasive tactics to hide yourself & cover your tracks.

    --
    Debate is a form of harassment. Do not question my truth.
    1. Re:Pure FUD... by VeryFluffyBunny · · Score: 1

      BTW, a VPN won't hide you from Google, Facebook, etc.. They're pretty good at digitally fingerprinting whichever device you're using & tracking your web activities pretty well that way.

      --
      Debate is a form of harassment. Do not question my truth.
    2. Re:Pure FUD... by AHuxley · · Score: 1

      Going to the same sites in the same timezone with the same comments, searches will be an easy match for powerful ad brands.
      The changing of an ip is something that ad brands have had years to understand, detect and not worry about.
      The way the internet is used again and again detects the same person.

      --
      Domestic spying is now "Benign Information Gathering"
  25. The Internet itself is untrustworthy by Rick+Schumann · · Score: 1

    ..and it's been untrustworthy since it's been accessible by the public-at-large -- and perhaps even before that.
    Your only hope is to encrypt and safeguard everything you do as much as humanly possible, and if you don't, assume whatever it is you're doing is being spied on and collected by parties unknown. Keep your own data on your own devices instead of falling for the meme known as 'The Cloud'. Don't entrust the security of your home to 'Internet of Things' devices. Sensitive communications? Either keep them off the Internet entirely or encrypt them yourself, point-to-point, no corporate intermediary. Remember that even if you have a 'landline' phone it's still going to use the Internet at some point. Your cellphone uses the Internet for voice calls.

  26. Re: I trust TOR for almost everything by pepsikid · · Score: 1

    And also, you can arrange to have a TOR web address for your web server to make it encrypted 100%. Teh Pirate Bay has a TOR address that works even when their domain names have been seized.

  27. DIY VPN is not a solution... by bradley13 · · Score: 4, Insightful

    A DIY VPN in not really a solution, at least, not beyond the trivial case of dialing in to your home server. If you want an encrypted connection with an exit point in country X, are you going to buy and pay for a server in country X? What about country Y? How are you going to pay for and maintain those exit points anonymously? And anyway, if only you and maybe a few friends/family are using it, traffic analysis can make the VPN encryption pretty much useless.

    The point of a commercial VPN service is not only the encryption, but also the anonymity that occurs when your traffic is mixed with thousands of other users.

    --
    Enjoy life! This is not a dress rehearsal.
    1. Re:DIY VPN is not a solution... by Anonymous Coward · · Score: 1

      It's called an AWS instance or some other cloud service provider running OpenVPN. Of course then you have to trust that cloud provider your data is going though

    2. Re:DIY VPN is not a solution... by Galactic+Dominator · · Score: 1

      If you want an encrypted connection with an exit point in country X, are you going to buy and pay for a server in country X?

      Something like that, it's easy.

      What about country Y?

      Even easier than country X

      How are you going to pay for and maintain those exit points anonymously?

      Same way you pay for your commercial *anonymous* vpn, except that I have bit more control over things. And my vpn isn't some target for mass surveillance like a commercial vpn solution. And I can actually know that no logs means no logs, to an extent at least.

      And anyway, if only you and maybe a few friends/family are using it, traffic analysis can make the VPN encryption pretty much useless.

      That is a valid concern for a few people who have need for a vpn, but it's even easier to overcome that the trivial setup of the vpn to begin with. So if you happen to be among the vast minority of vpn users who need to disguise traffic patterns you have a ton of options when running DIY.

      but also the anonymity that occurs when your traffic is mixed with thousands of other users.

      Prove your anonymity. That is the point of DIY.

      --
      brandelf -t FreeBSD /brain
    3. Re:DIY VPN is not a solution... by Yaztromo · · Score: 2

      If you want an encrypted connection with an exit point in country X, are you going to buy and pay for a server in country X?

      Why not? With cloud-based services like Amazon EC2 you can setup a cloud computing instance suitable for running a private VPN in various data centres around the world in minutes. Heck, Amazon provides t2.micro instances free for the first 12 months to new accounts -- so this is neither difficult nor expensive to accomplish.

      I agree with your other points concerning traffic analysis -- this isn't exactly a great solution for privacy (although more than sufficient for bypassing georestrictions), but you make it sound like setting up or paying for a server in another country is something that is difficult or expensive, when it is neither these days (at least if your overall utilization is fairly low -- 8 core instances with 64GB of RAM and several TB of storage are going to cost you an arm and a leg, especially if traffic and utilization is high).

      Yaz

    4. Re:DIY VPN is not a solution... by DarthVain · · Score: 1

      Agreed. I had the initial thought about not trusting commercial VPN's, and then only trusting one I might create myself. While I don't really know how to do it off hand, I'm pretty sure I could figure it out. Unfortunately it became pretty clear before I even got that far that anything reasonable would be more expensive, and perhaps more importantly I would have to basically get into an agreement for hosting someplace else, which boils down to the same thing but somewhat worse. Do you trust the company and/or place doing the hosting? Not only that, but now your personal details are being stored there as well, just another vector of intrusion.

      I currently use the free version of WindScribe, which hasn't been ideal, but that could just because I am using the free version that has some limitations. Anyway I think ultimately as some have already mentioned there is no such thing as total protection, if someone REALLY wants your details, they are gonna get them. However providing your not some sort of darknet kingpin, really all you need is just enough to not be among the low hanging fruit. As it is the low hanging fruit that will be picked 99.99% of the time, all you have to do is make it slightly more of a PITA and that will elevate you mostly out of harms way. Legally getting VPN records particularly in another country isn't impossible, however it's a lot harder than not having to do any of that stuff at all...

  28. I also use PIA by bradley13 · · Score: 1

    I use PIA as well, and I am pretty happy with the service. It's generally fast, it's easy to pick an end-point in whatever country you want to be in. They do get blacklisted by some organizations (example: BBC), but that's life.

    The only thing I don't like is that PIA is US-based, land of secret courts and secret warrants.

    But then, I'm not doing anything illegal, I just don't particularly want my ISP nosing around in my browsing, and sometimes I want to access services that are geo-blocked for no good reason (like US sites that don't understand the GDPR). For all that, PIA is good...

    --
    Enjoy life! This is not a dress rehearsal.
    1. Re:I also use PIA by jwhyche · · Score: 3

      I use NordVPN myself. It's based out of Panama and has a no log policy. I really don't believe that but it has a policy. I also don't use it for anything super illegal but I'm not above poaching a video or two over p2p.

      I don't believe for a moment that a vpn makes me untrackable but it does throw extra road blocks in the way. If I'm leaching something out of South Africa then any US based warrant has to be brought up in South Africa. Which will make it more difficult to spy on me.

      All a vpn does is make you higher fruit on the tree. It's the low hanging fruit they go after. If all the MPAA has to do is serve a search warrant to your US based ISP to get your traffic logs, then you are low hanging fruit. If they have to serve a search warrant to a company based in Panama to get the logs off a server, if they exist, in South Africa, then its more complex. Doesn't mean it can't be done, but it does make it more complex and more expensive.

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
    2. Re:I also use PIA by thegarbz · · Score: 1

      I don't believe for a moment that a vpn makes me untrackable but it does throw extra road blocks in the way.

      And that's just the thing. Unless you're running a dark web market place for drugs you don't need to be untrackable, you just need to be less trackable than someone else doing your activity.

      Think automatic monitoring of torrents. You're IP address will be bunched in a pool of many others, the MAFIAA will send these to the ISP, the ISP will reply with addresses and MAFIAA will will pursue. They'll get a percentage of legit IP addresses to follow up on, a percentage that they throw in the too hard basket, and done.

      Then there's also many legitimate reasons to use a VPN, such as for privacy on public open wifi hotspots.

    3. Re:I also use PIA by jwhyche · · Score: 3

      You may want to read a world atlas. Panama is in Central America (continent of North America). It is not in South Africa.

      You might want to bone up on the subject and your reading comprehension. VPNs, like nordVPN, have servers in countries all around the world. The company is headquartered in Panama, but the physical server is one located in South Africa. So to obtain any logs an entity must deal with South African legal processes as well as Panama's. And which I believe Panama does have a habit of telling outside agencies seeking such logs to take a hike.

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
  29. Re: I trust TOR for almost everything by pepsikid · · Score: 1

    Ahem, - Yupp. "It" being the connection between your TOR browser and the https resource. Unless you're going to split hairs about the packets being unencrypted in RAM somewhere.

  30. Re:What For? by AHuxley · · Score: 1

    So some NGO, charity, ad company, think tank, city, state, federal gov, law enforcement in their own nation can't keep years of ip logs from everyday IPS use.
    A VPN offers a way around the way many nations keep data on their own nations ISP account use.
    The ability to comment, talk, publish without having a gov, NGO, ad company, brand, faith, mil, think tank saying a person is to be stopped from such internet use.

    --
    Domestic spying is now "Benign Information Gathering"
  31. Re: SSH on a remote server by phantomfive · · Score: 1

    How do you know? I hope you're not making stuff up.

    --
    "First they came for the slanderers and i said nothing."
  32. Re:You're already hooked to the trust chain, moron by tepples · · Score: 1

    And since you didn't write your own compiler, it's pointless.

    The diverse double-compiling construction described by David A. Wheeler reduces the probability of a meaningfully compromised compiler to a negligible level, so long as at least three independent compilers for the language exist and one of them is free software.

  33. None of them. by themusicgod1 · · Score: 1

    Use tor, instead.

    --
    GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
  34. What is the VPN's response to MPAA takedown? by cpm99352 · · Score: 1

    IMO the only useful metric is how the VPN provider responds to a request from MPAA about a clien't's torrent activity.

    My use case doesn't consider Chinese govt' monitoring important. I would be curious to hear why non-Chinese slashdot readers would consider this a threat.

    IMO the major threat is MPAA.

    1. Re:What is the VPN's response to MPAA takedown? by Socguy · · Score: 1

      Microtargeting. Not just from the Chinese, from any foreign government. AI is used to build a profile of you and then you are served content through facebook/twitter etc. designed to influence you to support or oppose certain policies. Sometimes it's very crude but done well, you will never notice it at all.

  35. Re:SSH on a remote server by basketcase · · Score: 1

    Yes, you are right. Most people have no idea that there is more to the internet than web sites and email. You start talking TCP vs UDP to them and they have never heard of either of them.

  36. Re: SSH on a remote server by AHuxley · · Score: 1

    Communist China has no problem finding many VPN users in real time.
    The NSA and GCHQ have no problems working back from a VPN to a user.
    The FBI is getting as good too?
    Do VPN products stay secure in Ireland?

    --
    Domestic spying is now "Benign Information Gathering"
  37. Re:SSH on a remote server by thegarbz · · Score: 1

    So instead of tracing to one thing you own they trace to another thing you own? Personally I'd rather use a big company knowing my data will be obfuscated by a mass of other shit going through the pipe which any trace is likely to write off as "too difficult" (at least if the provider doesn't keep logs as they claim).

  38. Why yes, that oneprivacysite.net *is* useless by radarskiy · · Score: 1

    From the site itself: "My data simply reflects what is officially and publicly avaiable[sic] for a given service on their own official website."

    No attempt is made to independently verify claims of the VPN providers. But just because someone is running a shady VPN service doesn't mean they would LIE about running a shady VPN service, right?

  39. Re:SSH on a remote server by phantomfive · · Score: 1

    Then go through AWS.

    --
    "First they came for the slanderers and i said nothing."
  40. Not even TOR is perfectly safe by bheerssen · · Score: 1

    The FBI, among other three letter agencies, has been known to operate end points in the TOR network. TOR is a useful, but not entirely sufficient way to stay anonymous on the internet. If that's your goal, you have to use TOR, a good VPN, and a dedicated operating system such as TAILS. And you have to properly configure each of these at all times. Anonymity on the internet is hard, and requires careful stagecraft. And even if you do everything perfectly every time, it still might not be good enough.

    --
    (Score: -1, Stupid)
  41. Re:SSH on a remote server by thegarbz · · Score: 1

    Or I could do something orders of magnitude easier and achieve the same result with a complete VPN rather than a SOCKS proxy.

  42. Re:SSH on a remote server by phantomfive · · Score: 1

    Or I could do something orders of magnitude easier

    If you're computer illiterate, I guess it is orders of magnitude easier.

    --
    "First they came for the slanderers and i said nothing."