How to find a trustworthy VPN service(protonmail.com)
protonmail.com
How to find a trustworthy VPN service
https://protonmail.com/blog/trusted-vpn/
59 comments
Actually, they are not. They are excepted from the law as they are not big telecommunications providers in Switzerland. ProtonVPN is not storing logs and you can see the 2017 update on their blog here: https://protonmail.com/blog/swiss-surveillance-law/
Below snip from blog:
"In the months since the law was first introduced, we have had repeated contact with the Swiss government and held a meeting at our office together with legal counsel and members of the PTSS. In our meetings, we discussed the practical challenges of implementing such a law, and helped to advise policy makers on the most sensible implementation. We appreciate that the Swiss government has recognized the leading role that Proton Technologies AG plays in developing the cybersecurity tools of the future, along with the role that we play in the economic re-orientation of Geneva, and Switzerland as a whole towards the high tech sector, and sought a meeting with us to discuss how to ensure both security and privacy in the digital age. As a participant in these discussions, we can confirm unequivocally that upon implementation, the provisions regarding data retention introduced by the BÜPF will exempt companies like ProtonMail and ProtonVPN which are not major telecommunications operators. This is in addition to the points in the article below, which still hold."
Below snip from blog:
"In the months since the law was first introduced, we have had repeated contact with the Swiss government and held a meeting at our office together with legal counsel and members of the PTSS. In our meetings, we discussed the practical challenges of implementing such a law, and helped to advise policy makers on the most sensible implementation. We appreciate that the Swiss government has recognized the leading role that Proton Technologies AG plays in developing the cybersecurity tools of the future, along with the role that we play in the economic re-orientation of Geneva, and Switzerland as a whole towards the high tech sector, and sought a meeting with us to discuss how to ensure both security and privacy in the digital age. As a participant in these discussions, we can confirm unequivocally that upon implementation, the provisions regarding data retention introduced by the BÜPF will exempt companies like ProtonMail and ProtonVPN which are not major telecommunications operators. This is in addition to the points in the article below, which still hold."
> Under Swiss law they are now required to store logs.
Source? Their website [claims][1] they don't store logs.
> ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties.
[1]: https://protonvpn.com/
Source? Their website [claims][1] they don't store logs.
> ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties.
[1]: https://protonvpn.com/
Yes, they don't. Check their statement on the new Swiss law here:
https://protonmail.com/blog/swiss-surveillance-law/
https://protonmail.com/blog/swiss-surveillance-law/
They are definitely storing logs now. Where does it say in their statement that they won't be storing logs? This is about secure email.
Not OpenVPN, use Algo or soon wireguard.
¹: https://github.com/trailofbits/algo
¹: https://github.com/trailofbits/algo
Running your own OpenVPN server just means that you are trading one ISP for another :/
I've been pretty impressed with https://github.com/trailofbits/algo so far.
Algo and self-hosted VPN in general is only good for some applications though.
- IPSec will be blocked on many places where port 443/TCP isn't and OpenVPN or similar could work. So it's not ideal for free wifi, enterprise or school networks.
- You will still get DMCA takedowns from your datacenter or cloud provider if you don't choose one carefully
- You're limited to a single IP so if you're using it for a scraper and get blocked, you have no option of just clicking next IP.
Commercial VPN providers are often able to hit all these points.
- IPSec will be blocked on many places where port 443/TCP isn't and OpenVPN or similar could work. So it's not ideal for free wifi, enterprise or school networks.
- You will still get DMCA takedowns from your datacenter or cloud provider if you don't choose one carefully
- You're limited to a single IP so if you're using it for a scraper and get blocked, you have no option of just clicking next IP.
Commercial VPN providers are often able to hit all these points.
My general advice to people looking for VPN service is to use Algo if you have the skillset. If not, and you decide you want a centralized service, it effectively comes down to trust signaling. I have six criteria I look for in these cases, which I end this blog post with: https://davepeck.org/2017/04/16/why-its-hard-to-choose-a-vpn...
sshuttle is also great if you want an ad-hoc VPN and you have some SSH server somewhere:
https://github.com/apenwarr/sshuttle
Virtually no configuration. Saved the day when my ISPs DS-Lite (IPv4 over IPv6) was broken. Just sshuttled to a IPv6-capable server and I was up and running again.
https://github.com/apenwarr/sshuttle
Virtually no configuration. Saved the day when my ISPs DS-Lite (IPv4 over IPv6) was broken. Just sshuttled to a IPv6-capable server and I was up and running again.
Agree. It's a pretty bad idea to use centralized commercial VPN services.
[deleted]
Alex Sotirov.
This article makes Mysterium Network's upcoming decentralized,zero-knowledge, trustless VPN service more interesting: https://mysterium.network/
VPNs are for privacy, not anonymity. Confuse the two are your own peril - the Grugq
The only trustworthy VPN service is one that you operate yourself. There are plenty of Github projects that will deploy a personal VPN for you:
https://github.com/jlund/streisand
https://github.com/trailofbits/algo
The only trustworthy VPN service is one that you operate yourself. There are plenty of Github projects that will deploy a personal VPN for you:
https://github.com/jlund/streisand
https://github.com/trailofbits/algo
What's to stop digital ocean / AWS from enumerating small servers that are listening on VPN ports and nothing else, then doing the same thing Comcast and Verizon are doing?
Further more, what makes you think they aren't?
Further more, what makes you think they aren't?
What's to stop someone renting an offshore VPS, like say, in somewhere like Hong Kong[0], and that isn't part of the 'fourteen eyes' spying alliance?
[0] https://privacytoolsio.github.io/privacytools.io/#vpn
Also what's to stop someone stacking anonymously-bought VPNs on top of each other (proxy chaining) similar to how onion routing works, and creating their own homebrew Tor? If the VPN provider is peeking at the logs (which it shouldn't be doing), then all they see is another VPN IP. VPNception!
(Something like the SHALON[1] technique is useful for this, for example):
------------
> Abstract—In this paper, we introduce a novel lightweight anonymization technique called Shalon. It is based on onion routing, aims to reduce complexity, and delivers high bandwidth. We have, compared to the widely known approach Tor, slightly reduced the level of security in favor for greatly increased performance.
> The most significant advantage compared to other approaches is that Shalon is fully based on standardized protocols, which makes our approach highly efficient and easy to deploy. It also makes Shalon easier to understand for normal users, eases protocol reviews, and increases the chance of having several implementations of Shalon available. In this work, we provide a description of the design and implementation of Shalon, a performance and anonymity analysis, and a discussion on the scalability properties.
[1] https://pdfs.semanticscholar.org/6f30/f14ff4972ddd787bf7e859...
[0] https://privacytoolsio.github.io/privacytools.io/#vpn
Also what's to stop someone stacking anonymously-bought VPNs on top of each other (proxy chaining) similar to how onion routing works, and creating their own homebrew Tor? If the VPN provider is peeking at the logs (which it shouldn't be doing), then all they see is another VPN IP. VPNception!
(Something like the SHALON[1] technique is useful for this, for example):
------------
> Abstract—In this paper, we introduce a novel lightweight anonymization technique called Shalon. It is based on onion routing, aims to reduce complexity, and delivers high bandwidth. We have, compared to the widely known approach Tor, slightly reduced the level of security in favor for greatly increased performance.
> The most significant advantage compared to other approaches is that Shalon is fully based on standardized protocols, which makes our approach highly efficient and easy to deploy. It also makes Shalon easier to understand for normal users, eases protocol reviews, and increases the chance of having several implementations of Shalon available. In this work, we provide a description of the design and implementation of Shalon, a performance and anonymity analysis, and a discussion on the scalability properties.
[1] https://pdfs.semanticscholar.org/6f30/f14ff4972ddd787bf7e859...
Maybe they are, but I suspect they have different incentives.
If I discover that they're singling out my $5/mo VPN server for monitoring, the rest of my $1500/mo is moving to another company.
If I discover that they're singling out my $5/mo VPN server for monitoring, the rest of my $1500/mo is moving to another company.
I'm not super knowledgeable in this field, so maybe somebody can set me straight regarding VPNs.
I have always assumed that VPN services like PIA, AirVPN, etc. are useful for, among other things:
1. To make the content you are viewing private from your ISP, employer, public WiFi, etc.
2. To make it more difficult for some remote host/website/actor to link your activity on their site with you.
Isn't point (2) negated if you host your own VPN on AWS? In the sense that if you're in a country with a nefarious government, wouldn't it be easier for them to subpoena AWS than to get info from some VPN service over in ________ country that doesn't store logs, and has a million other users using the same IP?
An example situation might be the RIAA notices that an IP is downloading Janet Jackson MP3s, and all they need to do is subpoena AWS if you're hosting your own VPN which has a unique IP, versus tracking down some Caribbean company who has given you an IP that's shared among thousands of users and has a public reputation for trustworthiness to hold?
I have always assumed that VPN services like PIA, AirVPN, etc. are useful for, among other things:
1. To make the content you are viewing private from your ISP, employer, public WiFi, etc.
2. To make it more difficult for some remote host/website/actor to link your activity on their site with you.
Isn't point (2) negated if you host your own VPN on AWS? In the sense that if you're in a country with a nefarious government, wouldn't it be easier for them to subpoena AWS than to get info from some VPN service over in ________ country that doesn't store logs, and has a million other users using the same IP?
An example situation might be the RIAA notices that an IP is downloading Janet Jackson MP3s, and all they need to do is subpoena AWS if you're hosting your own VPN which has a unique IP, versus tracking down some Caribbean company who has given you an IP that's shared among thousands of users and has a public reputation for trustworthiness to hold?
There's a useful guide[0] if you're going to use a VPN and you should take it seriously. Personally I think a VPN is only ever useful for routing traffic over hostile networks (like at shady cafe wifi) and spoofing your geolocation to access geo blocked content.
[0] https://gist.github.com/joepie91/5a9909939e6ce7d09e29
[0] https://gist.github.com/joepie91/5a9909939e6ce7d09e29
This creates an Auto closing SSH Tunnel (Tunnel will close if Chrome exits) to a remote ssh server and redirect to localhost on port 7070 and launch Chrome Portable using local port 7070 as socks 5 proxy
The following command is for cygwin on Windows.Can be customised for Mac OS or Linux
ssh -o StrictHostKeyChecking=no -C -f -q -D 7070 username@servername sleep 10 ; "/cygdrive/c/PortableApps/GoogleChromePortable/GoogleChromePortable.exe" --proxy-server="socks5://localhost:7070" &
The following command is for cygwin on Windows.Can be customised for Mac OS or Linux
ssh -o StrictHostKeyChecking=no -C -f -q -D 7070 username@servername sleep 10 ; "/cygdrive/c/PortableApps/GoogleChromePortable/GoogleChromePortable.exe" --proxy-server="socks5://localhost:7070" &
Whenever I see any article discussing which is the best VPN provider it's usually written by someone who is benefiting from the recommendation of a particular company.
This article is no different
This article is no different
There's a pretty good (and, in contrast to most such lists, independent from any provider) comparison of VPN services here: https://thatoneprivacysite.net/vpn-comparison-chart/
It's good if you're savvy, perhaps. But I also think it can lead people astray. I wrote more about it on my blog: https://davepeck.org/2017/04/16/why-its-hard-to-choose-a-vpn...
I currently use cryptostorm. It's "more difficult" to use than most, but it seems trust worthy. ProtoVPN, their service, looks interesting. Perhaps worth checking out, but it would need a solid flock of regions in order for me to consider it.
On the free tier there are about 8 udp and tcp ovpn I think with different EU endpoints.
My current solution: ssh -v -C -D 1080 {server_i_own}, then set application proxy settings to localhost:1080.
(I’m aware this isn’t really the same as a VPN, but for my current purposes it’s Good Enough.)
(I’m aware this isn’t really the same as a VPN, but for my current purposes it’s Good Enough.)
The only use case I know of for a vpn service is to hide illegal torrenting from your isp. Why else do people route all of their traffic to a third party?
Could you really not have thought about this a bit harder? I do think that anyone here should generally just get a cheap tier VPS (or use their own existing VPS or colo or whatever depending) and run a VPN for themselves via algo or similar vs a public commercial VPN service offering, but the point of doing so isn't that complicated. Individual->Internet mediating VPNs are about shifting your effective general WAN traffic entry point from the Internet edge (the local ISP, which for many of us amounts to a single monopoly provider or a public WAN point which is also not at all trustworthy) towards the Internet core backbone, where there is extremely robust competition and in turn customer responsiveness. It's an economic hack. There are many ways my ISP might be tempted to not work on my behalf, be it active (monitoring traffic for their own advertising benefits) or merely through laziness (not putting up any resistance against even warrantless mass surveillance requests), because I have nowhere else to go and they know it.
Whereas OVH/DigitalOcean/Linode/Scaleway/Amazon/Google/whomever all have much stronger incentives to put their customers first and foremost. In terms of business model (due to how utterly trivially I could rip down a VPS and set of containers/services at any one of them and set up something identical at any other at any time) they're much more closely aligned with customer interests.
It has nothing to do with any illegal behavior per se (at least in the USA, in many countries "illegal behavior" may encompass things we consider basic rights), it has to do with economic alignment and additional privacy/security at a cheap price.
Whereas OVH/DigitalOcean/Linode/Scaleway/Amazon/Google/whomever all have much stronger incentives to put their customers first and foremost. In terms of business model (due to how utterly trivially I could rip down a VPS and set of containers/services at any one of them and set up something identical at any other at any time) they're much more closely aligned with customer interests.
It has nothing to do with any illegal behavior per se (at least in the USA, in many countries "illegal behavior" may encompass things we consider basic rights), it has to do with economic alignment and additional privacy/security at a cheap price.
Right now, in America, your browsing history is basically for sale by your ISPs. That it may not be actively happening right now is coincidental - it is an impending certainty.
If you are okay with that, godspeed, but I think you would have to be deranged or clueless (or both) to be okay with the idea that mega-conglomerates can sell your personal browsing history to the highest bidder.
There are myriad other legitimate concerns, but this alone makes the whole debate something of a non-starter in my opinion.
If you are okay with that, godspeed, but I think you would have to be deranged or clueless (or both) to be okay with the idea that mega-conglomerates can sell your personal browsing history to the highest bidder.
There are myriad other legitimate concerns, but this alone makes the whole debate something of a non-starter in my opinion.
My ISP and their shady pals would be like "this one likes free standard-def pr0n and gmail, let the bidding start at $0"
(Read in Ron Howard voice) "He thought this was funny. But his employers didn't."
Simple use case that comes up for me quite often:
I'm reading a foreign sports site, and their videos will only show to people from that country.
Same with various national TV station sites.
I'm reading a foreign sports site, and their videos will only show to people from that country.
Same with various national TV station sites.
I want to use one so my ISP can't sell my, and the rest of my family's, browsing history. Nothing to do with torrenting.
I like Freedome from F-Secure pretty user friendly so it actually gets used...
https://www.f-secure.com/en/web/home_global/freedome
https://www.f-secure.com/en/web/home_global/freedome
The best consumer VPN service I have used is Privateinternetaccess. Never had an issue, they have been reliable and fast and support all clients. It is simple enough for children to use and very affordable.
Yeah, now your VPN provider can instead. So much better.
The whole point of the article is that you need to do your research and choose someone that won't do that to you.
There's no way for them to guarantee that to you. It's just 100% marketing wank. If you want privacy use Tor or similar.
Unless you just setup your own VPN? Or maybe trust external auditors? Or otherwise spend time actually looking into service providers before giving them your money?
Setting up your own is better for doing it privately - takes out an unnecessary extra party at least. Still not perfect of course, the data center and ISPs can still see your traffic and connections on both sides, so still cannot be considered truly private.
Interesting that you say "external auditors" though - have any commercial VPN providers offered anything like that? Of course, it'd only be worth something if they'd put their money where their mouths are in a form of insurance payout if they were wrong.
Interesting that you say "external auditors" though - have any commercial VPN providers offered anything like that? Of course, it'd only be worth something if they'd put their money where their mouths are in a form of insurance payout if they were wrong.
China. Get yourself in a place where every other page you try to visit is blocked and then you'd be a lot more thankful for VPN service.
Interestingly, I was just in China. Most of the things that used to be blocked worked perfectly fine for me. I barely used my VPN because even Facebook was working.
It does seem to vary quite a bit, I've always found that Shenzhen is a bit more lax with the firewall than even neighbouring Dongguan.
It does seem to vary quite a bit, I've always found that Shenzhen is a bit more lax with the firewall than even neighbouring Dongguan.
Are you sure you weren't set up with a VPN? I was there last week and all the usual stuff was blocked. However, I heard it was common to get routers that were already set up to perpetually be connected to a VPN.
China has opened up some sites in certain cities at certain hotels and on the cell network. It is not consistent. In Shenzhen as of May, it is this way. In Xi'an it is not as of last week. In March in Shenzhen I couldn't connect to FB over LTE.
Using public wifi networks
Especially when banking
I never really understood that one. Don't pretty much all banks use HTTPS these days? Wouldn't that make banks the type of site you'd be _least_ likely to need a VPN for?
I'd be more concerned about using a VPN when browsing other, less secure sites that don't support HTTPS.
I'd be more concerned about using a VPN when browsing other, less secure sites that don't support HTTPS.
Research. Some sites serve different content or adverts to different countries; some countries filter particular content. To research these effects you need endpoints in several different places.
To overcome nation-wide blacklists.
Because you live in a purple or yellow country - https://freedomhouse.org/report/freedom-net/freedom-net-2016
That is some bullshit map you got there mate. I'm looking at the UK and Australia and thinking 'green?'. Yeah right.
Australia gets a low score
if you read the report on that country -
https://freedomhouse.org/report/freedom-net/2016/australia
Maybe Eff or someone else has a better resource.
Hide browser history from employer?
Censorship circumvention for one.
The only trustworthy solution is your own OpenVPN server on some cloud provider (not difficult to setup). Even then it is debatable whether it would remain private long. Probably draw attention if anything but you won't get your logs sold to Target.
It's hilarious how many 'VPN providers' don't even encrypt the traffic.