[midnightGhost]

I'm in the same boat. Though I actually do trust my VPN provider Mullvad. Highly talked about, based in Switzerland, and Mozilla also uses them for their VPN service.

Edit: Sorry. Not Switzerland. Sweden. For some reason thought Switzerland.

[croes]

Switzerland, home of the Crypto AG. Switzerland lost its reputation as a secure privacy haven.

[scns]

The mail service that handed over data of a customer to a foreign government and changed the privacy statement on their site is based there too IIRC. The name eludes me know, surely several readers can provide it.

[woko]

There are several issues with your statement.

> The mail service that handed over data of a customer to a foreign government

First, ProtonMail can only hand over meta-data, because data is encrypted.

Second, "ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities."

> and changed the privacy statement on their site

The privacy policy was not misleading if you read it carefully. It was not "changed" as in removing a lie from the statement. At best, it was clarified to ensure *everyone* would correctly understand it in the future. It is accessible at https://protonmail.com/privacy-policy

What may have been misleading was the marketing message on the homepage. If you pondered each word of the one-sentence marketing message, you could have guessed that the expression "by default" was there for a purpose. Companies do not add useless words for marketing, they do it to avoid false advertisement. However, this is not the same thing as the privacy policy. And ProtonMail stated that they would fix that: "we will be making updates to our website to better clarify ProtonMail’s obligations in cases of criminal prosecution".

Quotes are taken from: https://protonmail.com/blog/climate-activist-arrest/

[scns]

Thank you very much for those clarifications.

[TacticalCoder]

protonmail? Although I take it they are still to be trusted more than most.

[ChuckNorris89]

Plus the recent Protonmail fiasco.

[legrande]

> Protonmail fiasco

Not a fiasco as they're required by law to keep IP logs. You can disable the logging of IP sessions in the PM dashboard, but you can't guarantee that PM will not keep logs, since their servers are all Public Internet Facing. The only way Protonmail is 100% zero knowledge is to be a 100% a dark-net/Tor service, which immediately turns off 99% of their users.

[dylan604]

If you misled your users into thinking that this isn't something you would do, but as soon as shit hits the fan and the PR makes it impossible to keep the ruse going. It's a total fiasco to that business' marketing department.

[jimmySixDOF]

my understanding is they only logged the IP details after receiving the Swiss LI request and did so only for the user in question.

[dylan604]

I'm sure that makes the one user feel all warm and fuzzy. Also, what about next. Or the time after, or after or...

[maxwelldone]

Mullvad is great. They are from Sweden, not Switzerland. Not sure if anyone else does it but you can just mail them cash anonymously to get started.

[CRConrad]

People (mostly Americans) getting the two mixed up has been a meme in Sweden for many many years; it predates the Internet.

[lbschenkel]

It is even worse in Portuguese; there is only a two letter difference: Suécia (Sweden) vs Suíça (Switzerland) — or three letters depending on your perspective, but in Portuguese the c with cedilla is not considered to be a different letter from a plain c, and in this case both forms are pronounced the same. Therefore some level of confusion is understandable, even expected.

In English they are similar as well but spelling and pronunciation are different enough that there should be less confusion, at least on paper. Not sure why there is such confusion in practice.

[Moru]

Austria - Australia is another common mistake.

[CRConrad]

Just yesterday or so I watched an "Alternative Contries"[1] video on YouTube where the most hilarious proposal -- took me a while to grok -- was Australia-Hungary.

___

[1]: Kind of a sub-genre of alternate history and/or history-simulation-game AI timelapse videos.

[stef25]

Always wondered why people don't just create their own using something like Outline on a DO droplet (bithost) ? How is Mullvad better?

I don't understand how we should trust a company we know nothing about other than the text they put on their website which basically means nothing.

[zucker42]

Using a public VPN anonymizes your traffic if you assume many other people are using the same VPN server. A MITM can easily see you're using the VPN but not easily what websites you're accessing. If the VPN provider is truthful about not keeping logs, it's hard to prove that you visited a particular website and not someone else using the VPN. A DO droplet does not provide the same thing. You can visit a website, the website can store your IP for months or years, then LE can subpoena DO for the person with that IP at a given time. Plus setting up a DO droplet VPN sounds like a PITA.

As for why to trust Mullvad in particular, you can't trust them completely but they list all their employees and their ownership structure publicly, they have a good track record, they have documentation which seems like it's written by people who know about security and their customers' potential threat models, and they don't have a suspiciously large advertising budget.

However, I wouldn't trust any VPN if you have to withstand targeted scrutiny from governments.

[stef25]

> Using a public VPN anonymizes your traffic if you assume many other people are using the same VPN server

Gotcha

> Plus setting up a DO droplet VPN sounds like a PITA

It's actually very easy using https://getoutline.org/ - can highly recommend it if you need a fixed IP. And you can buy DO droplets with cryptocurrency through Bithost

[geokon]

If you torrent through a DO droplet they will send you a warning. So your traffic is monitored

[atmosx]

Because the threat model is different than the one you have in mind. VPN providers for 5$ a month will give you multiple proxies throughout the world. Spinning up 70 droplets in different regions is not a viable cost effective solution.

[jaywalk]

You can use Mullvad without supplying any personal information (not even an email address) and pay by literally sending them an envelope with cash in it. That's as good as it gets when it comes to preserving privacy.

[craig131]

They’re probably trying to separate their billing information from public IP address which is the benefit of using a service that is crypto friendly