[pilif]

if only there was any proof of this actually being the case and there not being some "accidental" debug log enabled, or some other network level component having "accidental" access to the keys.

There's just no good answer to perfect trust-no-one private internet access.

If you need to hide all of your traffic from other users in your local network, you can accomplish that in a trust-no-one fashion by running your own VPN endpoint on a server you control which provides better privacy guarantees compared to a centralised commercial VPN whose business model will eventually involve selling your data (once user growth stops but shareholders demand continued revenue growth).

But if you need to hide your traffic from anybody but your peer on the internet and you need to hide the fact that you talked to that peer, then, I'm afraid, your out of luck.

[dtx1]

> If you need to hide all of your traffic from other users in your local network, you can accomplish that in a trust-no-one fashion by running your own VPN endpoint on a server you control which provides better privacy guarantees compared to a centralised commercial VPN whose business model will eventually involve selling your data (once user growth stops but shareholders demand continued revenue growth).

Well not really. There was a great (german) interview with the perfect privacy founders recently [1]. They seem to be decent guys with close ties to the Chaos Computer Club and I strongly suspect they wouldn't want to work like that.

[1] https://www.youtube.com/watch?v=VMr0gJvI-6I

> But if you need to hide your traffic from anybody but your peer on the internet and you need to hide the fact that you talked to that peer, then, I'm afraid, your out of luck.

Nah, that one is easy just use an anonymous sim card or an open wifi and your good to go.

Honestly these discussions often feel pretty asinine to me. I personally use paid VPNs to pirate to my hearts content, work around my ISPs terrible networking and a little bit of geo-unblocking. Of course you can't use these services to protect yourself from three letter agency type surveillance or equally powerful threat actors but if they are "private" enough to block the music industry and their lawyers from suing you that's a pretty high standard of privacy, certainly more than any ISP alone gives you!

[jack_pp]

Do you actually pirate music or did you give it as a general example? I feel no need to pirate music today with all the music streaming services especially since I can find all the music I want on all the streaming services which is a world of difference compared to the video streaming services

[dtx1]

I stopped pirating music a while ago when spotify became better than what the trackers i was on delivered. That being said, i have recently started looking into it again since spotify is dragging their asses on high quality streaming and their app support on linux started to annoy me. The alternative streaming services barely support linux at all so they aren't really an alternative for me. But you are right it's mostly tv-shows and movies, a few books here and there. It seems I've basically missed the golden age of netflix (or there never was one in germany with their shitty catalog) and stayed on private trackers until now. I suspect it won't change any time soon either with all the fragmentation going on and i absolutely refuse to deal with their stupid DRM measures.

[jack_pp]

Have you tried youtube music (via youtube premium)? I'm not sure about the high quality audio part because I only listen via bluetooth. The recommendations, general app UX and the fact that I can listen via website on desktop have made me cancel spotify.

[dtx1]

For low quality audio it's fine, though there's a lot of music I like missing that spotify has. Quality wise it's all over the place and at best as good as spotify.

Generally I don't care much about the UI of any of the services offered and being browser based doesn't really make it any better for me. I can do that with spotify and most other services as well. What I would like to have is a simple paid service with high quality flacs that has an open enough API that i can use many of the great open source tools available and download music for offline use on my phone (data caps and all) without jumping through a lot of hoops. It's not music management is an unsolved problem and for local music i have tons of great options on all my devices from TUI applications to applications with great desktop integration to great open source phone apps. With Spotify there are at least some projects that work somewhat but not really well and certainly nothing that i can easily integrate into my desktop or phone without relying on proprietary clients.

But honestly before I go around trying endless services to get a decent experience I'd rather just take the red music tracker test [1] and build a local collection that "just works" and be done with it.

[1] https://interviewfor.red/en/index.html

[hipitihop]

Have you looked at https://roonlabs.com/ ? I'd be interested in your opinion if you have

[burnaway]

>> If you need to hide all of your traffic from other users in your local network, you can accomplish that in a trust-no-one fashion by running your own VPN endpoint on a server you control which provides better privacy guarantees compared to a centralised commercial VPN whose business model will eventually involve selling your data (once user growth stops but shareholders demand continued revenue growth).

the privacy protection for most people using VPNs is required against their ISP and other actors looking to analyse their traffic, not users on the local network. a commercial VPN will be better for privacy due to the crowding effects, ie. large number of users sharing the same IP and protects against correlation attacks - it's much easier to trace the activities on your own VPN endpoint back to you. of course you need to trust the operators, which is as different question.

[Terry_Roll]

>ie. large number of users sharing the same IP and protects against correlation attacks

Depending on where you are based in the world (see https://www.submarinecablemap.com) realtime throttling of vpn traffic can still identify a user and where they are going in some cases.

You can get a degree of privacy from visiting websites located on servers in big data centres, but nothing a search warrant couldnt find out retrospectively.

Just traceroute your journey inside a vpn to see where abouts you are going when connecting to a webserver anywhere in the world and workout the physical route you are travelling on the cable map.

Obviously the number of languages you speak also restricts where in the world you will be going online to a point and timezones can also make you stand out like a sore thumb if you visit a website when the locals generally arent.

I've identified (US) websites which can workout what DNS server you are using, so in my case, based in the UK if I swap from using a UK ISP dns to using another dns like quad9 in Germany, the (US) websites alter the content you can see, just on that single DNS server change.

There is no privacy!

[npteljes]

>There is no privacy!

I think this is a good message. In the same vein, there's no security either. All you can do is make your and your adversaries' life harder, and balance the different tradeoffs.

[Terry_Roll]

> there's no security either.

Dont buy that, care to elaborate?

[npteljes]

In the same line of thinking as the parent comment, there's no 100% security either. If you loot at IT, everything can be hacked, secrets leak, intelligence agencies hoard vulnerabilities, or even have insiders in security firms or larger corporations.

In the real life, no lock is invulnerable. Most can be picked, frozen, melted, etc and surely have other weaknesses too.

But to achieve their goal, they don't need to perfect. Just reasonably good. And so, I wish for people to be mindful about the nature of these. That they are not perfect, they are not hidder, nor secure. Just, maybe, reasonably so.

[Terry_Roll]

Your lock example isnt perfect, it cant fight back.

In IT, you need both joined up offensive and defensive measures which includes self destruct if secrets need to be kept. That is at best a Check Mate.

Take a VPN, in nearly all instances I have encountered the only traffic is genuine traffic, there is no dummy traffic to muddy the waters from external Deep Packet Inspection.

Likewise routing can be used to isolate, I'll give you a real world example which you might be able to relate to.

You are travelling by car from A to B, and you can take a variety of routes to get there. Most modern cars now have built in sat nav, and all you know is when your target is leaving and they will be using the car manufacturers satnav. So you have a window (at the start of their journey) in which to manipulate the targets satnav by giving it fake traffic data to cause it to take a particular route. Ergo you have been able to isolate your target onto roads they wouldn't normally travel. Now that can be done nationally over the radio station network, or nearby using a transceiver SDR in a chase car.

What makes you think the internet is any difference? Business efficiency like JIT is a weakness as we see with the chip shortages and other problems caused by covid lockdowns. VPN companies are no different, they need to maximise profit so they dont add in fake traffic to hide their customers traffic, and by virtue of being able to choose from multiple VPN providers, users self isolate themselves into yet smaller groups. VPN providers should really organise and share networks to further muddy the waters from external entities.

[minerva23]

Is no-trust ever possible? I thought people create their threat models and verify they can trust those they have to trust.

[zeepzeep]

> people create their threat models and verify they can trust those they have to trust

What kind of people?

How do you verify you can trust some company?

[minerva23]

Everyone does it informally to varying degrees for varying problems (often times subconsciously). E.g. "What do I know about this person? Can I trust them around my kids?"

You verify trustworthiness by research. Who is involved? Do I trust anyone who trusts them? What are their motivations? What would cause them to take action against me? What causes them to protect my interests? What laws are they subjected to (i.e. who can coerce them)? What do they say for themselves? Where do their words fall on the credibility to BS scale? What is their reputation in the community? What do their competitors/adversaries say? What would cause their behavior to change?

I won't enumerate all my research on Mullvad. I can say Mozilla attaching their brand to Mullvad's services helped me a lot (trust by proxy). I'll also say that some of their product decisions give credibility to their anonymity claims. Lastly, I found someone who shared a competitive analysis across many providers. I found the analysis trustworthy. Mullvad has some weak points, but was still the best provider for my particular use case.

[normaler]

That is the great thing about mullvad. They don't have shareholders except the actual owners.

https://mullvad.net/en/blog/2021/9/16/ownership-and-future-m...

[pilif]

which is true until one or more of their owners decide to sell their shares.

[burnaway]

my grocer down the road is a nice fella and has tasty vegetables from sustainable sources, but he might get bought up by a big supermarket chain, so I'm not going to buy from him

[pilif]

your grocer does not have the ability to retroactively change the food you've bought from them.

A VPN provider can "accidentally" enable logging prior to the sale

[burnaway]

if you trust them now with not logging and selling your data, you should trust them not doing anything to screw you over, and giving you sufficient warnings before a sale happens so you can re-evalute that trust. if you don't trust a provider, you shouldn't use them. "i don't trust any VPN providers" is a reasonable position, but your argument saying "all VPNs will end up selling data" is still flawed.

[WithinReason]

Wouldn't the ownership of the server be easy to trace back to you?

PIA has been promising a fully audited and verifiable infrastructure in the future:

https://www.privateinternetaccess.com/blog/dont-trust-verify...

[pilif]

>Wouldn't the ownership of the server be easy to trace back to you?

yes. Which is why I said that this helps to shield your traffic from other people in your current local network (think: coffee-shop) which is one use-case of a VPN.

If you need to protect your traffic from anybody but your peer (another potential use-case of a VPN if this were possible) and you even want to hide the fact that you were talking to that peer, then you're out of luck. Period.

[wintermutestwin]

You are ignoring the use case of protecting my data from my ISP, who is a known bad actor that wants to sell my data and had the power to strongarm my government into legalizing that data theft.

[zeepzeep]

> There's just no good answer to perfect trust-no-one private internet access.

What about Tor?

[mateuszf]

I think that if enough exit nodes would be owned by let's say government agencies they would be able to correlate requested domains with actual requester IP.

[zeepzeep]

We all should run a Tor node then to outnumber the bad guys

[dharmab]

In addition to the traffic analysis mentioned in another reply, there are ways data can be leaked from Tor. One example from the crime documentary "Hunting Warhead": a white hat hacker managed to locate a darknet server running a forum software by setting his avatar image to a file hosted on a domain he controlled. The forum software retrieved the age via a regular internet route, exposing the actual host IP.

For maximum privacy, Tor should be used with software designed for Tor from the start.

[eightails]

Not sure I would call Tor "perfect", but it's certainly very useful for some use-cases.