[kelsey98765431]

Don't trust companies that save and hand over data. Don't trust proprietary security solutions. If this is literally just TLS based vpn wrapping, it's no different from using an onion bridge to get to your VPN endpoint. Proton gives data to federal agencies. Proton keeps user data. Proton removed their warrant canary. Use something better.

EDIT: If you want a truly safe VPN, you will need to do some work on both adversary modeling and technical implementation. If you are just worried about your ISP (filesharing of legally protected digital backups), use whatever. If you are worried that your data may be collected by your VPN provider, use a series of tor/vpn multihop. If you are a paranoid mf, use a privacy coin to purchase a VPS and then connect to it via tor on a public wifi network, set up a .onion hidden service for your ssh/chisel/etc port, connect over tor to forward your tunnel port to localhost, use that tunnel to connect to a multihop VPN system. Suggestions include mullvad, PIA, cryptostorm, whatever you want really. Throw a VPS with generic openvpn in the middle of your multi-provider hops, again paid in a privacy coin. Pay a homeless man to colocate a physical server that has DRAC and luks along with something like AMD TSME, then run containerized multihop there aswell.

Basically if you want something done right, at least do some of it yourself.

[protonvpn]

This is false. Proton VPN's no logs policy has been proven in court and backed by third party audits: https://protonvpn.com/blog/no-logs-audit

VPN is not classified as a communication tool in Switzerland and there are no existing Swiss laws that can compel us to log.

The Proton VPN Transparency Report & Warrant Canary is also still available at: https://protonvpn.com/blog/transparency-report

[alfalfasprout]

Proven in court is ultimately what I think most users really care about.

Thanks for sharing this.

[wil421]

How do we know this isn’t another CIA/Swiss front? Just like Crypto AG.

https://www.bbc.com/news/world-europe-51467536.amp

Some of us also remember Hushmail.

https://www.wired.com/2007/11/encrypted-e-mai/

[protonvpn]

There is no comparison between Crypto AG and us. Our encryption occurs client-side and our cryptographic code is open source and backed by third-party audits: https://proton.me/community/open-source

[ranger_danger]

One thing that might put others at ease is having a way for client-side code to NOT be automatically updated, as some view this as a type of backdoor or method that malicious code might be injected without being noticed, even if unintentional.

[ranger_danger]

Do you really expect anyone to be able to answer this? How would anyone ever know before it's too late? Nobody would use it if they knew, and they know that too.

[grigio]

People have too short memory to remember this

[ranger_danger]

There is an unanswered bug report from March that suggests Stealth is not working in Russia:

https://github.com/ProtonVPN/android-app/issues/130

[devwastaken]

Protonvpn logged ips at the request of the Swiss government on behalf of the French government as a political favor.

https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-...

Protonvpn does log data and does hand it over. It doesn't matter if they "had to" (they can fight) You can't put the genie back in the bottle.

[netsharc]

Do you even read your own source? Even the truncated URL says Protonmail... a search for "VPN" in that article comes with "Yen said a similar order would also not be able to provide ProtonVPN metadata, as VPNs are subject to different requirements under Swiss law."

Sure you can refuse to believe the company's statement, but your comment is based on your (maybe deliberate, conveniently) misunderstanding of mail vs VPN...

[devwastaken]

Protonvpn is protonmail. They're the same company. They choose to operate in a way that allows user IP's to be given for arbitrary political reasons. They will do it with VPN too if they're "requested".

[MrSkelter]

You appear to misunderstand the discussion.

Under Swiss law Email is communication which is subject to a VPN which is not classified as a communications medium and subject to different laws.

There is no way a legitimate company can insulate itself from legal compulsion. However a legitimate security company can do everything within the law to protect users. Proton does this and has been legally tested.

[netsharc]

Their claim: they have to follow the Swiss laws, the laws for mail providers and the laws for VPN providers are separate, and one of them requires IP logging, and the other doesn't.

Your claim: they're just doing whatever the hell they want, whatever is "politically" expedient for them. Without any substance behind it.

Considering Switzerland's reputation as low-corruption country, i.e. having a government that follows the rules, I can imagine the VPN department will fight such a "request" as you say in their court of law, but hey, I bet your guts know it all.

[ranger_danger]

Following the law is not arbitrary. Nobody is going to jail for you, your data is not that important. And there is literally no better country to do this in. Whatever you think Proton could be would be a company you shouldn't trust in the first place.

[ljm]

If you're getting into that kind of paranoia, you might as well just buy burner laptops that use burner 5G SIMs, and go fully stateless.

Considering you, as a person, are stateful, the strategy will inevitably fail and you'll be caught.

This is how people seeking privacy after doing bad things got found out. People were tracing patterns of behaviour long before there was an internet that produced access logs.

[kelsey98765431]

some people are paid to be the overly paranoid person in the room professionally, for budget and leadership to dial their models against. notice i put the security and adversary modeling at the top.

[OutOfHere]

Proton has multiple services, and the data retention of one service may have little to do with another. In particular, any data retention for their VPN service is going to be very different from say email for obvious reasons. Even for email, afaik, it was the recovery email address that gave access to the data in the account.

What's a better VPN service anyway? Mullvad? I see Proton's stealth feature as being valuable.

Disclaimer: I have no conflict of interest whatsoever with Proton other than being a free user.

[lovethevoid]

PrivacyGuides (not affiliated with them, just find it a useful resource), highlights Proton, Mullvad, and iVPN as reputable depending on your use. They state Proton does not support ipv6 yet, Mullvad removed remote port forwarding, and iVPN the same.

The recommendation the person you're responding to (PIA and Cryptostorm), is very untrustworthy and doesn't even match the minimum criteria from PrivacyGuides.

[3np]

Got any details, reference, quote, or analysis on the CS claim?

AFAICT, the only discriminating factor is lack of solicited third-party security audits. Which I don't think implies being "untrustworthy".

https://www.privacyguides.org/en/vpn/#marketing

https://discuss.privacyguides.net/t/why-is-vpn-providers-lik...

(PIA/Kape I get and relevant information is easily discoverable available on controversy surrounding them and their owners)

[andreareina]

The default state of vpn services should be that they're untrusted.

[kelsey98765431]

i mentioned pia cryptostorm etc (or whatever) in the context of onion plus vpn multihop.

[llmblockchain]

It depends on your threat model. If your threat includes three letter agencies and nation states then you're right-- don't use Proton. However, 99.9% of people don't have that threat model. In that case, Proton is better than most other providers out there (for email, vpn, etc).

[jtriangle]

I would hazard to say if that's your threat model, you're better off not using the internet in general. VPN provider won't really matter ultimately, there's a hundred things on either side of that tunnel that you have to take care of.

[llmblockchain]

I'd argue physical channels and access are even less secure. People are broken easily (you can't trust anyone) and surveillance is everywhere and more sophisticated than you imagine. My first job was at a US-based video surveillance company owned by Israelis and used by casinos, stadiums, and entire cities. I have an idea of what it's capable of :)

What we need is a truly secure and private method of communication and payment. We're close on both.

[jtriangle]

The methodology is simple enough, the issue is the devices.

Sure you can run hardened, stateless linux, but how many SOC's are in your laptop? Those aren't trustable. Your phone's even worse.

Sure meatspace is full of surveillance gear, and has been for years. Face rec/id has been around for a decade longer than people think, plate readers, traffic cams basically everywhere, etc etc. The problem those systems all have is filtering out the signal from the noise. They don't know that person-X is someone to watch until they're tagged. Once they're tagged, it's basically over, but, how do you tag them? Right now, that's mostly manual, and based on external data. If there is no external data, there's no risk of being tagged.

The real question is, can someone remain normal enough while not generating suspicion while they're up to no good. I'd say they certainly can, most don't, but, it's far from an impossibility.

[walterbell]

> Pay a homeless man to colocate a physical server

So many questions about that server provisioning workflow :)

[kelsey98765431]

DRAC and luks, the homeless man enters a consultancy agreement to subcontract as a legal entity and is fairly compensated to use their services of being the authorized agent of your provisioning wing of your entity. as authorized agent, they simply agree with the datacenter that when an authorized physical server arrives it is added to a rack. when your entity structure needs to decommission a machine you use DRAC to destroy data at rest with a 70 hour dban series power it down and have the data center mail it to whoever buys it on ebay.

[whartung]

Is the hardware run on solar charged batteries, or does it recharge through plugging into coffee shop outlets. Is the network leeched from Starbucks, through a cell modem?

[kelsey98765431]

you misunderstand, the homeless man signs an agreement to be the authorized agent of contact that is able to tell the data center when authorized servers will arrive by mail and when they need to be sent to a different location. do not collocate servers in data centers run by homeless men, as there is less chance of fire suppression and climate control factors in their facilities (shopping carts/cardboard/tent cities). it may be fine for a startup, check your security model and postures.

[codedokode]

Cell modem or being on someone's WiFi gives away your location though.

[mnsc]

Pretty straightforward with biceps.

[blackeyeblitzar]

I don’t understand your allegations against Proton VPN. They give data to federal agencies and they keep user data? When did they do that? Can you share any evidence of this?

[3np]

I think they're referring to ProtonMail, not ProtonVPN. Same company, same difference. What makes you believe that they would play one service so significantly differently than the other?

https://arstechnica.com/information-technology/2021/09/priva...

[HelloMcFly]

Because Swiss law for the two services are different, and their compelled actions for email are not applicable to their VPN services. Their public statements, audits, and track record for the two services reflect that reality.

[yegle]

A flaw in your argument: a VPN protocol that emulates the traffic pattern of an HTTPS connection is not the same as a TLS VPN.

[o999]

PIA is associated with Kape technologies, a company founded by an Ex-Mossad agent that acquired many VPN companies.

[codedokode]

Instead of choosing a company to trust, I would prefer that everybody implemented ECH (Encrypted Client Hello) and there would be almost no data to collect. Why Cloudflare seems to be the only one who implements it?

[ranger_danger]

China blocks TLS 1.3 entirely.

[dartharva]

At that level of paranoia you're probably better off just airgapping your network away from the internet and only transfer data using physical drives.

[kelsey98765431]

we were speaking about modeling for vpn systems, wait for a thread about air gapped networks to be fascinating enough and for me to stumble across it for me to give a wildly inappropriate but technically correct though complex and subjective answer.

however there is a significant issue with using hard drives to transfer data in airgapped networks without proper f-caging, optical transfer of data via taking a video of rapidly flashing QR codes is fairly secure when under enough blankets, but mylar shielding of walls and windows may be required depending on the adversary model.

[kelsey98765431]

we were speaking about modeling for vpn systems, wait for a thread about air gapped networks to be fascinating enough and for me to stumble across it for me to give a wildly inappropriate but technically correct though complex and subjective answer.

[coldblues]

Proton does not care anymore. Maybe they never did? Their new wallet wholeheartedly cements any skepticism I've had previously about them.

[realfeel78]

Elaborate on this?

[TheAmazingRace]

Agreed. To that end, I wonder what the current prevailing recommendation is for a top tier VPN? Or should we roll our own using a VPS and Wireguard?

[nouryqt]

I trust Mullvad, or more like I haven't found a reason to not trust them yet. I buy the activation cards on Amazon for convenience and as far as I can tell the individual scratch off activation code you activate on their site with your account number cannot be traced back to you.

[kelsey98765431]

Mullvad accepts XMR which is more difficult to trace than amazon related anything. Mullvad does however state that payment information is disassociated from account numbers 90 days after payment. Theoretically you could use any payment you like, pay the 90 day compliance tax, set a cal event, then begin using it about a week after that 90 days is up. Cheaper to use XMR.

[thenewnewguy]

The trick of selling via Amazon is that although Amazon (and thus the government, if they subpoena'd that info) could easily see you're using Mullvad, they could not figure out which Mullvad account was yours.

[kelsey98765431]

A small note to do your own research on:

Wireguard sets up an IPV4 based internal network and the machine responsible for the routing MUST know the client IP that was assigned to the connecting machine. There are some kernel modules to OBFUSCATE but not eliminate this data. Wireguard therefore has a fundamental design flaw that makes it faster but potentially less anonymous than OpenVPN protocol.

DYOR and YMMV. I always disable WG for at least my first hop.

[yjftsjthsd-h]

> Wireguard sets up an IPV4 based internal network and the machine responsible for the routing MUST know the client IP that was assigned to the connecting machine.

How else would it work? You could strip the source IP, but then you couldn't get replies and you'd have a very anonymous VPN that could only be used to send UDP packets; no receiving and no TCP since even establishing TCP requires replies.

[threecheese]

Are you referring to this issue specifically? “Wireguard leaks IP address in client mode if connection fails” https://github.com/linuxserver/docker-wireguard/issues/139

[tptacek]

I think you need to post more context here because this doesn't make sense. We run large-scale WireGuard for hundreds of thousands of clients, and we know none of their client source IP addresses.

[obelus]

What are your sources here? Aside from Proton VPN being no-logs already being proved in court, Proton has third-party audits to back up their no logs claims: https://protonvpn.com/blog/no-logs-audit

[alfalfasprout]

They haven't cited any and likely can't. As an end user at the end of the day I care about real-world track record. Proton has not been able to comply to real-world requests over several years.

While theoretically there may be more secure approaches you may also be introducing new dangers as well. Eg; paying for a VPS with an anonymous coin doesn't mean your VPS provider can't deanonymize you or comply with a warrant. You need to make sure every single link in the chain is foolproof. That's way more error prone.

IMO a proven legal track record is in a way more valuable than unproven theoretical flaws (if you can even call them that).