this post was submitted on 25 Feb 2024

263 points (88.8% liked)

No Stupid Questions

36304 readers

938 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.

Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.

Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- Majority of bots aren't allowed to participate here.

Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago

MODERATORS

[email protected]

263

Did you ever think that maybe all VPN services are actually secretly owned/funded by governments and that they are only giving you a false illusion of privacy? (lemmy.world)

submitted 10 months ago* (last edited 10 months ago) by [email protected] to c/[email protected]

127 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 8 points 10 months ago

Of course, besides the people who fall for the basic "VPN are some magic security device" most people (in particular those that know what they're getting) always looks for the same thing "which one can I actually trust".

Even if it's not government owned you have no idea whose keeping logs, sharing data etc.

So you can really only base your trust on whether the company has come up to any issues with the government and have refused, or has run for a number of years and provide a positive track record. With the changing of laws and how companies work, you also need to regularly check that your they stay respecting privacy and security.

For what it's worth, a VPN company worth is if it private, security and stands up to scrutiny. The moment trust is lost, the company is meaningless. So that's something for those that are long lasting.

[–] [email protected] 7 points 10 months ago

No, bc gvts are themselves owned by companies.

[–] [email protected] 7 points 10 months ago

All? No. But some? I'd be more surprised if I found out none were.

[–] [email protected] 33 points 10 months ago (4 children)

No, but VPNs are a false illusion of privacy. When you use a VPN, you're really just shifting your trust from your ISP to the VPN company. And governments can just force both to give them the data they have about you

[–] [email protected] 7 points 10 months ago

It's not that simple though. VPN providers in most cases have been externally audited not to store any logs of user activity, meaning they couldn't comply with government requests of this nature. Generally, their entire legitimacy as companies depends on trust, meaning they have much stronger incentives to actually keep user data private than an ISP does. Of course I agree that using a VPN is no privacy silver bullet, but it's not like they have zero privacy benefits either.

[–] [email protected] 1 points 10 months ago

This is exactly right. If you really want to browse privately, use Tor.

[–] [email protected] 4 points 10 months ago

That's why you do your research and use a VPN domiciled in a country that won't budge to requests coming from your country.

[–] [email protected] 8 points 10 months ago (1 children)

I agree, and of course it's a matter of trust. I am trusting what the VPN says when they say...they're physically incapable of storing logs. NordVPN & I think a couple others both claim their services literally don't store any logs of any kind.

So the feds could come around & demand info, but they shouldn't have anything.

It is safe to assume that somebody, somewhere, somehow could be watching you or have the capacity to monitor your web activity. If they gave a shit, if they cared enough to hone in on you. ¯\(°_o)/¯

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

expressvpn had their service proven to not store user data by some other company i believe.

multiple, actually

[–] [email protected] 6 points 10 months ago

Who is gonna listen to the RIAA and MIAA?

Comcast or the CIA?

I'll take my chances. 🏴‍☠️

[–] [email protected] 13 points 10 months ago

Either you give your browsing details to the VPN provider or someone else. It’s never really private. I just have a VPN back to my home network. My ISP sees all my porn surfing and I don’t really give a fuck.

[–] [email protected] 29 points 10 months ago (1 children)

I feel that if your government really wanted your secrets, they'd just send goons to your house to beat the fuck out of you.

I have a VPN to protect me from nosey bastard piracy lawyers.

[–] [email protected] 10 points 10 months ago (1 children)

100% this. OP is describing a great plot for an B-tier Hollywood movie, but reality tends to be much less thrilling. Obligatory xkcd.

[–] [email protected] 0 points 10 months ago

Yeah and the bonus text is how I think. The CIA, NSA or whoever think you're too boring to bother with. Even if the VPN was directly owned by the NSA, they don't really care about whatever fetish porn you're jerking off to. If you're some kid still in your edgy socialist phase, they don't care. Sorry, you're just a basic bitch to them.

[–] [email protected] 15 points 10 months ago (2 children)

Only one I'd trust is mullvad

[–] [email protected] 3 points 10 months ago

Yup.

You know it's good because nowhere in the internet believes you're not a bot.

Which means all the bad actors use em.

I like how you can pay in cash. And how you're account info basically is a wink and a nod.

[–] [email protected] 0 points 10 months ago (2 children)

Proton seems to be pretty good too.

[–] [email protected] -1 points 10 months ago (2 children)

Their support is terrible. Used it when I moved to China, after a few weeks it stopped working, their support ghosted me on three contact attempts. Never once got a reply or refund. Just silence.

[–] [email protected] 2 points 10 months ago (1 children)

I've recently read a comment saying the great Chinese firewall somehow "learns" that you are using a VPN. So people doing quick tests "yep VPN works" but then a little later it doesn't work anymore. No clue if that is true though.

[–] [email protected] 3 points 10 months ago

Sort of, they are blocking protocols based on the client-server-handshake. Protocols such as OpenVPN, IKSv2 or WireGuard which have a fixed handshake signature are preemptively blocked. They work occasionally if you are connecting to a previously unknown server, it takes maybe 10-30 min until the signature is identified and the connection killed.

Other VPN providers are using proprietary (home-made) protocols or at least modified ones that are harder to catch. Again others will use obfuscation to hide the actual handshake in some additional overlay traffic. Paired with UDP, where the server doesn't send an acknowledgment flag back (as is the case with TCP) gives them some extra reach.

So far the only VPN that has consistently worked though is Astrill, I've switched there from Proton after about 4 months in the country and am using it in the 5th year now.

[–] [email protected] 1 points 10 months ago (1 children)

Ok I might be downvoted to shit for this, but why would you move to China? Just curious 🤔

[–] [email protected] 2 points 10 months ago

Money. China was my 9th country, I'm a career project manager. Been going all over the world to where interesting projects and of course decent budgets are. Spent 19+ years abroad so far, wouldn't give up that lifestyle.

[–] [email protected] 4 points 10 months ago

Besides that the claimed "Swiss privacy" is non existent - the Swiss NDB (their intelligence service) has far more rights than most other European agencies - especially against foreigners and still Swiss intelligence History is riddled with scandals - from a system of spy-filed on their own citizens in the 80ies that was on the level of the GDRs Stasi to a recent scandal (January24) that showed that basically all traffic in and out of Switzerland and most within Switzerland is monitored and that the NDB has used its enormous rights very extensively.

Additionally there is a second NSA like agency as well-so while I like Proton as a product I wouldn't give a shit on their privacy claims.

[–] [email protected] 7 points 10 months ago

Yeah but would they show their hand by coming down heavy on the average pirate or petty law breaker? If they did have ways to track all VPN traffic they wouldn't want us to know about it.

[–] [email protected] 11 points 10 months ago (1 children)

This is the prime schizo theory about TOR, but realistically they would need to own every exit node to get you.

[–] [email protected] 3 points 10 months ago

I have a pet theory that the CIA has ocilated between both protecting TOR and trying to compromise it depending on the leadership at the moment, because it's a genuinely useful tool for their needs but also at the same time it undermines some of their goals if people they wouldn't want using it start using it

[–] [email protected] 25 points 10 months ago* (last edited 10 months ago) (2 children)

Generally speaking, governments aren't that good at keeping secrets at scale. Government-run VPNs would require a lot of people doing coordinated work; data center employees, ISPs, people passing themselves off as independent auditors, legal teams, marketing teams, and more. The more people you add, the less likely it is to be kept a secret. And all of this across multiple VPN companies (because there's no guarantee that the person you want to surveil is using the one you own) and internationally (many VPNs are based in or have major operations in multiple countries).

Now, is it possible that the NSA has an undisclosed financial stake in one or more VPNs and has secretly inserted a backdoor? Sure, anything is possible. But is that more likely than them just buying up Ring doorbell footage or doing large data analysis on social media activity? Or installing rootkits on your smartphone firmware? Or just good old fashioned LoJack?

If they have reason to investigate you, they're going to probably get everything anyway. No reason to make it easy for them by not using a VPN.

[–] [email protected] 3 points 10 months ago (1 children)

That's not how these things work - Intelligence agencies use cover companies very differently. They simply provide a few people money to create a company. These people set up a VPN company - and run it like it's legitimate.

Marketing or legal won't know that their company is actually a listening post, most Datacenter employees won't know, only very few people(mostly network engineers and IT security, some managers)would know. And of course the Auditors - which is not a hassle for any decent intelligence agency.

It's far easier than one would think - how do we know that? Because it would be the same way other intelligence service companies are run like that for decades.

[–] [email protected] 3 points 10 months ago

Oh what a novel idea

Now, is it possible that the NSA has an undisclosed financial stake in one or more VPNs and has secretly inserted a backdoor? Sure, anything is possible. But is that more likely than [...]

[–] [email protected] 7 points 10 months ago (1 children)

The more people you add, the less likely it is to be kept a secret.

This is also one of the most convincing arguments about most conspiracy theories. Most would require so many people to never talk that the secret would be about as secret as North Korea's fake grocery stores

[–] [email protected] 3 points 10 months ago

Indeed. The biggest reason I'm skeptical of conspiracies, honestly.

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago)

No, not really. Governments generally aren't that competent that it would be viable as a solution. Especially since there are legitimate uses for VPNs that aren't related to VPN providers, such as the ones that businesses use for people travelling, or working from home.

Although I could see the ones that do tracking putting a slightly higher priority on VPN traffic, just because it stands out more, where non-VPN traffic might be more likely to blend into the noise, since it matches more with how regular users use it.

load more comments