So about that "zero logs" VPN you were using

Good reminder that privacy is NOT built on trust. You have to assume that anything they COULD do with your data, they WILL do with your data. The only business you can trust with your privacy is the one that doesn't handle private data in the first place.

This is also why Protonmail is full of shit!

@sir I call that the "blind vs earned" trust issue, pointed that out when giving talks on the Intel Management Engine. The "you can trust us" mentality is where people trust blindly. That sort of advertisement is just a scam.

So my proposition is: No source - no trust!
That is regarding the software in use. You can hardly verify though that it's really what they are running eventually.

Mullvad are trying to be transparent:

Have you heard about it? What do you think?

@avalos @CyReVolt NO! There's evidence that they don't understand security or privacy, but even if that weren't the case


If you want information to be private, DON'T GIVE IT TO ANYONE

@sir @avalos So that's the thing... we're all in this huge common infrastructure called the Internet, and everyone is creating metadata at least by using it, plus providing personal information that is eventually stored in non-trustworthy places. Still we want to have that connection to everyone though. I mean, you're providing infrastructure yourself, so you know what I'm referring to. People want to support it, enter their credit card data, and trust you with it.

What, then, do you propose as an alternative? TOR? A federated proxy system? Something more fun?

Don't get me wrong, I think ProtonMail is the greatest scheme since Gmail. 😃 but I don't know an alternative to a VPN.

@sir i know protonmail is problematic.. If they actively pushed for users to use a non-web client, that would be a good start.

But their VPN? Does _any_ VPN service not have the ability to log? Like yeah, you might use Tor instead, but such systems cost way more resources and latency..

Also UFO VPN, never heard of it, is it considered to be the same level of player? Plaintext passwords sound like either really malicious or really incompetent..

@sir I guess Mullvad is looking pretty good still. I think email is fundamentally broken for security and privacy.

@sir You're referring to my Mullvad comment? I don't think they're perfect but they don't use login credentials and provide multiple payment options meaning storing less data. They still obviously can store IP addresses and so forth. Also, being located outside 5eyes is a plus.

What I'm saying is they're the best of the mediocre options we have.

@sir I do use it on occasion, but it comes with its own problems.

1. It's too slow to be used as a daily-driver for me. I use a VPN basically all the time.

2. It was developed by — and still derives funding from — the US intelligence complex. These are not people who are interested in user privacy.

So it's good in some situations, but like anything, needs to be used in context.

@adz in order to meet its national security guarantees, Tor has to make guarantees for the general public, too. That's more secure incentives than you can say for basically anything else.

@adz the relays are the main problem. when tor was in stride, with speed of connections increasing, relays were seized&&hijacked&&replaced by law enforcement. law enforcement has had much practice in executing these takeovers. is why personal encryption is a good addition -- be it symmetric or other. @sir

@adz @sir

Disable JavaScript in Tor Browser ("high security" in the slider) and the web is usable again

Thanks, devs

@retroartdt I literally say exactly why protonmail is full of shit in this exact post

@sir I'm not sure I understand, do you mean Protonmail is full of shit as opposed to other privacy oriented mail providers like etc. Tutanota , who also handle private data, or just that generally any email provider that claims to be private is full of shit?

@retroartdt protonmail and tutanota are both full of shit

Hello thanks for the article, sorry for the noob question but even using wireguard can't the vps provider have logs about the internet activity?


Out of curiosity, which criteria did disroot and riseup fail when you evaluated them?

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!