Did you ever think that maybe all VPN services are actually secretly owned/funded by governments and that they are only giving you a false illusion of privacy?
Did you ever think that maybe all VPN services are actually secretly owned/funded by governments and that they are only giving you a false illusion of privacy?
All I know is that if you're very worried about being surveilled by governments, the Fediverse is the absolute last place you should want to be.
This is one of the most transparent platforms we have come up with yet. Instead of all your data only being viewable by a host company, it's viewable and able to be analyzed by basically anyone who puts some effort in. This makes it economically worthless, can't really sell something that everyone can already just get for themselves.
We're all out in the open here. So, wave to all the national security agencies everyone. Hiiiii! Hope you're all enjoying the memes!
147Slightly off-topic rant:
I hate how the 'VPN' term has been took over by companies selling services using VPN technology.
VPN was initially 'Virtual Private Network' – used to securely connect own (as belonging to an organization or person) devices over a public network. Like securely connecting bank branches. Or allowing employee connect to a company network. And VPN are still used that way. They are secure and provide the privacy needed.
Now when people say 'VPN' they often mean a service where they use VPN software (initially designed for the use case mentioned above) to connect to the public interned via some third-party. This is not a 'private network' any more. It just changes who you need to trust with you network activity. And changes how others may see you (breaking other trust).
When you cannot trust your ISP and your local authorities those 'VPNs' can be useful. But I have more trust to my ISP I have a contract with and my country legal system than in some exotic company in some tax haven or other country that our consumer protections or GDPR obligations won't reach.
Back to the topic:
I do not believe that all VPN services are owned/funded by governments, but some may be. I don't have much reason to trust them, they are doing it for money and not necessarily only the money their customers pay them. In fact I trust my government more that some random very foreign company.54Generally speaking, governments aren't that good at keeping secrets at scale. Government-run VPNs would require a lot of people doing coordinated work; data center employees, ISPs, people passing themselves off as independent auditors, legal teams, marketing teams, and more. The more people you add, the less likely it is to be kept a secret. And all of this across multiple VPN companies (because there's no guarantee that the person you want to surveil is using the one you own) and internationally (many VPNs are based in or have major operations in multiple countries).
Now, is it possible that the NSA has an undisclosed financial stake in one or more VPNs and has secretly inserted a backdoor? Sure, anything is possible. But is that more likely than them just buying up Ring doorbell footage or doing large data analysis on social media activity? Or installing rootkits on your smartphone firmware? Or just good old fashioned LoJack?
If they have reason to investigate you, they're going to probably get everything anyway. No reason to make it easy for them by not using a VPN.
26Sure, it what’s your threat model?
Even assuming a VPN is a government surveillance device …
- It protects me from surveillance by my ISP. This is the big one
- It protects me from other corporate and scammer surveillance
- It protects me from law enforcement abuse/overreach - however my data was obtained would not meet evidentiary standards
21VPNs provides limited privacy and some security. For example, your traffic might be correlated to the traffic exiting at you VPN provider if enough netflow data is collected. Theoretically data from your ISP and your VPNs ISP would be enough. Today, countries and their agencies are probably collecting/trading enough netflow data for this purpose.
As a rule of thumb; since companies these days are very keen on getting in to the data trading market; you can safely assume that most of them has access, if it is legal.
19For commercial offerings this is probably true for at least some of them, but creating your own VPN isn't terribly difficult if you are serious about your privacy. I typically just use them when I travel to countries like China where I can't get to a bunch of necessary services, so I don't mind if they route my YouTube traffic through CIA headquarters, but if I was doing anything more than that I would just set up my own.
18VPN companies actually use user created genuine traffic to hide bots and web crawlers and scrapers. That's part of why their VPN's are that cheap, they use your traffic to hide more expensive to buy bot traffic.
15Either you give your browsing details to the VPN provider or someone else. It’s never really private. I just have a VPN back to my home network. My ISP sees all my porn surfing and I don’t really give a fuck.
13Of course, besides the people who fall for the basic "VPN are some magic security device" most people (in particular those that know what they're getting) always looks for the same thing "which one can I actually trust".
Even if it's not government owned you have no idea whose keeping logs, sharing data etc.
So you can really only base your trust on whether the company has come up to any issues with the government and have refused, or has run for a number of years and provide a positive track record. With the changing of laws and how companies work, you also need to regularly check that your they stay respecting privacy and security.
For what it's worth, a VPN company worth is if it private, security and stands up to scrutiny. The moment trust is lost, the company is meaningless. So that's something for those that are long lasting.
8All? No. But some? I'd be more surprised if I found out none were.
7Yeah but would they show their hand by coming down heavy on the average pirate or petty law breaker? If they did have ways to track all VPN traffic they wouldn't want us to know about it.
7No, bc gvts are themselves owned by companies.
7Who is gonna listen to the RIAA and MIAA?
Comcast or the CIA?
I'll take my chances. 🏴☠️
6Well I didn't until now.
5No, not really. Governments generally aren't that competent that it would be viable as a solution. Especially since there are legitimate uses for VPNs that aren't related to VPN providers, such as the ones that businesses use for people travelling, or working from home.
Although I could see the ones that do tracking putting a slightly higher priority on VPN traffic, just because it stands out more, where non-VPN traffic might be more likely to blend into the noise, since it matches more with how regular users use it.
3all it's exaggerated but they are outside yes....
-1All corporations are owned and funded by governments. A corporation must be incorporated somewhere by some government. These corporations benefit from services, grants, and special benefits (e.g. limited liability) provided by that government.
However, I don't think governments are using this to do mass surveillance on people with VPNs, if only for the reason that there's not much to be gained by such an action. Most privacy invasion is of the kind people freely allow. Using a VPN doesn't make logging into Google meaningfully more private. The only groups I can think of that would really want to be able to spy on VPN users would be the MPAA, RIAA, etc, and I don't think they have the kind of sway to get governments to do that.
But yeah, if you are doing something a three letter government agency will target you over, a VPN ain't going to cut it.
-16