7 mo. ago • 97%

Your VPN provider won't go to jail for you for 5 dollars

www.ivpn.net Your VPN provider won't go to jail for you for 5 dollars

The phrase in the title is a common trope that comes up when VPN services are discussed. While this statement is technically correct, it can be misleading, as it implies that all providers handle law enforcement requests and prepare for worst case scenarios similarly, so their conduct cannot be a di...

It is something to always take into consideration and not forget.

62 comments

A smart VPN will avoid going to jail for you by not storing any of the data law enforcement wants in the first place.

176
- Yeah, Mullvad was searched and they shrugged and said "well, go ahead" and could then proudly publish that the Swedish authorities could take zero info from there: https://mullvad.net/en/blog/update-the-swedish-authorities-answered-our-protocol-request
  
  105
  
  Just recently signed up for Mullvad... No CC numbers or email addresses, you just get a string of numbers and that's all you need to connect with it anywhere. And you can pay with Monero.
  
  It's like the paranoid person's dream.
  
  51
- Wondering how these magicians measure quality of service then, since they collect no juicy data. I find this hard to believe.
  
  3
  
  Quality of service is usually only useful with aggregate data which is worthless for prosecuting an individual.
  
  7
Considering this is straight from a VPN provider, take this with a boulder-sized grain of salt.

And I say that as someone who believes using a VPN is generally more beneficial than not. And espouses most of that advice regarding the VPN.

Even if a VPN were totally benevolent and gave daily tours of its office, there's still no 100% guarantee their claims can be verified at all times. So there's always an element of trust. (I trust most of the ones outside of the Eyes countries more than my home ISP, though. )

93
- As others have said, Mullvad is pretty close to (if not at) 100% guarantee... No personal info whatsoever is required to be given when you sign up (including email address or payment information; you can use Monero if you want), so there isn't really anything that they could give to authorities even if they wanted.
  
  Even if they did keep logs (which im 99.9% sure they don't), all that would show is an IP address, and from what I understand based on past precedent, that is not enough to identify a person on its own. But IANAL.
  
  10
- The purpose of these corporate white papers is to inform (impress) potential customers of actual issues. It demonstrates knowledge and implies that the company has the ability to leverage their product or service to meet whatever the challenge is.
  
  I wouldn't say boulder-sized because the meat of the article is true, but yes a bit of skepticism is always useful.
  
  9
Meh, just Mullvad. Cops can raid em all they want; they just walk away empty handed

66
In this blog post we explain why competent service operators can avoid having to share sensitive information about you without facing severe legal consequences. The reasons laid out will also highlight why you are better off choosing a VPN service run by privacy activists who will prioritise principles before profits in difficult situations

is it me or does it read like someone used an LLM to write those sentences?

41
- Sounds like the intro paragraph to someone's term paper at uni.
  
  18
  
  This is usually how I intro documentation for tech projects. Its good practice for technical docs, doesn't necessarily mean its an LLM
  
  13
  
  Yeah, that's what I was going to say. Thank god that shit didn't exist when I was in college, or every paper I ever wrote would have been flagged. I guess I write like a robot.
  
  7
  
  yeah, which LLMs seem to be very fond of. every ChatGPT-written article I've seen includes "to sum up" and similar fillers.
  
  0
- GPT loves alliteration, so at least there’s something to support your suspicion.
  
  6
  
  So, scrub my papers for alliteration. Thanks for the tip.
  
  2
- Ha! Author here - no LLM was used. It was an attempt to summarise the content and the key message, but it took some time to jam pack everything into two sentences.
  
  1
Verifiably no logs without court order (I'm guessing canary pages have gone the way of the dodo now, probably boilerplate in the orders, maybe wrong according to the article, perhaps in some jurisdictions) would be awesome. Verified by external audit is about as good as we can get, so proton, tutanota, I think, others muchly appreciated. I think one of them setup their OS in volatile RAM, which is cool, but probably not legally protective.

No, I don't expect you to go to jail for me, but due diligence minimising knowledge will bump you up my list of providers to choose.

One problem here is those that do verify, usually don't allow torrenting ports, so, no ratios for you. Anyone know what the over/under is on lesser tier VPNs that port share vs a VPS (with all its potential, but which country?) vs Usenet? Looking to have a clue when the time comes, knowledge gratefully accepted :)

15
- I love Mullvad and recommend them for everything other than torrenting. Once they disabled port forwarding I moved to AirVPN who seem to be pretty legit.
  
  I'm not trying to keep my ratios up but I have a few torrents of media that are not available anywhere for sale and have less than 10 seeds, so I feel like I am helping keep the shows and movies of my childhood alive.
  
  19
  
  They did have a server seized (physically) in 2015: https://lemmy.dbzer0.com/post/6754830
  Though apparently there were no logs.
  
  Interestingly though, that forum post was now deleted from AirVPN site. Strange...
  
  13
  
  Good person. Much like I would like to do. I'd be happy with a VPN for personal use and another one for torrenting (gluetun compatible preferably) Shall look at AirVPN, thanks.
  
  10
  
  Just switched to Mullvad and haven't tried torrenting with it yet... Doesn't work? Or just slow?
  
  2
- I mean, if you set up your os on an encrypted ram disk, then set it to restart when the server rack door was unlocked/opened and didn't leave a backdoor for yourself to remote in, you could have a situation where you entirely lack the capability to give them access to anything before that moment. A skilled hacker might be able to get in through an exploit or do something crazy with cryogenics to read the memory at the time of shutdown, but a quick restart would overwrite most of what's in memory and scrub that
  
  Legally, there's not much better defense than "I'm sorry your honor, I can't provide access to the running system in the same way I can't un-shatter a smashed mug". If someone shows up with a warrant, you could explain that it'll wipe itself if they open or unplug it, and it might've done so already. Then you guide them to it, hand over the key to the server cabinet, and let them decide to open the cabinet and destroy evidence so they can take it with them. Or they can take you at your word, and give up.
  
  Court orders can't break physics, and as a VPN your reasoning for setting up the system like this is to make your service more appealing to customers - the purpose is not to aid in a crime or destroy evidence, it's just the normal course of business.
  
  The same way that most companies wipe their emails after 30 days - yes, it potentially destroys incriminating paper trails, but that's just a side effect of the security policy you've had all along
  
  Granted, there's probably some sketchy sealed laws they could use to force you to backdoor your own system moving forward, but you can fight that as it's undue hardship. It requires a non-negligible amount of work and would make your product less competitive
  
  They might win in the end if they keep pushing, and even might be able to order you to "keep up the canary paper" (meaning keep claiming not even you have access to the running system), but more likely they'd get a warrant for your customer financial records and try to find an easier path to find what they want elsewhere
  
  3
  
  You really dont need to do all that if you just dont log to begin with
  
  2
And here I thought companies can't go to jail. Apparently that only applies to the companies who aren't run by the lizard people or the kids popular with the priests.

12
The only reason I look at IVPN is because they allow port forwarding

6
- They no longer offer this, right?
  
  8
  
  They don't?
  
  4
Soooo how to split the packets up between 3 VPNs to make each providers piece useless?

5
- You're about 15% of the way to re-inventing Tor.
  
  19
- check out Nym, they are doing this kind of network
  
  8
- Sounds very similar to Safing Privacy Network. They route different applications across nodes (Tor-esque).
  
  8
- That does not work unless you involve yet another party after the VPNs and before the destination to rebuild the packets, as the destination won't know what to do with these split packets.
  At that point you may be better off using an anonymity network with or without the VPN.
  
  3
I’ve tried IVPN a number of times but it never works for getting around mlb.tv blackouts which is my biggest use case. ExpressVPN has just been reliable for me in that regard.

4
I personally think VPNs are mostly a waste of money

-5
- For "privacy" yes, almost entirely.
  
  If your VPN isn't routing to your home network so you can safely access selfhosted applications then you're basically just sharing your traffic with a total stranger and trusting them not to run telemetry etc.
  
  22
  
  It depends who you trust more, your isp or your vpn provider. Isps are not known for doing right by their clients
  
  31

You've viewed 62 comments.