they were all owned by the same company and sold to Kape, which has ties to the Israeli intelligence service, a few years back.

The issue is who he sold it to – the notorious creator of some pernicious data-huffing ad-ware, Crossrider. The UK-based company was cofounded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading who was later named in the Panama Papers. It produced software which previously allowed third-party developers to hijack users’ browsers via malware injection, redirect traffic to advertisers and slurp up private data.

I personally use perfect-privacy, which didn’t turn up any red flags when I did research a few years ago. it’s a little lacking in features but openvpn isn’t that hard to set up on linux & android. no clue how well their desktop app works.

  • farting_weedman [none/use name]@hexbear.net
    link
    fedilink
    English
    arrow-up
    21
    ·
    10 months ago

    There’s a significant difference between the threat model surrounding vpns that you intend to use for port forwarding torrents and vpns you intend to use to protect yourself from data harvesting/the cops.

    Don’t expect one to do both.

      • farting_weedman [none/use name]@hexbear.net
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        10 months ago

        I totally agree. I made my post for the same reason but not in direct reply to anyone talking about torrenting.

        E: the thing I’m generally posting in the direction of is that all vpns aren’t the same and just turning yours on before you click on the link while you flip down your sunglasses and say “I’m in” or even checking out a company’s reviews before you sign up isn’t enough to keep you protected in the limited ways that VPNs are able to.

        I’m using a hypothetical “you” here, not trying to accuse you of those practices in a passive aggressive way.

      • farting_weedman [none/use name]@hexbear.net
        link
        fedilink
        English
        arrow-up
        5
        ·
        8 months ago

        The ideology and commitment of a service provider is irrelevant. Companies doing business in a nation are compelled by force to follow those nations laws.

        I would advise against looking for an “all round” vpn. Think about it more like a tool. No one would recommend you replace a socket wrench set with a gerber multitool because the gerber has a lifetime warranty and a screwdriver and wire cutter built in. Those are great things to have and gerber really will honor that warranty when you break the pliers fucking around with barb wire but the multi tool isn’t a socket wrench.

        I use a few vpns. Mullvad, air, proton and a few classic style lil servers that just handle traffic. Air and proton are both very good for torrenting and running services. Mullvad is nice for getting/being serious about privacy from states.

        To use another metaphor, think about a vpn like a gun. They’re not all the same and if you try to use one to do something it’s not suited for you’ll by unsuccessful.

        If you feel comfortable talking about it, what are you planning on using a vpn for?

          • farting_weedman [none/use name]@hexbear.net
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            8 months ago

            When the police have a wiretap warrant they’ll install their own logging facilities.

            If you’re really worried id setup and be prepared to use two different vpns, with multihop when the time comes. Not at the same time, but be prepared with a backup.

            One of the ways that effective vpns are targeted is with websites and services blocking their servers. Mullvad had that happen last year when interpol wanted to push csam people off of it. The csam people were using port forwarding to host file sharing with the security that mullvad provided and in order to get mullvad to stop offering port forwarding they leaned on every major website to block their server ips. Whole fens wouldn’t respond to you if you were using mullvad. Eventually they stopped offering the service and the csam people had to go elsewhere.

            So even an effective vpn can be targeted and it’s worth it to have a backup.

            E: also those servers seized in ukrane were unencrypted, which is a huge incredibly stupid unforced error and it means they better have done a big fucker key rotation afterwards. I don’t use windscribe so I don’t know if they did.

              • farting_weedman [none/use name]@hexbear.net
                link
                fedilink
                English
                arrow-up
                4
                ·
                8 months ago

                What made you raise your eyebrows at mullvad? I know they had a search executed on em but it ended up being a big nothing burger iirc.

                I wouldn’t worry about the eyes-ness of a providers operations based on your concerns. What’s most important is having a fallback for when your main vpn isn’t available and making sure you’re using the fallback when that happens.

                The thing you’re worried about isn’t a particular agency targeting you in particular, but being swept up in police action and mass surveillance. To that end it doesn’t really matter as much that your vpn have the lack of interpol cooperation or even the obfuscating effect of using the same exit node as a bunch of other people but instead that you be always using one, understand what it does and who or what your devices are communicating with and practice the best possible security you can when dealing with the cops.

                Look into securing your devices against intrusion (and keeping secure backups) and how to deal with the police when they take you in. For example: an iPhone is put in a special state when it’s powered on that requires strict authentication before any kind of peripheral will be recognized. If you can’t turn the phone off then just grabbing the two buttons that put it in the “slide to power off” screen drops all peripheral connections and needs an authentication before it’ll let anyone use it.

                Drill that interaction so that no matter how gassed, beaten and dazzled you are, you can put your devices in some kind of secure-ish state.