Comment by dtx1
4 years ago
This is hardly a new thing in VPN providers though. I know that perfect privacy[1] and azire vpn[2] both advertise this feature already.
[1]https://www.perfect-privacy.com/en/features/without-logs [2]https://www.azirevpn.com/docs/environment
if only there was any proof of this actually being the case and there not being some "accidental" debug log enabled, or some other network level component having "accidental" access to the keys.
There's just no good answer to perfect trust-no-one private internet access.
If you need to hide all of your traffic from other users in your local network, you can accomplish that in a trust-no-one fashion by running your own VPN endpoint on a server you control which provides better privacy guarantees compared to a centralised commercial VPN whose business model will eventually involve selling your data (once user growth stops but shareholders demand continued revenue growth).
But if you need to hide your traffic from anybody but your peer on the internet and you need to hide the fact that you talked to that peer, then, I'm afraid, your out of luck.
> If you need to hide all of your traffic from other users in your local network, you can accomplish that in a trust-no-one fashion by running your own VPN endpoint on a server you control which provides better privacy guarantees compared to a centralised commercial VPN whose business model will eventually involve selling your data (once user growth stops but shareholders demand continued revenue growth).
Well not really. There was a great (german) interview with the perfect privacy founders recently [1]. They seem to be decent guys with close ties to the Chaos Computer Club and I strongly suspect they wouldn't want to work like that.
[1] https://www.youtube.com/watch?v=VMr0gJvI-6I
> But if you need to hide your traffic from anybody but your peer on the internet and you need to hide the fact that you talked to that peer, then, I'm afraid, your out of luck.
Nah, that one is easy just use an anonymous sim card or an open wifi and your good to go.
Honestly these discussions often feel pretty asinine to me. I personally use paid VPNs to pirate to my hearts content, work around my ISPs terrible networking and a little bit of geo-unblocking. Of course you can't use these services to protect yourself from three letter agency type surveillance or equally powerful threat actors but if they are "private" enough to block the music industry and their lawyers from suing you that's a pretty high standard of privacy, certainly more than any ISP alone gives you!
Do you actually pirate music or did you give it as a general example? I feel no need to pirate music today with all the music streaming services especially since I can find all the music I want on all the streaming services which is a world of difference compared to the video streaming services
4 replies →
>> If you need to hide all of your traffic from other users in your local network, you can accomplish that in a trust-no-one fashion by running your own VPN endpoint on a server you control which provides better privacy guarantees compared to a centralised commercial VPN whose business model will eventually involve selling your data (once user growth stops but shareholders demand continued revenue growth).
the privacy protection for most people using VPNs is required against their ISP and other actors looking to analyse their traffic, not users on the local network. a commercial VPN will be better for privacy due to the crowding effects, ie. large number of users sharing the same IP and protects against correlation attacks - it's much easier to trace the activities on your own VPN endpoint back to you. of course you need to trust the operators, which is as different question.
>ie. large number of users sharing the same IP and protects against correlation attacks
Depending on where you are based in the world (see https://www.submarinecablemap.com) realtime throttling of vpn traffic can still identify a user and where they are going in some cases.
You can get a degree of privacy from visiting websites located on servers in big data centres, but nothing a search warrant couldnt find out retrospectively.
Just traceroute your journey inside a vpn to see where abouts you are going when connecting to a webserver anywhere in the world and workout the physical route you are travelling on the cable map.
Obviously the number of languages you speak also restricts where in the world you will be going online to a point and timezones can also make you stand out like a sore thumb if you visit a website when the locals generally arent.
I've identified (US) websites which can workout what DNS server you are using, so in my case, based in the UK if I swap from using a UK ISP dns to using another dns like quad9 in Germany, the (US) websites alter the content you can see, just on that single DNS server change.
There is no privacy!
4 replies →
Is no-trust ever possible? I thought people create their threat models and verify they can trust those they have to trust.
> people create their threat models and verify they can trust those they have to trust
What kind of people?
How do you verify you can trust some company?
1 reply →
That is the great thing about mullvad. They don't have shareholders except the actual owners.
https://mullvad.net/en/blog/2021/9/16/ownership-and-future-m...
which is true until one or more of their owners decide to sell their shares.
3 replies →
Wouldn't the ownership of the server be easy to trace back to you?
PIA has been promising a fully audited and verifiable infrastructure in the future:
https://www.privateinternetaccess.com/blog/dont-trust-verify...
>Wouldn't the ownership of the server be easy to trace back to you?
yes. Which is why I said that this helps to shield your traffic from other people in your current local network (think: coffee-shop) which is one use-case of a VPN.
If you need to protect your traffic from anybody but your peer (another potential use-case of a VPN if this were possible) and you even want to hide the fact that you were talking to that peer, then you're out of luck. Period.
1 reply →
> There's just no good answer to perfect trust-no-one private internet access.
What about Tor?
I think that if enough exit nodes would be owned by let's say government agencies they would be able to correlate requested domains with actual requester IP.
1 reply →
In addition to the traffic analysis mentioned in another reply, there are ways data can be leaked from Tor. One example from the crime documentary "Hunting Warhead": a white hat hacker managed to locate a darknet server running a forum software by setting his avatar image to a file hosted on a domain he controlled. The forum software retrieved the age via a regular internet route, exposing the actual host IP.
For maximum privacy, Tor should be used with software designed for Tor from the start.
Not sure I would call Tor "perfect", but it's certainly very useful for some use-cases.