Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] VPN?





On 2018/07/10 14:14, David J Iannucci wrote:
On Sun, Jul 8, 2018, at 15:52, dblomber wrote:
  I have my concerns about VPN companies. Looks like a great target for
  crackers and governments to have centralized access to our data. VPN
  companies seem just as willing to collect and serve our data up, like
  most ISPs.
If this is true, you have to think that the whole industry is just a big
scam. Not that I'm so naive as to think that there cannot be abuse
there, but for a large number of companies pledging themselves to help
you maintain privacy and anonymity (to the extent that they do) to be
all, or even most, taking advantage of you instead is an extraordinarily
dark outlook.
Doesn't have to be a scam. Just a juicy target with a large pay out if an exploit or chink can be found in their armor.  As for governments they can legally just issue a legal injunction forcing VPN companies to maintain records and then seize them legally.

Maybe the phrase, "VPN companies seem just as willing to collect and serve our data up, like most ISPs." needs some clarification. If it is maintained and not systematically scrubbed, it is just a juicy target waiting to be collected. Of course there is also the other side in that many of these companies sell "anonymized" data and patterns and usage. And of course internal records are greatly enhanced if they keep the metadata of from where, to who, how much data transferred, and other details of their users connections. You might be amazed how much can be teased out of all that metadata/URLs.

Most security advice I have seen on the web, some of it from what look
like very trustworthy sources, says "use a VPN for enhanced privacy and
anonymity". Is this all just a big conspiracy?
Not a conspiracy, more like the best we can do for now with minimal effort. It gives you an encrypted connection to a company that is more likely to take security more seriously than you local ISP. I don't believe the VPN companies are knowingly or actively going against their clients (well not all of them anyway jk :-P). At the same time it leaves you open to VPN company security leaks and disgruntled employees collecting and selling off your data. If you are not willing to use Tor or similar, it is just the best option you have. Even in the above they used a weasel word "enhanced," meaning better, but better than what? Better than nothing..?

    I also get a laugh when someone tells me they selected a VPN provider and I ask if they did a background check on the company (who owns them, what laws apply to them, Do they comply with warrants or legally fight to maintain client privacy, how long they maintain the connection metadata for...) and what their selection criteria was. The normal answer is, "they were the cheapest."



Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links