12
JoshBent
27d

Considering mullvad is based in sweden (xkeyscore, 14 eyes, ..) and has never seemingly had any public court record proving its claims, is it really to be trusted, instead of e.g. BlackVPN/NordVPN? does the server location matter if they are based in sweden?

Is it just again an excuse like "even if that happens, I am only hiding from X, I have nothing to hide from Y"? so e.g. your neighbour can't snoop, but a court if they decide everybody that visited devrant is a criminal - is alright?

PIA is based in the US (no discussion level of bad), but atleast got tested twice already and each time could not return any logs, even though I like mullvads model and it is clearly better than being US based, it still makes one question if mullvad is not yet another PureVPN in fancier clothes?

Comments
  • 3
  • 5
    US-based companies is affected by "Cloud-act", FYI
  • 9
    @Linux Also possibly PRISM and likewise mass surveillance programs.

    @JoshBent we can't be sure, simple as that. Anyhow, they ask very little data in order to use the service and do use best practices.
  • 7
    Personally i don't trust anything i can't personally audit but if you want to use a hosted vpn always go for the ones that have the most to lose. This applies to all you have listed, but go with the one that doesn't collect personal information if available, these usually have a wire transfer/cash/altcoin option which gives you total anonymity as long as they don't keep logs.

    In my case i just spin up openvpn on a vps and cycle vps where the ip address changes every few days. That way i know what's being logged without having to trust another company and it's fairly easy to automate
  • 3
    If you're going for VPN, I'd always host my own servers instead, and is what I went with as well. The lack of certainty with commercial VPN providers really bothers me. And there's so many VPN providers that say "no logs" even though a basic log level is required to ensure basic operation. Think data like which customer is connecting, how much data they've consumed, how many devices they're connecting with and so on. It should be "no personal usage data logs". I find "no logs" on the other hand to be a blatant lie. And who in their right mind would trust a liar?
  • 0
    @PerfectAsshole VPS and even co-locs could also have the same issue like many VPN services where the server provider just helped instead of them directly though, right?
  • 8
    @Condor

    But hosting your own VPN in order to get "anonymous" does not really makes sense, because it is only you that uses it so it would be dead easy to actually find out who it is behind it.
  • 2
    @Condor mullvad tells what they log atleast, many others do exactly what you say with no clarification (**PureVPN**), though all that could be a lie too, haven't checked it myself, but apparently ex-PIA employees said there was other logs, that just didn't have to be disclosed legally:

    “According to an ex-PIA employee, PIA does log PIA user account activity on the VPN: The information logged is written to a collective record that is a private business record for system monitoring. This record, due to the manner in which this information is collected, is considered (part of) a “proprietary method” and thus is ‘legally’ not disclosable in response to subpoenas or advertising or response to questions about logging. This allows them to ‘legally’ say they do not log when in reality they do in this “proprietary method” record. [...]”

    (ctrl+f "PIA lies about no logging") https://restoreprivacy.com/vpn-logs...
  • 0
    @Linux especially with server/hardware access, which pretty much all server providers offer in one way or another.
  • 4
    @Linux anonymity isn't the purpose of a VPN to begin with, privacy and the ability to interact with a virtual network from abroad is. Privacy in the sense that websites don't necessarily know where I'm from, and that the ISP doesn't know what websites I'm visiting. The private network and access to other hosts on it is something that's usually disabled on commercial VPN's (another reason why I don't consider those) but which I grew quite fond of. That way I can privately connect back to every server in my home from abroad without too much fuss.

    That's just what I'm using my VPN for of course, others might use it for "anonymity" but I don't believe that that's its intended purpose. Tor and I2P and the likes are far better suited for that.
  • 1
    @JoshBent if you don't cycle ip addresses it has the same problem. As long as the vps uses xen they are limited to ipvs logging which gives the host damn near nothing concrete as long as your vps has different a different ip address. I handle that problem my starting another vps while my old one is still running
  • 1
    @linuxxx

    I guess after looking into it more, mullvad seems to be the only one offering physical payment options, where as others at best offer bitcoin/altcoins, which most seem to be traceable anyway, sucks that there's no child between mullvad and e.g. the no 14 eyes region or just mullvad changing location.

    ---

    btw if somebody wants to check, go ahead and check if any of these are actually no-record crypto and if those are able to be paid with at e.g. nordVPN:

    https://join.nordvpn.com/order/
    https://coinpayments.net/supported-...
  • 1
    @Condor well tor is another topic to have and this question was targetting specifically the "anonymity" of commercial VPNs, not the actual original use of VPN(s), which is indeed useful, but not for the "anonymity" use case.
  • 2
    @JoshBent ah, I see. Well for anonymity I really wouldn't use a VPN to begin with, as they're never truly anonymous (but then again, what is). Sure you can pay them with Monero and manually connect to a different one of their servers after some time, and hope that they don't store usage logs.. but again, there's better utilities for that to be honest. A VPN on the other hand isn't really suited for anonymity.

    /Edit: But for "no log policies" I think my point stands. Only if you host it yourself, you can be absolutely sure about the log level on the server.
  • 2
    Hosted VPN's are all broken. Think about it. They know which IP's belong to which VPN's all they have to do is sniff the traffic from those routers and correlate who is connected to then at that time. They are all suspetible to correlation attack. PIA is UK based but that doesn't mean anything 5 eyes is pretty much all of Western civilization.

    I mean VPN's are just alterative ISP's and still are susceptible to all the spying techniques ISP's are susceptible to.
    Tor is still the best way to go.
  • 3
    @Linux

    agreed. Vpn's don't provide anonymity at the level of law enforcement. Even you own because you own it. The closest you can get is host a server with Bitcoin and anonymously. Then proxy through multiple services before connecting to it and proxy through multiple services after it.

    Personally I think proxy chains and tor is the best setup for anonymity
Your Job Suck?
Get a Better Job
Add Comment