All VPNs do is change who has your browsing data: your ISP or the VPN operator. You may or may not trust either of them not to keep records, in either case you have no way of verifying this.
ISPs definitely keep records. At least some VPNs claim that they don’t, and that their networks are set up in such a way that they can’t. Some organizations claim to validate the claims of the VPNs, but it’s unclear if they’re trustworthy.
So your choice is to use something that definitely keeps logs, or to use a company that at least says that they don’t/can’t.
Yes, and there’s also the fact that some VPNs such as Mullvad let you be anonymous so even if Mullvad were keeping logs, if you pay privately they have no way of knowing whose logs they are (unless the content itself of your internet history reveals your identity). Meanwhile your ISP definitely knows who you are, and absolutely will collaborate with the police if asked to.
As Proton made evident, VPNs can be legally compelled to start keeping logs on specific accounts as the result of a court order. So if you’re gonna do something incriminating, then I guess you should create a new account each time.
That’s true but it also depends what attack vector you’re trying to defeat. If someone is doing a timing attack and you’re running through a VPN, it might be harder to work for them, depending on where they sit.
I mean, you could set up your own VPN on a VPS and ensure it doesn’t keep logs. You could also get a VPS in a different legal jurisdiction from where you’re at.
Depending on what you’re doing, that probably wouldn’t be a significant hinderance to law enforcement. Child sexual abuse, drug trafficking, etc., all tends to get lots of interagency cooperation, regardless of political issues.
It depends on whether you believe that people should be allowed to use narcotics or not. I tend to believe that people should be able to make that choice for themselves–as it’s their own body–and ordering narcotics online decreases violence in the drug trade since there’s no longer obvious fights over territories, etc.
The same interagency cooperation that makes it easier to track down one groups of people and punish them also makes it easier to track down other groups of people that you might agree with.
I believe this is a wrong solution to the problem. Narcotics are fine, but that should be addressed through legalization. Creating a black market for narcotics creates its own set of problems.
That’s exactly the reasoning I did for choosing a VPN. I know that VPNs are falsely advertised as “anonymous black magic” but better Proton or Mullvad than my ISP which definitely sells data to advertisers
Reputable VPNs like Mullvad publish their auditer results verifying a no-log policy. I guess they could be fabricated results, however that seems extremely unlikely as in that case the auditing firm (usually one of the big 4) would most definitely take legal action considering their name is attached to the results…
All VPNs do is change who has your browsing data: your ISP or the VPN operator. You may or may not trust either of them not to keep records, in either case you have no way of verifying this.
ISPs definitely keep records. At least some VPNs claim that they don’t, and that their networks are set up in such a way that they can’t. Some organizations claim to validate the claims of the VPNs, but it’s unclear if they’re trustworthy.
So your choice is to use something that definitely keeps logs, or to use a company that at least says that they don’t/can’t.
Yes, and there’s also the fact that some VPNs such as Mullvad let you be anonymous so even if Mullvad were keeping logs, if you pay privately they have no way of knowing whose logs they are (unless the content itself of your internet history reveals your identity). Meanwhile your ISP definitely knows who you are, and absolutely will collaborate with the police if asked to.
You can pay anonymously, but if you regularly connect from your home IP address, it hardly matters.
I think the point here is to deny ISP data to sell.
Yeah I use mullvad for mostly that reason myself.
The VPN company themselves may not keep logs. However, they might be a little black box somewhere in the data center…
As Proton made evident, VPNs can be legally compelled to start keeping logs on specific accounts as the result of a court order. So if you’re gonna do something incriminating, then I guess you should create a new account each time.
That’s true but it also depends what attack vector you’re trying to defeat. If someone is doing a timing attack and you’re running through a VPN, it might be harder to work for them, depending on where they sit.
Yeah, VPN at the very least adds another hoop they have to jump through.
I mean, you could set up your own VPN on a VPS and ensure it doesn’t keep logs. You could also get a VPS in a different legal jurisdiction from where you’re at.
Depending on what you’re doing, that probably wouldn’t be a significant hinderance to law enforcement. Child sexual abuse, drug trafficking, etc., all tends to get lots of interagency cooperation, regardless of political issues.
And that’s a very good thing too.
It depends on whether you believe that people should be allowed to use narcotics or not. I tend to believe that people should be able to make that choice for themselves–as it’s their own body–and ordering narcotics online decreases violence in the drug trade since there’s no longer obvious fights over territories, etc.
The same interagency cooperation that makes it easier to track down one groups of people and punish them also makes it easier to track down other groups of people that you might agree with.
I believe this is a wrong solution to the problem. Narcotics are fine, but that should be addressed through legalization. Creating a black market for narcotics creates its own set of problems.
That’s exactly the reasoning I did for choosing a VPN. I know that VPNs are falsely advertised as “anonymous black magic” but better Proton or Mullvad than my ISP which definitely sells data to advertisers
Reputable VPNs like Mullvad publish their auditer results verifying a no-log policy. I guess they could be fabricated results, however that seems extremely unlikely as in that case the auditing firm (usually one of the big 4) would most definitely take legal action considering their name is attached to the results…