Since IVPN and Mullvad are both phasing out port forwarding, are there any alternatives? I am not looking for something like NordVPN which is a privacy nightmare. AirVPN is also not private enough considering I’ve seen reports online of ISPs sending out DMCA letters of gold to its users.

  • AnEilifintChorcra@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    39
    arrow-down
    1
    ·
    1 year ago

    Proton only started logging his IP after they were legally forced to do so, just like any other law abiding company would have to do.

    Proton offers an onion site of Protonmail which the activist should have been using since he allegedly committed

    theft and property damage, crimes - the latter two - that enable surveillance

    this is a case of user error and bad opsec, not a company bending over backwards to share their users information. If you’re going to do things that are likely going to get you arrested, no matter how noble the cause, make sure you have excellent OpSec

    • Pulp@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      1
      ·
      1 year ago

      To add to that, email and vpn are different. It’s easy to force logging of a specific email address when forced to by law, but doing that based on vpn ip address only is more problematic

      • Makeshift@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        27
        ·
        1 year ago

        and iirc Proton took the Swiss government to court after that and won a case reclassifying email legally so that they can’t be forced to disclose IPs like that again in the future

      • German The Jackal@pawb.socialOP
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Can’t they just log your account? You have to have an account with Proton to use their VPN. They can absolutely log your activity such as logging in, when you connected/disconnected, to which servers, and, more importantly, where from exactly (your original IP address)

        • AnEilifintChorcra@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          Proton doesn’t keep logs by default unless legally forced to.

          Law enforcement would have to know the email account to make them log it. If they know the email account you’re using with ProtonVPN then thats user error and bad OpSec.

          In the example you linked, if law enforcement didn’t know the guys email address then they couldn’t have forced Proton to log his IP.

          • German The Jackal@pawb.socialOP
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            3
            ·
            1 year ago

            Bad opsec? It’s a bad VPN if it needs an email at all. Look at what IVPN does, they don’t even have a requirement for emails to register. I’m pretty sure Mullvad just recently was raided by authorities seize whatever they want they said, won’t find any user data they said. And they didn’t. Also proton redirects or used to redirect from onion to clearnet when you signed in. It simply isn’t up to par with IVPN and Mullvad. What’s the point of a VPN where a government can just request them to leak your data? No matter how, AT ALL! What constitutes a big enough crime for them? What if next day it’s downloading Frozen II.mkv?

            • AnEilifintChorcra@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              3
              ·
              1 year ago

              Proton requires an email because they offer a free tier, without some way of regulating users their servers would be overrun with bots and spam…

              The difference between what recently happened with Mullvad and what happened in the article you linked about Proton is that with Mullvad they were looking for general user data for VPN usage, not a specific persons email account like with Proton.

              If a copyright holder or law enforcement is in a torrent swarm and logs all of the IP addresses of the seeders of Frozen II and then goes looking for the users of those IPs then ProtonVPN and Mullvad VPN would have the same response - No logs, no idea

              Sure, not having to register with an email with Mullvad and IVPN is great but they’re not offering port forwarding any more so we recommended ProtonVPN and you said you didn’t trust them because they followed the law, if Mullvad or IVPN offered email services then they would have to do the same thing Proton did.

              If you make a ProtonVPN account with the sole purpose of torrenting then all you have to do is not publicise your Proton email along with the fact that you’re torrenting and then nobody can really do anything about that because law enforcement can’t go to Proton like they did with that guy because they don’t know the account linked to you.

              I didn’t hear about the onion issues, but again unless Proton was specifically told to log specific users IPs then even if they were redirected, their IPs wouldn’t have been logged in those instances.

              Its still user error, he must have publicised his Proton account, law enforcement found out about it and his IP was logged under Swiss law, thats user error. Its crappy that thats law but if you’re going to do things like that then you should know how to protect yourself properly

              • stonemilker
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Even worse:

                The identity and location of the activist was already known to the French authorities (they had already been evicted once before for squatting, and the nature of squatting means that their location is known).

                So they were probably not using a VPN to connect to Proton Mail, which was the specific target, since e-mail and VPN providers were treated differently under Swiss law until Proton and Threema fought the government on this issue. Tutanota had a similar issue. If you’re gonna rely on these services to break their jurisdiction’s laws, you should be covering your own ass with bulletproof opsec, because businesses with millions of accounts are not gonna shut down and burn evidence in order to protect one user. In the Proton case, the activist apparently connected to a known Proton Mail account with no VPN or Tor; in the Tutanota case, only e-mails that were not end-to-end encrypted would pose at risk