the most private VPN

**TheFu** · April 5th, 2021

Seems there is some confusion about about US laws.

There **is** a FISA court. It has the ability to request data if there is probable cause for the request. It can prevent the recipient if the request from notifying anyone or taking proactive action to convey the same.

It cannot force added actions. Look up "canary notice" or Canary Warrant, most reputable companies have canary pages. Those are updated periodically/quarterly to say they have NOT received any secret demands for logs or other data by the US govt. https://en.wikipedia.org/wiki/Warrant_canary

VPNs in the US can also appeal these demands. They win sometimes, usually when the govt is fishing, not a specific enough reqest. In China, that isn't allowed. In Britain, Australia, France, Russia, we don't have the right to keep our passwords private. In the US, we do. https://en.wikipedia.org/wiki/Key_disclosure_law I tried to come up with a general rule for which countries respect keys and password privacy. It is imperfect, but basically, places that have lots of terrorist attacks aren't as privacy centered - that's not 100% - just a guideline for "western countries". Not sure I can blame them. Northern European countries seem to have strong privacy protections.

A few US-based VPN companies have successfully refused to provide logs in court. They won because they didn't have any logs. https://www.reddit.com/r/privacytool...claims_proven/
https://www.techspot.com/news/82259-...d-keep-no.html The US isn't alone.

It is true that a number of VPN services that claimed to be no-log were lying.

There are caveats. Logs exist for an active VPN session and for a few minutes after, then get deleted. Reconnect every day and there is only the log for the last day available. Reconnect hourly, if you want more privacy. Most reputable VPN companies will have these spelled out. Some people are ignorant and don't read or understand the caveats.

Google fights against unreasonable data requests. https://arstechnica.com/tech-policy/...warrant-fight/
I find it easier to block the 800+ google domains than worry. Same for facebook, twitter, and thousands of web tracking internet companies. I'd rather they didn't get any data. There are lots of ways to do this. in 2011: https://lifehacker.com/how-to-block-...speed-30814279

**QIII** · April 5th, 2021

... US ... have established laws that allow a (secret) court to demand any information they want from anyone who is storing any data about you, e.g. your VPN provider, and that VPN provider isn't even allowed to inform you.

This is factually incorrect, but it makes for great urban legend. I can't speak for the laws in China, so I won't comment.

OK. This has all been a mostly factual discussion of law surrounding an issue of importance to us geeky types, which is fine. But let's not stray into the "shoulds and should-nots", attach moral or ethical discussions, nor speculate on the intentions of any government involved. That will cross the line and cause this thread to be closed.

**DuckHook** · April 5th, 2021

To further reinforce QIII's point, when considering jurisdictional issues, it is unnecessary to devolve into political judgmentalism anyway. Everyone has different needs, risks and objectives.

For example, I don't do anything illegal (like copyright‑violating torrenting). So my use of VPN is not to evade the law. My primary concern is personality profiling. This is the process whereby nameless data agglomerators pervert browsers and insert tracking technology into apps in order to build a detailed profile of who you are and what parts of your personality can be exploited for their commercial gain. This information is then sold to all and sundry. A critical component of such tracking is your IP address and search history.

My secondary concern is identity theft/phishing, whereby scumbags build a detailed profile of who I am and then use it for nefarious purposes.

Therefore, in my case, a VPN that keeps logs and operates in a jurisdiction that subjects them to gag orders, though not ideal, would not be automatically disqualified. Provided they don't sell that info to anyone, the prospect of court‑ordered government spying does not exactly fill me with dread and indignation. The use of even such a quasi‑compromised VPN still effectively prevents such personality profiling by non‑government actors, which is far and away my main objective.

Of course, if you are a dissident operating under a repressive regime, then your needs will be quite different. The point is that the tools must be chosen to serve the need. The drawback in many people's approach to VPN is their failure to firstly and properly assess their need.

**scorp123** · April 6th, 2021

To add to my previous post and all the friendly people who replied to it: Yes, I may have oversimplified things... But the fact remains: You are more likely to get spied on in certain jurisdictions than in others. And that's what matters.

And by being a foreigner + non-citizen and by probably not being "in sync" with whatever is going on there except by reading about it in the news, chances are also you won't be able to prevent anyone from handing over any private information they might have about you to any other entity that has standing to make such demands... By the time you learn about these things going on, it might already be too late.

So the fact that I could e.g. maybe fight for my right to privacy in a court of law or maybe count on my VPN provider to do that for me.... I don't think that this is of any importance. It's just nice in theory but not really something I as end-user would want to deal with and waste time and money on. I just want my privacy and not anyone messing with it.

Being a customer of an US-based VPN provider might thus be attractive for US citizens: You live there, you are "in sync" with what's going on, you know where and how to quickly get a lawyer there, and so on. For me as an European living on the other side of the Atlantic this would be way too much of a hassle and highly inconvenient and therefore not attractive at all.

So when picking a VPN provider I absolutely think you should consider these things, no matter what the exact legal details are.

**DuckHook** · April 6th, 2021

@scorp123

I agree with you up to a point. If we are shopping for a VPN provider, then we may as well choose one headquartered in a privacy‑respecting jurisdiction.

However, when it comes to being spied upon, like most things in life, the details matter. In this case, they matter a lot.

On these forums, we repeatedly get the refrain that the objective is to hide from three letter agencies. This is so unrealistic that it crosses over into silliness. If you are the specific target of a three letter agency, then hiding your IP address and surfing habits are the least of your problems. Outside of Hollywood fantasies, it is impossible for an average person to fight against or hide from such agencies. The only realistic avenue available to one under such surveillance is to cooperate with the agency and show them that one is harmless.
On the other hand, if the objective is to avoid the attention of such agencies in the first place, then using a VPN can be counterproductive. In fact, if done injudiciously (as most people tend to do) it waves a red flag. Since the natural predisposition of such agencies is to suspect everyone, then using a VPN implies that you have something to hide. You are more apt to draw added attention to yourself than to attain your privacy objective.
The only realistic way to curb the power of three‑letter agencies is the political route—to have even more potent authorities limit their reach, whether these be courts, legislators or the weight of public opinion.
It is also theoretically possible to make hard encryption and privacy so widespread that it becomes pragmatically impossible to separate the wheat from all the chaff. The larger the ocean of anonymity, the easier it is to lose oneself within it. But this dynamic does not exist today.

What makes #4 unrealistic is that the vast majority of people do not value their privacy. They may make noises that sound like they do, but these are self‑delusions contradicted by both their conduct and their values. In fact, the vast majority are quite happy to sell their privacy for the technological equivalent of a mess o' pottage.

If you have an account with Facebook, Whatsapp, Twitter, Instagram, Snapchat, Linkedin, WeChat, Baidu, Weibo or any of several dozen similar proprietary social media platforms, you have sold your privacy.
If you use Gmail, Yahoo mail, Outlook mail, Apple mail or any other free e-mail platform, you have sold your privacy.
If you use subscription services like Youtube, Chrome, Spotify, Kindle, Amazon Prime, OneDrive, Google Drive, iCloud storage, etc, you have sold your privacy.
If you use Zoom, Skype, Hangouts, Duo, Facetime or any of the proprietary video chatting platforms, you have sold your privacy.
If you buy stuff from Amazon, eBay, Alibaba, etc, then you pay them with not only your hard earned cash, but with your privacy.
If you install dozens of apps from either the Google or Apple app stores onto your phone, or opaque proprietary apps onto opaque proprietary operating systems that are built to track you everywhere, everywhen and every‑which‑way, then you sold your privacy a long time ago.

In the face of such widespread privacy‑killing wilful self‑destruction, it is difficult to see most people's VPN usage as anything more than a sad joke.

Recently, numerous security experts have found that government three‑letter agencies do not even bother to set up complicated data collection schemes anymore. They just buy whatever data they want on the open market from commercial entities that have already done their work for them. It turns out that even three‑letter agencies, with all the resources of nation states behind them, cannot do better than the sheer efficiency, ingenuity and completeness that results from the profit motive.

These largely unknown data agglomerators and personality profilers do not do their dirty work using anything overtly underhanded—they build their profiles using data that the vast majority of people freely hand over to them. VPNs, no matter where their HQ, won't stop this any more than a curtain will hold back a tsunami.

Summary:

It is simply not the case that jurisdictional considerations are as important as people think. While a good jurisdiction does have some value, this is dwarfed by the other factors that compromise our privacy.

The whole field of privacy, anonymity and anti‑profiling is all about the details. It is not about some tool. It is just as foolish to think that a good VPN will give us privacy as it is to think that installing AV will magically immunize us against malware. Since 99% of privacy is the result of personal behaviour, 99% of the solution must involve significant changes to personal behaviour. Most people will not only be uncaring, but will actively resist those changes because they have become addicted to the drugs that have been handed out to them in exchange for their privacy.

In contrast, those who are serious about protecting their privacy have no choice but to address themselves to the complex and frustrating details.

**QIII** · April 7th, 2021

As I said, discussion of whether a jurisdiction should or should not "spy" on its citizens is something we will not allow here. But there is a further consideration beyond the very detailed comments above, and I say this over and over:

It takes from 3 to 5 government analysts to track/surveil any given person of interest. Add to that supervisors and those who surveil all of them ... You can quickly see how unlikely government surveillance is to be bothersome to any normal individual. If the word "bomb" pops up in your communications and they rewind the tape to find that you were discussing with your spouse the cute littly "dooty bomb" your baby just dropped -- well, you just got your name off of every government's list of interesting people forever.

As described above, add a profit motive and the game changes: In the Western world, the danger to our privacy at the hands of commercial interests is greater by orders of magnitude than the danger posed by governments. Say "dooty bomb" and every disposable diaper manufacturer will want your every detail.

I use VPNs to protect the data communicated back and forth with my clients to avoid corporate espionage or PII disclosure. The selection of the VPN provider is usually theirs to make. I like to use the username "Dooty Bomb" when I do that, by the way. Three letter agencies hate that. "Hah! Made you look!"

**CelticWarrior** · April 7th, 2021

On the other hand, if the objective is to avoid the attention of such agencies in the first place, then using a VPN can be counterproductive. In fact, if done injudiciously (as most people tend to do) it waves a red flag. Since the natural predisposition of such agencies is to suspect everyone, then using a VPN implies that you have something to hide. You are more apt to draw added attention to yourself than to attain your privacy objective.

Again, not applicable to China. Waving red flags is pretty much the national sport there and everyone under 45 and their dogs and cats uses a VPN.

**Irihapeti** · April 7th, 2021

If you really think that someone is after you, whether it's your cousin, neighbour or TLA, then DON'T come here and spell out all the details of what's going on and - in particular - discuss what you can do about it. This is a public forum, after all.

It intrigues the number of people who do just this, and don't seem to realise that the cousin/neighbour/TLA can read about their plans and then circumvent them. This also crosses into silliness.