Ubuntu addict and loving it
IMHO, the most private VPN is one you run for yourself. that may even be secure if you set up everything right. i use openVPN for mine.
privacy and security are not the same thing. i see an increased demand for VPNs when ads for commercial VPN services has hit rhe media. can you really establish a trust relationship with any of the VPN providers?
Mask wearer, Social distancer, System Administrator, Programmer, Linux advocate, Command Line user, Ham radio operator (KA9WGN/8, tech), Photographer (hobby), occasional tweetXer
Fore!
Not to be argumentative, but how did you establish a trust relationship with Canonical? Could they not have built Ubuntu to report your every important piece of data back to them?
Most of us don't compile Ubuntu from source. We download an ISO put out by Canonical and just "trust" that they haven't hidden anything nefarious inside.
My point is that trust has to start somewhere. A pol once remarked: "Trust, but verify". This is good advice. Without taking that first step of trust, nothing could get started. But without verification, the unscrupulous will always be tempted to betray that trust. Nor am I saying that trust should be handed out indiscriminately. There are several tests that must be passed before we should consider trusting people. But those tests are vague and hard to quantify. As in life, extending trust in the IT-sphere is something of an art.
You are right in that the most private VPN is the one you run purely between your own client and your own server. But your private VPN is unlikely to be the one your doctor uses to store your patient charts. It is unlikely to be the one your accountant uses to store your financial statements. Nor will the bank, the newspaper, the government nor Ubuntu Forums consent to use your server for their business. In order to transact with practically any entity other than yourself, you must leave the confines of your own walled garden and brave the big bad world, hence the need for commercial VPN providers.
I do get your larger point. I have personally switched VPN providers because, over time, they failed the verification test. But my approach was not to distrust them; rather, it was to make a habit of periodically verifying all things that I tend to take for granted.
A system upgrade is a heart, lung and brain transplant. !!BACKUP FIRST!!
Linux is Not Windows | A Great CLI Guide | Resources for Newcomers
The Best 'buntu Flavour | Remapping Keys | Sandboxing Apps with LXD
Ubuntu addict and loving it
i established trust from history. over time, either they were very good at hiding it from the world, or would have been caught by now.
Mask wearer, Social distancer, System Administrator, Programmer, Linux advocate, Command Line user, Ham radio operator (KA9WGN/8, tech), Photographer (hobby), occasional tweetXer
Tea Glorious Tea!
So, what might one look for/at to verify a commercial VPN company isn’t straying from its original, marketed commitment. When would you pull the plug on a VPN?
Ubuntu addict and loving it
i really have no idea how to verify a commercial VPN company short of breaking in. but, if i can break in, game over, i can't trust them. but, really, i won't be trying.
Mask wearer, Social distancer, System Administrator, Programmer, Linux advocate, Command Line user, Ham radio operator (KA9WGN/8, tech), Photographer (hobby), occasional tweetXer
Ubuntu addict and loving it
as to Canonical and Ubuntu, it's the openness and the community that eventually establishes the trust. there are many eyes and enough now that if they did try to hide some spy code, someone would notice and let it out. so i don't really need to read the source code. and i believe that, by now, hiding it in just distributed binary code, only, would still be eventually caught. that, and they know there is a chance of being caught, so they are not going to try.
Mask wearer, Social distancer, System Administrator, Programmer, Linux advocate, Command Line user, Ham radio operator (KA9WGN/8, tech), Photographer (hobby), occasional tweetXer
Fore!
Excellent question. See below.Originally Posted by aljames2
You both raise a truly vexing issue. One of the biggest problems with the proprietary world is that their ownership structure is impenetrably secretive. And where there is darkness, there is corruption. Evil festers when hidden out of sight. A "good" VPN could turn rogue overnight and we would be none the wiser. Two years ago, the VPN provider that I had relied on sold out to a scoundrel. The new owner had made his fortune producing malware and spyware. He was now in control of a large VPN provider. This smelled like three day old fish left out in the sun. I pulled the plug immediately.
The issue is exacerbated by other factors. If the VPN is headquartered in the US, it could be compelled by a court of law to turn over its logs to the authorities under a gag order, so they couldn't tell you about it no matter how much they might want to.
There are a few things that improve your chances:
- Use a larger VPN provider who has a lot of servers spread out all over the world.
- Make sure they are not headquartered in any of the five eyes or seven eyes countries.
- Make sure their ownership structure is unsullied,
- A really good sign is if they have been taken to court by a three‑letter agency and have proven that they have no logs to hand over.
- In lieu of an actual court case, go with the one that regularly submits to third-party security audits and whose no log policies have been confirmed by reputable auditors.
- Subscribe to a few security mailing lists/channels to keep apprised of the latest in cyber‑dangers.
I have confidence in my current VPN provider, but it's not unlimited. It is a bad idea to trust any corporate entity unreservedly. Always be prudent in handing out your trust. If my current provider decides to forego their next security audit, or if third‑party security sources start feeling queasy about them, then it will be time to go shopping again.
A system upgrade is a heart, lung and brain transplant. !!BACKUP FIRST!!
Linux is Not Windows | A Great CLI Guide | Resources for Newcomers
The Best 'buntu Flavour | Remapping Keys | Sandboxing Apps with LXD
<--- Run xman to see that window.
Maybe don't trust SuperVPN & GeckoVPN.
https://haveibeenpwned.com/PwnedWebs...perVPNGeckoVPN
I don't trust any free VPN services. When I'm looking, I want to know who the owner is - a real name of a real person. Where they are located. Where the VPN company is located - is that a trustworthy country/island? Where is their staff located? I've seen VPNs with CEOs in Europe, the company incorporated in Panama, and the support teams in Singapore and Hong Kong. To me, that's multiple red-flags. Certain countries/islands are known to harbor criminals - maybe avoid VPNs in those too, because if a govt won't hold people accountable for actions, there is no rule of law. For me, that's an important consideration.
I want a VPN with strong encryption, not weak. I'd like multiple exit nodes around the world, since that's one of the main reasons I use a VPN for my research needs. I want normal F/LOSS to be used, not some highly customized version. Let me install openvpn or wireguard from anywhere I choose and have that work, just with slightly different configuration for each server.
I want a VPN that has been sued by the local govt trying to get access to data and for them to truthfully claim, "we don't have that data." I want to pay for the VPN using untraceable methods. For me, that's a "gift card" not tied to my name or location.
Ubuntu addict and loving it
Depends on the jurisdiction under which the VPN provider operates, I guess?
Me personally I'd never trust any VPN provider operating out of the USA or China or any territory that is politically attached to one of them (e.g. Puerto Rico, Hong Kong, etc.). Both have demonstrated again and again that they do not care about or respect the privacy of their own citizens, let alone foreigners. Both the US and China have established laws that allow a (secret) court to demand any information they want from anyone who is storing any data about you, e.g. your VPN provider, and that VPN provider isn't even allowed to inform you.
So when choosing a VPN I'd go with one that legally operates under a jurisdiction where they have very strong data protection and privacy laws and a clear and transparent policy regarding what details exactly they are storing about you, which of your activities they are logging or not, and under what circumstances they would hand out those logs to foreign law enforcement agencies, if for whatever reasons it ever came to that.
And always read the fine print: the VPN providers who claim they have a "no logs policy" ... if for example they are EU- or US-based they are probably lying to your face because those territories do have "data retention laws". They are legally obliged to keep logs, it would be illegal for them not to do it. If they claim they aren't doing it despite the legal requirements in their jurisdiction ... then they are very very likely lying.
Just my 0.02€.
Ubuntu addict and loving it
Correct about USA, incorrect about China.Both the US and China have established laws that allow a (secret) court to demand any information they want from anyone who is storing any data about you, e.g. your VPN provider, and that VPN provider isn't even allowed to inform you.
Let me explain:
In China any company must provide users' data whenever requested by the courts for any matter of national security, no secret laws or courts required, it's all done in plain view. And companies aren't required to deny it (and they couldn't anyway because it's a public matter). Failure to comply is cause to be forbidden to operate in the country. That's what happened to Google, Facebook and Twitter when they refused to give the data for the investigation of terrorist attacks while at some time they're doing it in a much larger scale at home (US) for no reason/merit.
Posting Permissions
Adv Reply
Bookmarks