…because VPNs obscure a user’s true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they’re entitled to under the law…
…VPNs might protect you against garden-variety criminals, but the intentional commingling of origin/destination points by VPNs could turn purely domestic communications into “foreign” communications the NSA can legally intercept (and the FBI, somewhat less-legally can dip into at will)…
Certainly the NSA isn’t concerned about “incidental collection.” It’s never been too concerned about its consistent “incidental” collection of US persons’ communications and data in the past and this isn’t going to budge the needle, especially since it means the NSA would have to do more work to filter out domestic communications and the FBI would be less than thrilled with any efforts made to deny it access to communications it doesn’t have the legal right to obtain on its own.
Since the government won’t do this, it’s up to the general public, starting with everyone sharing the contents of this letter with others. VPNs can still offer considerable security benefits. But everyone needs to know that domestic surveillance is one of the possible side effects of utilizing this tech.
Is it safe enough to use vpns based out of the US? I’m using nord which is non us.
Nord is owned by Tesonet, a data mining company which also owns SurfShark.
And Private Internet Access and ExpressVPN are owned by Kape, an Israeli firm.
ProtonVPN is owned by Proton, in Switzerland.
Mullvad is based in Sweden and is the main interest of its seemingly decent, also Swedish, parent company
Fan of Mullvad but just be aware its not what you want if you’re using a VPN for torrenting. They had to remove their port forwarding feature due to some bad actors ruining it for the rest of us.
What happens if you are torrenting via Mullvad?
I torrent on Mullvad, it works but its often slow and I don’t connect to peers that say are available.
I run into that problem too on CyberGhost, I wonder if my settings are not fully optimized as I tried to go for security over openeness due to my limited knowledge… Sometimes a torrent will have up to 10 seeders but will still stall out / fail, I always thought that was due to those seeders having limited bandwidth and being queued up for hundreds of other downloads before they get to mine, but now I wonder if its my settings… Either way I would rather optimize for security, but I wish I could get some rare stuff sometimes that has few seeders.
Yeah, I’ve wondered the same thing about my settings. I’m certainly no expert so there may be something I’m doing wrong. It MOSTLY works though so I haven’t been hard pressed to dive into it.
they don’t allow port forwarding which nerfs the effectiveness of seeding, seeding is still possible, just not as effective.
TBH modern torrent works well even if majority of users don’t have ports forwarded
You’ll only be able to connect to certain peers that do have port forwarding setup.
Only if you disable uTP protocol. Or if you have an ancient client that doesn’t support it
Shit I rarely make it above 1:1 even if I seed 24/7 for a while, I wonder if I need to work on my settings.
You don’t. It’s okay to have less than 1:1 if there’s a lot of seeds. If you are super early after release tho, it’s nice if you keep it up for few hours
If a friend was interested in that, what should I tell them to use instead? Asking for a friend, obviously.
I switched to AirVPN when Mullvad made the change. I think Proton, PIA, and Windscribe have it too.
Thanks. Sounds good
CyberGhost I believe is also owned by Kape or a subsidiary.
Thanks for the extra digging, no true privacy but at least there’s some transparency with the vpns.
Those are the ones that would cause them to surveil you.
The issue isn’t necessarily “the government will target you for using a VPN;” the issue is “if your IP makes you look like you’re outside the US because that’s where your traffic exits the VPN, the laws against domestic spying won’t protect you properly because you’ll look like a foreigner.”
Frankly, the headline is heavily spinning it to be anti-VPN fearmongering.
Yeah I reacted way too quickly. Then I realized half of X bot traffic spoofs everywhere. They’re intentionally doing a shakeup of everything and this one got under my skin cause I’m a daily user.
But before this was that outside US router ban that was pretty real. The DJI ban. So these types of news cascade and its worrisome.
Privacy companies based outside the US can still have VPN servers within the US. That traffic would still look domestic. The company being owned and headquartered outside the US just gives them a bit more protection against the rogue US government.
Some VPNs also allow multi-hop, so that you can connect to one VPN server via another. That could make it harder for the spooks to see that your traffic is leaving the US. Of course it also means that they might suspect any traffic coming out of a VPN server even based in the US, which is basically the point of this article.
And some VPNs allow you to enable a feature that protects against AI-driven data traffic analysis. So that someone who’s really committed can’t just monitor the size and frequency of your outgoing encrypted packets, then find matching patterns in packets leaving the server you’re connected to, tracing it to the destination. Instead, the VPN adds noise and sends uniform packets so that AI can’t trace it from source to destination.
I don’t know if Nord offers these features, cause I don’t use Nord. But I’ve heard some issues about them, which other user’s have already mentioned and offered alternatives for, so I’ll leave it at that
Yeah, sorry, I wasn’t as precise as I could’ve been. I was really just trying to convey the motivations (i.e. that it was due to being mistaken for foreign as opposed to being targeted for using a VPN), not go into the details of exactly which aspect of the VPN (the entrance IP geolocation, the exit IP geolocation, or the company HQ location) would actually trigger the “foreign-ness.”
I mean, even a US-based VPN company could look foreign if they have servers outside the US, or even if they just allow multi-hop to third-party servers to/from outside the US.
Except then they’re even more vulnerable not only to subpoenas but also extrajudicial and unconstitutional raids, as some journalists have discovered, especially in deeply red states but not always…
Depends what you mean by “safe enough”. Every country on the planet can subpoena your VPN for traffic data. That’s why that data needs to be encrypted, regardless of what company.
No. They will see that you’re using a vpn.
They might decide to record your traffic and save it until it can be decrypted.
In theory, I think all VPN usage is grounds to get you put on a list, but Nord is considered a relatively “normie” company by privacy aficionados. Everybody and their mother has seen an ad for it by this point. (The privacy aficionados will probably tell you it’s not good enough, but that’s a can of worms I won’t get into right now.)
Makes sense I should probably reframe it as is nord not going to sell their users out without a fight.
Only true privacy is like the tails stuff and some complicated routing stuff all the self hosting guys here probably know about.
AFAIK the one company that has been battle-tested is Mullvad, everything else requires (more) crossing your fingers.
Nord has subpar standards when it comes to logging now, and if that’s in line with recent Proton behavior, you might that interpret that as a potential willingness to cave to the US with minimal pushback
yes, just be aware that the gov could require the company to log you without letting you know, even if they have a no log setup. For the everyday person this is a non-issue, but if you are doing shadey stuff or have ties that may make someone super interested in your activities, you may wanna choose elsewhere.
The everyday person has political views that can be categorized as extremist. Freedom is more costly.
The everyday person has political views that are classified as extremist by the actual extremists as a way of deflection.
Oh, I fully understand that. But the everyday person isn’t going to affect the government to the extent where they want to not only issue a court order ordering a company to do this, but also issue a gag order to prevent the company from saying anything.
Political leaders, possibly. Terrorist organizers, definitely. But your typical protest, or right versus left debate, that’s not going to be enough for them to bother, let alone a court order forcing it.