0 sats \ 3 replies \ @kepford 17 Mar 2023 \ parent \ on: Red Pill me on VPNs please — bitcoin
Thanks for the info. Thinking about this and maybe I'm not understanding what you are saying but all VPN providers know a few things about you.
  1. Your IP address
  2. If they have accounts they know how many devices you use that account on
  3. Which sites you visit
  4. Any clearnet traffic
  5. Your public key (at a minimum)
I don't think the device limit is a privacy difference. Here's why and if I'm missing something I'm open to be educated. VPN use Wireguard or OpenVPN which work using public private key pairs. VPN apps will generate a keypair. They have to do this for the VPN to work. Mullvad and iVPN have apps that do this in the background for you or you can generate your own key pair and add it to your account (just the public key). Also, if their client isn't open source you have no idea what they are tracking. I don't know if perfect-privacy.com does this, just saying.
If I'm missing something @billiam, educate me.
You have to trust all VPNs. There is no magic. Its all tradeoffs. When you use a VPN provider you might be hiding / encrypting your traffic so your ISP can't see it or that others on the insecure open wifi network can't snoop but the VPN provider can. Depending on your threat model sometimes this makes sense.
I run a VPN on my home network so that I can access my network from anywhere else. I have also ran VPNs on a virtual private server which is a different approach that makes sense in some situations. The first thing you have to do when thinking about VPNs if figure out why you think you need one. There is no silver bullet.
write
preview
0 sats \ 2 replies \ @billiam 17 Mar 2023
If a vpn provider claims and advertises a no-log policy, then they can't know how often you are connected because they need to store or log that information somehow. "We do not log, just a little bit to know the number of devices you connect to us".
reply
20 sats \ 0 replies \ @kepford 17 Mar 2023
We also monitor the real-time state of total connections per account as we only allow for five connections simultaneously. As we do not save this information, we cannot, for example, tell you how many connections your account had five minutes ago.
I will say, we are trusting all of these providers unless they have a way to verify it. I've yet to find a trustless VPN provider. I don't think it is possible. I'm fine with the tradeoffs of Mullvad and iVPN but I understand why some may not be. But based on what I saw on perfect-privacy I would not trust them any more. I don't like the email address requirement.
reply
0 sats \ 0 replies \ @kepford 17 Mar 2023
Ah, ok. So they know that an account number has these public keys. Where as other providers don't know the list of public keys on your account? Depending on how you use the service, this difference is not important. IE, if you use your VPNs from home there is no difference. All of these providers will have your public keys and if they come from a single IP its pretty much the same thing. You do have me thinking about this differently though. For my threat model its not important but I'm curious.
When people think of logs they are thinking of keeping records of traffic that can be linked to accounts which can be linked to identities. This stuff is hard to do privately. Thanks for the info
reply