this post was submitted on 30 Jun 2023
108 points (97.4% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54781 readers
635 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Since IVPN and Mullvad are both phasing out port forwarding, are there any alternatives? I am not looking for something like NordVPN which is a privacy nightmare. AirVPN is also not private enough considering I’ve seen reports online of ISPs sending out DMCA letters of gold to its users.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

Personally I don't trust Proton. I know I'm paranoid, but can't be too sure about anything these days. To my knowledge MV and IVPN are the only ones with a nice privacy reputation. Shame they are cutting port forwarding

[–] [email protected] 38 points 1 year ago (2 children)

Proton only started logging his IP after they were legally forced to do so, just like any other law abiding company would have to do.

Proton offers an onion site of Protonmail which the activist should have been using since he allegedly committed

theft and property damage, crimes - the latter two - that enable surveillance

this is a case of user error and bad opsec, not a company bending over backwards to share their users information. If you're going to do things that are likely going to get you arrested, no matter how noble the cause, make sure you have excellent OpSec

[–] [email protected] 17 points 1 year ago (2 children)

To add to that, email and vpn are different. It's easy to force logging of a specific email address when forced to by law, but doing that based on vpn ip address only is more problematic

[–] [email protected] 27 points 1 year ago (1 children)

and iirc Proton took the Swiss government to court after that and won a case reclassifying email legally so that they can't be forced to disclose IPs like that again in the future

[–] Derproid 7 points 1 year ago (1 children)

This is huge, would love to see any other info on this.

[–] [email protected] 1 points 1 year ago (1 children)

Can’t they just log your account? You have to have an account with Proton to use their VPN. They can absolutely log your activity such as logging in, when you connected/disconnected, to which servers, and, more importantly, where from exactly (your original IP address)

[–] [email protected] 5 points 1 year ago (1 children)

Proton doesn't keep logs by default unless legally forced to.

Law enforcement would have to know the email account to make them log it. If they know the email account you're using with ProtonVPN then thats user error and bad OpSec.

In the example you linked, if law enforcement didn't know the guys email address then they couldn't have forced Proton to log his IP.

[–] [email protected] 0 points 1 year ago (1 children)

Bad opsec? It’s a bad VPN if it needs an email at all. Look at what IVPN does, they don’t even have a requirement for emails to register. I’m pretty sure Mullvad just recently was raided by authorities seize whatever they want they said, won’t find any user data they said. And they didn’t. Also proton redirects or used to redirect from onion to clearnet when you signed in. It simply isn’t up to par with IVPN and Mullvad. What’s the point of a VPN where a government can just request them to leak your data? No matter how, AT ALL! What constitutes a big enough crime for them? What if next day it’s downloading Frozen II.mkv?

[–] [email protected] 2 points 1 year ago (1 children)

Proton requires an email because they offer a free tier, without some way of regulating users their servers would be overrun with bots and spam...

The difference between what recently happened with Mullvad and what happened in the article you linked about Proton is that with Mullvad they were looking for general user data for VPN usage, not a specific persons email account like with Proton.

If a copyright holder or law enforcement is in a torrent swarm and logs all of the IP addresses of the seeders of Frozen II and then goes looking for the users of those IPs then ProtonVPN and Mullvad VPN would have the same response - No logs, no idea

Sure, not having to register with an email with Mullvad and IVPN is great but they're not offering port forwarding any more so we recommended ProtonVPN and you said you didn't trust them because they followed the law, if Mullvad or IVPN offered email services then they would have to do the same thing Proton did.

If you make a ProtonVPN account with the sole purpose of torrenting then all you have to do is not publicise your Proton email along with the fact that you're torrenting and then nobody can really do anything about that because law enforcement can't go to Proton like they did with that guy because they don't know the account linked to you.

I didn't hear about the onion issues, but again unless Proton was specifically told to log specific users IPs then even if they were redirected, their IPs wouldn't have been logged in those instances.

Its still user error, he must have publicised his Proton account, law enforcement found out about it and his IP was logged under Swiss law, thats user error. Its crappy that thats law but if you're going to do things like that then you should know how to protect yourself properly

[–] [email protected] 1 points 1 year ago

Even worse:

The identity and location of the activist was already known to the French authorities (they had already been evicted once before for squatting, and the nature of squatting means that their location is known).

So they were probably not using a VPN to connect to Proton Mail, which was the specific target, since e-mail and VPN providers were treated differently under Swiss law until Proton and Threema fought the government on this issue. Tutanota had a similar issue. If you're gonna rely on these services to break their jurisdiction's laws, you should be covering your own ass with bulletproof opsec, because businesses with millions of accounts are not gonna shut down and burn evidence in order to protect one user. In the Proton case, the activist apparently connected to a known Proton Mail account with no VPN or Tor; in the Tutanota case, only e-mails that were not end-to-end encrypted would pose at risk

[–] [email protected] -2 points 1 year ago

At least personally to me it goes to show that it’s not out of the question