Bookmarked How Private Is My VPN? – The Markup (themarkup.org)

Only four VPN websites had no trackers of any kind, and only three of those VPN apps didn’t track its users in any way. The Markup’s analysis found that the VPNs Mullvad, IVPN, Windscribe, and ProtonVPN had no trackers on their websites. Other than ProtonVPN, whose app uses customers’ email addresses for advertising, their apps don’t collect any data for marketing, either.

Alfred Ng reports on the different ways in which different VPN providers collect data on users.

Ultimately, it’s important to note that VPN privacy policies are built on trust, as these companies have the capability to collect a ton of information and it’s not always obvious what they’re doing with it.

Safety Detectives provides a useful breakdown of the different VPN options, including privacy.

Bookmarked Padlocks, Phishing and Privacy; The Value Proposition of a VPN by Troy Hunt (troyhunt.com)

To be clear, using a VPN doesn’t magically solve all these issues, it mitigates them. For example, if a site lacks sufficient HTTPS then there’s still the network segment between the VPN exit node and the site in question to contend with. It’s arguably the least risky segment of the network, but it’s still there. The effectiveness of black-holing DNS queries to known bad domains depends on the domain first being known to be bad. CyberSec is still going to do a much better job of that than your ISP, but it won’t be perfect. And privacy wise, a VPN doesn’t remove DNS or the ability to inspect SNI traffic, it simply removes that ability from your ISP and grants it to NordVPN instead. But then again, I’ve always said I’d much rather trust a reputable VPN to keep my traffic secure, private and not logged, especially one that’s been independently audited to that effect.

Troy Hunt explains that even with HTTPS, there is still a need for VPNs and the added security/privacy they provide.

As the old saying goes, privacy isn’t necessarily about having something to hide, it’s also about not having something you want to share; if you’re depressed and going to beyondblue.org.au then you may not wish to share that with other people. If you’re having trouble with alcohol and visit aa.org.au then you may not want to share that either. If you’re pregnant and hopping over to pregnancybirthbaby.org.au then, again, you may expect to keep that information private (let us not forget the story of how Target managed to “data-mine its way into [a teenage girl’s] womb”). Just looking up those URLs I was imagining what sort of conclusions would be drawn about me if someone had access to my connection! (No, I’m not a depressed alcoholic teenager who’s expecting…)

Bookmarked Is Tor Trustworthy and Safe? (Read This Before Using Tor) (Restore Privacy)

Given that Tor is compromised and bad actors can see the real IP address of Tor users, it would be wise to take extra precautions. This includes hiding your real IP address before accessing the Tor network.

To hide your IP address when accessing Tor, simply connect to a VPN server (through a VPN client on your computer) and then access Tor as normal (such as through the Tor browser). This will add a layer of encryption between your computer and the Tor network, with the VPN server’s IP address replacing your real IP address.

Note: There are different ways to combine VPNs and Tor. I am only recommending the following setup: You > VPN > Tor > Internet (also called “Tor over VPN” or “Onion over VPN”).

Sven Taylor discusses the history of the Tor project, some of the issues associated with it and difference between Tor and using a VPN. It was interesting reading this in light of Edward Snowden’s autobiography.

via Ian O’Byrne

Bookmarked Do You Trust Your VPN? Are You Sure? by Will Oremus (Slate Magazine)

Virtual private networks are now a must-have privacy tool. But good luck figuring out which ones will actually make you safer.

Will Oremus explores the world VPNs. He explains the differences between free and paid subscriptions, as well as who owns the company and why it is not always possible to know.

Marginalia

One of the only definitive takeaways, besides “steer clear of free VPNs,” is that your choice of VPN should depend on what you’re using it for. If you’re just trying to stay safe online, it may make sense to steer toward a larger, U.S.-based company that’s clear about both who owns it and how it treats your data. If your goal is to torrent pirated files, view blocked content, assassinate an ambassador, or otherwise evade the long arm of your government (or the governments it shares intelligence with), one based offshore might be a better bet—provided you’re quite sure it doesn’t have secret ties to the government you’re trying to evade.

via Ian O’Byrne

Liked SOPA.au: Australia is the Testbed for the World’s Most Extreme Copyright Blocks (Electronic Frontier Foundation)

They don’t even need to take all the VPNs: as the Chinese government censors have shown in their dealings with Apple, a well-provisioned national firewall can be made compatible with VPNs, simply by requiring VPNs to share their keys with national censors, allowing for surveillance of VPN users. VPNs that aren’t surveillance-friendly are blocked at the national firewall.

In 2015, the entertainment companies convinced Australia to swallow a fly, and insisted that would be the end of it, no spiders required. Now they’re asking the country to swallow just a little spider to eat the fly, and assuring us there will be no bird to follow. The bird will come, and then the cat, the dog and so on — we know how that one ends.

Bookmarked The #1 reason Facebook won’t ever change (Om Malik)

Facebook is about making money by keeping us addicted to Facebook. It always has been — and that’s why all of our angst and headlines are not going to change a damn thing.

Om Malik explains why Facebook will not be changing, it is not in its DNA. This is epitomised by the spamming of two-factor authentication users and the skimming of VPN data only adds to this. As Malik explains:

The DNA represents a company’s ethos — and to a large extent, its ethics. Microsoft was and will always be a desktop software company, albeit one that is doing its best to adapt to the cloud and data-centric world. It has turned its desktop offerings into smart revenue streams on the cloud.

Google’s core DNA is search and engineering, though some would say engineering that is driven by the economics of search, which makes it hard for the company to see the world through any other lens. Apple’s lens is that of product, design, and experience. This allows it to make great phones and to put emphasis on privacy, but makes it hard for them to build data-informed services.

Facebook’s DNA is that of a social platform addicted to growth and engagement. At its very core, every policy, every decision, every strategy is based on growth (at any cost) and engagement (at any cost). More growth and more engagement means more data — which means the company can make more advertising dollars, which gives it a nosebleed valuation on the stock market, which in turn allows it to remain competitive and stay ahead of its rivals.

Even with the personal adjustments to the feed in response to issues with fake news and manipulation, this is akin to the spin by the tobacco industry in the 70’s to hide the effect of smoking.