Countries who have bad Internet Privacy Laws

Can we get a list of countries where you don't want to have a vpn server because of their anti-privacy legislation. We all know Sweden is very good but where are very bad?

[dw426]

Whilst I don't have a quote-able list gathered from the net, personal experience and the experience of others would look something like this, and not really in order:

China

Iran

U.S

Afghanistan

North and South Korea

Australia


Obviously it's a very short list and leaves out many others. But these are the ones more familiar to me. The U.S is included here because of privacy laws actually decreasing, which would also mean the U.K has a place here as well. VPN services/ TOR should be looked at with an increasingly wary eye no matter where you are, and should never be heavily relied upon.

I have heard that Germany and France are also places you want to stay away from. No concrete evisence, just anecdotal. Perhaps DasFox will gives an informed opinion?

[gerardwil]

I think this topic is leading to nothing...

[mirimir]

It's not as simple as good vs bad. Which countries are good or bad depends on where you are, and what you're doing. For example, if you're in China and annoying foreigners, using Chinese VPNs might be wise. But if you're in China and annoying China or its allies, using Chinese VPNs would be very unwise.

The same is true for other countries and their allies. The largest group is probably the USA and its close allies. Basically, consider who votes with the USA in the UN. Look at other voting blocks too.

When running one VPN through another, I like to pick from groups that don't like each other or my country.

[CasperFace]

Here's looking at it from the perspective of data retention laws and the prevalence of internet censorship/surveillance. While these factors don't necessarily equate to bad privacy laws per se, they usually tend to go hand-in-hand with one another... so hopefully this list will be somewhat useful.

Good countries for VPN:

Argentina - No data retention law
Brazil - No data retention law
Bulgaria - Data retention law not applicable to VPN providers
Cyprus - Data retention law declared unconstitutional (?)
Czech Republic - No data retention law (declared unconstitutional)
Hong Kong - No data retention law (?)
Iceland - No data retention period specified (?); good privacy laws
Japan - No data retention law
Luxemburg - Data retention law not applicable to VPN providers
Netherlands - Data retention law not applicable to VPN providers
Panama - No data retention law
Romania - Data retention law declared unconstitutional
Serbia - Data retention law not applicable to VPN providers (?)
Sweden - Data retention law going into effect in May 2012, but (presumably) not applicable to VPNs
Taiwan - No data retention law (?) + seemingly good privacy laws
Ukraine - No data retention law

"Questionable" Countries:

Australia - No data retention law, but internet regulations are strict & they're on RSF's Internet Surveillance 2012 watch list
Belgium - Data retention law not implemented, but has fairly strict laws & some internet censorship issues (esp. anti-p2p)
Canada - No data retention law, but anti-privacy legislation is rapidly gaining traction
Egypt - No data retention law (?), but privacy laws are dubious & they're on RSF's Internet Surveillance watch list
France - Data retention law not applicable to VPNs, but has strict laws & they're on RSF's Internet Surveillance watch list
Germany - Data retention law declared unconstitutional, but server raids & gov't surveillance are prevalent
Israel - No data retention law, but gov't surveillance is suspected (conflict zone)
Italy - Data retention law not applicable to VPNs, but internet regulations are fairly strict & there are some censorship issues
Malaysia - No data retention law, but has some censorship/server raid issues & they're on RSF's Internet Surveillance watch list
Mexico - No data retention law, but there are concerns about gov't corruption & some internet censorship issues
New Zealand - No data retention law, but there are concerns about gov't surveillance
Russia - No data retention law (?), but they have some censorship issues & they're on RSF's Internet Surveillance watch list
Singapore - Minimal data retention law, but has fairly strict internet regulations & some censorship issues
South Africa - No data retention law, but internet regulations are strict
South Korea - No data retention law, but they have some censorship issues & they're on RSF's Internet Surveillance watch list
United States - No data retention law, but server raids and gov't surveillance are prevalent

Bad Countries for VPN:

Afghanistan - Suspected surveillance by allied forces (war zone)
Armenia - Internet censorship
Austria - Data retention law
Bahrain - Internet censorship
Belarus - Internet censorship
Burma (Myanmar) - Internet censorship
China - Internet censorship + data retention law
Cuba - Internet censorship
Denmark - Data retention law
Estonia - Data retention law
Ethiopia - Internet censorship
Finland - Data retention law
Greece - Data retention law
Hungary - Data retention law
India - Internet censorship + data retention law
Indonesia - Internet censorship
Iran - Internet censorship + data retention law
Iraq - Suspected surveillance by allied forces (war zone)
Ireland - Data retention law
Kuwait - Internet censorship
Latvia - Data retention law
Liechtenstein - Data retention law
Lithuania - Data retention law
Malta - Data retention law
Morocco - Internet censorship
North Korea - Internet censorship (internet infrastructure is virtually non-existent here anyway)
Norway - Data retention law
Oman - Internet censorship
Pakistan - Internet censorship
Palestinian Territory - Internet censorship
Poland - Data retention law
Portugal - Data retention law
Qatar - Internet censorship
Saudi Arabia - Internet censorship
Slovakia - Data retention law
Slovenia - Data retention law
Spain - Data retention law
Sudan - Internet censorship
Switzerland - Data retention law
Syria - Internet censorship
Thailand - Internet censorship + data retention law
Tunisia - Internet censorship
Turkey - Data retention law + internet censorship
Turkmenistan - Internet censorship
United Arab Emirates - Internet censorship
United Kingdom - Data retention law
Uzbekistan - Internet censorship
Vietnam - Internet censorship
Yemen - Internet censorship

Disclaimer: I don't proclaim to be an expert on world politics or international law, so there could very well be some errors/omissions in my assessment. Just consider this as a general guide only, or use it as a starting point for further research.

[dw426]

Quote:

Originally Posted by gerardwil

I think this topic is leading to nothing...

I've never understood the need to knock on a topic you obviously don't see as needed, or comment on it at all. Just ignore it?

Anyway, Casper, the reasons you list for it being a bad idea to use a VPN...are precisely the reasons to argue for using one. However, the catch here is that those same countries and reasons are what makes it very likely a VPN would either be a trap or almost useless. We also need to add the factor in that the country you live in does not necessarily dictate whether or not you can find yourself in trouble. Just ask Megaupload.

[mirimir]

That's a great list, CasperFace Your good countries for VPN seem to generally be good choices for everyone. Conversely, those in your questionable and bad sections may be good choices only if you're doing what they like (or not doing what they don't like). For example, Russia is notorious for ignoring carders, but I've read that they don't tolerate preying on Russians The United States openly promotes anonymity services in China and Iran, but they don't seem to like file sharing. China has its GFW, but I've read that it tolerates hackers who target the West. I'm not talking about politics, here. This is all about prudently choosing VPN providers.

[chronomatic]

One must remember that even though the USA doesn't have data retention laws, most ISP's do have a policy of retaining data for a period of several months for LE reasons.

Moreover, it doesn't really matter if the ISP itself retains data. I guess it all depends on who you want to keep your data private from. If you want to keep it private from the TLA's, then you're out of luck even if your ISP does not retain data. Why? Because NSA has already been storing almost every bit of data that has passed over public networks since at least 911.

[JohnMatrix]

It's ironic that I have to use a VPN located in the Netherlands, that is not required to log, to prevent data retention/logging when connected in the Netherlands to an ISP, that is required to log and violate my privacy.

[Warlockz]

Thanks for the list CasperFace! ......ISPs in the US agreed to Retain Data for a period of no less than 6 months, some of them retain for a year, soon all of them will be required to retain data for a year or 18 months, plus they are going to spy on all Internet traffic pushing it through filters that alert to keywords ect.........welcome to socialism if you live in the US. I can already see it happening when they try to ban all VPNs in the US. its one thing after the other, and the USA is turning into a Major Police State!

https://en.wikipedia.org/wiki/Teleco...data_retention

[marktor]

Switzerland - Data retention law

Not sure about this. They have data retention laws but my understanding is they only apply to ISPs not VPNS. I have had discussion with several Switzerland based VPNS and that is what they told me. Do you have any further information?

[CasperFace]

Quote:

Originally Posted by marktor

Switzerland - Data retention law

Not sure about this. They have data retention laws but my understanding is they only apply to ISPs not VPNS. I have had discussion with several Switzerland based VPNS and that is what they told me. Do you have any further information?

You are probably correct with regard to Switzerland. I suspect that a few other EU countries (Estonia, Latvia, Lithuania) might be relatively safe too... but I'm just erring on the side of caution here since I don't really know much about the specifics of their data retention laws. My only concern with Switzerland is that it ranks a bit too highly in the "Electronic Police State" category for my liking... but then again, so does the Netherlands and Japan. Obviously, there are other factors involved, so it's not like it's an exact science. All things considered, my level of trust in a Swiss server would probably be about the same as that of French or German one, so maybe it is okay... as long as the provider is trustworthy.

Further food for thought: I suspect that in most countries where data retention laws have been transposed, a VPN provider can find some kind of legal "loophole" that excuses them from having to keep logs. I even know of one VPN operator who claims that for certain log-requiring countries, he just configures the server to generate a FAKE log file. Realistically, there are ways to get around just about everything. So when I say I don't like a country because of its data retention law, it doesn't necessarily mean that I'm worried about the application of the law itself... but the fact that such a law exists in the first place is a pretty good reflection of how these countries feel about internet privacy as a whole.

[marktor]

Quote:

Originally Posted by CasperFace

You are probably correct with regard to Switzerland. I suspect that a few other EU countries (Estonia, Latvia, Lithuania) might be relatively safe too... but I'm just erring on the side of caution here since I don't really know much about the specifics of their data retention laws. My only concern with Switzerland is that it ranks a bit too highly in the "Electronic Police State" category for my liking... but then again, so does the Netherlands and Japan. Obviously, there are other factors involved, so it's not like it's an exact science. All things considered, my level of trust in a Swiss server would probably be about the same as that of French or German one, so maybe it is okay... as long as the provider is trustworthy.

Further food for thought: I suspect that in most countries where data retention laws have been transposed, a VPN provider can find some kind of legal "loophole" that excuses them from having to keep logs. I even know of one VPN operator who claims that for certain log-requiring countries, he just configures the server to generate a FAKE log file. Realistically, there are ways to get around just about everything. So when I say I don't like a country because of its data retention law, it doesn't necessarily mean that I'm worried about the application of the law itself... but the fact that such a law exists in the first place is a pretty good reflection of how these countries feel about internet privacy as a whole.

I understand what you are saying. Just to add to this thread here is a list of data retention laws by country: https://wiki.vorratsdatenspeicherung.de/Transposition

[CasperFace]

Quote:

Originally Posted by marktor

I understand what you are saying. Just to add to this thread here is a list of data retention laws by country: https://wiki.vorratsdatenspeicherung.de/Transposition

Thanks. Also, there's this:

Mandatory Data Retention | Electronic Frontier Foundation

Some key points:

Quote:

...a number of countries have transposed the Directive into national legislation including Austria, Bulgaria, Denmark, Estonia, France, Italy, Latvia, Liechtenstein(see page 127), Malta (see also), the Netherlands, Poland, Portugal, Slovakia, Slovenia, Spain, Norway, and the United Kingdom. Non European Union countries such as Serbia and Iceland have also adopted a data retention law.

With regard to Serbia and Iceland, I am fairly certain that their data retention laws would apply to ISPs only. Iceland is frequently cited as having good privacy laws, and I know of at least a couple of pro-anonymity providers that operate in both of these countries.

Quote:

...The countries fighting the Directive are Cyprus, Czech Republic, Germany, Greece, and Romania.

The EU Mandatory Data Retention Directive was adopted in Romania, but declared unconstitutional in 2009. In February of 2011, Cyprus also declared their national data retention law unconstitutional. The German law adopting the Directive was declared unconstitutional in March 2010. Legal analysis conducted by the German Parliament concluded that the Directive was not in compliance with the EU Charter of Fundamental Rights and did not lead to a significant increase in successful legal investigations. Germany is now facing a fine from the European Commission for declining to implement the Directive. In March 2011, the law transposing the EU Directive in the Czech Republic was annulled by the country’s constitutional court. Lithuania's law implementing the Directive was declared unconstitutional before the law took effect. In addition, Hungary's implementation of the directive is still under review by the Constitutional Court of Hungary. A preliminary challenge to the national implementation of the Directive has also been filed in Poland.

Based on this information, I would deduce that Romania, Cyprus, Germany, Czech Republic, and Lithuania are not currently implementing the EU data retention law, but Greece, Hungary and Poland most likely are... at least for now.

Quote:

Some members of the European Union have refused to adopt the EU Mandatory Data Retention Directive into their national laws. In addition to Germany, Sweden continues to delay the implementation of the controversial EU data retention at a time where the European Commission has referred Sweden back to European Court for "failing" to transpose the EU legislation into national law.

Evidently, Sweden has recently given in to EU pressure and has agreed to implement the law--effective in May. However, given the strong pro-privacy culture of Sweden, the implementation will likely be as minimal as possible... so VPNs/other non-ISP services should still be safe.