Discussion in 'privacy technology' started by Uitlander, Feb 5, 2018.
Just a heads up: https://www.cio.com/article/2863633...ective-allows-warrantless-access-to-data.html
As long as you properly set them up. As you're going to use local MITM proxy, it should be like:
PC/Browser -> Porxy -> VPN server
and the setting can be trouble unless you know these things well, or others here can provide detailed explanation. I once struggled for it on Android (Adguard proxy mode & OpenVPN), but no experience on Windows. I recommend to use VPN on router.
Yes, Sweden is 14 eyes, but I suspect ppl avoid them w/out thorough consideration. IMO, what matters is not if it's 14 eyes, but actual law of the country and EU. US should be avoided 'cause they can be coerced not to speak about by NSL or gag order. I don't take PIA example as a counter-proof against that, in that case FBI just didn't go much unlike Lavabit. But 14 eyes is not uniform, some countries seem to have better law than other. It's unfortunate some blogs quote this link about Sweden law wrongly. See correct info.
Does anyone know the exact difference btwn 9 eyes & 14 eyes? It doesn't make much sense to avoid 14 eyes just because it is cited in Snowden document. Russia and CIS countries have another spy network. I'm 99% sure that some out of 14 eyes countries such as Japan are willing to corporate with US agency more than some 14 eyes, and that they have worse law about privacy. Even Swiss has surveillance treaty w/ US. I agree that British territories are not much better than 14 eyes, but think India and other former colonials too. Nowadays Hong Kong is under more pressure and activists're crying China gov're breaking their commitment w/ Britain.
If you talk about surveillance out of the law, there's no heaven and it's safe assumption every country is under the risk, but as always said, choosing hostile countries will be somewhat viable mitigation i.e. if you live in US, choose Russian server/provider.
Don't stop your thinking just by the word 14 eyes, but search about actual law for the country. But it's unfortunate there're not many resources available in English about the law of non-English countries.
Maybe this will help:
Sorry but the link doesn't include any new info to me.
It might help someone else though.
I almosy didn't get this one bookmarked. . . . .it was a heck of a fight with browser.
Maybe this will be more useful:
Good read indeed! I recommend everyone who care 14 eyes thing to read this.
I think it confirmed my conclusion: decide on the law of the country, not on if it is 14 eyes.
Avoiding 5 eyes (especially 3 eyes in it) is reasonable, but 9 eyes seems to be not much relevant with general mass surveillance, and 14 eyes seems to be not much different from other 3rd party SIGINT partners. We still know little about what kind of info are shared within specific SIGINT community and are not in another. And these SIGINT community are rapidly changing, so it's almost nonsense to care about if a VPN provider belongs to one old definition of 14 eyes or not.
It's tragedy (or comedy?) that ppl give up very privacy-minded, technically superior providers just because it is in 14 eyes country, and go to a provider who cares privacy less and is technically inferior (and often, their jurisdiction is not much better than some 14 eyes country). Technical expertise matters more than jurisdiction. All evidences I know show NSA couldn't break sound encryption. What NSA could do were e.g. breaking known weak cipher, exploiting side-channel, installing malware, etc.. And many of them can be done outside the law, regardless of jurisdiction.
Admittedly, researching privacy related law of the country you're interested in is not easy. It's pain, and you'll find conflicting opinion about the law. But I think there's no royal road if you really care.
Never heard of that term before.
Ummm. US, UK and Plus Canada, or Australia?
But yes, the Five Eyes have their hooks in everywhere
I remember reading 2 - 3 years ago from some VPN review site that Island and Norway are privacy respecting countries. And neither belongs to EU.
Switzerland might be worth checking too ...
What I found unsettling was the programming that Nord VPN wanted me to run to *properly* run their service.
When I asked about it,they told me to check this and that,but offered no answers.
I declined their service for now until I figure this all out.
@The Radius Kid - Programming? Do you mean their custom app? Or
I'm talking about programs their "client" wants me to have running on my PC and Android phone for it to work properly.
What programs were those? Any Android VPNs that I used, have just had a single app. With NordVPN and other VPNs, you don to have to install their own software. You can connect to the VPN by manually configuring OpenVPN.
VPN apps do provide useful features. Many have firewalls to prevent data and DNS leaks, and some of those actually work. Typically, they also ping the VPN's servers, and can be configured to use the least congested and fastest ones, either in a particular country or region, or even overall. But some of them also do stuff that you may not want. And some even invade your privacy.
If you know what you're doing, it's always best to use stock OpenVPN. And configure your own DNS and firewalls. But if you don't know what you're doing, you can end up leaking DNS lookups and data.
eyes or no eyes, my take is to avoid those no eyes.
you look at the no eyes countries, mostly tax haven, no strict laws on data privacy. Being lawless, means they are not require to log but think deeper, they can log as well and share your data. Is double edged sword.
Yeah, it's a hard world
But you can use nested VPN chains. And so distribute trust among multiple providers. None of them individually can sell you out. Or be forced. They'd need to collaborate. That's why Tor uses three-relay circuits.
The way I figure it, I shouldn't have to do any fancy tricks to circumvent an issue a VPN creates. . . . . .that's what you're supposedly paying for in the first place.
I figure a VPN should treat you like you're untouchable regardless of whether you're just looking for a little privacy or trying to take over the world. . . . . unlike the stunt HMA pulled.
Now to those programs I mentioned earlier.
My Android cell wants my Play Store app' up to date and running.
Uh, what if you don't use the app' or disable to save power?
It is used to manage your account and does identify you.
Why is it needed?
I downloaded it directly from Nord's website so the Play Store shouldn't even be involved.
My PC has an NVidea card on board and has an app' that auto checks for updates.
To do that, it needs to know if my card is elligible.
Too much info' travelling around for my liking.
My anti spyware app' tagged it and gutted it so it didn't work.
The Nord program insisted that it be made functional and up to date.
I don't even use the video card.
It came built in.
The 6700 processor has hi def' graphics built in, as I understand it.
When I asked the techs at Nord sbout these issues, they just said to check this and try that.
They never once answered why these issues cropped up in the first place.
I emailed Sven (that Sven) about this.
I thought I might be over thinking this, but he doesn't think so.
What do you guys think?
I"d hate to think a VPN provider would need programming to run that could be used to ID you.
What fancy tricks? That's a guide to setting up OpenVPN manually, if you don't want to use their own software.
I use the Play Store on all my devices to keep my apps updated, as is something I want to do. Considering you can download the installer for Android, from Nord's website, I don't know why you would need to use the Play Store. Can you explain why Nord needs you to use the Play Store?
You don't have to use it if you don't want to and you can even uninstall it.
Is Nord requiring you to use GeForce Experience? You didn't make it clear.
How can a VPN service have anything to do with a video card?
It's in my post.
Darned good question.
You make a lot of vague statements, without going into details, so I have no idea at all what you are talking about. A better explanation, would help.
AUS, from the article (most emphasis mine, tho not all):
So these 3 are more consistent than other 2. Also from other info I've heard, these 3 seems to have worse law, tho I haven't yet searched by myself.
Separate names with a comma.