-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/19/2016 04:18 AM, Jon Tullett wrote:
On 19 July 2016 at 12:01, Mirimir <mirimir@riseup.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/19/2016 03:50 AM, Jon Tullett wrote:
On 19 July 2016 at 08:31, Mirimir <mirimir@riseup.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/18/2016 07:08 PM, Jon Tullett wrote:
On 18 July 2016 at 16:17, Mirimir <mirimir@riseup.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
A few years ago, I wrote <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>.
Have you updated it to account for subverted VPN providers? Advising people to use VPNs which may have been subject to national security letters is arguably bad.
Which VPNs have received NSLs?
I take it that's a no, then?
I account for it by distributing trust, just as Tor does.
But your guide does not. It doesn't even mention them. Why are you concealing the truth from users?!?11
This gets at the trust issue: | Using VPN services obscures online activity from local observers, | and it also obscures location and identity from remote observers | on the Internet. However, users are entirely vulnerable to | betrayal by the VPN provider. With a second VPN service tunneled | through the first, trust has been distributed, in that compromise | would require collusion between the two providers. That comes pretty close, I think. NSLs are really irrelevant in risk assessment. Because NSL or not, you have no way to know who you can trust. So you can't trust anyone.
The point I'm trying to make is that you can't cover every base. Too often, attempts to do so just end up with unusable rambling essays on security which no one will read and which still fail to cover a lot of ground. You're accusing Tor of something that you yourself can't avoid. That's not a criticism - just a reflection of reality.
Say what you will, this is misleading: | Tor prevents people from learning your location or browsing habits. <SNIP> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXjgMTAAoJEGINZVEXwuQ+P4UH/3zyjj3FmgZTjH0Qe7pijN5s ETxHDAK5gZoGA/8VVeYIEG3SNg2rnNSc6cvD9aW5pdebdZfirtvuwY++vVrFw3P/ y5zqt+MQAdfcPlsFmpty5qkzKAAuO37/4m6yAEAxuTkJvfCpY/ThWVFy8xXk+OeV p2naoo5GFboRP3r4+N1nxY7DsgzwRfhkxVZQSxmPjJhEFxTvNiq2crAnvUHLrBJe 46QiWn+agldN54LxkPVasAUgd7RWirl4O+H9UhZumA2ZrBHNa4I5YYoOw28zc4Am /G2+Kdgst3Ua8em3D6LvNmQnMAUXi7NS5tAazl5IYpQsuj1G/jfkDnUtYeTJN1s= =+aIe -----END PGP SIGNATURE-----