-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/19/2016 03:50 AM, Jon Tullett wrote:

On 19 July 2016 at 08:31, Mirimir <mirimir@riseup.net> wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 07/18/2016 07:08 PM, Jon Tullett wrote:

...

On 18 July 2016 at 16:17, Mirimir <mirimir@riseup.net> wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

...

...

...

A few years ago, I wrote <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>.

Have you updated it to account for subverted VPN providers? Advising people to use VPNs which may have been subject to national security letters is arguably bad.

Which VPNs have received NSLs?

I take it that's a no, then?

I account for it by distributing trust, just as Tor does.

Point being, not only do we now know which operators have received letters, we _can't_ know. The first rule of NSL club is you don't talk about NSL club. I have yet to see much evidence that warrant canaries help. And that's not the only risk; operators can be coerced, hacked, suborned, or otherwise compromised. Belgacom, for example.

What Tor relays have received NSLs?

We mitigate that by layering services, but that's back to the question of how complex an environment suits your risk profile. Not everyone has the same nut; not everyone needs the same size hammer.

The NSA is a pretty big nutcracker ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXjfqHAAoJEGINZVEXwuQ+jfsH/j2m+GIEfHEG/Ye1mKviqiYB 2NpeeI5W/r6Zq/Bv/xoqnid+qhwtP/4BwkukXeJ2LhXHBinDKJuKJluOzqiSOqMI 7ThceELgk0ec2eiPSDNJAfH784ShDMpwZEJIJ4I6MmuPXBJ6CJFdzau0rf/M0vGT tm2m5SfPKh66ZvtGzvoHGsyUV0p1Hu5I3H3ID+EiBbP2uqSi/mL1OXaezT5tGamu OxczvVFo5cl3uGCJechHXq/jlTyiNrRf6YAUocitFXwXejMHpUQrvU/TlDnZqN5u rA9Ezxg2YFZ3NltC1Owob8oEgA8/VfWhUZ5v+w9poWG8c6WgOfB4pti5Jq6TAfo= =W8Yj -----END PGP SIGNATURE-----