• merde alors@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      93
      ·
      2 months ago

      let’s say that VPNs are compromised and “they” know that you’re downloading “illegally”

      in order to prosecute, “they” have to prove you’re a pirate and show how they know

      would they compromise their backDoor to go after a tiny pirate?

      • 🏴 hamid abbasi [he/him] 🏴@vegantheoryclub.org
        link
        fedilink
        English
        arrow-up
        26
        arrow-down
        5
        ·
        2 months ago

        you don’t really need to scare quote they in this context. The NSA and similar organizations are real and operating at this scale right now.

        Will they compromise their back door to go after a pirate? No. Will they collect data on you to profile you and your activities and use that in the future? Yes.

        It is not if, it is when the digital police state is imposed will we know the real end state of this level of data collection. My warning about them is not just about the pirates, its about installing their software and letting them port mirror you and cache your dns calls for years to target you later.

        • parody@lemmings.world
          link
          fedilink
          English
          arrow-up
          28
          ·
          2 months ago

          This is why I compose all my messages on an air gapped computer and send them out from my compound with couriers.

        • Blackmist@feddit.uk
          link
          fedilink
          English
          arrow-up
          9
          ·
          2 months ago

          Will they collect data on you to profile you and your activities and use that in the future? Yes.

          And that’s why the only thing I use my VPN for is piracy. Don’t really have a good reason to push anything else through it.

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        2 months ago

        in order to prosecute, “they” have to prove you’re a pirate and show how they know

        would they compromise their backDoor to go after a tiny pirate?

        this information isn’t likely to be public after the fact.

            • KillingTimeItself@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 months ago

              yeah, and? What are they going to do? Send the DEA after you for growing GMO titties? Gonna hit you with the ATF because you grew hormonally altered facial hair?

              They’ve got shit like fentanyl to be worrying about. I think this is probably the least of concerns, especially considering this is less “drug addiction” and more “illegal prescription drugs” instead. Besides, they don’t get drug money from trans people.

              It’s certainly a potential risk for procurement of the drug legally. But that’s already a problem.

    • Blackmist@feddit.uk
      link
      fedilink
      English
      arrow-up
      33
      ·
      2 months ago

      In fairness I doubt the NSA give a single solitary fuck about piracy and aren’t about to give themselves up over a telesync rip of Beetlejuice 2.

      But probably best to plan 9/11 part 2 over something a bit more secure.

      • sunzu2@thebrainbin.org
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        2 months ago

        Both are considered strong choices but again… This is 100% trust me bro.

        But that’s the people the bros chose to trust

    • Rogers@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 months ago

      Title is probably true, but also it’s less likely for the NSA to leak your info than say an ISP that openly sells your info. I highly doubt that the NSA sees someone pirating Photoshop as a priority. VPNs can help with preventing a random ad from logging your real loose location, have built in DNS ad block, open up region locked content plus a list of other benefits.

      VPNs absolutely help with general privacy, like not putting your personal phone number on a public registry. They are not intended to perfectly hide you from a super power’s intelligence agency lol

        • socsa@piefed.social
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          2 months ago

          Everyone knows it’s impossible for the NSA to buy rack space in Bulgaria, where they literally don’t have to deal with any US legal process.

          It’s also impossible for the NSA to market such a service via pop-privacy blogs and social media profiles.

          The funny part about this is that the Snowden leaks showed that the NSA actually put a lot of effort into doing shit like this specifically to avoid all the paperwork which came with accidentally collecting data from US citizens. Keeping the data and analysis off shore means no pesky FISA paperwork.

          • winkerjadams@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            8
            arrow-down
            1
            ·
            2 months ago

            Because if the government wants that data then they are gonna get it. If it’s in another country its a lot more work than just serving them a warrant like it is if they are USbased

            • Telorand@reddthat.com
              link
              fedilink
              English
              arrow-up
              6
              ·
              2 months ago

              At least that’s a more reasonable answer than trying to imply the NSA has backdoors everywhere.

              My position is that it all depends on your threat model. The government isn’t likely to go after someone who torrents files and is hidden by a VPN. The government might go after someone running a streaming site, on the other hand.

              And even that might wind up with a dead end. AirVPN (for example) is Canada-based, has no logs, and accepts both crypto and anonymous cash payments.

          • liveinthisworld@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 months ago

            As he said, paid with crypto and managed with his own keys. I don’t see how the seedbox provider can trace you if you do that, so there’s not that much to worry about

            • myersguy@lemmy.simpl.website
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              You’re going to connect to the seedbox at some point, which ties your IP to the traffic. If you are worried about a VPN attaching your IP to traffic, this is no different, no?

              • liveinthisworld@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                edit-2
                2 months ago

                SFTP over TOR. This should be a requirement at this point.

                If you’re not doing that, then yes you’re technically right in that seedbox companies can be subpoenaed too. I usually use TOR to copy over what little I torrent.

            • sus@programming.dev
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 months ago

              if you can’t connect to a vpn using only open source software, that’s a crappy vpn

        • Telorand@reddthat.com
          link
          fedilink
          English
          arrow-up
          5
          ·
          2 months ago

          What evidence do you have that no-log VPNs are compromised by the NSA? What about VPNs based in other countries like Canada?

          • KillingTimeItself@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            2 months ago

            the US has so much geopolitical reach that companies in canada or elsewhere would just hand over the question if it was high enough profile.

            • Telorand@reddthat.com
              link
              fedilink
              English
              arrow-up
              4
              ·
              2 months ago

              That’s an interesting point, but I think the “if it’s high profile enough” is key. People torrenting files is probably low on their priorities. On the other hand, somebody organizing a terrorist cell is probably much higher.

              Companies might have an interest in finding pirates, but it would not be as easy for them to get other companies to comply with their subpoenas.

              • KillingTimeItself@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                4
                ·
                2 months ago

                yeah if ur just a dude pirating, it probably doesn’t matter, but if they find you’ve done a large crime, you can bet your ass that shits getting yoinked from you.

                companies might, but that’s almost entirely through legal processes. ceast and desists, required reporting, etc…

            • Telorand@reddthat.com
              link
              fedilink
              English
              arrow-up
              13
              ·
              2 months ago

              The existence of the NSA and their activities is not proof that they have backdoors in VPNs. That’s bogeyman conspiracy theory shit—“they could be anywhere, therefore they’re everywhere!”

              You still haven’t answered the question, and I’m beginning to think you are making shit up based on paranoia.

              • 🏴 hamid abbasi [he/him] 🏴@vegantheoryclub.org
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                6
                ·
                edit-2
                2 months ago

                Go ahead and use these services. I don’t care about you, what you do or what you think. You are deeply unserious if you are not paranoid about the surveillance and I really have nothing to discuss with you.

                • Syntha@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  7
                  ·
                  2 months ago

                  Is there literally any evidence that the US government managed to extract useful information from no-log vpn providers in the US?

                  • SaltySalamander@fedia.io
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    2 months ago

                    I have (anecdotal) evidence that they, in fact, can’t extract useful information from one particular no-log vpn provider in the US, PIA. They showed up to seize data, but walked away empty-handed when they found out that they are, truly, no-log and their servers run entirely from RAM, so no drives to extract data from.

            • psud@aussie.zone
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              Is your home machine, your phone, better protected than the VPN servers? I bet you’re not as good at IT security as the IT security staff VPN companies hire

              If your threat model includes nation state actors, you’re best off not using networked computers

              • sunzu2@thebrainbin.org
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                2 months ago

                I am all about good tinfoil but some of these people acting as if they are SNOWDEN lol

                Yes if feds wanted to catch you shitposting, watching big titied asian porn and downloading coldplay… I think there raised ways than compromising a VPN provider.

                Unless it is a honey pot, then use a different VPN provider. Gonna need trust at the end of the day.

          • liveinthisworld@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            2 months ago

            Technically speaking, VPN logs tend to include the IP address of clients connecting to them, after which the good VPN providers like Mullvad, IVPN and maybe PIA tend to purge them somewhere in their process. Now, if the VPN is running in a RAM-only node, then these logs probably don’t touch storage, which means there’s not much need to shred information from hard drives for the VPN provider.

            With that said, an ISP can technically log your traffic and see that you’re connecting to the IP range associated with a VPN. That and perhaps some more covert side-channel/correlation attacks can, in theory, compromise your identity.

            Of course, this is going deep into OPSEC and forensics, and I don’t think the NSA is that interested in the average Billy torrenting “The Office” to go through that many logs, even if the studios sue in court. Hence, technically your privacy is somewhat maintained with the good VPN providers, but you’re definitely not anonymous

            • Telorand@reddthat.com
              link
              fedilink
              English
              arrow-up
              3
              ·
              2 months ago

              That’s kind of my thought as well. It’s certainly possible someone might go through the effort to find a single pirate downloading The Lion King, but that’s a lot of effort (read: money) to find just one person.

              There’s certainly the possibility that an ISP could note that you connected to a VPN, but given that it’s not a remarkable event, since people connect to VPNs for all kinds of legal reasons, they aren’t likely to track your particular IP’s connection to a VPN apart from a court ordering them to care. They get paid their monthly internet plan price whether someone pirates or checks their email.

              If someone was running the Pirate Bay from their home servers, however, more parties would likely be interested in finding that person, and that person’s threat model probably exceeds just using a logless VPN.