On 1/9/84 19:84, Timothy M Butterworth wrote something which will never
be deleted again by the all seeing eye, selector match found
Any commercial VPN service provider provides the same level of protection
as Tor.
No, it does not.
Commercial VPN providers with no-log policy often had logs they handed
out to the authorities. The authorities are acting on the laws in their
jurisdiction. They do not care about moral or fundamental rights.
Commercial VPNs often lack multi-hop support.
Commercial VPNs do not apply a workaround to avoid RDRAND, RDSEED
instructions of the CPU like Tor does.
Commercial VPNs can be run by governments or agencies, infiltrated by
agencies more easily, are provided mostly by only one company. On Tor
you need to be routed through 3 bad nodes to be busted.
Circuit sets (and providers) are random, VPN multihops do not need to be.
Commercial VPNs are lacking the .onion part of Tor.
Commercial VPNs can be used to consolidate users traffic at one provider
or instance, jurisdiction, e.g. IP protection of Safari, iCloud+ relay,
Google One are deployed to force users traffic through servers under US
jurisdiction control because their hoster headquarters are under US
jurisdiction.
Commercial VPNs can be used to apply agency selectors more specificly to
a region, household, country, area of a country, income bracket if run
by agencies or governments.
Commercial VPNs can be used to run statistical analytics or intercept
traffic of their "specially interesting" users.
Commercial VPNs can be used to integrate their targets into the
providers LAN as a target.
Using VPNs or Tor does not protect against traffic correlation attacks.
Bulk data collection is immoral and unethical. Back in 2006 I found that
the USA was hosting photo shopped child porn. They used a JavaScript
vulnerability to create a backdoor on the visiting PC. Their hack only
worked if the user's account has admin privileges. Never surf the web on
windows using an account with admin privileges. The last time I checked on
the vulnerability was in 2010 and it was still not fixed even though it was
well known. I personally believe that the federal government was not
letting MS fix the vulnerability because they were using it as a back door
for data collection. 2006 is when I first moved to GNU/Linux with SUSE
Enterprise Linux Desktop SLED 10. By 2011 I no longer used Windows on my
personal systems so I stopped tracking the vulnerability. I can guess that
it is probably still not fixed.
Governments treat security vulnerabilities as doors and not as holes to
fix. They are willing to risk any critical infrastructure, company,
device, society member to apply surveillance.
If security vulnerabilites are used by bad guys the government will use
it to scream for more protection, meaning more surveillance to protect
society against bad guys. win-win business regards surveillance.
If you read about Intel Management Engine and AMD PSP it is much worse
if you consider it is a backdoor.
-integration into system components via kernel modules
-integration into system through user space application, e.g. Windows
Intel Management system packages
-integration of PAVP and HDCP via Intel Me (serial tracing?)
-KVM access
-network stack of UEFI
-iAMT
-direct and silent CPU, RAM access
-full remote manageability
-anti theft
-outbreak containment heuristic
-TLS
-IPV6
-autoshutdown after 30 minutes if ME is broken
-government agency HAP bit to disable it for high assurance platforms
-uefi integration, only the UEFI GUI for ME can be disabled. Not the ME
function itself
-full access to storage without the OS or antimalware scanners knowledge
Tech is completely broken if you are a normal society member and not
some of the more important people.
It is built to deploy surveillance, profit and stimulate user activity.
The USA does not have a constitutional right to privacy from the
government. The only thing that comes close is the constitutional right
requiring a warrant for search and seizure of documents and property.
Iceland has a constitutional right to privacy. I don't know if there is a
VPN company running in Iceland but if there is that would be the one I
would get. https://ctemplar.com/icelandic-privacy-laws/ It would be nice if
the UN would push to follow Iceland's example.
It is important the company is not under any jurisdiction which is
against fundamental rights or privacy. Companies are required to
cooperate if under pressure. If they not comply they will be shutdown.
Iceland protects Facebook nasty practices.
