-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/19/2016 04:18 AM, Jon Tullett wrote: > On 19 July 2016 at 12:01, Mirimir <miri...@riseup.net> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 07/19/2016 03:50 AM, Jon Tullett wrote: >>> On 19 July 2016 at 08:31, Mirimir <miri...@riseup.net> wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>> >>>> On 07/18/2016 07:08 PM, Jon Tullett wrote: >>>>> On 18 July 2016 at 16:17, Mirimir <miri...@riseup.net> >>>>> wrote: >>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>> >>>>>> A few years ago, I wrote >>>>>> <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>. >>>>> >>>>> >>>>>> Have you updated it to account for subverted VPN providers? >>>>> Advising people to use VPNs which may have been subject to >>>>> national security letters is arguably bad. >>>> >>>> Which VPNs have received NSLs? >>> >>> I take it that's a no, then? >> >> I account for it by distributing trust, just as Tor does. > > But your guide does not. It doesn't even mention them. Why are you > concealing the truth from users?!?11
This gets at the trust issue: | Using VPN services obscures online activity from local observers, | and it also obscures location and identity from remote observers | on the Internet. However, users are entirely vulnerable to | betrayal by the VPN provider. With a second VPN service tunneled | through the first, trust has been distributed, in that compromise | would require collusion between the two providers. That comes pretty close, I think. NSLs are really irrelevant in risk assessment. Because NSL or not, you have no way to know who you can trust. So you can't trust anyone. > The point I'm trying to make is that you can't cover every base. > Too often, attempts to do so just end up with unusable rambling > essays on security which no one will read and which still fail to > cover a lot of ground. You're accusing Tor of something that you > yourself can't avoid. That's not a criticism - just a reflection of > reality. Say what you will, this is misleading: | Tor prevents people from learning your location or browsing habits. <SNIP> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXjgMTAAoJEGINZVEXwuQ+P4UH/3zyjj3FmgZTjH0Qe7pijN5s ETxHDAK5gZoGA/8VVeYIEG3SNg2rnNSc6cvD9aW5pdebdZfirtvuwY++vVrFw3P/ y5zqt+MQAdfcPlsFmpty5qkzKAAuO37/4m6yAEAxuTkJvfCpY/ThWVFy8xXk+OeV p2naoo5GFboRP3r4+N1nxY7DsgzwRfhkxVZQSxmPjJhEFxTvNiq2crAnvUHLrBJe 46QiWn+agldN54LxkPVasAUgd7RWirl4O+H9UhZumA2ZrBHNa4I5YYoOw28zc4Am /G2+Kdgst3Ua8em3D6LvNmQnMAUXi7NS5tAazl5IYpQsuj1G/jfkDnUtYeTJN1s= =+aIe -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
