However this should serve as a stark wakeup call about the dangers of relying on centralized services.
One problem with VPN providers is that you have to trust the provider. Whether a provider keeps logs or not isn’t really auditable.
I wonder if a way to handle this would be to create some kind of decentralized corporation using Ethereum, and running and controlling the VPN that way. Corporate and managerial decisions about logging etc could all be part of the public record on the blockchain - permissions could be baked into the decentralized program itself - making state-sponsored subversion of these organizations much more difficult.
I admit that the tech probably isn’t mature enough for this right now but I wonder if decentralized organizations might not become a way to address this kind of problem in the coming years.
Whether the provider is telling the truth or not may not even matter, because the data centre they are hosted in might keep traffic logs and they wouldn’t know. EarthVPN for example.
I think the same thing happened to Privacy.LI where their data centre in Hong Kong freely cooperated with the US FBI but I can’t find a proper source for this. They claimed to not keep logs but the members of a child pornography ring who used them all got caught (and the ones that didn’t, didn’t), so someone must have had logs.
I agree that the data center where a VPN is hosted is a potential vulnerability as well. It seems like there are weaknesses at multiple levels, even to the point of “how do we trust the hardware this software is running on” but governance over something like ethereum seems like it can solve the problem of how we can we trust an organization’s management.
You could implement the VPN software to check the ethereum logs so it runs whatever the corporation decides. I’m not clear on how you could verify that the VPN software is running unmodified on any particular server though - a human is involved in provisioning / installing something at some point.
Yeah, actually, company’s canary dies + company acknowledges that people have noticed but doesn’t update the canary spells “SOMETHING IS WRONG” in big neon letters, and I just don’t understand why people would think otherwise.
I think the general idea is that new companies are created with new canaries and the old company eventually closes up shop. It would get interesting however if all the providers were hit by the FBI at a faster rate than new companies pop up.
One problem with VPN providers is that you have to trust the provider. Whether a provider keeps logs or not isn’t really auditable.
I wonder if a way to handle this would be to create some kind of decentralized corporation using Ethereum, and running and controlling the VPN that way. Corporate and managerial decisions about logging etc could all be part of the public record on the blockchain - permissions could be baked into the decentralized program itself - making state-sponsored subversion of these organizations much more difficult.
I admit that the tech probably isn’t mature enough for this right now but I wonder if decentralized organizations might not become a way to address this kind of problem in the coming years.
Whether the provider is telling the truth or not may not even matter, because the data centre they are hosted in might keep traffic logs and they wouldn’t know. EarthVPN for example.
I think the same thing happened to Privacy.LI where their data centre in Hong Kong freely cooperated with the US FBI but I can’t find a proper source for this. They claimed to not keep logs but the members of a child pornography ring who used them all got caught (and the ones that didn’t, didn’t), so someone must have had logs.
I agree that the data center where a VPN is hosted is a potential vulnerability as well. It seems like there are weaknesses at multiple levels, even to the point of “how do we trust the hardware this software is running on” but governance over something like ethereum seems like it can solve the problem of how we can we trust an organization’s management.
You could implement the VPN software to check the ethereum logs so it runs whatever the corporation decides. I’m not clear on how you could verify that the VPN software is running unmodified on any particular server though - a human is involved in provisioning / installing something at some point.
Update: https://twitter.com/riseupnet/status/801902121150869504
[Comment removed by author]
Yeah, actually, company’s canary dies + company acknowledges that people have noticed but doesn’t update the canary spells “SOMETHING IS WRONG” in big neon letters, and I just don’t understand why people would think otherwise.
What will we do when all the canaries are dead?
I think the general idea is that new companies are created with new canaries and the old company eventually closes up shop. It would get interesting however if all the providers were hit by the FBI at a faster rate than new companies pop up.