Extend VPN section information #559

New Issue

2018-10-29T22:29:37Z

Offpics commented

2018-10-29 22:29:37 +00:00

(Migrated from github.com)

After some intro text on the site, the first thing that a user sees is a VPN section, that suggests to just click and buy a service.

There is actually no explanation why would anybody need a service like VPN. There should be some information what are the actual risks and benefits of using it in different countries.

After some intro text on the site, the first thing that a user sees is a VPN section, that suggests to just click and buy a service. There is actually no explanation why would anybody need a service like VPN. There should be some information what are the actual risks and benefits of using it in different countries.

👍 1

ghost commented

2018-10-29 22:47:23 +00:00

(Migrated from github.com)

I wanted to add many tutorials and things like this to the website, but I don't have enough time for that right now.

However, I have a few articles about VPNs, like this one: https://theprivacyguide.org/tutorials/understanding-vpns.html.

Also good point on countries.

I wanted to add many tutorials and things like this to the website, but I don't have enough time for that right now. However, I have a few articles about VPNs, like this one: https://theprivacyguide.org/tutorials/understanding-vpns.html. Also good point on countries.

strypey commented

2019-04-17 05:37:14 +00:00

(Migrated from github.com)

Maybe worth integrating some of the insights from 'Don't Use VPN Services' and its comment thread. Especially the point that using a commercial VPN is just paying a second ISP to stop potential spying by the ISP you're already paying for your net connection.

A few more criteria for listing commercial VPN vendors on PTIO (examples are from ExpressVPN as this is the vendor I ended up using since I got to China):

all apps provided to users licensed as free code - no source code is available for any ExpressVPN apps, I've asked customer support about this a number of times.
all required Javascript licensed as free code, or no Javascript on the company website at all - according to NoScript, the ExpressVPN website has a bunch of proprietary JS from third-party domains including Akamized, SnapEngage, Farcebook(!), and 3 goOgle domains(!). AFAIK there is no way to use their service without visiting their site and allowing at least some of this JS.
no trackers or other privacy-compromising components built into the company website (see above).

Some free code projects relevant to the discussion of VPN providers/ replacements (in alphabetical order):

Bitmask - developed by LEAP Encryption Access Project, supported by a number of non-commercial providers including RiseUp.net.
Lantern - bills itself as "faster than a VPN". The client code is all free and you get a certain amount of gratis use per month (metred by traffic if I remember rightly), then you have to pay.
Mysterium - an experiment with building a decentralized VPN on a blockchain.
Wireguard - OpenVPN replacement (see #633 )

Maybe worth integrating some of the insights from '[Don't Use VPN Services](https://gist.github.com/joepie91/5a9909939e6ce7d09e29)' and its comment thread. Especially the point that using a commercial VPN is just paying a second ISP to stop potential spying by the ISP you're already paying for your net connection. A few more criteria for listing commercial VPN vendors on PTIO (examples are from ExpressVPN as this is the vendor I ended up using since I got to China): * all apps provided to users licensed as free code - no source code is available for any ExpressVPN apps, I've asked customer support about this a number of times. * all required [Javascript licensed as free code](https://www.gnu.org/philosophy/javascript-trap.en.html), or no Javascript on the company website at all - according to NoScript, the ExpressVPN website has a bunch of proprietary JS from third-party domains including Akamized, SnapEngage, Farcebook(!), and 3 goOgle domains(!). AFAIK there is no way to use their service without visiting their site and allowing at least some of this JS. * no trackers or other privacy-compromising components built into the company website (see above). Some free code projects relevant to the discussion of [VPN providers/ replacements](https://trisquel.info/en/forum/potential-vpn-options-replacements) (in alphabetical order): * [Bitmask](https://github.com/leapcode/) - developed by LEAP Encryption Access Project, supported by a number of non-commercial providers including RiseUp.net. * [Lantern](https://github.com/getlantern) - bills itself as "faster than a VPN". The client code is all free and you get a certain amount of gratis use per month (metred by traffic if I remember rightly), then you have to pay. * [Mysterium](https://github.com/mysteriumnetwork/) - an experiment with building a decentralized VPN on a blockchain. * [Wireguard](https://git.zx2c4.com/?q=wireguard) - OpenVPN replacement (see #633 )

👍 1

strypey commented

2019-04-21 13:02:44 +00:00

(Migrated from github.com)

Compare the ExpressVPN UX to Mullvad.net, for example, which has a GH repo for all its end-user apps, a website that can be viewed without JS (although it does suggest users turn it on), and uses no third-party scripts from domains owned by datafarms. Mullvad goes to great lengths to allow folks to use its services anonymously (requires no email address to sign up etc). Not requiring proprietary software to use the actual VPN service ought to be a minimum requirement for endorsement on PTIO.

EDIT: fixed a couple of typos and added the bits about third-party scripts

Compare the ExpressVPN UX to Mullvad.net, for example, which has a GH repo for all its end-user apps, a website that can be viewed without JS (although it does suggest users turn it on), and uses no third-party scripts from domains owned by datafarms. Mullvad goes to great lengths to allow folks to use its services anonymously (requires no email address to sign up etc). Not requiring proprietary software to use the actual VPN service ought to be a minimum requirement for endorsement on PTIO. EDIT: fixed a couple of typos and added the bits about third-party scripts

Mikaela commented

2019-04-21 14:58:37 +00:00

(Migrated from github.com)

Related: https://github.com/privacytoolsIO/guides.privacytools.io/issues/1

strypey commented

2019-05-04 15:29:47 +00:00

(Migrated from github.com)

Arguments have been made in the discussion on adding ProtonVPN (#238) that the page ought to avoid recommending any specific commercial service. Instead, it could focus on a discussion of why a user might choose to use a VPN service, what they can and can't do, the pros and cons of a commercial service vs. self-hosting/ community-hosting (eg RiseUp's gratis service for activists using BitMask), and some information about software options (client-side and server software for self-hosting).

If there are recommendations of specific commercial vendors, it would make sense to choose ones whose products and services are endorsed elsewhere on the site. ProtonVPN fits in the category, since ProtonMail is recommended. I would also endorse RiseUp's service, ThinkPenguin's PenguinVPN service, and the Librem Tunnel service recently launched by Puri.sm in association with Private Internet Access.

EDIT: added PenguinVPN

Arguments have been made in the discussion on adding ProtonVPN (#238) that the page ought to avoid recommending any specific commercial service. Instead, it could focus on a discussion of why a user might choose to use a VPN service, what they can and can't do, the pros and cons of a commercial service vs. self-hosting/ community-hosting (eg [RiseUp's gratis service for activists using BitMask](https://f-droid.org/en/packages/se.leap.riseupvpn/)), and some information about software options (client-side and server software for self-hosting). If there are recommendations of specific commercial vendors, it would make sense to choose ones whose products and services are endorsed elsewhere on the site. ProtonVPN fits in the category, since ProtonMail is recommended. I would also endorse RiseUp's service, [ThinkPenguin's PenguinVPN service](https://www.thinkpenguin.com/gnu-linux/penguinvpn-subscription-1-6-and-12-month-options), and the [Librem Tunnel service recently launched by Puri.sm in association with Private Internet Access](https://puri.sm/posts/purism-becomes-pia-first-oem-partner/). EDIT: added PenguinVPN

atomGit commented

2019-05-16 22:03:14 +00:00

(Migrated from github.com)

this needs changed i think (https://www.privacytools.io/providers/vpn/):

Note: Using a VPN provider will not make you anonymous. But it will give you a better privacy. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.

"give you a better privacy" definitely needs changed, but how about something a little more...

Warning: A VPN provider will not make you anonymous, however it can help to protect your privacy. No VPN provider can be considered to be completely trustworthy and therefore one should not rely entirely upon their advertised policies, including 'no log' policies. A VPN is not a tool to be used for illegal activity. Please research multiple providers carefully before committing.

this needs changed i think (https://www.privacytools.io/providers/vpn/): > Note: Using a VPN provider will not make you anonymous. But it will give you a better privacy. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. "give you a better privacy" definitely needs changed, but how about something a little more... Warning: A VPN provider will not make you anonymous, however it can help to protect your privacy. No VPN provider can be considered to be completely trustworthy and therefore one should not rely entirely upon their advertised policies, including 'no log' policies. A VPN is not a tool to be used for illegal activity. Please research multiple providers carefully before committing.

blacklight447 commented

2019-08-09 20:02:07 +00:00

(Migrated from github.com)

since the redesign of the website, vpns are not the first thing users see anymore. Also we now have more info on VPN s on the warning label on the vpn provider page, so i think we can close this issue now, thoughts? @JonahAragon @Mikaela @nitrohorse

Mikaela commented

2019-08-09 20:43:01 +00:00

(Migrated from github.com)

In most cases, VPNs do little to protect your privacy or enhance your security, unless paired with other changes.

https://www.privacytools.io/providers/vpn/#info

Yes, I think we can close this.

> In most cases, VPNs do little to protect your privacy or enhance your security, unless paired with other changes. * https://www.privacytools.io/providers/vpn/#info Yes, I think we can close this.

👍 2

This repo is archived. You cannot comment on issues.