Addition of reponsible marketing section #1538

2019-11-29T10:31:37Z

dngray commented

2019-11-29 10:31:37 +00:00

(Migrated from github.com)

Addition of a responsible marketing section. These things often come up in discussion on the forums, and in other PRs.

blacklight447 (Migrated from github.com) reviewed 2019-11-29 10:31:37 +00:00

netlify[bot] commented

2019-11-29 10:32:16 +00:00

(Migrated from github.com)

Deploy preview for privacytools-io ready!

Built with commit 88c932c043

https://deploy-preview-1538--privacytools-io.netlify.com

Deploy preview for *privacytools-io* ready! Built with commit 88c932c043e142ce4c811a0a2df2face1ec3ef4b https://deploy-preview-1538--privacytools-io.netlify.com

Mikaela commented

2019-11-29 10:36:54 +00:00

(Migrated from github.com)

Would you mind including the links to what you mainly change in your PR comment or somewhere, so they don't need to be digged out separately?

https://deploy-preview-1538--privacytools-io.netlify.com/providers/vpn/#criteria

Would you mind including the links to what you mainly change in your PR comment or somewhere, so they don't need to be digged out separately? * https://deploy-preview-1538--privacytools-io.netlify.com/providers/vpn/#criteria

👍 1

Mikaela (Migrated from github.com) reviewed 2019-11-29 10:48:57 +00:00

Mikaela (Migrated from github.com) left a comment

LGTM, while I also see every VPN provider failing this criteria at least when I am the judge.

pages/providers/vpn.html

						
				@ -128,0 +136,4 @@

				      </li>

				      <p>Must not have any marketing which is irresponsible:</p>

				        <ul>

				          <li>Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, eg:</li>

Mikaela (Migrated from github.com) commented

2019-11-29 10:41:24 +00:00

I think Mullvad fails here.

Karkota hakkerit ja jäljittäjät
Kun yhdistät verkkoon Mullvadilla, me varmistamme, että sekä tietokoneeltasi lähtevä että siihen saapuva liikenne salataan täysin korkeimpien standardien mukaan, jopa silloin kun käytät kahvilan tai hotellin julkista WiFi-verkkoa.

Shoo hackers and trackers
When you connect to the network using Mullvadm, we will ensure that your connection is entirely/fully encrypted according to the highest standards, even when you are using public WiFi-network of a hotel or a café.

I think Mullvad fails here. > Karkota hakkerit ja jäljittäjät > Kun yhdistät verkkoon Mullvadilla, me varmistamme, että sekä tietokoneeltasi lähtevä että siihen saapuva liikenne salataan täysin korkeimpien standardien mukaan, jopa silloin kun käytät kahvilan tai hotellin julkista WiFi-verkkoa. > Shoo hackers and trackers > When you connect to the network using Mullvadm, we will ensure that your connection is entirely/fully encrypted according to the highest standards, even when you are using public WiFi-network of a hotel or a café.

Mikaela (Migrated from github.com) commented

2019-11-29 10:43:30 +00:00

I see ProtonVPN also failing here

Security
Our secure VPN sends your internet traffic through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even over public or untrusted Internet connections.

I would also question

Tor over VPN
ProtonVPN also integrates with the Tor anonymity network. With a single click, you can route all your traffic through the Tor network and access Onion sites.

I see ProtonVPN also failing here > Security > Our secure VPN sends your internet traffic through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even over public or untrusted Internet connections. I would also question > Tor over VPN > ProtonVPN also integrates with the Tor anonymity network. With a single click, you can route all your traffic through the Tor network and access Onion sites.

Mikaela (Migrated from github.com) commented

2019-11-29 10:48:30 +00:00

I am not certain about IVPN here either.

Free yourself from surveillance
What you do online is tracked by companies, governments and others you don't know and can't trust.
Take a step towards protecting your private data with IVPN.

https://www.ivpn.net/what-is-a-vpn also seems to give an impression that the unencrypted http traffic gets magically encrypted after enabling IVPN.

https://www.ivpn.net/wifi-protection also seems a bit of scaremongering to me.

https://www.ivpn.net/dns-server says nothing about DoT/DoH which doesn't particularly surprise me and I wouldn't have expected it.

I am not certain about IVPN here either. > Free yourself from surveillance > What you do online is tracked by companies, governments and others you don't know and can't trust. > Take a step towards protecting your private data with IVPN. https://www.ivpn.net/what-is-a-vpn also seems to give an impression that the unencrypted http traffic gets magically encrypted after enabling IVPN. https://www.ivpn.net/wifi-protection also seems a bit of scaremongering to me. https://www.ivpn.net/dns-server says nothing about DoT/DoH which doesn't particularly surprise me and I wouldn't have expected it.

dngray (Migrated from github.com) reviewed 2019-11-29 11:06:02 +00:00

pages/providers/vpn.html

						
				@ -128,0 +136,4 @@

				      </li>

				      <p>Must not have any marketing which is irresponsible:</p>

				        <ul>

				          <li>Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, eg:</li>

dngray (Migrated from github.com) commented

2019-11-29 11:06:01 +00:00

In the case of

Mullvad:
I don't think that is inaccurate at all. What they are talking about is eavesdropping on a shared WiFi access point. The word "even" is should probably be omitted.

ProtonVPN:
Once again it talks about shared networks and untrusted Internet connections. This is the whole reason you'd use a VPN, ie to prevent your ISP from seeing what you're doing, or local administrator.

IVPN:
That's not totally wrong either. If I am on a VPN server with 1000 other users, it's certainly more anonymous than if I connected directly.

The thing none of these providers claim, is that their product will provide 100% anonymity. I have no problems with VPN providers claiming to keep you secure on untrusted networks.

This is assuming you trust their network to not eavesdrop on you. There is no substitution for E2EE and TLS in that case.

In the case of Mullvad: I don't think that is inaccurate at all. What they are talking about is eavesdropping on a shared WiFi access point. The word "even" is should probably be omitted. ProtonVPN: Once again it talks about shared networks and untrusted Internet connections. This is the whole reason you'd use a VPN, ie to prevent your ISP from seeing what you're doing, or local administrator. IVPN: That's not totally wrong either. If I am on a VPN server with 1000 other users, it's certainly more anonymous than if I connected directly. The thing *none* of these providers claim, is that their product will provide 100% anonymity. I have no problems with VPN providers claiming to keep you secure on untrusted networks. This is assuming you trust *their* network to not eavesdrop on you. There is no substitution for E2EE and TLS in that case.

Mikaela (Migrated from github.com) approved these changes 2019-11-29 12:28:02 +00:00

pages/providers/vpn.html

						
				@ -128,0 +138,4 @@

				        <ul>

				          <li>Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, eg:</li>

				          <ul>

				            <li>Reusing personal information eg. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)</li>

Mikaela (Migrated from github.com) commented

2019-11-29 12:27:58 +00:00

Issue of interest: https://github.com/privacytoolsIO/privacytools.io/issues/1186

dngray (Migrated from github.com) reviewed 2019-11-29 14:43:02 +00:00

pages/providers/vpn.html

						
				@ -128,0 +138,4 @@

				        <ul>

				          <li>Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, eg:</li>

				          <ul>

				            <li>Reusing personal information eg. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)</li>

dngray (Migrated from github.com) commented

2019-11-29 14:43:02 +00:00

Removed mention of Matomo specifically. Realistically VPN providers are going to want to know what is going on with their website, so I feel we do have to offer them some alternative to Google Analytics. Currently none of our providers use third party analytics.