privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Addition of reponsible marketing section #1538

Merged
dngray merged 3 commits from pr-reponsible_vpn_marketing into master 2019-11-29 16:52:22 +00:00
Conversation 2 Commits 3 Files Changed 1 +30
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
pages/providers/vpn.html
View File

@ -124,6 +124,36 @@ description: "Find a no-logging VPN operator who isn't out to sell or read your
</ul>
</div>
<div class="col-12">
<h3><span class="badge badge-info">Marketing</span></h3>
<p>With the VPN providers we recommend we like to see responsible marketing.</p>
</div>
<div class="col-md-6">
<p><strong>Minimum to Qualify:</strong></p>
<ul>
<li>Must self host analytics (no Google Analytics etc). The provider's site must also comply with <a href="https://en.wikipedia.org/wiki/Do_Not_Track">DNT (Do Not Track)</a> for those users who want to opt-out.</li>
</ul>
</li>
<p>Must not have any marketing which is irresponsible:</p>
<ul>
<li>Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, eg:</li>
dngray commented 2019-11-29 11:06:01 +00:00 (Migrated from github.com)
Review
Copy Link

In the case of

Mullvad:
I don't think that is inaccurate at all. What they are talking about is eavesdropping on a shared WiFi access point. The word "even" is should probably be omitted.

ProtonVPN:
Once again it talks about shared networks and untrusted Internet connections. This is the whole reason you'd use a VPN, ie to prevent your ISP from seeing what you're doing, or local administrator.

IVPN:
That's not totally wrong either. If I am on a VPN server with 1000 other users, it's certainly more anonymous than if I connected directly.

The thing none of these providers claim, is that their product will provide 100% anonymity. I have no problems with VPN providers claiming to keep you secure on untrusted networks.

This is assuming you trust their network to not eavesdrop on you. There is no substitution for E2EE and TLS in that case.

In the case of Mullvad: I don't think that is inaccurate at all. What they are talking about is eavesdropping on a shared WiFi access point. The word "even" is should probably be omitted. ProtonVPN: Once again it talks about shared networks and untrusted Internet connections. This is the whole reason you'd use a VPN, ie to prevent your ISP from seeing what you're doing, or local administrator. IVPN: That's not totally wrong either. If I am on a VPN server with 1000 other users, it's certainly more anonymous than if I connected directly. The thing *none* of these providers claim, is that their product will provide 100% anonymity. I have no problems with VPN providers claiming to keep you secure on untrusted networks. This is assuming you trust *their* network to not eavesdrop on you. There is no substitution for E2EE and TLS in that case.
<ul>
<li>Reusing personal information eg. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)</li>
Mikaela commented 2019-11-29 12:27:58 +00:00 (Migrated from github.com)
Review
Copy Link

Issue of interest: https://github.com/privacytoolsIO/privacytools.io/issues/1186

Issue of interest: https://github.com/privacytoolsIO/privacytools.io/issues/1186
dngray commented 2019-11-29 14:43:02 +00:00 (Migrated from github.com)
Review
Copy Link

Removed mention of Matomo specifically. Realistically VPN providers are going to want to know what is going on with their website, so I feel we do have to offer them some alternative to Google Analytics. Currently none of our providers use third party analytics.

Removed mention of Matomo specifically. Realistically VPN providers are going to want to know what is going on with their website, so I feel we do have to offer them some alternative to Google Analytics. Currently none of our providers use third party analytics.
<li><a href="https://www.privacytools.io/browsers/#fingerprint">Browser fingerprinting</a></li>
</ul>
<li>Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of 3 or more hops that regularly changes.</a></li>
<li>Use responsible language, eg it is okay to say that a VPN is "disconnected" or "not connected", however claiming that a user is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example the visiting user might be on another VPN provider's service or using Tor.</li>
</ul>
</div>
<div class="col-md-6">
<p><strong>Best Case:</strong></p>
<p>Responsible marketing that is both educational and useful to the consumer could include:</p>
<ul>
<li>A accurate comparison to when Tor or other <a href="https://www.privacytools.io/software/networks/">Self contained networks</a> should be used.</li>
<li>Availability of the VPN provider's website over a .onion <a href="https://en.wikipedia.org/wiki/.onion">Hidden Service</a></li>
</ul>
</div>
<div class="col-12">
<h3><span class="badge badge-info">Additional Functionality</span></h3>
<p>While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.</p>