Can we trust VPNs?

I got thinking about how much power your VPN provider must have over you. They have the ability to see all your traffic, in some cases from multiple devices or even your entire network. While they may claim to keep no logs, how do we know they are telling the truth? I would imagine they could get into legal trouble for lying about their privacy policy but… can they?

If they can lie about their policies and practices then should we just ditch VPNs entirely and use alternatives? Or can a provider be trustworthy if they can’t lie about their policies?

You can’t trust your VPN, but as long as you trust your VPN provider more than your ISP it’s worth to consder a VPN.

Also even a untrustworthy VPN protects you from the dangers of mitm-attacks at public wifi.

Also it differs a lot per provider. There are definetly a lot providers that can’t be trusted, while there are others that could be better.

A VPN can only be trusted on their reputation since we can’t check on their server by ourself if the logs are turned off. Any VPN can lie on their policy and they will not be in any trouble for it (ex: PureVPN), the only way to make sure you are using a good VPN is by doing research on them, since how many years they are running and if they got any subpoena and how it have ended (can’t find the user or user arrested…).

It’s always a risk. But risk is everywhere - especially on the internet.

Can’t imagine how betrayed customers feel when their supplier proves to be a liar. Companies like that should be brought down through the legal system. Destroyed.

If you don’t trust your VPN provider, you can always run you own private server.

How about Nord VPN, trustworthy? One privacy guy seems to say yes, another user says his dsta is outdated,

Never 100%. You can’t know unless the good/bad news comes out. You can have two, and it would drastically reduce your threat model.

It’s a serious question worth considering, someone did the hard yards for you and compiled a list of pros and cons for each VPN, and yes he’s not trying to sell you anything. https://thatoneprivacysite.net/

Yesno, find all the reputable VPNs for your connection/platform and use them. All of them. Not one VPN. FIVE VPNs!

“Sandbox” them: those two for Firefox, that one for app, that one for app, that one for fallback. Don’t let Firefox VPN see app traffic VPN, und vice versa. Especially sandbox cloud storage, that way cloud storage VPNs don’t see traffic/downloads.

Reasons: Cheaper, without financial PII subscription (optional, of course). Less profiling, because certain srs bzns is separated, theres a disconnect between subjects or services.

This is a good answer.

The real aim in digital privacy should be to not have to trust anyone. VPNs don’t accomplish this; “they can lie about their policies and practices”, as OP said. However, although is sucks to have to trust someone in the first place, it’s still a good idea to trust someone with a good privacy policy in a good jurisdiction.

I would imagine they could get into legal trouble for lying about their privacy policy but… can they?

Yeah, privacy policies do have legal teeth. It depends on jurisdiction, of course, but lying in the privacy policy is generally illegal.

They have the ability to see all your traffic

Not really, because of HTTPS

What if I can’t find any cases of a user getting in trouble while hiding behind a VPN? Should I just skip it since I can’t see if they are properly able to protect anyone?

you still have to trust your ISP or server provider if you do that…

I’m aware of the comparison list, but everything on there is according to the provider. If the provider is untrustworthy it doesn’t matter if they claim the don’t log anything when they in fact do.

Not really, because of HTTPS

This depends a lot on how the server and the client is configured. At the computer the client is usually a browser, which does things pretty well, but on mobile phone most apps don’t verify certificates properly, so https can be very easy circumvented.
Also many servers are not configured properly, on this servers it’s often also possible to get the plaintext.

So using https alone doesn’t mean anything. And it requires a lot of knowledge, to be able to decide if a https connection really is secure, or if it only looks secure but in reality isn’t.

Bigger name VPNs are usually going to have at least one case.

Can you point us to an up to date one?

vpn list says

(Data last updated on 7/18/18)

Can you indicate what part is out of date?

That’s a solid point, there’s some that have had their logging tested in court and shutdown in countries that forced logging compliance, that might be some indication of a track record you can trust but there’s no way of knowing for sure it’s practised across all their servers. Can’t recall if that’s factored into the list.

There’s a monetary incentive to be trustworthy to gain a particular market segment who understands privacy, so even if there’s noone trustworthy now I believe market demand will bring us something trustworthy.

Theres also a monetary incentive for some VPNs to do what governments want, to keep business in that country and avoid getting sued or sabotaged.

No-logging, as advertised, is just that. No government is gonna hang up the phone and say Well, I Guess We Got Nothin. Theyre gonna be the ones that determine “no-logging”, theyre gonna want the storage under their forensics, theyre not going to walk out of a VPN office empty handed.

I wouldnt run an absolute zero logging VPN, not only would that be bad for sysadmins, it moreso means staunch non-compliance to government psychology. Why would a premium VPN service give a fvck what the hoi polloi thinks about no-logging? Uh oh, minimal logs, bad chart performer, oh well. Its unrealistic for systems, itll draw attention, and its bad for international business. Ya want more anonymity, then you need a PhD in Torology.

I’d have a minimum amount of logging, with random days of reckless deletion and random inclusions of random blob data. That way when the g-men arrive, I can open the doors for them, explain to them that we secretly keep more logs than we say, watch them smile at that, and say Yes Oh Absolutely Here Ya Go, and then theyll walk away with handtrucks of tapes and hard drives, full of material that they really can’t make anything out of because its also automagically edited, and in the end I cannot be thought of as some non-compliant free-thinking anarchist in a pink shirt, the other VPNs will be thought of that way.

And the front desk lady, that happens to be eating a Chicken drumstick and chewing gum at the same time (what the!), is also my strange wife thats an escort who gonna get paid to fvck those guys. Thas my heaux. And in exactly 15 days on a Friday a courier will deliver a bottle of fine Scotch to their offices with shiatsu massage gift certificates. On a Wednesday, Kato, the masseuse, Enters, who pretends he do not speak teh language very well, but he’s secretly wearing a wire and he’s on a fake phone call shouting at his dog in Kowloon hegelian dialect while the cameras are photographing their office, and he leaves his phone there, gets in his car, sets a timer for 11minutes 38seconds, and returns because it was audio recording those bastards.

What’s wrong with perfect privacy ?