PIA for Tunnel from Purism


#1

Why go with PIA which is a 5 eyes company for VPN? Was surprised when i saw that partnership.


#2

This is one of the reasons I didn’t apply for the .one as well.
Maybe Purism are good guys, but PIA?

This guy (Mark Crapeles) embezzled billions, and they made him a CTO.
Stole billions from investors and claimed “it was a hack”.
Later he was found in Luxury places around the world, this fat buddy
knows how to live the good life. Screwed the Mt. Gox investors big time.
He stole all the funds from Mt.Gox investors.

After such events nobody will use PIA, not only because of 5 eyes,
but just because of facts. And the reason Pursim OEM them is just
another joke, but well, they can ban me if they want.

Unfortunately, instead of rolling their own VPN like Proton, they OEM it from
PIA. Which is a huge meh.

//
Before all the fan boys/moderators start eating me alive, just get familiar with the facts.
I have some other facts about PIA that I might share at a different time, such as proofs
they didn’t encrypt their servers and other parties could access them.
Why do you think they dropped all of the sudden some of their locations they had? :wink:


#3

Interesting question. I assume you consider PIA part of 5 Eyes because they are UK owned/run/located?
If that’s the case, then by that definition, isn’t Purism also part of 5 eyes since they are based in San Francisco, CA, USA?


#4

But PIA doesn’t provide a fully transparent and open-source/libre based VPN service.
I’m able to verify the integrity of my Librem 13 to a certain degree and don’t have to trust Purism, but I cannot walk to PIAs datacenters (I don’t even know if they’re using their own hardware or shared services!) and have a look how they’re operating their service.
That’s the (!) difference.


#5

It’s spelled T O R

:wave:

“Bad publicity is better than no publicity” – B. Streisand

/sarcasm

Now, besides FUD, is this provably non-facutal / misleading?

@peterpan, I think anybody relying on TOR, PIA or any similar service to hide their buttocks from the NSA is a tragic figure.


#6

What is your goal with a VPN?

A VPN/TOR really only does 2 things:
1 changes where what you are connecting to thinks you are coming from. This can be useful for getting around region blocking.
2 changes who can easily see what you are connecting to. This can be useful if you don’t want your ISP/employer to know what you are connecting to.
The exit node of a VPN/TOR has to know what you are connecting to to establish the connection. Open source/closed source doesn’t matter here, the endpoint still knows where the connection is going to because it is handling that traffic.
The entry node of a VPN/TOR may not know where you’re going to but has to know where you’re coming from since you’re connecting to it… Otherwise it wouldn’t work. It is possible for a VPN to be configured so that the in doesn’t know what the out knows but generally that’s not done because they want to monitor usage for billing purposes.

Ultimately a VPN/TOR only changes whom you have to trust with the knowledge of where you’re connecting to.

TOR does add some degree of obfuscation so that the entry/exit nodes should not know who each other are and in turn the destination should not know where you’re coming from, this doesn’t mean you can’t be tracked, just that it takes a little more effort.


#7

Transparency, the ability to audit service providers in terms of “do they log”, using opensource software does not change the technical implication that the endpoint knows your IP but it minimizes the possibility of tampering with your traffic or giving up your logs.
That’s the case for every TOR node and VPN provider as well, so in my opinion, you have to trust the service, but in my case it would be easier if the forementioned aspects are in place.


#8

I like how PIA has proven in court that they dont log BUT refusal to do any kind of warrant canary is troubling.