Exactly. @Nami: What is free software?
I don’t want to scare you, but Purism hardware, software and services are too.
PIA might even become a (re-branded?) part of the ethical services bundle Purism is working on, for example mentioned at the end of Purism Origin Story.
- did you check a single line of PureOS yet?
- why would you trust Purism, but not PIA? What makes you think that Purism suddenly makes stupid choices? What makes you think they did not evaluate that choice well? What makes you think they didn’t do their research better than you did?
If you just briefly check their website, you’ll notice that they sponsor the Free Software Foundation plus two dozen other like minded organizations. Their beliefs seem to be exactly aligned with Purism.
- Do you even know for a fact that you would need to use the client software?
It is also possible to just configure the network settings so the VPN is used.
The client software is mostly for convenience, but also for added security for people who don’t really understand how all this works and how to configure it safely. Because those are two of the main problems with security today. Make it easy and safe to use. You should reconsider it.
Finally, do you even understand just how useless it would be to collect telemetry data on the client side? If they want to do that, they can collect it at the exit node.
And no, you don’t avoid that problem by using TOR.
And no, you don’t avoid the NSA by using a non-US VPN service.
The things a VPN can do for you:
- avoid geo-targeting
- avoid censorship
- prevent your ISP from collecting data about you
- prevent an untrusted network (public wireless hotspot) from spying on you *
- some degree of privacy
- in the case of PIA additionally:
- blocked trackers
- blocked ads
- blocked malware
The things a VPN (and TOR) can not really do for you:
- avoid the NSA
- avoid law enforcement / criminal prosecution
- 100% anonymity
(*) By the way, mobile data (3G/4G/5G) is also insecure. In theory, it is safer than an unencrypted hotspot, because is is encrypted, but that encryption layer is weak/broken.
So, a VPN can protect you from attackers that read you mobile data, and even from attackers who created their own portable cell tower for $500, so you log in to theirs to be able to intercept you data.
So, the only way how using a VPN service can make you LESS safe is:
- you act heedless, because you wrongly assume it makes you invincible
- the NSA targets you, because you use a VPN and therefore must have a dark secret
While a canary surely would be nice, I can hardly see the benefit. The only thing PIA could collect about you is meta data, unless you are uncautious enough to use unencrypted traffic (http) for your illegal activites. And that meta data is collected by the NSA anyway. So why would they bother and request it from PIA?
Also, the NSA probably read the PIA documentation, stating that they don’t keep any logs.
By the way, should Purism integrate PIA in their own service bundle, it might be covered by Purism’s own services canary.
Sure. But until then, please don’t assume the worst, based on lack of understanding.
The sane thing to assume is:
- Purism does this because it perfectly fits their mission, not despite it
- It will be pre-configured, but opt-in (YOU say, yes I want this)
- You will get several months of free (as in beer) VPN service, IF YOU opt in.
“Several months” here would mean 3…12. In the original campaign of the Librem 5, one year of free VPN was stretch goal #3. We did no reach that, but as they now found a partner who will surely sponsor a few months in exchange for the promotion, I assume we will get at least some.