Lifetime is implied to be the lifetime of the company as is the case with LITERALLY EVERYTHING.
From an economic view: In this case as soon as you hit 13 months without filen going bankrupt you are literally free compared to the 200GB plan with Google Drive which you would still be stuck paying $4 CAD/month for 200GB long after the lifetime plan has paid for itself (assuming they don’t increase monthly rates as time goes on, which they always do).
Go ahead and pay monthly if you want but you’ll be in exactly the same position if a company goes under, except you would have paid a hell of a lot more than 35 Euro by that point.
Do not trust it to be lifetime and do not trust it to be e2e.
Always use your own OSS encryption on top of it and never trust it to be lifetime. They can not promise you to be lifetime since they can not promise they are still in business in 5 years.
This is literally client-side encryption using fully open source programs… If you “do not trust it to be e2e”, verify the code yourself. Doing your own encryption on top would be redundant.
I host my own Simplelogin instance and generate a new address for every service. Combined with Bitwarden, I now have a unique address and password combination for each account.
This is why I just moved from protonmail to Fastmail. With Fastmail I can send from arbitrary addresses using my domain. Why it’s not that simple with proton is beyond me and now that I’ve tested everything with Fastmail these past few weeks, I see it’s a choice.
I almost signed up for simplelogin but realized I was being sold something that should just be included. Plus setup was convoluted as fuck.
And when those addresses wind up on mailing/spam lists and they’re coming from multiple places, you’re screwed. That’s why email forwarders became a thing, catch-alls aren’t new, but you lack the control most want with them.
Plus, Proton does support plus/+ addressing, which does the same thing as a catch-all. You know the email addy it came from.
If I were a professional spammer, the first thing I’d do to clean the address list I have is to strip out plus addresses. It’s a simple regex.
On how to filter, I can send any address straight to the trash apparently just like simplelogin. I’ll know who sold or leaked my info because it’s in Bitwarden and I can just search my vault to see who I handed that particular address to.
But in some cases you don’t want to use arbitrary addresses, but the exact same that was used to send you an e-mail. For me this is necessary and Simplelogin hides my real e-mail address. Additionally, I can with ease deactivate addresses and minimize spam by a lot.
I can reply from ANY address from my domain including the exact one that was used to send me an email.
I can “deactivate addresses” by sending messages to a particular address straight to trash with rules.
Edit: turns out Fastmail has a masked addresses feature built in, separate from a catch-all. It’s basically simplelogin built in, if you want to enable it. Proton is looking more and more overpriced.
I’ve been using metager for some while and really like it. They’re also part of an initiative pushing for a free as in freedom search index, so that’s nice
I just switched to using Kagi recently and I like it a lot so far! Theres a free tier for 100/searches a month you can use to figure out if you like it.
Me too. I was so reluctant to pay for a search engine at first since there are good alternatives out there I don't have to pay for. But I just at least wanted to try the first 100 free searches and was blown away by how great it is. It has some unique features like prioritizing or blocking specific domains, lenses and custom bangs. I payed the $10 the same day for Pro tier and 5 days later (yesterday) I even upgraded to Ultimate tier with ChatGPT-4 (called Kagi Assistant). I really, really enjoy Kagi so far. Most probably it's gonna be my one and only search engine for the next years to come.
Searx sucks for images in my experience, startpage was bought by an advertising company, brave is weird for a multitude of reasons but I don’t know how good their search engine is as I’ve never tried it
However I do think that finding a searx instance that works for you and then using another engine like ddg for images is the way to go… You could add a shortcut like “.ddg garbage truck” for easily searching with for example ddg on firefox
Also a bit confused by this. I thought the point of searxng is to combine your preferred search engines. So couldn’t I just configure ddg for the image results?
Maybe their point was that you cannot filter the images, like by color, size, license, etc
But anyway, if I want to show somebody a picture of something it works perfectly As for the results, they are pretty comparable between searx, ddg, and googlag.
I would even say searx wins on this one because 1. It’s easier to navigate and open images 2. The nojs version of the search looks so much better than any other search engine
It does seem a bit sporadic. Surfshark seems to be on top above other providers like Mullvad and ProtonVPN. It might have a bit to do with how it weights various criteria.
What VPN is best for you really depends on what you value. A bunch of people left Mullvad for example because they no longer offer port forwarding which can complicate things like bit torrenting for example.
Is that July 20th, 2019, or July 19th, 2020? Regardless, I’m under the impression that the VPN world (or really the tech world in general) evolves waaay too quickly to rely on information that’s either 3 or 4 years old. Also, as I’m typing this, I also think I saw info that That One Privacy was acquired by a company that sells multiple VPN services, a few of which are included in that sheet if I’m remembering correctly.
small updates: added a bit of description to bromite and cromite, icons changed brave’s title to say “stinky doo doo” (😔), added “contact” stuff on the bottom of the page
a few commenters pointed out that the highest rated VPN providers in this table just happen to be the ones that advertise most aggressively and are well-known for buying positive reviews from tech blogs, which are pretty clearly designed to be misleading
Exactly. This is unfortunately common practice, so this breakdown can be dismissed as they’re obviously biased due to monetary motivations.
Consider to read Privacy Guides’ take on the matter instead.
(Perhaps personal) TL;DR would be that Mullvad VPN in combination with Mullvad Browser offers the most private internet browsing experience for people who don’t desire to connect to the Tor Network. Furthermore, Proton offers a suite of privacy-friendly services for mail, drive, password manager etc. Therefore, for the sake of trusting the least amount of parties for these services (at the cost of putting all eggs in one basket), one might consider Proton VPN instead; additionally it includes a free tier and some support to port forwarding (read: allows the use of torrent applications).
I did a lot of research a few years ago and settled on ProtonVPN. I won’t say anything authoritative regarding privacy as I haven’t done any recent research, but I’ve been very happy with the service so far.
I run a seedbox with all the traffic from qBittorrent tunneled through ProtonVPN and I’ve gotten up to 200 Mbps down through a few very healthy torrents before, and on dedicated speed tests I can pull down ~250 Mbps on my gigabit service. I’ve also never had it go down despite using the exact same server 24/7.
Their documentation is also amazing and they generate connection configs for Wireguard and OpenVPN on their website using provided parameters making it dead simple to get started.
As for their second paragraph, perhaps they are rightfully sceptical regarding Privacy Guides. The body of topics they try to cover is substantial, though. And if TheAnonymouseJoker or whosoever disagrees with them, then they’re free to challenge their views.
Privacy Guides isn’t any kind of Gospel or whatsoever that you’d have to agree with in its entirety. I do believe, however, that they’ve done a tremendous job at offering a one-stop shop for those that are conscious regarding their security and privacy. Everyone is free to choose and pick whatever they like from there or not.
I would love to hear about other resources that do a similarly great job at providing at least decent information when it comes to security and privacy; FWIW thenewoil.org exists, however I don’t recall any VPN overview/guide/recommendations from them.
And in doing so you have a never ending list of logs that you can’t control. Fine if you only want to hide location, but useless other than that. 1 LE request and every log will be in there hands in 5mins.
whats the difference in trusting a remote vpn provider or remote vps provider? from a privacy standpoint… btw my vps is hosted in russia and I cant touch it… can you touch the server that host your vpn???
In a VPN you have hundreds of clients and also hundreds of outbound connections, tho not impossible is way harder to find out which connection is being piped to which client. On you own hosted VPS, if you have a dedicated ip is easier, all the traffic will be redirected to only one address, then one of your client.
Even with a vps with a shared ip the number of clients mantaning open connections is probably way lower on average.
I don’t know what size my vps provider is compared to your VPN provider but I’m pretty sure they would tell the US government to fuck off if they asked for data… They are from Russia
You are missing the point, in this case the vector would not be someone requesting data but someone surveiling the VPS or VPN server’s traffic and drawing conclutions out of it
Since there are multimple outside conections (wb1…n), the traffic to the VPN clnent is encripted and each client can have multiople connections (thats why i used Client m and not Client n) you can not in a reliable fashion tell which connection will be sent to which client.
You can in that case reliable say that all the traffic is being piped to Client 1, because ks the only client.
From there a motivated party can trace back you traffic to you ISP, if you got a fixed IP you can be trace back to.
If you are behind a CGNAT that party will need help from your ISP, to see where the fraffic went. Which tbf I neglected to mention before, but still changes the trust from you VPS to you ISP.
To be REALLY fair this tho no wholly easy is also not incredibly hard given you have the right hardware in the right place, I just wanted to explain why mixing your traffic with others has an advantage over a single person VPN
if you can see a server is sending 167 packets of X size and you can see a client is receiving the same, it doesnt matter that it goes through a VPN? You probably also could time the packets… or decrypt them if they are encrypted using a CA
It’s a transfer of trust either way, point being you don’t have physical control over it, and therefore have no idea what’s actually happening on the other end, you’re not hosting it, they are, you’re just administering it.Russia is NO fan of privacy, arguably worse than the US, and now talking about banning all VPN use.
My server is in my house physically. I’d never host my own VPN because I could never compete with what commercial ones in privacy respecting countries can do, let alone needing more outsourced servers for changing my location all over the place, which I do regularly.
@authed@grubbylarry I also used to host my own openvpn and wireshark servers on a vps. But later I shut them down. The thing is, vps will definitely trade your data if Gov pressure is high. Remember, data protecting is not their first priority being a VPS provider, their main priority is giving infrastructure to customers. But with vpn providers, their core business model is based on protecting users privacy (I am not saying all really do that, but many are bound to follow swiss laws or such)
@authed@grubbylarry Proton VPN free plan is even better than hosting vpn on a vps, because they atleast can claim of being protected by the Swiss law, so atleast they can protect your data by that. Whereas you can't even sue your vps if they share your data with anybody, because nobody knows if they really did it. Additionally the problem of dedicated ip is there always.
Honoring a warrant doesn’t mean much, when there’s nothing to turn over than a connection IP and some timestamps, vs all the traffic that could be there otherwise. That’s been proven multiple times with zero knowledge VPN providers.
They can’t make them starting doing things there system isn’t made to do just because they want them to, not how warrants work. Again, been proven many times over at this point. Knowing that you connected at a time, exited from a shared IP, with a bunch of nonsense in the middle keeps you pretty safe. That ignoring that’s even harder when that zero knowledge provider is ina country like Switzerland where it takes VERY direct reasons to have a judge approve a warrant in the first place, dragnets aren’t allowed there, and even then, nothing useful comes back.
A country like Russia wouldn’t kick back info, but their spying is at China level, so you’ve already lost there.
Sure they could, but you are a a bit more anonymous and don’t keeps logs, then there may be nothing to hand over.
Hosting your own vps directly ties internet traffic to you. They can see your ip is part of a swarm and see who owns it. If it’s owned by some guy, they can press you. If it’s owned by a company with a legal team, it’s much more difficult.
NGL doing something like that is WAY above my pay grade anyway, but I still am interested in the answer to this question, because I’ve seen the advice to take the ‘self-operated’ approach before.
It’s not too difficult to setup, but I think people don’t realize that even if your not breaking the law, you may still have to deal with charges and going to court for years before your found innocent. All while dealing with the stress of a jury possibly finding you guilty.
Then you have prosecutors offering plea deals, so then you think do I stand my ground and risk X years in jail? Or do I plead guilty and just go to jail for 2 years?
I feel like numbers are much more difficult, aren’t they? There are limits to how many there are, and the generally cost money to register. How does generating a unique number per service per user work?
I have been using NprdVPN for 5 years. Speed is pretty good, and their zero-log policy have been proved by 3th party. They also use RAM only servers which is better.
I am not sure about that particular leak and the kind of data that was leaked, but I am pretty confident about their zerolog policy as today. NordVPN has undertaken not one, but three independent audits, which is more than other known VPNs.
Many websites confirm their clams, like those ones:
I wish there were some descriptions per provider with the ratings. Mullvad gets constant tests by third party against their network and has proven many times they have a no log policy that’s working, yet they got a 4 out of 5…
With only numbers and generic descriptions that don’t quite match the truth, feels like this sheet is a little misleading. Also, I find it ironic that it’s on Google sheets.
privacy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.