Thanks! I would never think of that.
Protonmail, a popular privacy focused and paid email service, is not quite as privacy focused as a few of its users would like after they’re caught providing logs to the police.
As far as personal privacy, that’s probably very relevant. Unless you’re a high-profile personality, not being the low-lying fruit is probably good enough for most people. If they need a quantum computer to crack your encryption, you’ll likely be fine for a good while longer. When social engineering is much cheaper, faster, and simpler to get results with, it’d be like bringing nukes to a butter knife fight.
As far as I understood, it seemed like they only started logging IP and device info after Swiss authorities received Europol request. Maybe the suspects should have used a VPN and Tor network to setup and access their protonmail account but it shows that even in jurisdictions that are usually less easy get surveillance in, there’s still a way for some authorities to do so and that should not be a reason to suspend your other privacy measures.
My understanding is that TOR isn’t fully anonymous (exit nodes can and have been compromised, and apparently there’s a way to unmask the source even though TOR is supposed to go through multiple nodes such that the third node doesn’t know anything about the first).
And the trick with VPN is similar, you have to find one based somewhere where they can’t be forced to log IPs.
In other words, only sufficiently sophisticated and careful criminals can get away with crime.
Sure Tor node IPs are public so one could tell when they are accessed. And some nodes can be compromised or malicious. And obviously, you’d want a VPN that does not log IP traffic and keep your metadata.
But it seems to me that it’s still better than nothing for non-criminal privacy purposes (accessing regular domains, not .onion ones). Following the bread crumbs through the Tor + logless VPN layers sounds to me like something that would not be done easily or casually. What’s a better alternative otherwise?
I suppose VPN+Tor is easy if you know how (sufficiently sophisticated) and remember to do it every single time you need it (careful). You’re right that getting back to the source may be impossible (again assuming truly logless and not subject to the laws of your home country or any of its close (spying) allies), but all it takes is one slip up to lose the protections these services provide.
I can’t think of too many non-criminal privacy purposes. Anonymous activism / whistle-blowing is probably most important. Preventing your ISP from tracking your browsing can be done with either VPN, Tor, or another simple proxy, you don’t need a combination.
I think the whole privacy thing is way overblown. But if I were to worry, my worry would be that should I be falsely accused of something, my internet activity may inadvertantly serve as circumstantial evidence.
There are lots of non-criminal reasons to want to keep your information private.
I think you’re including “internet activity” under “your information”. Private from whom? If you want it to be so private as if it never existed, you’ll need to take more steps than just vpn/tor/proxy.
I was only responding to your statement.
You did not specify “internet activity”. Nor did it specify a particular internet activity. If you’re an alphabet golden doodle who is thinking of having a transexual (or whatever the proper/pc term is) operation, you probably want your internet activity researching the subject to be private.
The online mob who might dislike some silly joke you tweeted or offhand comment about pronouns you made 10 years ago and try to track you down and get you fired. There are sadly lots of examples of this, just for having reasonable but currently unfashionable opinions.
If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.
We were talking about using services like TOR & VPN to hide your internet activity from prying eyes.
I think thit is a slightly different conversation. If you posted your opinions anonymously in the first place (i.e., using a screen name that could never be associated with your real identity), then it would be pretty much impossible for someone to associate it with your real identity, especially years in the future. There’s no need to hide your IP address in this case, because the only entity that may have your IP address is the website where the opinion was posted, and it’s not likely to just give it away so it’d have to be hacked. Your ISP isn’t likely to keep the logs that long (and you might have a different ISP so many years apart), and they won’t just release it without a warrant even if they have it.
As far as the “lots of examples”, I’m only aware of examples where the people never tried (or didn’t try hard enough) to post anonymously in the first place. If you have other examples, I’m all ears (eyes).
Be careful - don’t paint yourself into to tight of a corner.
If you had several social media accounts for different purposes, you’d probably want your IP to be masked if you’re switching between them. Traffic for different accounts from the same IP address could be all that’s needed to connect the dots to your personal information.
Especially if you hold opinions that you think may be controversial to your employer or local community, or simply detrimental to your business, and don’t want risking getting doxed for them, I think it’d be prudent to assume the worst (say hacked website or ISP). At worst, you’ll be doing all this persona masking for nothing. Personally, I’d rather plan for the worst and be pleasantly surprised when the worst never materializes, than assume everything will be fine and be proven wrong.
But then again that’s through the lens of someone who’s lived under a very invasive surveillance state so I cannot say I’m not too cautious about it.
Sure. I meant to cover that when I wrote:
since posting from the same IP address creates an association.