-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/19/2016 03:50 AM, Jon Tullett wrote: > On 19 July 2016 at 08:31, Mirimir <miri...@riseup.net> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 07/18/2016 07:08 PM, Jon Tullett wrote: >>> On 18 July 2016 at 16:17, Mirimir <miri...@riseup.net> wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >>>> A few years ago, I wrote >>>> <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>. >>> >>> Have you updated it to account for subverted VPN providers? >>> Advising people to use VPNs which may have been subject to >>> national security letters is arguably bad. >> >> Which VPNs have received NSLs? > > I take it that's a no, then?
I account for it by distributing trust, just as Tor does. > Point being, not only do we now know which operators have received > letters, we _can't_ know. The first rule of NSL club is you don't > talk about NSL club. I have yet to see much evidence that warrant > canaries help. And that's not the only risk; operators can be > coerced, hacked, suborned, or otherwise compromised. Belgacom, for > example. What Tor relays have received NSLs? > We mitigate that by layering services, but that's back to the > question of how complex an environment suits your risk profile. Not > everyone has the same nut; not everyone needs the same size > hammer. The NSA is a pretty big nutcracker ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXjfqHAAoJEGINZVEXwuQ+jfsH/j2m+GIEfHEG/Ye1mKviqiYB 2NpeeI5W/r6Zq/Bv/xoqnid+qhwtP/4BwkukXeJ2LhXHBinDKJuKJluOzqiSOqMI 7ThceELgk0ec2eiPSDNJAfH784ShDMpwZEJIJ4I6MmuPXBJ6CJFdzau0rf/M0vGT tm2m5SfPKh66ZvtGzvoHGsyUV0p1Hu5I3H3ID+EiBbP2uqSi/mL1OXaezT5tGamu OxczvVFo5cl3uGCJechHXq/jlTyiNrRf6YAUocitFXwXejMHpUQrvU/TlDnZqN5u rA9Ezxg2YFZ3NltC1Owob8oEgA8/VfWhUZ5v+w9poWG8c6WgOfB4pti5Jq6TAfo= =W8Yj -----END PGP SIGNATURE-----
