How NSA-proof is your VPN?


#1

[Permalink]


#2

Well, VikingVPN sounds comprimised to hell and back, hah.

No, they can't "compel" you to lie, but they can certainly strongly encourage it. Since we have evidence that the leaders of technical companies HAVE lied about it, there's absolutely no reason to trust someone at their word about this.


#3

The NSA is not who the typical VPN user is obscuring themselves from. If you are using VPN to hide from the NSA then I hope you enjoy your stay in Guantanamo.


#4

I thought the problem with the NSA is that they can actually launch Man-in-the-Middle attacks against internet users - a theoretical possibility that can only be realised if you control the infrastructure. How save is the VPN against a compromised network where the NSA can ensure their packets reach each party establishing the communication before the peers can communicate directly?


#5

Launching MITM attacks on SSL is trivial if you have access to the CA. Consider SSL a basic layer of defense against threat actors that do not have such levels of access, against your employer or government, nope. I'm pondering what the the next thing will be, perhaps it is something along the lines of serialized tokenization on the endpoints? Any solution with an "Authority" is automatically suspect.


#6

I remember back in the 90s when VPNs were a cutting-edge civil-liberties conflict that we were resolving by writing code and John Gilmore funding a bunch of non-USians to develop it outside of US ITAR restrictions. But this millennium they've mostly been how I telecommute to work, and a commodity service we sell to help other people telecommute or generally do business securely.

My VPN is reasonably secure technically, but I'm using it to connect to work, and if the NSA or FBI or local police want to subpoena $DAYJOB for the keys, they can do so, just like they can subpoena the papers on my office desk.


#7

"TARGET ACQUIRED!!" - NSA


#8

The NSA is not who the typical VPN user is obscuring themselves from. If you are using VPN to hide from the NSA then I hope you enjoy your stay in Guantanamo.

I'm not sure if I'm following you properly (and I hope I'm not). Are you saying that VPN's aren't inherently good for security (which I agree with) or that the only people that would use a VPN are criminals and terrorists?

If it's the latter, please explain to me why my business secrets are safe in the hands of every employee of the NSA and/or any of the multitudes of private, quasi-governmental entities that work with them?


#9

This topic was automatically closed after 5 days. New replies are no longer allowed.