Jump to content
Not connected, Your IP: 3.236.51.151

Recommended Posts

Would AirVPN consider setting up a warrant canary https://en.wikipedia.org/wiki/Warrant_canary

LiquidVPN  https://www.liquidvpn.com/ is the only VPN service I'm aware of that offer's this...https://www.liquidvpn.com/billing/canary/canary

This would be a great feature, another layer of security and the ultimate in piece of mind.

Share this post


Link to post

+1 , great idea, im suprised this hasnt been brought up much much earlier , matter of fact ive always thought Air had this in place already

Share this post


Link to post

No offense guys, I just checked their site and that canary thing looks like a cheap marketing junk.

How can you take that information seriously, when on another section, they have their "Transparency Reports",

or should I call it "Incompetent censorship by a so-called VPN provider", where after they got some DMCA on NL based server, they blocked port 9090.

 

https://www.liquidvpn.com/billing/knowledgebase/241/NL---Notice-of-Claimed-Infringement-Case-sharp206058383.html

 

I wonder what will happen if we will send them DMCA claims on 65533 more ports. 

 

Anyway, U.S. based provider. That says all.

 

 

Personally I prefer Air not to waste time on that junk, and send those "canary" and "reports" directly to /dev/null where they belong.

The status page has pretty accurate mrtg logs, so in case a server is down, which happens sometimes, you will see it on the status page instead, right?


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

No offense guys, I just checked their site and that canary thing looks like a cheap marketing junk.

How can you take that information seriously, when on another section, they have their "Transparency Reports",

or should I call it "Incompetent censorship by a so-called VPN provider", where after they got some DMCA on NL based server, they blocked port 9090.

 

https://www.liquidvpn.com/billing/knowledgebase/241/NL---Notice-of-Claimed-Infringement-Case-sharp206058383.html

 

I wonder what will happen if we will send them DMCA claims on 65533 more ports. 

 

Anyway, U.S. based provider. That says all.

 

 

Personally I prefer Air not to waste time on that junk, and send those "canary" and "reports" directly to /dev/null where they belong.

The status page has pretty accurate mrtg logs, so in case a server is down, which happens sometimes, you will see it on the status page instead, right?

 

Hi there,

I think if we take liquidvpn out of the picture and just concentrate on the method of making users aware if a national security letter has been issued we'll be more on the point.

I cannot see any reason for not setting something up to this end.

I found both these links informative,

https://www.eff.org/deeplinks/2014/04/warrant-canary-faq 

http://www.vpncompare.co.uk/vpn-providers-that-have-a-warrant-canary/

Share this post


Link to post

EFF's position is all well and good, I certainly support it, but warrant canaries' legal efficacy has yet to been proven in court.

The existence of a warrant canary doesn't tell customers anything about a company's willingness to stand up for it in court.
Most lawyers will tell you that there's hardly any difference between empyloying a warrant canary and outright violating the terms of a gag order - it's the same level of risk.
At least that's the conclusion Moxie Marlinspike and his legal contacts have come to:
https://github.com/WhisperSystems/whispersystems.org/issues/34#issuecomment-49910725

Don't rely on warrant canaries. Think about what happened to Lavabit - standing up to the law will destroy you. Responsible service providers will take the hard road (and get crushed).
Irresponsible service providers (read: almost all profit-oriented companies) will take the easy road (and cave) - warrant canary or not.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

EFF's position is all well and good, I certainly support it, but warrant canaries' legal efficacy has yet to been proven in court.

 

The existence of a warrant canary doesn't tell customers anything about a company's willingness to stand up for it in court.

Most lawyers will tell you that there's hardly any difference between empyloying a warrant canary and outright violating the terms of a gag order - it's the same level of risk.

At least that's the conclusion Moxie Marlinspike and his legal contacts have come to:

https://github.com/WhisperSystems/whispersystems.org/issues/34#issuecomment-49910725

 

Don't rely on warrant canaries. Think about what happened to Lavabit - standing up to the law will destroy you. Responsible service providers will take the hard road (and get crushed).

Irresponsible service providers (read: almost all profit-oriented companies) will take the easy road (and cave) - warrant canary or not.

Hi there,​

​A fair point and well put.

I will say that end users (us) choose a service provider based on what we can gather on their ethics and stance, thats why where here and not at say Hide My Ass for instance. Some trust has to be put in the provider. This been the case, a reputable and time tested provider providing some form of defence has to be worth some thing right ?

​Apologies in advance for wild speculation...

​If Ladar Levison had used a warrant canary Lavabit may have carried on its operations and things may have ended differently, who knows, In hindsight I think Ladar may have thought hard about using a warrant canary.

 

I just feel if we don't try and defend our rights we are all just caving with out a fight.

Share this post


Link to post

EFF's position is all well and good, I certainly support it, but warrant canaries' legal efficacy has yet to been proven in court.

 

The existence of a warrant canary doesn't tell customers anything about a company's willingness to stand up for it in court.

Most lawyers will tell you that there's hardly any difference between empyloying a warrant canary and outright violating the terms of a gag order - it's the same level of risk.

Good point. Also keep in mind that Air is not based in the US. Most talk about warrant canaries assume the US legal system - gag orders versus "no forced speech" are the relevant points.

 

It's not clear to me that warrant canaries are even relevant in Italy and in the EU. Are gag orders a problem? If they are, is there equivalent legislation that prevent the relevant agencies from simply ordering Air to lie?

 

Would be interesting to hear from someone who has looked into EU legislation more.

Share this post


Link to post

For what it's worth, the new encrypted email service, ProtonMail, has a blog post about why they based themselves in Switzerland, in which they discuss things like national security letters in the US and EU:

 

https://blog.protonmail.ch/switzerland/

 

According to them, in the EU they do have types of gag orders, with respect to surveillance, that would prevent a service provider from revealing to a client that he or she is under surveillance. They say these EU gag orders are similar in this way to US national security letters

Share this post


Link to post

For what it's worth, the new encrypted email service, ProtonMail, has a blog post about why they based themselves in Switzerland, in which they discuss things like national security letters in the US and EU:

 

https://blog.protonmail.ch/switzerland/

 

According to them, in the EU they do have types of gag orders, with respect to surveillance, that would prevent a service provider from revealing to a client that he or she is under surveillance. They say these EU gag orders are similar in this way to US national security letters

 

Hi there and thanks for the link.

​I'm still of the opinion that a warrant canary or similar is just another aspect in a layered approach which can only be a good thing.

Share this post


Link to post

My take on NSL's is simple...

 

You shouldn't be using a commercial VPN if you fear what your doing would even require the authority's to issue an NSL... NSL's are used to track terrorists and people who leak secret and TS material that could harm national security.

 

One of the reasons why i'm using a VPN is to bypass my ISP's Deep Packet Inspection appliances thus increasing my privacy and speed from throttling.

 

And hopefully the fact that the VPN i'm supporting by subscribing too will fight the good fight against DMCA requests if I were to download a movie or tv show and get caught by third party snoops for the MPAA.

 

My two cents.

Share this post


Link to post

 

 

Personally I prefer Air not to waste time on that junk, and send those "canary" and "reports" directly to /dev/null where they belong.

 

How can you take that information seriously, when on another section, they have their "Transparency Reports",

or should I call it "Incompetent censorship by a so-called VPN provider", where after they got some DMCA on NL based server, they blocked port 9090.

 

 

 

I wonder what will happen if we will send them DMCA claims on 65533 more ports. 

 

Anyway, U.S. based provider. That says all.

 

 

Personally I prefer Air not to waste time on that junk, and send those "canary" and "reports" directly to /dev/null where they belong.

The status page has pretty accurate mrtg logs, so in case a server is down, which happens sometimes, you will see it on the status page instead, right?

 

I work for a data center in the USA that hosts VPN servers for several companies and I can tell you with 100% certainty it has nothing to do with where the company is located. If I tell you that your server generated a DMCA request and that you have 24 hours to reply or your IP will be null routed that is that. You reply or its null routed and all traffic to that IP stops. You don't get a pass because your company is registered in timbucktoo. It doesn't work that way.

 

I can't really comment on the NL thing more then to say I know of at least one NL provider that requires a response within 48 hours. What I can say is that we have most certainly gone to customers websites that were generating a lot of abuse reports in the past to find out more about what is going on. You clearly are doing the same thing here so it is not out of the realm of possibility that they are just posting this stuff to coincide with the excuse they are giving the data center in case they are checking. I have considered LiquidVPN in the past because they have a 5 day pass and I only need service from time to time. I did a lot of research and never found anything about users getting booted because they are responsible for DMCA requests

Share this post


Link to post

I think AirVPN's position on warrant canaries is pretty clear. Here is a quote from their response to a well known questionnaire:

 

While a warrant canary’s effectiveness is questionable, we recommend to use technical means to solve the problem at its roots. When a customer can’t afford to trust us for the sensitivity of his/her activities, he/she can simply use Tor over OpenVPN, or OpenVPN over Tor, to get an immediate protection which a warrant canary, not even if updated every day, will never be able to provide.

Share this post


Link to post

My take on NSL's is simple...

 

You shouldn't be using a commercial VPN if you fear what your doing would even require the authority's to issue an NSL... NSL's are used to track terrorists and people who leak secret and TS material that could harm national security.

 

One of the reasons why i'm using a VPN is to bypass my ISP's Deep Packet Inspection appliances thus increasing my privacy and speed from throttling.

 

And hopefully the fact that the VPN i'm supporting by subscribing too will fight the good fight against DMCA requests if I were to download a movie or tv show and get caught by third party snoops for the MPAA.

 

My two cents.

 

While I am in agreement with others warrant canaries are not really a good idea since they've never been shown to hold up in court, this post misses the point of why people worry about NSLs. You are assuming an NSL is targeted at a single individual when in fact an NSL grants the right for the FBI to monitor an entire service.

 

This was the case with Lavabit. The FBI wanted access not to one person's account, but to all emails going through their system.

 

It is not illogical to assume the same would happen to a VPN service. If an NSL is sent, the provider can be forced to monitor all traffic within their network.

 

Hosting companies can also be hit with the same thing, so even if the VPN is not sent an NSL directly, the traffic going through their servers could still be monitored in most countries.

 

And as has been noted, the EU countries have their own variants of NSLs which grant them the same power.

 

If you only use a VPN to bypass traffic throttling or keep yourself anonymous when torrenting then you don't need to worry, but if you use a VPN with the expectation it will keep all your traffic private then this is something you should keep in mind.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...