victorab 12 Posted ... Hi,When connecting to Achemar,Archid,Baiten,Hamal,Sirrah you can notice that the Datacenter is "Uk Web Solution Direct". This company is a UK based one and thus, is concerned about every UK laws, not only Swiss.UK laws are very very terrible for your privacy: https://protonmail.com/blog/investigatory-powers-bill-email-privacy/http://www.telegraph.co.uk/technology/2016/11/29/investigatory-powers-bill-does-mean-privacy/ - gag orders- backdoorsetc. When you connect to a swiss server, you may think at first that you are ok from foreign laws, but that is NOT true. You have to check the location of the datacenter company. UK web solution is used for some AirVPN servers (not only in switzerland) so you should consider to be aware of this and not only feel protected because of the server location. (ProtonVPN also use these servers and have admitted implied that you cannot really trust them https://twitter.com/ProtonVPN/status/847335330814373888) Quote Share this post Link to post
macinmac 4 Posted ... I think that AirVPN {UK routing} servers keep our privacy.. anyway? Maybe someone could elaborate more about this situation, it's not very clear what is going on here, or at least is not clear for me. Quote Share this post Link to post
go558a83nk 362 Posted ... Hi,When connecting to Achemar,Archid,Baiten,Hamal,Sirrah you can notice that the Datacenter is "Uk Web Solution Direct". This company is a UK based one and thus, is concerned about every UK laws, not only Swiss.UK laws are very very terrible for your privacy: https://protonmail.com/blog/investigatory-powers-bill-email-privacy/http://www.telegraph.co.uk/technology/2016/11/29/investigatory-powers-bill-does-mean-privacy/ - gag orders- backdoorsetc. When you connect to a swiss server, you may think at first that you are ok from foreign laws, but that is NOT true. You have to check the location of the datacenter company. UK web solution is used in a lot of AirVPN servers (not only in switzerland) so you should consider to be aware of this, and not feel protected because of the server location. (ProtonVPN also use these servers and admitted that you cannot really trust them https://twitter.com/ProtonVPN/status/847335330814373888) where did protonvpn admit that you cannot trust those servers? the only reply is something about secure core. Quote Share this post Link to post
larky 40 Posted ... WHAT! You can't see it right there in black & white, it clearly says "....we admit it so do not trust the Swiss servers...." .... oh wait.... LoL You don't see it because ProtonVPN never "admitted" any such thing. Nope, nothing wrong with your eyes. I think he is inferring that ProtonVPN said the servers can't be trusted due to the way they outline the possibility of a risk of compromise without their 'secure core', not that they actually can't be trusted or that a compromise is possible or one has happened. It sounds more marketing hype than anything even if there is a possible risk (there will always be a possible risk) to appeal to the overly paranoid people who let paranoia override common sense and solid factual research like, for example, there has never been such a compromise. All ya gotta do with these types of people is imply something like that and let them invent what they think they read between the lines then it becomes fact to them, its called 'confirmation bias' reasoning where a person reads into something more than is there to satisfy what they want it to be rather than what actually is. The VPN user communities of all VPN services are full of these types of people and they are the perfect market for something like this. Its sort of like the UFO conspiracy people, "oh look, a picture with a shiny blurry object on the ground, why that must be the warp drive of an alien spacecraft, yep that's what it is alright." and later it turns out to be an old can, then it becomes "government coverup" and a whole new generation of UFO conspiracy "investigation" by the believers begins. Quote Share this post Link to post
victorab 12 Posted ... Hello,I think he is inferring that ProtonVPN said the servers can't be trusted due to the way they outline the possibility of a risk of compromise without their 'secure core', not that they actually can't be trusted. It sounds more marketing hype than anything even if there is a possible risk (there will always be a possible risk) to appeal to the overly paranoid people who let paranoia override common sense and solid factual research like, for example, there has never been such a compromise. All ya gotta do with these types of people is imply something like that and let them invent what they think they read between the lines then it becomes fact to them, its called 'confirmation bias' reasoning where a person reads into something more than is there to satisfy what they want it to be rather than what actually is. The VPN user communities of all VPN services are full of these types of people and they are the perfect market for something like this. Its sort of like the UFO conspiracy people, "oh look, a picture with a shiny blurry object on the ground, why that must be the warp drive of an alien spacecraft, yep that's what it is alright." (later it turns out to be an old can, then it becomes "government coverup" and a whole new generation of UFO conspiracy "investigation" by the believers begins) Thank you for your compliment.However, I cannot define myself as a paranoid : I use Windows, only use AirVPN at the university, I don't have any gun at home or food supplies.You should know that AirVPN does not have any server in "untrustable countries" like Russia for eg, are they paranoid? They only use AES256 are they paranoid for this too? There has never been such a compromise for a single reason: the law passed for 2017. And you should, remember about Lavabit. UK have passed such laws it's a fact, they can and will apply it's a fact. ProtonVPN implied that it's not a 100%trustable server it's also a fact (they are a company, they will never say "no, don't trust our servers"), When someone ask if we can trust the server or not, it's a yes/no question and for a company like this a yes/we have.. question. And if you still don't think so, just read https://protonmail.com/blog/best-vpn-service/ (Protonmail = ProtonVPN just in case) about UKYou may use your VPN only to watch porn but I think some people here use it to do more critic things than you and me. If these people don't trust (and they are legitimate to) UK servers, they should not trust these Switzerland servers too this is the only reason of my thread.I know how laws works becausemy parents are jurists so I know the rules and what the police can/can't do because I was born with it. If you use a VPN you are as paranoid as me, and if you think that I'm and you'r not it is because you a just ignorant and it will be cheaper for you to use a simple proxy (you'll be half paranoid, still better). Quote Share this post Link to post
trott3r 6 Posted ... Interesting topic that i will follow for more opinions. 1 macinmac reacted to this Quote Hide trott3r's signature Hide all signatures "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety". Benjamin Franklin Share this post Link to post
larky 40 Posted ... Thank you for your compliment.However, I cannot define myself as a paranoid : I use Windows, only use AirVPN at the university, I don't have any gun at home or food supplies.You should know that AirVPN does not have any server in "untrustable countries" like Russia for eg, are they paranoid? They only use AES256 are they paranoid for this too? There has never been such a compromise for a single reason: the law passed for 2017. And you should, remember about Lavabit. UK have passed such laws it's a fact, they can and will apply it's a fact. ProtonVPN implied that it's not a 100%trustable server it's also a fact (they are a company, they will never say "no, don't trust our servers"), When someone ask if we can trust the server or not, it's a yes/no question and for a company like this a yes/we have.. question. And if you still don't think so, just read https://protonmail.com/blog/best-vpn-service/ (Protonmail = ProtonVPN just in case) about UKYou may use your VPN only to watch porn but I think some people here use it to do more critic things that you and me. If these people don't trust (and they are legitimate to) UK servers, they should not trust these Switzerland servers too this is the only reason of my thread.I know how laws works because my mother is a magistrate and my father the president of the CIJ-ICJ so I know the rules and what the police can/can't do because I was born with it. If you use a VPN you are as paranoid as me, and if you think that I'm and you'r not it is because you a just ignorant and it will be cheaper for you to use a simple proxy (you'll be half paranoid, still better). it wasn't a compliment nor was it an indictment of your post nor even really about you other than to say that it seems you inferred this 'admission' by ProtonVPN rather than it actually being fact. Where the server is located and the encryption used, nor lavabit, or any of the other things you relate to paranoia and try to tie into my post in some way, is not even related to what I posted. I was referring to the marketing hype and to whom it appeals, and the fact that despite your original post of ProtonVPN having supposedly "admitted" such a thing as to not trust swiss servers not being factual because they never admitted such a thing it seems you read into my post too much of what you wanted my post to say rather than what it actually says. But thanks for the insults based upon what you wanted it to be rather than what it actually was, which sort of places you in that 'confirmation bias' category now doesn't it. So run that by your mommy and daddy. Quote Share this post Link to post
victorab 12 Posted ... it wasn't a compliment nor was it an indictment of your post nor even really about you other than to say that it seems you inferred this 'admission' by ProtonVPN rather than it actually being fact. Where the server is located and the encryption used, nor lavabit, or any of the other things you relate to paranoia and try to tie into my post in some way, is not even related to what I posted. I was referring to the marketing hype and to whom it appeals, and the fact that despite your original post of ProtonVPN having supposedly "admitted" such a thing as to not trust swiss servers not being factual because they never admitted such a thing it seems you read into my post too much of what you wanted my post to say rather than what it actually says. But thanks for the insults based upon what you wanted it to be rather than what it actually was, which sort of places you in that 'confirmation bias' category now doesn't it. So run that by your mommy and daddy.You apparently lack faculty of making links between your own posts and answers. "It sounds more marketing hype than anything even if there is a possible risk (there will always be a possible risk) to appeal to the overly paranoid people who let paranoia override common sense and solid factual research like, for example, there has never been such a compromise." The VPN user communities of all VPN services are full of these types of people and they are the perfect market for something like this. Its sort of like the UFO conspiracy people, "oh look, a picture with a shiny blurry object on the ground, why that must be the warp drive of an alien spacecraft, yep that's what it is alright." (later it turns out to be an old can, then it becomes "government coverup" and a whole new generation of UFO conspiracy "investigation" by the believers begins)You are just saying here that taking in consideration that this law may be applied is being paranoid and lacking common sense, which is just the topic of my thread.Thus, my answer was absolutely appropriate, as the paranoid related sentences and every other ones.I just made you notice that with your kind of reflexion, the only fact of using an AES26 encrypted VPN (banning other encryptions) is as paranoid as considering the application of this law and that you may use a simple proxy if so. You will probably not trust your bus driver if he was threatened by guys wanting your head but that's fine because that is not what you are waiting him to do, you just want him to drive.People use VPNs in order to have privacy, this is WHAT Tthey are waiting for, they don't want them to fail. I highlight that if you are in this case, you should know that you are connecting to a switzerland server that is also concerned to UK ones and that if you want to hide yourself from this particular government you should connect to another AirVPN server (like Virginis). Quote Share this post Link to post
techocity 4 Posted ... I find what OP has highlighted quite concerning as a customer of AirVPN, I would like them to clarify their thoughts on this and the Investigatory Powers Bill that has come into force in the UK. Quote Share this post Link to post
Staff 9972 Posted ... UK have passed such laws it's a fact, they can and will apply it's a fact. The Investigatory Powers Bill scope is not applicable to our company, and it can be challenged after it has been found by the Europen Union Court of Justice incompatible with human rights and EU legal framework (EUCJ decision of December 21, 2016). After the defeat at the EUCJ, various parts of the Act pertaining to data retention are not operative and the technical implementation has been frozen. UK government announced "an appeal" against the decision. The Act provides three main lines of investigation: interception, interference and retention. The first two methods may cover datacenters in the UK, but they do not pose new challenges. The same can happen, and has happened, legally or illegally, virtually in any country in the world (see our article from 2011 about partition of trust). About retention, our policy does not change and any interferences with that will cause us to discontinue any server in the UK, just like we already did in France. When UK will finish the "Brexit" procedure, then the technical guidelines for the implementation of the Act might be unfrozen by just ignoring the EUCJ decision. However, the EUCJ decision involves infringement of human rights that are also protected by a paramount convention on human rights which the UK signed (the European Convention on Human Rights, or ECHR) which is binding to all members of the Council of Europe. The Council of Europe does not depend on the European Union (although the European Union is a very important partner of the Council of Europe). Therefore on exactly identical basis which led to the UK defeat, the law and the UK can be challenged again at the European Court of Human Rights (do not confuse this court with the European Union Court of Justice). Getting out of the EU does not affect anything about the ratification of the ECHR and the membership in the Council of Europe. Actually, the UK is a founding, original member of the Council of Europe since 1949 (and this makes even sadder how lightly a government of the Kingdom is willing to throw in the trashcan some post-WWII founding values of democracies). We'll see when and if the technical implementation of the law, in the parts pertaining to us, will be unfrozen. Before that, your argument is a theory for the future, not for now. However, we must also take into consideration illegal operations. From what happened in the past, we can not even rule out that such operations can have the support of some parts of government bodies. And history teaches that such operations could even be led by criminal organizations. For such occurrences, the only effective counter-measure is technical: partition of trust. Kind regards 4 victorab, Casper31, Reso and 1 other reacted to this Quote Share this post Link to post
victorab 12 Posted ... UK have passed such laws it's a fact, they can and will apply it's a fact. The Investigatory Powers Bill scope is not applicable to our company, and it can be challenged after it has been found by the Europen Union Court of Justice incompatible with human rights and EU legal framework (EUCJ decision of December 21, 2016). After the defeat at the EUCJ, various parts of the Act pertaining to data retention are not operative and the technical implementation has been frozen. UK government announced "an appeal" against the decision. The Act provides three main lines of investigation: interception, interference and retention. The first two methods may cover datacenters in the UK, but they do not pose new challenges. The same can happen, and has happened, legally or illegally, virtually in any country in the world (see our article from 2011 about partition of trust). About retention, our policy does not change and any interferences with that will cause us to discontinue any server in the UK, just like we already did in France. When UK will finish the "Brexit" procedure, then the technical guidelines for the implementation of the Act might be unfrozen by just ignoring the EUCJ decision. However, the EUCJ decision involves infringement of human rights that are also protected by a paramount convention on human rights which the UK signed (the European Convention on Human Rights, or ECHR) which is binding to all members of the Council of Europe. The Council of Europe does not depend on the European Union (although the European Union is a very important partner of the Council of Europe). Therefore on exactly identical basis which led to the UK defeat, the law and the UK can be challenged again at the European Court of Human Rights (do not confuse this court with the European Union Court of Justice). Getting out of the EU does not affect anything about the ratification of the ECHR and the membership in the Council of Europe. Actually, the UK is a founding, original member of the Council of Europe since 1949 (and this makes even sadder how lightly a government of the Kingdom is willing to throw in the trashcan some post-WWII founding values of democracies). We'll see when and if the technical implementation of the law, in the parts pertaining to us, will be unfrozen. Before that, your argument is a theory for the future, not for now. However, we must also take into consideration illegal operations. From what happened in the past, we can not even rule out that such operations can have the support of some parts of government bodies. And history teaches that such operations could even be led by criminal organizations. For such occurrences, the only effective counter-measure is technical: partition of trust. Kind regardsHello,Thank you very much for you reply.I was of course not talking about your company but about the datacenter you are renting the servers and I did not knew that this appeal wasn't blocking the Court decision as it normaly should in case of a normal judgment.We're are now waiting for the final end of this, but glad to know that you are aware of this and ready to take decisions in case of privacy threats on your clients. 1 Casper31 reacted to this Quote Share this post Link to post
Staff 9972 Posted ... I did not knew that this appeal wasn't blocking the Court decision as it normaly should in case of a normal judgment. Well, the EUCJ decision was the outcome of a clarification request already sent by a UK court of appeal. See also https://www.theguardian.com/world/2016/dec/21/eu-ruling-means-uk-snoopers-charter-may-be-open-to-challenge in particular last 5 paragraphs. Kind regards Quote Share this post Link to post