this post was submitted on 13 Sep 2024
543 points (95.5% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54500 readers
575 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Telorand@reddthat.com 7 points 1 month ago (3 children)

Are you suggesting that it's pointless to use a VPN?

[–] Appoxo@lemmy.dbzer0.com 3 points 1 month ago (2 children)

At least if the company is run from the US

[–] socsa@piefed.social 4 points 1 month ago* (last edited 1 month ago)

Everyone knows it's impossible for the NSA to buy rack space in Bulgaria, where they literally don't have to deal with any US legal process.

It's also impossible for the NSA to market such a service via pop-privacy blogs and social media profiles.

The funny part about this is that the Snowden leaks showed that the NSA actually put a lot of effort into doing shit like this specifically to avoid all the paperwork which came with accidentally collecting data from US citizens. Keeping the data and analysis off shore means no pesky FISA paperwork.

[–] Telorand@reddthat.com 2 points 1 month ago (1 children)
[–] winkerjadams@lemmy.dbzer0.com 7 points 1 month ago (1 children)

Because if the government wants that data then they are gonna get it. If it's in another country its a lot more work than just serving them a warrant like it is if they are USbased

[–] Telorand@reddthat.com 6 points 1 month ago

At least that's a more reasonable answer than trying to imply the NSA has backdoors everywhere.

My position is that it all depends on your threat model. The government isn't likely to go after someone who torrents files and is hidden by a VPN. The government might go after someone running a streaming site, on the other hand.

And even that might wind up with a dead end. AirVPN (for example) is Canada-based, has no logs, and accepts both crypto and anonymous cash payments.

[–] liveinthisworld@lemmy.dbzer0.com 1 points 1 month ago (1 children)

For anonymity, yes. Sure you might fool Google trying to match your IP to your traffic but that's about it

[–] Telorand@reddthat.com 1 points 1 month ago (1 children)

How so, specifically for logless VPNs?

[–] liveinthisworld@lemmy.dbzer0.com 3 points 1 month ago* (last edited 1 month ago) (1 children)

Technically speaking, VPN logs tend to include the IP address of clients connecting to them, after which the good VPN providers like Mullvad, IVPN and maybe PIA tend to purge them somewhere in their process. Now, if the VPN is running in a RAM-only node, then these logs probably don't touch storage, which means there's not much need to shred information from hard drives for the VPN provider.

With that said, an ISP can technically log your traffic and see that you're connecting to the IP range associated with a VPN. That and perhaps some more covert side-channel/correlation attacks can, in theory, compromise your identity.

Of course, this is going deep into OPSEC and forensics, and I don't think the NSA is that interested in the average Billy torrenting "The Office" to go through that many logs, even if the studios sue in court. Hence, technically your privacy is somewhat maintained with the good VPN providers, but you're definitely not anonymous

[–] Telorand@reddthat.com 3 points 1 month ago (1 children)

That's kind of my thought as well. It's certainly possible someone might go through the effort to find a single pirate downloading The Lion King, but that's a lot of effort (read: money) to find just one person.

There's certainly the possibility that an ISP could note that you connected to a VPN, but given that it's not a remarkable event, since people connect to VPNs for all kinds of legal reasons, they aren't likely to track your particular IP's connection to a VPN apart from a court ordering them to care. They get paid their monthly internet plan price whether someone pirates or checks their email.

If someone was running the Pirate Bay from their home servers, however, more parties would likely be interested in finding that person, and that person's threat model probably exceeds just using a logless VPN.

Maybe I should have said "it's not anonymous based on your threat model"