1d ago

Mullvad or Proton VPN?

Well, just that. Wich is stronger against trackers, hackers and doxxing threats? Proton VPN (I'm using this one actually), or Mullvad VPN?

75 comments

Mullvad hasn’t yet shown themselves fed- friendly.
Proton has.
Mullvad is the answer.
- Source please, we in the /privacy community genuinely want to learn so when such things do happen, we all benefit from factual information. Please do not assume we all know what you are referring to. It is particularly in this kind of cases when, for example with Signal what was "shared" with authorities is basically irrelevant, cf https://signal.org/bigbrother/ so we must be precise.
  
  Proton has cooperated with subpoenas on multiple occasions leading to the user’s arrest.
  While they may challenge them, the point is that they have cooperated and thus are not reliable. There are no reported cases of Mullvad doing the same.
  There are ample links from multiple sources that describe this with a simple search.
  
  That's because no one running a service will go to jail for you. None.
  Not ProtonVPN, not Mullvad, not IVPN, not Lemmy Instances.
  Imagine you run one of these, and you received a lawful order in your jurisdiction.
  Turn over data or go to jail for a long time.
  Would you go to jail to protect user privacy?
  The only thing Proton does better is because they are under Swiss Jurisdiction, which has stricter control over when a court order can be issued. But if a court order goes to Proton, they can't ignore it.
  Also: Protonmail =/= ProtonVPN, they are under different laws. In Switzerland, Mail providers have to provide IP addresses upon a subpoena, VPN providers do not. If those users had used ProtonVPN to access their Protonmail, they'd be safe.
  
  Interesting, thanks.
  
  To be fair, if your safety depends on whether a particular company cooperates with authorities, you'd better rethink your OPSEC.
  
  Proton has cooperated with subpoenas on multiple occasions leading to the user’s arrest.
  My thinking is, if the CIA (or whatever country's equivalent) is on to you, it's pretty much jover.
  
  I think it still very much depends on how much they're onto you. The guy from the most famous Proton case seems like a low-level crook, so if he wasn't so easy to catch, chances are the agency would've just went after an easier prey. If you're a DNM admin, though... Indeed, play stupid games, win stupid prizes.
  
  Please do provide a link, especially if it's very easy to find. I'm not saying anything you say is wrong, only that if it's not an opinion, then a link from a trusted source helps other to understand the situation.
  
  It's a somewhat convoluted story. Here are some links
  https://proton.me/blog/climate-activist-arrest
  https://old.reddit.com/r/ProtonMail/comments/ydcek3/what_became_of_the_french_climate_activist/
  https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/
  The takeaway is when he logged into his Protonmail they logged his IP address which helped track this individual down. But note that Reddit thread I linked. I also cannot find that much information about "what happened next," or the details of who was arrested and why.
  There may be other examples, but this particular case kinda hit the rounds back when it happened.
  
  Excerpts from your third link https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/
  As usual, the devil is in the details—ProtonMail's original policy simply said that the service does not keep IP logs "by default." However, as a Swiss company, ProtonMail was obliged to comply with a Swiss court's demand that it begin logging IP address and browser fingerprint information for a particular ProtonMail account.
  According to multiple statements ProtonMail issued on Monday, it was unable to appeal the Swiss demand for IP logging on that account. The service could not appeal both because a Swiss law had actually been broken and because "legal tools for serious crimes" were used—tools that ProtonMail believes were not appropriate to the case at hand, but which it was legally require to comply with.
  ProtonMail also operates a VPN service called ProtonVPN, and it points out that Swiss law prohibits the country's courts from compelling a VPN service to log IP addresses. In theory, if Youth for Climate had used ProtonVPN to access ProtonMail, the Swiss court could not have compelled the service to expose its "real" IP address.
  Proton did not voluntarily log IPs, they were under a lawful court order and were out of appeal options.
  Like I said, no one running a service will go to jail for you. None.
  Not ProtonVPN, not Mullvad, not IVPN, not Lemmy Instances.
  If a legal court order is received, they will conply after they run out of appeals
  Imagine you run one of these services, and you received a lawful order in your jurisdiction.
  You can choose to turn over data or go to jail for a long time.
  Would you go to jail to protect user privacy?
  That's why its not only a company's privacy practices you need to worry about, but also the jurisdiction. Choose a service that's is in a privacy friendly jurisdiction.
  Also, this is about Protonmail, which is under different laws than ProtonVPN.
- When did Proton show themselves fed-friendly? Also what "fed" are we talking about? The Swiss Federation?
  
  I guess he's referring to this
  
  Proton's statement from the linked article
  "We are aware of the Spanish terrorism case involving alleged threats to the King of Spain, but as a general rule, we do not comment on specific cases. Proton has minimal user information, as illustrated by the fact that in this case, data obtained from Apple was used to identify the terrorism suspect. Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OPSEC, such as not adding your Apple account as an optional recovery method."

75 comments