Since IVPN and Mullvad are both phasing out port forwarding, are there any alternatives? I am not looking for something like NordVPN which is a privacy nightmare. AirVPN is also not private enough considering I’ve seen reports online of ISPs sending out DMCA letters of gold to its users.
Can’t they just log your account? You have to have an account with Proton to use their VPN. They can absolutely log your activity such as logging in, when you connected/disconnected, to which servers, and, more importantly, where from exactly (your original IP address)
Proton doesn’t keep logs by default unless legally forced to.
Law enforcement would have to know the email account to make them log it. If they know the email account you’re using with ProtonVPN then thats user error and bad OpSec.
In the example you linked, if law enforcement didn’t know the guys email address then they couldn’t have forced Proton to log his IP.
Bad opsec? It’s a bad VPN if it needs an email at all. Look at what IVPN does, they don’t even have a requirement for emails to register. I’m pretty sure Mullvad just recently was raided by authorities seize whatever they want they said, won’t find any user data they said. And they didn’t. Also proton redirects or used to redirect from onion to clearnet when you signed in. It simply isn’t up to par with IVPN and Mullvad. What’s the point of a VPN where a government can just request them to leak your data? No matter how, AT ALL! What constitutes a big enough crime for them? What if next day it’s downloading Frozen II.mkv?
Proton requires an email because they offer a free tier, without some way of regulating users their servers would be overrun with bots and spam…
The difference between what recently happened with Mullvad and what happened in the article you linked about Proton is that with Mullvad they were looking for general user data for VPN usage, not a specific persons email account like with Proton.
If a copyright holder or law enforcement is in a torrent swarm and logs all of the IP addresses of the seeders of Frozen II and then goes looking for the users of those IPs then ProtonVPN and Mullvad VPN would have the same response - No logs, no idea
Sure, not having to register with an email with Mullvad and IVPN is great but they’re not offering port forwarding any more so we recommended ProtonVPN and you said you didn’t trust them because they followed the law, if Mullvad or IVPN offered email services then they would have to do the same thing Proton did.
If you make a ProtonVPN account with the sole purpose of torrenting then all you have to do is not publicise your Proton email along with the fact that you’re torrenting and then nobody can really do anything about that because law enforcement can’t go to Proton like they did with that guy because they don’t know the account linked to you.
I didn’t hear about the onion issues, but again unless Proton was specifically told to log specific users IPs then even if they were redirected, their IPs wouldn’t have been logged in those instances.
Its still user error, he must have publicised his Proton account, law enforcement found out about it and his IP was logged under Swiss law, thats user error. Its crappy that thats law but if you’re going to do things like that then you should know how to protect yourself properly
Even worse:
So they were probably not using a VPN to connect to Proton Mail, which was the specific target, since e-mail and VPN providers were treated differently under Swiss law until Proton and Threema fought the government on this issue. Tutanota had a similar issue. If you’re gonna rely on these services to break their jurisdiction’s laws, you should be covering your own ass with bulletproof opsec, because businesses with millions of accounts are not gonna shut down and burn evidence in order to protect one user. In the Proton case, the activist apparently connected to a known Proton Mail account with no VPN or Tor; in the Tutanota case, only e-mails that were not end-to-end encrypted would pose at risk