Proton VPN/mail. It’s often recommended as being safe, but I’m not so sure.
It has servers in Israel. Ties to Israel are never a good thing. Palantir, Epstein, etc are tied to Israel, and Israel also is known for its surveillance. It is also true that it’s completely legal there for them to access and monitor any and all information that passes through VPNs or networks there.
I’m looking for a safe alternative that’s privacy-conscious and isn’t linked to Israel. Both mail and vpn (it’s fine if they’re separate). Please let me know if you guys know.
Your ties to Israel claim is more than just a little specious.
Mullvad, widely considered the gold standard for privacy, allows the user to select a server in Israel.
Aside from that nugget, consider not worrying too much about perfect email secrecy. Email isnt private, was never intended to be and has many, many vectors of attack which are so well documented and in such common use that ISPs have attacked email simply to promote end users running their service instead of the competition.
Mullvad doing something — even if it’s reknown — doesn’t automatically make it’s actions good.
Israel conducts surveillance of any VPN communications of any that exist in the region. This is fully legal there. This is a threat to privacy. You’d need to let me know how that isn’t the case, not that X or Y company also hosts a server in the region.
Re: mail, not looking for perfect, just better than Gmail, ideally FOSS.
I apologize for not being clearer. Even in my relative youth and ignorance I make broad assumptions about others understanding of the recent histoy of VPNs and omit stuff I think is simply known because naturally everyone who would post on the privacy board has been keeping up with privacy and security news for the last decade.
I made another reply that explains in detail why and how mullvad can be trusted in this situation. Hopefully it’s a little less scattered, but I can clarify anything that seems wrong or weird.
The point I was trying to make about mail was that you’re better off treating it as a postcard that anyone can read than seeking a privacy respecting service. That simple change will improve your posture because you will no longer be communicating private matters in a medium that isn’t private.
One VPN being openly corrupted doesn’t make another openly corrupted VPN safe.
How does having an exit node in Israel equal a VPN being corrupted?
I can only read this as the first vpn you refer to being mullvad and the second being proton.
It’s hard to understand how you can come to the conclusion that a vpn offering exit nodes (wrong terminology but bear with me) in a bad country makes the vpn service bad.
One of the types of traffic shaping and monitoring that vpns are used to avoid is geofencing, where your ip address is a determinant of how your traffic is treated.
Users who are outside the bad country but want to be treated by its internet as if they are inside would use a vpn server inside the bad country.
Users who are inside the bad country and want to make a connection to the internet outside the bad country without being observed would use a vpn server inside the bad country.
Users whose internet backbone goes through the bad country would be well served by the vpn servers in the bad country.
There are many other situations where a vpn with servers inside a bad country might be useful, but those are just a few.
To put an extremely fine point on what I’m saying: mullvad users in gaza are well served by the single Tel Aviv mullvad server for self evident reasons. They must lean harder than others on mullvads unloggable design, the same one that caused Interpol to have their servers blacklisted until they disallowed port forwarding, but based on the history of that design and law enforcements inability to make hay out of it I think those users are safe.
It’s not operating in a bad country that makes the vpn bad, but the fact that the country is known for its surveillance of VPNs there that makes it bad.
I’m afraid I may have not been clear enough.
There are solid reasons for operating vpn servers in Israel other than simply paying for the privilege of being allowed to let unit 8200 in to your system.
Those reasons, the privacy and restriction bypassing power the VPNs customers pay for, must be measured against the danger of releasing their customers data to the country in which the server is hosted.
At the same time, it requires a higher degree of trust than even what you would normally expect from a vpn provider.
In a situation like this where there are (someone like me might say noble) reasons for dipping one’s corporate sack into that bubbling crucible, we have to trust that the corporate sack has an industrial grade asbestos athletic protector covering it.
As I said above, there is good reason to believe that is the case. Mullvads proclaimed no logging system was so resilient that Interpol (who I need to be clear are not the clouseau esque bumblers of media, but a powerful and far reaching law enforcement agency) had to settle for calling in the major cdns to blacklist mullvads servers instead of succeeding at any of their lawful searches and attempts to log traffic across a broad and compliant jurisdiction.
The result of their pressure on the cdns was that the cdns did blacklist mullvad and mullvad, rather than comply with the search, simply discontinued the port forwarding feature that law enforcement claimed was key to the investigation.
The investigation was concerning cp trading over windows cifs (the right click share) with forwarded ports. Having seen several write ups on how it was being used, and having used forwarded ports with cifs to make a fake vpn between two office buildings, mullvad was the only real security layer in that operation.
Mullvad chose to discontinue what I truly believe was their most loved feature over letting the cops in on principle. They were put in the position of being able to make that choice because their system stood up to lawful attempts to confiscate and bug it.
It is clear to me that mullvad seems to be trustworthy and has a resilient system. If anyone can safely host a vpn server in Israel it’s them.
Because we can establish reasonable trust in one organization to do something, it’s reasonable to recognize that another might also be able to do something. There are a host of comparisons to be made between the two organizations, but the point of by replies was to establish that the simple fact of a vpn server in Israel doesn’t imply endorsement of, compliance with or a danger to the users of that service or server.