My concern is really that we wont have any kind of freedom in the years to come. There's pretty much nothing you can do. Only thing we can kind of do is provide some privacy, sometimes...
Some VPNs conduct third-party audits to be able to say that they don't persist info about your traffic. That's usually more than what an ISP is willing/able to say.
I worked for quite a lot of companies that had a few planned and random audits by third parties, including government. We did things one way when they were there. We did it totally differently when they weren't. Made me doubt the value of anything other than live surveillance of the company or network, remote and with well-paid person stationed there.
Agree, a simple VPN is not enough. You need to know how to use the more advanced security tools like using bitmessage for e-mail/messaging, signal with end to end encryption, TOR etc. Everything needs to be encrypted directly on your computer before it is sent and using super strong passwords on everything. All big companies and tech companies provide zero protection for their customer's. It is your duty to do it if you want true security/privacy.
All of which is never going to happen for all but the most knowledgeable and dedicated. What is one blank spot on a map but an invitation for the cartographer to devote more resources toward discovery. If this matters to us, we need a more universal solution.
I had been wondering about that. Are there any mechanisms in say, Nord VPN, that stop them from tracking you or is it just shifting your trust from the ISP to a VPN provider?
There's a few mechanisms but they're essentially all market/regulatory forces which might not be adequate enough for some. At the end of the day you're still just shifting your traffic from the ISP to the VPN provider and you still need to trust your VPN company like you would (or wouldn't) your ISP.
As far as the forces go, the first and biggest force should probably be the legal one, companies generally can't lie or mislead while advertising or entering contracts. If a VPN company advertises that they don't keep logs and it's discovered that they keep logs it's a pretty good case for a claim against the company to get out of the contract at the very least. This all depends on specific countries, VPN companies involved, what claims those companies are making, etc. It should be noted that an employee doesn't need to leak anything for this to be the case, if the VPN company is involved in a public court case then it can be inferred whether they actually keep logs, this has been the case with at least one company.
The second force tends to work in favour of the VPN company and is the market forces involved, generally you might only have a handful of ISPs to choose from if you even have a choice as you could be stuck with a single cable company for instance. This isn't the case for VPN companies as you have literally thousands to choose from and they can be located anywhere in the world, and while this might not be a big deal if you're from a first world country with good network infrastructure and regulatory environment already it'll be a bigger deal for people living outside of these countries.
The third is somewhat related to the second, there's obviously a use case for privacy focused VPN companies whose value added product is simply to provide a good service and there's more than enough people that will want to make a business out of it. This is obviously the case for ISPs too where their value added product may be technically competent staff and ensuring that they'll uphold your privacy and won't engage in censorship, etc, but again access to these ISPs may be limited.
The other really good point I read about a while back is one of jurisdiction. Your isp is essentially guaranteed to be and operate in your country, giving your government jurisdiction over your ISP's information on you. A VPN may be in a different country, making things a hell of a lot more difficult for your government.
And still the ISP to some extent. Content fingerprinting just from the packet sizes / timing is unreasonably effective. It doesn't matter that the packets are encrypted.
You'd still be leaking through dns (and basically all non-http communication) and applications which don't adhere to proxy settings, which are a lot. Webrtc doesn't go through the proxy either iirc
Also, you're still trusting Amazon to play by the rules, which is unlikely if state actors are involved as the comment (which spawned this discussion) insinuated
Although I pay for ProtonMail, this year I started using gmail again for almost everything - I found email search and automatic calendar integration compelling, especially for travel arrangements and keeping organized while traveling.
I am starting to regret the switch back to gmail because I am slipping on privacy for the sake of convenience.
EDIT: as a self labeled liberal, I find Kevin Williams very conservative politics somewhat disagreeable, but I still find his new book “ The Smallest Minority: Independent Thinking in the Age of Mob Politics” well worth reading and has slightly changed my viewpoint on the importance of personal liberty.
You could use a VPN if you wish to avoid that.
Generally, I agree with you and wrote about my thoughts:
https://austingwalters.com/the-last-free-generation/
My concern is really that we wont have any kind of freedom in the years to come. There's pretty much nothing you can do. Only thing we can kind of do is provide some privacy, sometimes...