Oddbean new post about | logout
hamsi | 10 months ago (raw) | root | parent | reply | flag +1 
 "If you check the servers, they use many of the same 3rd party providers. Mullvad, IVPN, and TorGuard all use M247 for New York and Los Angeles. So if you connected to LA Mullvad, then switch to LA IVPN, thinking you’re getting a “new identity” you’re not. It’s NSA passive surveillance on the size of data packets going in and out of places like M247 that reveal you, and NOT Mullvad backstabbing you."

Wouldn't this actually be positive in terms of privacy by hiding in a larger dataset? While just mullvad traffic can be small for a specific server, if its mixed with IVPN etc. users, that's a larger dataset on the network layer. I would still rather they own their own servers but short of that, it's probably better they use the same provider.
hamsi | 10 months ago (raw) | root | parent | reply | flag 
 Also it's easy to talk shit for using Gmail but they probably don't have much of a choice when half their customers will also use Gmail anyways and their self hosted emails will fall in their spam. Otherwise it's trivial to use a different provider and not much harder to self host.
SimplifiedPrivacy.com Podcast | 10 months ago (raw) | root | parent | reply | flag 
 I disagree with this view.  It’s actually very easy to self-host.  Email us at support [at] our domain .com

With a server like Mullvad’s, they can basically host for free in a docker container.  And the spam issue is easy to solve with proper DNS entries which can be learned in a day, then tested using spam testing websites.
sommerfeld | 10 months ago (raw) | root | parent | reply | flag +2 
 If you think dealing with spam flaging issues with self-hosted email is "easy to solve with propper DNS config", then you've either never actually tried or sent that much email from it.
SimplifiedPrivacy.com Podcast | 10 months ago (raw) | root | parent | reply | flag 
 We do regular email VPS setups for customers.  Mail in a Box, iRedMail, aaPanel.  My friend, if you need help solving any spam issues, I can advise you or other members of the team.  Discount or free because I like you.  Reach out
SimplifiedPrivacy.com Podcast | 10 months ago (raw) | root | parent | reply | flag +1 
 My point was that many of these VPNs are a commodity, routing to the same data center, with the same protocols.  It’s mostly just branding that differentiates them, and…. Customer service.  Which if it’s via Gmail, isn’t worth much.

Regarding your point.  Yes in theory having more people go to the same data center increases anonymity.  But at the expense of heavier scrutiny that’s easier to implement, and having the users banned because it’s a known VPN center.  For example if you go to make a bitcointalk forum account from any VPN with M247, you’re in for some “evil tax” payments.  And they are nice and let you pay, most don’t.
hamsi | 10 months ago (raw) | root | parent | reply | flag +2 
 I'd say it's more than branding with mullvad. Their actual onboarding is made completely frictionless and unidentifiable. They could run all of the same branding and still have a email login and no one would disqualify them for it, yet they go out of their way to not collect emails and also have crypto payments as an option to bypass the payment rails.

The way I see it, fundamentally the differentiator between vpns is mainly trust that they won't compromise your data, and I haven't seen any that I believe more than mullvad though I am open to suggestions. It also helps that it just works flawlessly as well. I can set it to cycle between various US locations and it's genuinely a better experience than not having a VPN on even while switching servers all the time.