Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is a great question - all of our information is public whereas most other VPN companies go out of their way to hide where they are located and who they are.

Verification and transparency are more important than trust.



How can users verify that PIA doesn't log?


You can only infer that as the result of court case demanding logs. And even then, it would have to be born out of the discovery process that PIA was truthful, in my opinion. Yet that only gives you comfort that they hadn't maintained logs up to that point. You have no guarantees from that point forward, which is what we're all concerned about. We aren't concerned about PIA's past operations, but rather what this new partnership means for their future behavior.

I realize your question is most likely rhetorical, but I felt the need to articulate my concerns.


"You can only infer that as the result of court case demanding logs. "

You can't be sure. In the Lavabit case, Lavabit argued giving up the key protecting all their users... compromising them to the FBI... would cost them customers due to damaged reputation and privacy. The FBI argued they could do it without telling them. Then, Lavabit would still look private with no financial harm. The judge agreed.

That proposal and the judge agreeing changed how I looked at a lot of companies' claims about law enforcement. I already assumed this would happen with Patriot Act requests by FBI/NSA partnership given they'd be hit with secrecy orders. I didn't see a judge straight up telling a privacy company to defraud all of its customers. I figured the order would be more narrow than that. Now, I have a blanket recommendation to avoid U.S. for privacy tech over both secret government (Patriot Act stuff) and regular, court system.


While I agree with you, I think there's some nuance. In the Lavabit case, the FBI was investigating a national security threat whereas the PIA case involved the hacking of local social media sites. I can see a judge not wanting to rule against the FBI in a case of national security whereas I think a judge would be hesitant to do the same in the case of a misdemeanor offense. Then again, I'm continually surprised by the U.S. government in the "war against terror" era.


Snowden was not a national security threat, he was a government embarrassment threat. It’s not okay to conflate the two


I'm not conflating anything nor am I making a judgement on the FBI's motives. The FBI issued a national security letter that Lavabit fought in court, which I feel Lavabit should have won. The point you missed is the FBI and the judge put a bit more weight towards forcing Lavabit's hand than it did in PIA's case because of the scope and severity of the offenses, perceived or otherwise.


The FBI did not issue a national security letter in the Lavabit case. A national security letter cannot require the placement of a device to intercept communications or compel turning over encryption keys to accomplish the same. The FBI presented Lavabit with a subpoena issued by a judge.


Or they claim no logs in court cases while making them anyways. Thereby creating cover.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: