The phrase in the title is a common trope that comes up when VPN services are discussed. While this statement is technically correct, it can be misleading, as it implies that all providers handle law enforcement requests and prepare for worst case scenarios similarly, so their conduct cannot be a differentiating factor when you evaluate them.
A smart VPN will avoid going to jail for you by not storing any of the data law enforcement wants in the first place.
Yeah, Mullvad was searched and they shrugged and said “well, go ahead” and could then proudly publish that the Swedish authorities could take zero info from there: https://mullvad.net/en/blog/update-the-swedish-authorities-answered-our-protocol-request
Just recently signed up for Mullvad… No CC numbers or email addresses, you just get a string of numbers and that’s all you need to connect with it anywhere. And you can pay with Monero.
It’s like the paranoid person’s dream.
Heck, if you want, you can pay with hard cash by mailing it with your payment token to their office. It’s pretty great when it comes to choice of privacy.
Wondering how these magicians measure quality of service then, since they collect no juicy data. I find this hard to believe.
Quality of service is usually only useful with aggregate data which is worthless for prosecuting an individual.
That’s not true. We used to collect client and server data both to detect issues and even if it was only in a subset of customers there is just some customer facing QoS issues you wouldn’t find unless you were collecting data, that wouldn’t be found on server side for example. Like let’s say iPhones make an update and you’re doing video streaming, maybe certain video formats would lag when streaming to the player but not on an android or vice versa.
Aggregate data doesn’t mean no client side data. It’s possible they’re collecting aggregate level client data too. They could go further and collect data on individuals that is not identifiable or useful to law enforcement in any way. I can think of a few ways to get anonymous usage data that allows you to improve your service while protecting your users. I don’t know their scheme but they clearly don’t need overly invasive forms of analytics as they have a solid service.
If your data is being collected then are you really private or anonymous? I can think of a lot you can infer simply from metrics in a client, time window of connection and a few metrics. That’s just removed.
Yes? I work in the identified healthcare data space, but work close to people in the unidentified space and even something as personal as health data can be obfuscated in such a way it’s impossible to trace back to an individual. Not to mention whatever they’re logging is surely many orders of magnitude less identifiable. They also have an entire page dedicated to answering these types of questions and concerns.
I worked directly for one of the two biggest log and search systems for big data for years and I can tell you that there is always a way to correlate data lol. And the data you don’t have you can always buy to help put the missing pieces together.