VP.net Promises "Cryptographically Verifiable Privacy" (torrentfreak.com)
- Reference: 0178237040
- News link: https://news.slashdot.org/story/25/06/30/1852224/vpnet-promises-cryptographically-verifiable-privacy
- Source link: https://torrentfreak.com/new-vpn-service-cant-log-users-by-design/
> The company promises 'cryptographically verifiable privacy' by using special hardware 'safes' (Intel SGX), so even the provider can't track what its users are up to.
>
> The design goal is that no one, not even the VPN company, can link "User X" to "Website Y."
>
> Lee frames it as enabling agency over one's privacy:
>
> "Our zero trust solution does not require you to trust us - and that's how it should be. Your privacy should be up to your choice - not up to some random VPN provider in some random foreign country."
The team behind VP.net includes CEO Matt Kim as well as arguably the first Bitcoin veterans Roger Ver and Mark Karpeles.
Ask Slashdot: Now that there's a VPN where you don't have to "just trust the provider" - arguably the first real zero-trust VPN - are trust based VPNs obsolete?
[1] https://torrentfreak.com/
[2] https://vp.net/
Legal ID requirement with VPNS incomming (Score:2)
Given the state of the laws on Technology, we should see that come to pass where Anonymity is legally banned. While other smaller companies may be able to set up shop, or you can deploy your own VPN somehow without tracing it to yourself, any public for profits will have to comply with the law. So this is a neat tech implementation that may not end up mattering much in the near future.
Re: (Score:2)
Many (but not all, for sure) of these requirements are for age, not full ID, and age can be verified without eliminating anonymity under some of the legal schemes.
Re: (Score:2)
It looks like a trend. Even in Europe, which has a modicum of an attempt to address some of the worst aspects of digital media, the Law Enforcement people are always trying (happened in the last year) get a master key to your encrypted messages. This pattern repeats every so often, privacy wants encryption, Law wants a key to your private stuff. 1990's Clipper chip, remember?
So Europe's approach isn't terrible. If your company has 50M monthly users or 15+% of the market, iirc, then new reporting requirement
No liability, no privacy (Score:2)
Unless you give me a user contract that lets me sue you for failing to deliver the promised privacy, it's still useless.
This is just stupid (Score:3)
Regardless of whether your VPN provider offers true privacy, you can still be [1]tracked [browserleaks.com].
Here's what every website you visit sees about you with a common web browser::
User-agent
Time zone
GPU ID
Screen resolution
Locale
And a gazillion of other things that [2]uniquely [amiunique.org] identify you.
Of course you can disable JavaScript or use something like Tor Browser but by doing so, you'll again become unique. There's no real privacy on the Internet. This game has long been lost.
Even your browsing patterns, such as how many pages you open per hour, can be used to identify you among other users.
VPN nowadays is good for evading Internet restrictions imposed by your ISP, country, or businesses. That's about it. It's not about privacy.
[1] https://browserleaks.com/javascript
[2] https://amiunique.org/
Re: (Score:2)
So what you describing is called a browser fingerprint and there are plenty of ways to prevent it.
On the other hand like I mentioned on another comment that only applies if you are fairly technical and while that might protect you it's not going to protect the vast majority of people who simply do not have the skills.
And if it's one thing the last 6 months has taught me it's that the rest of the world will drag you down with it. Freedom isn't something that can be protected with individual action. I
Re: (Score:2)
Well put. Server side telemetry has become very powerful and nobody really knows that it's in use.
The more parameters you measure the less unique you can be. At this point, as you point out, pretty much no one can evade this.
One thing a VPN offers though, is protection from your own service providers. By only using encrypted DNS lookups, you are depriving your telecomm company of reading your deepest thoughts via your search terms and sites visited.
The name sounds familiar... (Score:3)
Isn't it the same company who was found to be manipulating your traffic and selling your browsing history to advertisers?
[1]https://www.reddit.com/r/VPN/c... [reddit.com]
[1] https://www.reddit.com/r/VPN/comments/dz834n/private_internet_access_has_come_to_its_end/
Cryptographically verifyable, but not practically (Score:1)
Unless you audit their data center and software you don't know if they have actually purchased and are using this hardware.
Nice ad. (Score:2)
At least they're somewhat transparent about the bias.
So uhhh (Score:2)
What about the neighbor on the party line standing directly next to that sgx enclave running on that cpu? Nome of this prevents eavesdropping outside of the server
Trust the code (Score:2)
One still has to trust the code to actually implement what is advertised. And to be bug-free, too.
Does web site Y know? (Score:3)
If web site Y knows that you are user X then no amount of encryption helped you. The network may not know but the site does.
Re: (Score:2)
Cookies provide no security, and the 'sandbox' is broken when single entity owns multiple websites and can infer identify
Re: (Score:1)
> Cookies provide no security
That not true!!! Me hug security cookie right now!!! Then I eat security cookie!!! SO MUCH SECURITY! OM NOM NOM NOM...
Re:Does web site Y know? (Score:4, Insightful)
I fail to see your point here. The question here isn't whether you are a smart user of VPNs and browsers in general, it's whether your VPN provider is likely to undo your efforts. The "promise" here is that they won't make your situation worse, not that they are magical.
Re: (Score:2)
I think that there is a point to be made that using a perfectly secure vpn provider is simply a fig leaf, that allows the user feel secure, while failing to address a multiplicity of vulnerabilities that exist in core technologies we use.
To disabuse Neal Stephenson, it is l [1]ike having a picket fence in your front yard with one picket (he was talking about PGP) ten miles high and expecting that to keep people off of your lawn [slashdot.org]
Where is my InDUHvidual defence-in-depth provider that can DELIVER a sane and practic
[1] https://slashdot.org/story/00/04/07/0218214/stephenson-gives-heretical-speech--privacy-summit
Re: (Score:2)
Presumably the idea is that website y knows that VPN provider x is using it.
From there it's an opsec problem. Most of the time though hackers don't get found out by incredibly complex shit they get found out because they accidentally post their email address onto a forum and it traces back to them.
Stuff like this is mildly useful for peace of mind if you're doing something dodgy online and possibly very useful to foreign intelligence agencies that have really good opsec.
But society-wide it's not
Re: (Score:3)
I am less concerned about the impending hell-scape, then I am the current situation where all of the tracking enabled apps data have fallen into the hands of "data brokers", who now can show amusing things like [1]individuals taking trips to Epstein Island [youtube.com], or the inevitable attempt to use travel patterns to [2]charge Abrego Garcia with human trafficking charges [reuters.com]
People need to WAKE THE FUCK UP, and realize what is being done to them, and even a 'perfectly secure vpn provider' could be forced by courts, or corporat
[1] https://www.youtube.com/watch?v=PjPHq-Ez0nc
[2] https://www.reuters.com/world/us/abrego-garcia-way-us-face-criminal-charges-abc-news-reports-2025-06-06/