this post was submitted on 20 May 2026
1080 points (99.1% liked)

Technology

84830 readers
4113 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
1080
'There is no universe in which Proton VPN compromises its no-logs policy' — Proton joins the backlash against Canada's surveillance bill (www.techradar.com)
submitted 1 day ago by LuminousLuddite@lemmy.world to c/technology@lemmy.world
185 comments fedilink hide all child comments
 

• Proton VPN has hit back at Canada's proposed Bill C-22

• The proposed legislation could require VPNs to log user metadata

• NordVPN and Windscribe have also slammed the bill

you are viewing a single comment's thread
view the rest of the comments
[–] mlg@lemmy.world 58 points 18 hours ago (2 children)

Also Proton: "metadata logging does not count as logging, and handing our logs, I mean non existent logs that only contains totally useless metadata, over to the Swiss government is fine because its the Swiss law"

[–] parricc@lemmy.world 14 points 9 hours ago (2 children)

I worked for a VPN company a decade ago that advertised no logging. It was all BS. They absolutely logged. Maybe they only kept the logs for something like 48 hours, but I'm pretty sure all VPNs have some kind of logging going on. Anyway, a VPN by itself does not give you any privacy. Websites have a billion ways to fingerprint you, and they don't even need cookies to do it.

[–] Alberat@lemmy.world 14 points 8 hours ago (1 children)

privacy implies vpn (or some mix-net), but not the opposite... so if you want privacy, you need a vpn, but a vpn by itself doesn't give you privacy

[–] parricc@lemmy.world 6 points 7 hours ago (1 children)

It's a small step out of many. And there's enough steps now that an average person is pretty much never going to have it, unfortunately. But there is more and less exposed. There's untraceable, and there's traceable with more effort than anyone will likely bother. Considering countries like russia have tried and failed to block VPNs, they're certainly worth something.

[–] Bassman1805@lemmy.world 7 points 7 hours ago

I'd argue that VPNs remain one of the highest return-on-investment (time and money) steps towards online security, as many gaps as they do have in the big picture.

It's not going to make you untraceable. But it'll make you difficult enough to trace that nobody's gonna put forth the effort to target you specifically unless you've attracted like, nation-state attention. (Targeting you as a member of some demographic a la advertisers, yeah not much effect).

[–] NoosFraba@lemmy.world 2 points 7 hours ago (1 children)

Pretty sure even a VPN does nothing if you're on a cellphone as well isn't it?

Like all cellphones carry a unique identifier, that's how, say, reddit can keep you banned even if you start a new account under new email and a vpn.

[–] parricc@lemmy.world 4 points 7 hours ago (1 children)

I don't think Reddit would have that. They likely just use your browser fingerprint. Check this out: https://amiunique.org/fingerprint

[–] NikkiDimes@lemmy.world 3 points 6 hours ago* (last edited 6 hours ago)

Between just my uncommon device, my languages spoken, and rough location (timezone), I'm actually crazy identifiable, yikes.

[–] Vinstaal0@feddit.nl 18 points 12 hours ago (1 children)

I kinda want to see what they handed over. They cannot get around the fact that they need to be able to handover data when legally asked with a warrant.

But I do kinda want to see if it is actually useless metadata or it is just our entire history.

[–] parricc@lemmy.world 10 points 9 hours ago (2 children)

Most likely, the logs consist of what IPs are leased to what users, when the connections start and end, and what IPs those users are connecting from. A VPN company may keep the logs for something like 2 days.

Let's say you torrent something while connected to a VPN and one of the peers in the torrent pool is actually a DMCA agent associated with IP-Echelon. The DMCA agent will record the IP address you have at the time and generate a DMCA notice. It will then look up who owns the IP address to determine where to send the DMCA notice. When the VPN company receives the DMCA notice, it will use the logs to determine who was leasing the IP address at the time in question. If the logs no longer exist, the notice effectively gets tossed because the VPN company has no way of knowing what account was downloading the torrent. But if the notice was sent quickly enough for the logs to still exist, the VPN company will forward the DMCA notice to the user that was using the IP at the time. In that case, it will work the same way as a normal ISP. You'll probably get a warning with something like a 3 strike policy. In such a case, the VPN will cut your VPN service on the third strike.

Presumably, it could work the same way for anything. I used to work for a VPN company a decade ago, and this was pretty much the industry standard. It, like all VPN companies, advertised itself as having no logging.

[–] Vinstaal0@feddit.nl 3 points 9 hours ago (2 children)

The best way to prove you don't hold any logs is by doing on audit on it.

In the story you explained it would be better to not use a VPN since Dutch providers don't share your name when somebody comes to them with a list of IP's.

Thank you for the response though!

[–] Axolotl_cpp@feddit.it 2 points 2 hours ago* (last edited 2 hours ago) (1 children)

Mullvad got the best advertising ever in this regard: they literally got the police at the door and the police didn't found a shit, hillarious

[–] teslekova@sh.itjust.works 1 points 4 minutes ago

I lost my info on whether I'd signed up for mullvad already, so I sent them an email asking if I had an account with them.

They told me to get fucked.

I then bought an account, not caring then whether it was redundant.

[–] parricc@lemmy.world 3 points 8 hours ago* (last edited 8 hours ago)

To be clear, a VPN provider effectively works the same way as an ISP. If you use a Dutch VPN, it will follow the exact same rules as a Dutch ISP. Given, you should verify that it actually is based out of that location and not just incorporated there with no office and a PO box. In a DMCA situation, the DMCA agents generally are never told the identities of anyone by an ISP or VPN provider. But the ISP or VPN provider forwards the notice to the user with the associated account as they're legally required to do. If the worst case scenario happens and you get your VPN service cut, you've still got your ISP and can just move to a different VPN provider. Having your ISP service cut, on the other hand, may leave you with no service options at all. You don't get privacy with a VPN, but you do get a stopgap like that.

Edit: Also signing up for VPNs that don't record your personal information is probably a good practice as well.

[–] ipkpjersi@lemmy.ml 1 points 7 hours ago

In that case, it will work the same way as a normal ISP. You’ll probably get a warning with something like a 3 strike policy. In such a case, the VPN will cut your VPN service on the third strike.

It also depends on where you live. In my country, copyright infringement is just a small fine, and you can get dozens of those copyright letters from your ISP and be fine.