this post was submitted on 20 May 2026
1162 points (98.9% liked)
Technology
84830 readers
3910 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Also Proton: "metadata logging does not count as logging, and handing our logs, I mean non existent logs that only contains totally useless metadata, over to the Swiss government is fine because its the Swiss law"
I worked for a VPN company a decade ago that advertised no logging. It was all BS. They absolutely logged. Maybe they only kept the logs for something like 48 hours, but I'm pretty sure all VPNs have some kind of logging going on. Anyway, a VPN by itself does not give you any privacy. Websites have a billion ways to fingerprint you, and they don't even need cookies to do it.
VPNs are to protect you against your ISP, that is about it. I guess sailing the high seas also since fingerprinting doesn't apply as much. Also getting around authoritarian government blocks.
It is a small piece of the puzzle.
privacy implies vpn (or some mix-net), but not the opposite... so if you want privacy, you need a vpn, but a vpn by itself doesn't give you privacy
It's a small step out of many. And there's enough steps now that an average person is pretty much never going to have it, unfortunately. But there is more and less exposed. There's untraceable, and there's traceable with more effort than anyone will likely bother. Considering countries like russia have tried and failed to block VPNs, they're certainly worth something.
I'd argue that VPNs remain one of the highest return-on-investment (time and money) steps towards online security, as many gaps as they do have in the big picture.
It's not going to make you untraceable. But it'll make you difficult enough to trace that nobody's gonna put forth the effort to target you specifically unless you've attracted like, nation-state attention. (Targeting you as a member of some demographic a la advertisers, yeah not much effect).
Pretty sure even a VPN does nothing if you're on a cellphone as well isn't it?
Like all cellphones carry a unique identifier, that's how, say, reddit can keep you banned even if you start a new account under new email and a vpn.
I don't think Reddit would have that. They likely just use your browser fingerprint. Check this out: https://amiunique.org/fingerprint
Between just my uncommon device, my languages spoken, and rough location (timezone), I'm actually crazy identifiable, yikes.
I kinda want to see what they handed over. They cannot get around the fact that they need to be able to handover data when legally asked with a warrant.
But I do kinda want to see if it is actually useless metadata or it is just our entire history.
Most likely, the logs consist of what IPs are leased to what users, when the connections start and end, and what IPs those users are connecting from. A VPN company may keep the logs for something like 2 days.
Let's say you torrent something while connected to a VPN and one of the peers in the torrent pool is actually a DMCA agent associated with IP-Echelon. The DMCA agent will record the IP address you have at the time and generate a DMCA notice. It will then look up who owns the IP address to determine where to send the DMCA notice. When the VPN company receives the DMCA notice, it will use the logs to determine who was leasing the IP address at the time in question. If the logs no longer exist, the notice effectively gets tossed because the VPN company has no way of knowing what account was downloading the torrent. But if the notice was sent quickly enough for the logs to still exist, the VPN company will forward the DMCA notice to the user that was using the IP at the time. In that case, it will work the same way as a normal ISP. You'll probably get a warning with something like a 3 strike policy. In such a case, the VPN will cut your VPN service on the third strike.
Presumably, it could work the same way for anything. I used to work for a VPN company a decade ago, and this was pretty much the industry standard. It, like all VPN companies, advertised itself as having no logging.
The best way to prove you don't hold any logs is by doing on audit on it.
In the story you explained it would be better to not use a VPN since Dutch providers don't share your name when somebody comes to them with a list of IP's.
Thank you for the response though!
Mullvad got the best advertising ever in this regard: they literally got the police at the door and the police didn't found a shit, hillarious
The normal police is always bad at finding digital info. You want them to be audited and/or raided by the finance police (not sure how that is calld where they are located)
They got the search warrant by the NOA (National Operations Department) of the swedisg police, i don't know much about them but they seem to also fight organized crime so i really doubt that they don't know how to search digital info
https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised
I lost my info on whether I'd signed up for mullvad already, so I sent them an email asking if I had an account with them.
They told me to get fucked.
I then bought an account, not caring then whether it was redundant.
To be clear, a VPN provider effectively works the same way as an ISP. If you use a Dutch VPN, it will follow the exact same rules as a Dutch ISP. Given, you should verify that it actually is based out of that location and not just incorporated there with no office and a PO box. In a DMCA situation, the DMCA agents generally are never told the identities of anyone by an ISP or VPN provider. But the ISP or VPN provider forwards the notice to the user with the associated account as they're legally required to do. If the worst case scenario happens and you get your VPN service cut, you've still got your ISP and can just move to a different VPN provider. Having your ISP service cut, on the other hand, may leave you with no service options at all. You don't get privacy with a VPN, but you do get a stopgap like that.
Edit: Also signing up for VPNs that don't record your personal information is probably a good practice as well.