Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,290 --> 00:00:07,410 Possibly one of the most important considerations for a VPN is the trust that you have in that provider 2 00:00:07,830 --> 00:00:09,700 and their security practices. 3 00:00:09,720 --> 00:00:11,430 I think a VPN is like dogs. 4 00:00:11,430 --> 00:00:15,910 I think it's a reasonable analogy when you want to get a dog you need to choose the right breed but 5 00:00:15,920 --> 00:00:20,960 even if you choose the right breed and the right temperament you can never fully trust a dog one day 6 00:00:20,970 --> 00:00:24,420 it may turn around in a bad mood and bite you. 7 00:00:24,420 --> 00:00:32,460 Consider this in order to connect to a VPN you have to connect and reveal your real IP address to that 8 00:00:32,460 --> 00:00:36,870 VPN server which is directly traceable back to you. 9 00:00:36,900 --> 00:00:40,210 The VPN provider can if it so chooses. 10 00:00:40,300 --> 00:00:46,080 Log all the sites that you visit and everything that you do if you use an extra layer of encryption 11 00:00:46,230 --> 00:00:47,780 or nested VPN. 12 00:00:48,000 --> 00:00:49,570 This can help mitigate this. 13 00:00:49,680 --> 00:00:57,840 But the VPN is not in the middle by definition so could perform in the middle attacks on you if wanted 14 00:00:58,290 --> 00:01:00,620 or was coerced to do so. 15 00:01:00,680 --> 00:01:08,340 A bad VPN service is no different to a bad internet service provider but with a VPN you can change provider 16 00:01:08,610 --> 00:01:14,220 and you can change the location and jurisdiction which you can't do with your Internet service provider 17 00:01:14,220 --> 00:01:14,530 . 18 00:01:14,580 --> 00:01:20,940 So you should at least try to go with a VPN provided that you trust at least more than your ISP. 19 00:01:20,970 --> 00:01:23,390 There's really no point going with one at all. 20 00:01:23,550 --> 00:01:30,330 And even if you trust all the claims of the VPN provider or most of them they can be served with court 21 00:01:30,330 --> 00:01:36,150 orders to disclose information under penalty of fines or even worse depending on the country that they're 22 00:01:36,150 --> 00:01:36,780 in. 23 00:01:36,780 --> 00:01:42,200 And one attempt to mitigate against this that they've started using is something called warrant Canary's 24 00:01:42,210 --> 00:01:42,520 . 25 00:01:42,720 --> 00:01:49,980 And if I read from Wikipedia a warrant Canary is a method by which a communications service provider 26 00:01:50,070 --> 00:01:56,790 aims to inform its users that the provider has not been served with a secret government subpoena. 27 00:01:56,790 --> 00:02:04,260 If I go Hey you can see this is an example of a warrant canary saying as of this day no warrants have 28 00:02:04,410 --> 00:02:12,000 ever been served to VPN or VPN employees and those searches or sieges of any kind been performed. 29 00:02:12,060 --> 00:02:19,650 And the idea is that if this is removed then they have had some sort of subpoena letting the users know 30 00:02:19,790 --> 00:02:22,550 that they should cease using the service. 31 00:02:22,560 --> 00:02:28,490 There are services like Warren canary which watch all of the warrant Canary's are out there. 32 00:02:28,650 --> 00:02:35,150 You can go down here you can see there's plenty of them many sites do have warrant Canary's not just 33 00:02:35,160 --> 00:02:36,250 VPN ends. 34 00:02:36,330 --> 00:02:41,630 I'm very skeptical about the real effectiveness of these weren't Canary's. 35 00:02:41,820 --> 00:02:49,560 And let me quote here Bruce Schneier who I thing summarize it quite well and he says I have never believed 36 00:02:49,560 --> 00:02:51,480 Warren Canary's would work. 37 00:02:51,540 --> 00:02:57,540 It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking 38 00:02:57,540 --> 00:02:57,850 . 39 00:02:57,900 --> 00:03:01,210 But courts generally aren't impressed by this sort of thing. 40 00:03:01,380 --> 00:03:08,250 And I can easily imagine a secret warrant includes a prohibition against triggering the warrant canary 41 00:03:08,560 --> 00:03:13,860 and for all I know there are right now secret legal proceedings on this very issue. 42 00:03:14,040 --> 00:03:15,270 And I agree exactly. 43 00:03:15,270 --> 00:03:22,070 I see no reason why these court orders couldn't stop them from taking down the warrant Canary's. 44 00:03:22,380 --> 00:03:26,460 OK so many VPN providers operate in the United States. 45 00:03:26,470 --> 00:03:33,540 Actually they do that because there is no mandatory data retention laws in the U.S. which means they 46 00:03:33,540 --> 00:03:35,390 are not forced to log. 47 00:03:35,430 --> 00:03:39,410 They're not forced to log your IP address and not forced to log information about you. 48 00:03:39,420 --> 00:03:47,520 The EU does have data retention laws and it also has Vietti laws that means that the VPN or the security 49 00:03:47,520 --> 00:03:51,910 service providers do have to retain information about your identity. 50 00:03:51,910 --> 00:03:58,690 Now this is actually a pretty complex issue with some countries complying some not complying some flat 51 00:03:58,690 --> 00:04:00,760 out refusing to comply. 52 00:04:00,780 --> 00:04:04,530 So this is something that you would have to actually personally research. 53 00:04:04,710 --> 00:04:06,720 But there are some good resources. 54 00:04:06,720 --> 00:04:13,620 This is the CFF which is a brilliant site generally and you can find out on here what the latest is 55 00:04:13,620 --> 00:04:18,780 on the manager data retention if you go down here you get the general page and you can see here you've 56 00:04:18,780 --> 00:04:25,260 got all the various countries and you've got the EU here and you can find out about the latest on the 57 00:04:25,260 --> 00:04:31,310 data retention issues and other good Web site that may or may not stay up today. 58 00:04:31,360 --> 00:04:37,730 Is this one here and this page has some good information which it has up dated on data retention. 59 00:04:37,780 --> 00:04:39,660 Like I say it's a complex issue. 60 00:04:39,790 --> 00:04:48,990 I think in the EU the following places seem ok Bulgaria Cyprus Iceland Luxembourg Netherlands Romania 61 00:04:49,320 --> 00:04:50,990 Serbia and Sweden. 62 00:04:51,210 --> 00:04:57,810 But for reasons of data retention you really want to avoid all VPN companies in jurisdictions where 63 00:04:57,810 --> 00:05:03,500 they are forced to log information that will reveal your identity and you might even want to avoid service 64 00:05:03,620 --> 00:05:05,780 based in those locations too. 65 00:05:06,180 --> 00:05:11,880 But even though they have no data retention laws in the United States and other places VPN providers 66 00:05:11,880 --> 00:05:18,900 and other security services are known to be targeted by the NSA GCH key you know another nation states 67 00:05:18,900 --> 00:05:25,830 to cooperate in the anonymising it uses for example law a bit if you are familiar with them went out 68 00:05:25,830 --> 00:05:32,210 of business instead of complying with an NSA demand to secretly let them spy on the Lavabit customers 69 00:05:32,210 --> 00:05:32,610 . 70 00:05:32,610 --> 00:05:38,460 And if you want to read more about this you can go here to sacrifice your business and livelihood under 71 00:05:38,460 --> 00:05:44,640 these circumstances is pretty heroic I mean think about how many other companies have been paid a visit 72 00:05:44,670 --> 00:05:47,040 and now provide information to nation states. 73 00:05:47,040 --> 00:05:49,740 I think a lot of that is probably the exception. 74 00:05:49,740 --> 00:05:55,650 The fact that they actually chose to shut down their business and there are many incidents of VPM provide 75 00:05:55,660 --> 00:05:57,270 is not living up to their claim. 76 00:05:57,270 --> 00:06:02,730 So even if a VPN provider states that they don't Logio traffic you have no way of knowing that this 77 00:06:02,730 --> 00:06:03,410 is true. 78 00:06:03,510 --> 00:06:06,900 Plus when pushed by an adversary such is a nation state. 79 00:06:06,890 --> 00:06:08,500 Will they roll over. 80 00:06:08,670 --> 00:06:14,250 Well probably yes to keep their business going just because they don't keep logs now doesn't mean that 81 00:06:14,250 --> 00:06:15,780 they can't switch them on. 82 00:06:16,050 --> 00:06:19,500 And there's a number of incidents where this has happened. 83 00:06:19,710 --> 00:06:26,550 And just to give you a few examples and got one here from proxy dot SH where they were sniffing traffic 84 00:06:26,550 --> 00:06:27,760 . 85 00:06:27,960 --> 00:06:35,700 They got another one here where Earth VPN user was arrested and are the one here where I hide my ass 86 00:06:35,700 --> 00:06:35,870 . 87 00:06:36,030 --> 00:06:39,880 VPN user was arrested after the IP was handed over to the FBI. 88 00:06:39,900 --> 00:06:45,480 So for reasons of spying and subpoenas companies in the jurisdiction of the five I should be avoided 89 00:06:45,480 --> 00:06:45,510 . 90 00:06:45,510 --> 00:06:47,550 Australia Canada New Zealand. 91 00:06:47,580 --> 00:06:48,780 United Kingdom. 92 00:06:48,780 --> 00:06:53,770 United States of America and even potentially the 14 could be avoided. 93 00:06:53,790 --> 00:06:57,730 And you also might want to avoid serve as a base in those locations too. 94 00:06:57,900 --> 00:07:04,350 We know from Edward Snowden the extremely sophisticated programs exist a mandatory key disclosure laws 95 00:07:04,350 --> 00:07:06,980 exist to force VPN to cooperate. 96 00:07:07,320 --> 00:07:13,650 But maybe you don't live in any of the five countries or the 49 countries you want to avoid using VPN 97 00:07:13,650 --> 00:07:18,900 providers who are registered in the jurisdiction of the nation state you wish to avoid it. 98 00:07:18,950 --> 00:07:20,490 That's probably obvious. 99 00:07:20,880 --> 00:07:24,980 If you are in Iran China India Russia etc.. 100 00:07:25,050 --> 00:07:32,220 So avoid using VPN providers registered in these locations or part of their sphere of influence with 101 00:07:32,220 --> 00:07:38,340 VPN providers no matter how great the claims and how well they set up security and anonymity. 102 00:07:38,430 --> 00:07:39,990 You can never fully trust them. 103 00:07:40,110 --> 00:07:45,630 From these examples that you see I mean I would even bet money that a number of nation states actually 104 00:07:45,630 --> 00:07:48,600 run and own some of the VPN services. 105 00:07:48,600 --> 00:07:50,100 I mean why wouldn't they. 106 00:07:50,100 --> 00:07:56,040 It's not a particularly onerous task it's not a particularly expensive task to set up your own VPN service 107 00:07:56,060 --> 00:07:56,290 . 108 00:07:56,490 --> 00:08:00,250 If I was doing this I'd set up a VPN services. 109 00:08:00,330 --> 00:08:02,900 It would be a good way to monitor people. 110 00:08:03,120 --> 00:08:09,720 So in choosing a VPN you need to start by at least having a VPN with good security practices and then 111 00:08:09,720 --> 00:08:14,900 mitigate the risks I've described by distributing trust. 112 00:08:15,070 --> 00:08:20,740 A single VPN service has a common owner manager which is a key vulnerability. 113 00:08:20,820 --> 00:08:27,840 If you distribute the trust collusion between multiple parties are required to compromise your identity 114 00:08:27,840 --> 00:08:35,190 and privacy and we're talking here nested VPN is using hotspots nested Tor and VPN which we're going 115 00:08:35,190 --> 00:08:36,350 to talk more about. 116 00:08:36,540 --> 00:08:39,060 So we paeans have their purpose. 117 00:08:39,210 --> 00:08:46,530 They can protect you own public Wi-Fi from hackers from corporate trackers from Internet service provider 118 00:08:46,530 --> 00:08:47,530 monitoring. 119 00:08:47,580 --> 00:08:52,190 You have to understand their limitations against a powerful adversary. 13007