…because VPNs obscure a user’s true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they’re entitled to under the law…
…VPNs might protect you against garden-variety criminals, but the intentional commingling of origin/destination points by VPNs could turn purely domestic communications into “foreign” communications the NSA can legally intercept (and the FBI, somewhat less-legally can dip into at will)…
Certainly the NSA isn’t concerned about “incidental collection.” It’s never been too concerned about its consistent “incidental” collection of US persons’ communications and data in the past and this isn’t going to budge the needle, especially since it means the NSA would have to do more work to filter out domestic communications and the FBI would be less than thrilled with any efforts made to deny it access to communications it doesn’t have the legal right to obtain on its own.
Since the government won’t do this, it’s up to the general public, starting with everyone sharing the contents of this letter with others. VPNs can still offer considerable security benefits. But everyone needs to know that domestic surveillance is one of the possible side effects of utilizing this tech.
It’s not the cryptography you have to trust. It’s the other end of the tunnel. A free VPN most probably sells your data. Nobody offers free services for actually free.
Respectfully, this is a bit more nuanced than that. There are free VPNs ran by non profits supported fully by donations. Yes somebody is paying for it but it’s people donating to the services.
For example there is an open source application called Bitmask that has 2 VPN providers by default, Riseup VPN and the Calyx Institute.
You can download the Bitmask app itself or download the RiseupVPN app which is based on Bitmask but just pre configured to only use that single Riseup provider.
https://bitmask.net/
https://riseup.net/en/vpn
You have to trust them though. That’s my point.They may say they are funded only by donations and still sell your data.
In fact the first link says the same as I do as the first phrase. When using a VPN, you are moving your trust from your ISP to your VPN provider.
Of course there may be exceptions that are actually free and don’t sell your data. But the ones that sell your data will rarely state so.
Is this another good reason to switch to HeadScale or Netbird?
Idk what either of those are. I don’t endorse any VPN. All I’m saying is that it doesn’t matter how strong the encryption algorithm is, you still have to trust your provider.
VPNs have the exact same power over you as ISPs. Using a VPN to avoid your ISP is just kicking the can down the road. That’s why you better choose a VPN that you trust.
I don’t use free VPNs