IE like Crypto AG:
In 2020, it was revealed that the Swiss company, Crypto AG, which provided secure communications services to ~120 governments throughout the 20th century, was secretly ran by the CIA and West German Intelligence. The CIA and later NSA were able to read encrypted communications for many countries such as Saudi Arabia, Iran, Italy, Indonesia, Iraq, Libya, Jordan and South Korea.
i don’t think anyone here considers it a private service at all, but i’m almost certain cloudflare is a honeypot
Why are you so certain?
the biggest part is they’re doing way too much of the internet while being quite opaque. and their service is “too generous”, with free tiers, no ads. and the whole MITMing every traffic and serving from CDN architecture seems ideal for a honeypot to me.
even if cloudflare themselves don’t intend to be one, i’m pretty sure some three letter agency has backdoors to their systems.
fare I suppose
All of the “delete my information from data brokers” services IMO, especially the ones that advertise on YouTube. Always smelled fishy to me.
Either that or they’re just more data brokers trying to get exclusivity.
Reject Convenience did a pretty thorough rundown on what they’re doing: https://www.youtube.com/watch?v=iX3JT6q3AxA
It’s been a minute since I watched, but my key takeaways were that they just reach out to one type of broker which barely scratches the surface of the Data Economy iceberg, and since there’s no legal precedent outside of California and the EU, it’s purely up to the brokers to decide whether or not they want to comply.
So I think it’s probably more likely they really are just private companies preying on people’s anxieties about privacy and relative ignorance about the topic, rather than some kind of governmental conspiracy
Proxies and VPNs seem like the most obvious targets. They mostly prey on people who don’t understand the technical workings thereof (had my mom ask if she needed to get a VPN bc firefox opened on ad for theirs, claiming it enhanced privacy), and serve little benefit to people who are doing the kind of illegal activities that make governments take notice. They serve as a single point of compromise for anyone, and they work worldwide so that all your traffic can be monitored even when you’re on a different ISP/in a different country. It’s like the perfect MITM, and people are even willing to pay to have themselves monitored.
The truth is that at best they benefit people who only don’t want their network-provider watching, but don’t care who else may be. It’s the perfect setup for a 3-letter agency to just sit and monitor everything anyone does, waiting for someone who’s just a little too careless to access illegal content thinking they’re anonymous.
They are perfect for torrenting though. The kind of activity 3 letter agencies don’t want their spying to be disturbed for.
they benefit people who only don’t want their network-provider watching, but don’t care who else may be.
Just FYI: It’s not the network provide we have to worry about in my country. That is specific to the USA I believe.
Here they have “headhunters” that make a contract with a rights holder, torrent a file, write down the IP of someone who uploads a video to them, then legally request the name to the IP and send an invoice for about $2000. No three warnings or anything. And they are very good at sending legal officials to impound any of your valuable stuff in case you don’t pay.
Even other “illegal” activity like calling Israel an apartheid regime or supporting palestine or insulting your head of state might get you flagged by a three letter agency, but they won’t use official legal channels. There is a protection of the herd with VPN.
DNS4EU and WiFi4EU.
Signal and Tor have both received huge amounts of US government funding, very suspicious.
Of course, nobody is going to have evidence here, if there was any the cover would be lifted. But one can guess chances here:
Proton: “Unlikely”… but there is a but. They never cater for the ultimate privacy and they make typical blunders of a company wanted to growth really fast. Now, that they want to be a behemoth in Privacy makes it more vulnerable to requests from law enforcement. Also, law enforcement and intelligence agencies have it easier to penetrate within Proton massive headcount growth.
Tuta: “Very Unlikely”. The people behind started very young and had a sustainable growth. The people are very visible (unlike Crypto AG) so least likely to be working for an “agency”.
Mullvad: “Very Unlikely”. I think their story is similar to Tuta (haven´t followed it that much though).
GrapheneOS: “Very Unlikely”. But in the last year I have raised some minor concerns, but I haven change my rating yet…
/e/: “Very Unlikely”. I know the dude behind for 2 decades, he wouldn´t. However, /e/ never claimed full privacy and from the beginning says he would comply 100% with “lawful” requests, but it is not a honeypot, not that would make much difference to an intelligence agency if they wanted it.
Signal: “Potentially”… yes, yes… audited, solid privacy code… but still does not make sense to me many aspects; financially solvent from day one, the extreme unquestioned massive and vast support from launching till today… if i have to bet in all of these providers, this platform would have been my take as potential compromised one. I still use it to communicate with family since I trust better than WhatsApp, but I would not use it for critical journalistic info.
Signal requires to use phone number, which in many countries is legally required to be tied to your personal identity. Like the SMS provider must have a copy of your id card. You’re basically naked to the CIA when using Signal. Even if not like in the US they presumably mass collect SIM and location correlations for ID. For the life of me I do not understand how anyone can promote that shit.
So the “honeypot” of Signal is that the mainstream promotes it as IF it was a privacy focused app when it’s very glaringly obviously is not. So the effect is that it prevents market space and attention for other apps actually focused on privacy without requiring ID to sign up. It’s a bit like introducing sterile insects to prevent the spread of unwanted pests (= actually secure communication).
Mullvad: “Very Unlikely”. I think their story is similar to Tuta (haven´t followed it that much though).
https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/
Great catch, is this still default behavior?
Thanks so much, this looks worth a deep look! Iĺl need time to interpret this properly.
Oh what are your minor concerns with GrapheneOS? I heard the head behind it is a little weird and paranoid, but honestly i think you kinda need to be for a project like that.
Unpopular takes incoming.
Signal.
Way too many red flags.
- Why ask for mandatory phone numbers? You could at least make it opt in.
- Why we can’t inspect the latest server code?
- Why not make it easy for people to run their own servers?
Do you truly believe that a company that wants to preserve your privacy would take this direction?
And i don’t care how secure the protocol is, how well the code is audited. They can still map your social graph.
Anyways, because of my threat model, i still use Signal. But if i were an activist i wouldnt touch it.
More unpopular takes:
Tor and Mullvad probably compromised too. If a service gets too mainstream, I dont believe for a second that they would let it run without care. They would take it down, or control it.
Now, these services are still usefull. For example mt threat model is to deny my shit to the big tech. So they are useful if you want to escape data collection for adversiment purposes.
I don’t think they would burn the reputation of these services for low hanging fruit like selling data for ads.
Signal, I agree… it has flags for me in so many ways.
Tor. Unlikely though. For sure many nodes are controlled and now they are using massive power to unlock the traffic, but was not set up as a honeypot per se, it is now, probably, technologically quite compromised though.
Mullvad. Funny, your suspicions probably got enhanced when Mullvad makes a browser based on Tor’s. But I still not highly suspect of Mullvad. Quite steady organic growth, profitable, no much pronouncements or catering to certain “targeted” groups… No mayor red flags for me.
If you’re online then you’re cooked.
The Proton CEO did make suspicious US political statements despite being Swiss. That combined with their misleading marketing on social media.
The Crypto AG story shows that the location of a company doesn’t matter that much. The US simply made legal what they were already doing behind the scenes. Intelligence services have always been and still are above the law.
Absolutely! Location does not guaranteed anything. The only case against US, four eyes… etc is that they have the power to shut it down easily so they can use it as a threat. Switzerland has, for years now, showed the same drive as any other country to do just that.
Now, I have seen very principled individuals in the US, I would say even more than in the Europe! It is not surprise that we see cases like Lavabit where a right owner chooses to close shop rather than compromise its customers. I hope GrapheneOS will do the same.
Most likely all free vpns
Israeli actually, like express VPN
Maybe not a honeypot, but definitely too large for my taste by now: Proton. With Mail, VPN, password manager, file storage, AI and whatnot, it’s one ginormous basket to put all of your eggs into, hopping it’ll hold.
the owner is fine with fascism because fascism makes his product more lucrative
Did he say that? :o
not exactly. the more nuanced inspection of what he said was that donald trump’s plans to deregulate the tech industry he expected to benefit his company. however, that deregulation is in service of allowing more surveillance capitalism, environmental degredation, and worker mistreatment. the wording i provided is what that ultimately means as an analysis of how and why proton would make more money in that type of environment
Probably various VPNs on the market
Especially Israeli owned VPNs. Which seems to be most of them lately.
Oh yeah definitely
I always assume the more popular it is, the more likely it is of being compromised.
I have no idea if it’s the case, but I switched away from mullvad after seeing billboards and ads of it everywhere, even on city infrastructure like trains and buses.
If the company is owned by “Kape” its ikely a Israeli honeypot:
https://medium.com/illumination/vpns-the-privacy-trap-4aef67f39634
Kape’s portfolio includes ExpressVPN, acquired in 2021 for $936 million; CyberGhost, purchased in 2017; Private Internet Access, bought in 2019 for $127 million; and ZenMate.
Together, these services account for three of the six most popular VPN products globally, serving approximately 7.4 million paying subscribers.
Kape also owns VPNMentor and Wizcase, review platforms that rank VPN services — including Kape’s own products — for consumers seeking expert guidance.
Mullvad is very likely one of the few good ones. I’d suggest reevaluating it.
My trust in them was definitely shaken after the recent news about fingerprinting exit IPs: https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/
They were very responsive but this seemed like a huge fuck-up to me, to the extent that I question whether it was purposeful.
Not sure who else to trust because other providers like Proton seem even worse
I have no reason to go back to it, and I switched away from it for the reasons mentioned: its grown very large, and has mainstream ads everywhere now.
if it makes you feel better i know an employee there and theyre a communist and say a lot of mullvad employees are lefties too, idk if they have a union or anything. nym vpn has chelsea manning backing it. not really a traditional vpn though its basically unfree tor that is not slow as balls, has the benefit of really good server coverage and few people blocking it. coolest thing is you can use a seedbox to route traffic to pay it down.
Especially the ones aggressively marketed, or noted as independent when they cannot give concrete evidence for whence their finances and ownership come. Always question and investigate, and make sure trusted people know you do so.
Most people only use vpn providers for streaming location hopping, torrenting, p*rn and on public networks. For day to day 24/7 use you are just trusting your VPN provider not to spy on your traffic instead of your ISP.
I know your example is the opposite, but any service that is run and hosted in the US.
It’s one of the major issues with Signal.
Not to mention Graphite and Pegasus, Israeli spyware.
When parliaments have to inquire their own spy services, it’s a sign that these spy services must be disbanded, as they are becoming a deep state of their own, intimidating and harassing politicians. After all, if you can’t trust your own politicians, whom can you? And that’s problematic.
Disbanding those services and prohibiting any secret services from ever forming, would also regain a great deal of trust of society in each other. And that trust in turn, can foster society to advance for mankind.
You got that right.
