undefined | Better HN

0 pointsr0h1n12y ago0 comments

They don't store any user logs (I have no reason to suspect they'd lie about that). So there's not much stored data to break. Which means the focus will be on breaking their traffic encryption protocols.

0 comments

eli12y ago

Not necessarily. There's no need to break the encryption or have logs if the NSA can monitor all the traffic going in and out of the proxy server. They just have to correlate your incoming encrypted connection with the outgoing unencrypted data to remove the layer of anonymity. I'd frankly be a little surprised if they weren't doing this or something like it.

I would guess that using PIA makes you less secure against NSA snooping since it makes you more of a target and provides weak anonymity.

r0h1nOP12y ago

> I would guess that using PIA makes you less secure against NSA snooping since it makes you more of a target and provides weak anonymity.

So you're saying not using encryption and VPN services is a safer choice as regards Internet usage today? You seem to be going against the grain of most of what's been discussed around privacy & Internet surveillance on HN recently.

eli12y ago

I wouldn't make a blanket statement like that. Depends what VPN and how you're using it and what you're doing on the internet and (in particular) what threat you're trying to protect yourself against. PIA will do a good job of protecting the contents of your messages from someone sniffing your wifi hotspot, but is useless against someone with the ability to monitor all internet traffic. The data leaving the PIA proxy is just as unencrypted as it would be if you weren't using a VPN, except your attempt to secure it will likely draw extra attention. There's strong evidence [1] that the NSA has special rules that allow enhanced collection and analysis of encrypted traffic.

[1] "...the NSA is allowed to hold onto communications solely because you use encryption." https://www.eff.org/deeplinks/2013/06/depth-review-new-nsa-d...

dwiel12y ago

If your adversary includes the NSA, you have to consider the possibility that the NSA has required that they store logs and not tell anyone about it.

goatforce512y ago

Hypothetically, I believe a US entity could be forced to start logging and simultaneously be forced to not mention that logging had been turned on (and, indeed, to lie if asked about it).

j / k navigate · click thread line to collapse

0 comments

eli12y ago

I would guess that using PIA makes you less secure against NSA snooping since it makes you more of a target and provides weak anonymity.

r0h1nOP12y ago

> I would guess that using PIA makes you less secure against NSA snooping since it makes you more of a target and provides weak anonymity.

eli12y ago

[1] "...the NSA is allowed to hold onto communications solely because you use encryption." https://www.eff.org/deeplinks/2013/06/depth-review-new-nsa-d...

dwiel12y ago

If your adversary includes the NSA, you have to consider the possibility that the NSA has required that they store logs and not tell anyone about it.

goatforce512y ago

Hypothetically, I believe a US entity could be forced to start logging and simultaneously be forced to not mention that logging had been turned on (and, indeed, to lie if asked about it).

j / k navigate · click thread line to collapse