Original page on the clearweb: http://vpnscam.com/tesonet-data-mining-company-owns-nordvpn-protonmail-protonvpn/
Offline archive (READ NOTES BELOW ON HOW TO OPEN): https://i.imgtc.com/FSzFXt6.png
TL;DR for those of you who won't bother reading:
NordVPN and Protonmail share a CEO. They claim to operate in Panama/Switzerland, but both companies are shell companies, owned fully by PROTONVPN LT, UAB, which is located in Lithuania, which has a law requiring 6 months of data retention (this matters, because, even though they tell you they keep no logs, they are legally required to maintain them). Finally, the headquarters of PROTONVPN LT, UAB, is in the very same building as TesoNet, a Lithuanian data mining service. ProtonVPN claims that the colocation is just happenstance, and they don't actually work with TesoNet, but researchers found NordVPN using privacy certificates signed by TesoNet in their official app binaries.
This also applies to DuckDuckGo as well, who was started by (((Gabriel Weinberg))) to capitalize on all of those wanting to jump ship from google, and does track clicks and links (though it claims not to). An article by the timesOfIsreal on Weinberg's site, which didn't have any traffic worth speaking of until the Snowden limited hangout, which pushed everyone even mildy privacy-aware straight into the dragnet.
Notes on "stealth archives": The archive is a zip file of the page as retrieved a few days ago by me via wget, renamed as a png so the imagehost would accept it. Rename to a zip file to view, or, if on linux, 7z can open it as is.
I call them "stealth archives" because the image host can't tell a download to view the content apart from a download by a browser to display the page, the ISP can only see the DNS resolves to an image host (which gives no hints), and it bypasses the (((internet Wayback Machine))), which watches who is interested in what sites and when, and will memoryhole 'dangerous' sites.
BTW, if the owner of imggoat sees this, your site crashes, showing a traceback, when uploading a not-png named as a png. Could be a security vulnerability, just throwing that out there.
Shoutout to @BloodAndHonour, whose recent recommendation of NordVPN prompted this post.
view the rest of the comments →
GlassSmith ago
Good post, saving this for later. Thank you, alele-opathic.
Now the only question is where the fuck do I go for a non-compromised email?
The big problem is that any email provider that has any power will be inevitably compromised either by the state or (((internal forces))), while any email provider that could stay off the radar of the (((powers that be))) would likely be small and thus easy to be pushed around by larger companies with fat wallets, squadrons of lawyers, and government support.
alele-opathic ago
Again, this is the same question that attracts astroturfing (which I'm trying to encourage people not to ask), but I've been looking into this myself, and I think the problem is twofold. Any email 'provider' provides a central point of failure, and thus a trust issue, regardless of their fancy encryption schemes. Additionally, the protocols themselves (IMAP/POP) are in no way secure at all, even if the provider is trustworthy.
I think that it may turn out to be most practical/secure/cost effective just to buy your own domain, run your own web-facing email server on a pi variant, and use PGP until someone comes out with a better protocol. This sounds like it requires a lot of effort (it's easier than it sounds), which makes it less likely people will do it - most people would rather just switch providers.
Turn_Coat ago
Where does some one who isn't quite that tech literate, and doesn't have the time, go for a non-compromised email?
Kill-Commies ago
someone once told me as a rule of thumb: the "E" in e-mail stands for evidence.