One security/privacy feature touted by some companies is that they keep no logs and no records. Some even claim that their entire system runs in volatile memory so there is no possibility of data being recorded. Of course, you are trusting that they are both telling the truth and competently executing the system.
Of course, you are trusting that they are both telling the truth and competently executing the system.
that is the thing, you have to trust them. unless they are intentionally malicious actor and if the law of country where they resides allows it, then not keeping the logs is quite hassle-free and actually cheaper than otherwise, so there is a reason to trust them, but you never know.
They don’t have to be malicious if they are incompetent.
They could say they don’t use logs and not realize that their tech stack is actually keeping some sort of metadata or maybe using swap or something. Probably not as likely as the other scenarios, but I wouldn’t count it out completely.
That’s the thing with anything cybersecurity is trust. Unless you wrote all of the firmware and software and websites and webservers yourself you are ultimately placing trust in another entity.
VPNs are just a technical means of shifting trust. Corporations use VPNs for remote work because the VPN connects the employee to the corporate network which they already trust, rather than trusting whatever wifi the employee happens to connect to. For a consumer using a commercial VPN the only thing you’re doing is shifting your trust from the network provider to the VPN provider. You’re not even really hiding anything from websites thanks to modern browser fingerprint techniques, they just see “user #64742258 but from a known VPN endpoint instead of the usual Spectrum residential network in Maryland, 86% match”
One security/privacy feature touted by some companies is that they keep no logs and no records. Some even claim that their entire system runs in volatile memory so there is no possibility of data being recorded. Of course, you are trusting that they are both telling the truth and competently executing the system.
that is the thing, you have to trust them. unless they are intentionally malicious actor and if the law of country where they resides allows it, then not keeping the logs is quite hassle-free and actually cheaper than otherwise, so there is a reason to trust them, but you never know.
They don’t have to be malicious if they are incompetent.
They could say they don’t use logs and not realize that their tech stack is actually keeping some sort of metadata or maybe using swap or something. Probably not as likely as the other scenarios, but I wouldn’t count it out completely.
That’s the thing with anything cybersecurity is trust. Unless you wrote all of the firmware and software and websites and webservers yourself you are ultimately placing trust in another entity.
VPNs are just a technical means of shifting trust. Corporations use VPNs for remote work because the VPN connects the employee to the corporate network which they already trust, rather than trusting whatever wifi the employee happens to connect to. For a consumer using a commercial VPN the only thing you’re doing is shifting your trust from the network provider to the VPN provider. You’re not even really hiding anything from websites thanks to modern browser fingerprint techniques, they just see “user #64742258 but from a known VPN endpoint instead of the usual Spectrum residential network in Maryland, 86% match”
luckily not everything, but i think about this every time i am using android keepass implementation written by god knows who 😆