ProtonVPN IPS that they do not own are they safe?

ProtonVPN doesn’t log and they take pride in that even citing a 2019 case in which law enforcement through subpoena demanded the data of a user and ProtonVPN had nothing to give them .

However it has come to my attention that in an older comment made by ProtonVPN MOD he stated that ProtonVPN does not own most of it’s IPs so all legal demands would go to the ISPs that actually own those IPs

Wouldn’t that make protonsVPN no log policy useless?
Since the ISPs could log themselves and then share all your traffic freely and I believe that would be especially the case for the free version of ProtonVPN

‘ProtonVPN doesn’t log and they take pride in that even citing a 2019
case in which law enforcement through subpoena demanded the data of a
user and ProtonVPN had nothing to give them .’

​

so ‘law enforcement’ was sol

That’s a good thing.

Yes. Traffic is encrypted during the entire journey in practically all web browsing cases nowadays. Very few applications don’t use SSL/TLS or other technology during communication. There’s also no way to distinguish your traffic from the traffic of another person on the server in any easy way without modifying the source of the application (WireGuard or OVPN in this case).

If you’re worried about this kind of attack, use a provider that has multiple VPN connections chained together. That would greatly increase the complexity of an attack that knows your real IP address already.

The fact is that this would be extremely complicated and wouldn’t be practical at all. Factor in that your server could change and various other things that aren’t specifically mentioned.

If you’re really concerned, use Tor in front of the VPN. Do not ever use Tor by itself, or before the VPN.

ProtonVPN doesn’t own those IPs, Amazon does. Not ISPs. Compare the city locations listed in ProtonVPN with these locations:
https://www.datacenters.com/amazon-aws-data-center-locations

If it’s not Secure Core, it’s probably going through an AWS data center where ProtonVPN is running on Amazon AWS servers to be your no-logs, secure VPN proxy out to the rest of the internet. This is why people will complain about CAPTCHAs, because so many other things are running out of there as well. ProtonVPN can also use AWS Elastic IPs to change IPs quickly when that occurs, and because AWS IPs are so dynamic, there’s zero point in AWS having any logging on them.

You’re encrypted from your client connection to wherever the VPN connection terminates (country, state, etc), so you’re secure there. ProtonVPN doesn’t log unless you enable some form of logging in your account settings for your own protection, such as using Proton Sentinel.
https://proton.me/support/proton-sentinel

So no, the “no logs” policy is not useless.

use a provider that has multiple VPN connections chained together

Proton VPN has Secure Core that traffic through multiple servers to a more secure VPN endpoint. Also you can use both Proton’s desktop VPN client and their browser extension at the same time.

I understand then logging the data might not be feasible

But the ISPs that provides the IPs can still see your real IP correct?

Doesn’t that leave users vulnerable to become deanonymised?

My point was that if the IPs are owned by the VPN itself they might not be able to share them with third parties due to their privacy policies.

In the comment I was referring to the mod that was talking about reasons as to why ProtonVPN hasn’t got a another request to hand over the data of a user since 2019

And in one of the reasons he listed was that most IPS are not owned by protonsVPN so third parties would make these requests directly to ISPs that provide the IPs to Proton

this is wrong. tor is meant to be used by itself. while you can use it in front of a vpn, telling others to never use tor by itself is false information.

Our infrastructure is based exclusively of bare-metal servers we actually own – in the case of Secure Core entry servers and servers in Switzerland and Germany, or that we rent from vetted companies – in the case of regular servers. These bare metal servers are fully configured by us, with no-logs, and encrypted at-rest. The IPs we employ are either owned by us, or provided by the upstream data-center providers.
Indeed in certain countries, a powerful attacker, like certain governments, could record the entire network traffic entering and exiting a data-center. Through timing-correlation attacks, it would be possible for them, in certain conditions, to associate the encrypted traffic of the user entering the VPN server, with the internet traffic exiting the VPN server. If this is your threat model, we recommend activating our Secure Core solution, where your traffic will pass first into our own servers in privacy-friendly countries, before reaching the actual servers in the desired country. This will break such types of attacks because the source IP that would be correlated would be our very own Secure Core entry server one. Check out our article here for further information about Secure Core: https://protonvpn.com/support/secure-core-vpn/.
You can also review our article about servers in high-risk countries: https://protonvpn.com/blog/vpn-servers-high-risk-countries/.

https://restoreprivacy.com/tor/

Never trust anyone that doesn’t understand how Tor works to tell you how to use Tor.

Okay so please calm down, and let’s go through this step by step as you clearly do not have any idear how the internet actually works.

Let’s start off with your claim that some ISP’s have many “384 400Gbps port per router” this is f8cking hilarious as it’s just plain false. No ISP has this many ports and capacity, that’s over 153.6 Tbps of capacity. HE which is one of the largest T1 providers of transit in the world has in total 200Tbps of TOTAL capacity. And this is a T1 who is one of the backbones of the internet. No local ISP will have anywhere close to this capacity. And even if they did that has no bearing on the actual traffic because I could have 1 Pbps worth of capacity yet only use 1Mbps.

Secondly an ISP can most certainly log traffic, and saying it’s not technologically possible is just false as it would be comically simple to just log everything and then dump anything not of importance if they wanted to. If they wanted to they definetley could(Arguablly the question becomes about law in the designated country at that point). But the thing is “ISP” is just the person who announces IP space for the customer, this can be the customer themselves and then they get transit/peer with entities such as HE. I own V6 space and so for me checking my v6 ISP it shows myself as the ISP. But anybody in the AS-PATH where the data goes through could in theory log the traffic. So that might just be the sender and reciever if they have a direct peering relation, or it could be multiple hops if they have multiple transit providers between them.

Also btw if you say “We would notice latency”, no you wouldn’t. As advanced adversaries wouldn’t actually interrupt data to analyze it but would instead duplicate send it sending 1 on it’s marry way and the other for them to analyze. And with the rapidly decreasing cost of storage storing all that info isn’t that expensive if you look at a nation state scale.

I don’t disagree for you that this most likley isn’t a realistic threat, but don’t try to shout and spew BS you seem to have no knowledge of.

most or all of Tor’s vulnerabilities don’t come from Tor itself, but the browser, allowing malicious Tor services or malware on the system to get the browser to unintentionally leak its real ip. this is solved easily by using something like tails or whonix.
https://www.cvedetails.com/vulnerability-list/vendor_id-12287/product_id-23219/Torproject-TOR.html

vulnerabilities in the Tor network itself (not browser) have only usually caused denial of service attacks, which does not de-anonymize you, and most of the targets were hidden services.

the article repeatedly states the US government has requested loopholes in the Tor network letting them de-anonymize users at will. this is simply not true, there have been very few cases of people being de-anonymized within just the Tor network by law enforcement. 99% of the time it’s bad opsec or browser vulnerabilites. DPR (silk road) was caught because of basic mistakes he made in preserving his anonymity, not because of the Tor network. He literally ran a Tor hidden service, which is less secure than being just a Tor user, and yet the fbi had to still follow a complicated paper trail of DPR slowly revealing his own identity in forums and practising poor opsec. Also adding to this, there are CIA agents who use Tor to hide themselves, kinda dumb to do that if there are known loopholes or backdoors as those are attack surface. also, Tor nodes are run by volunteers, and the code is open for you to read. here’s a video from DEFCON for more information:
https://www.youtube.com/watch?v=eQ2OZKitRwc

Edward Snowden, who’s still wanted by the United States for leaking classified information from the NSA, used Tor to stay anonymous and was never caught. the NSA, let me repeat, which your article states can apparently can track Tor users at will. If there was a backdoor/loophole, he’d probably be in prison by now.

more info about good opsec when using Tor: https://www.whonix.org/wiki/Tips_on_Remaining_Anonymous#Keep_Anonymity_Modes_separate

as for ISPs knowing you use Tor, there are tor bridges for a reason.

Tor and VPNs have different use cases. Tor doesn’t need an account, there’s no unique identifiers between sessions. (if used right)

the article you cited is written by someone who has never looked at the source code or even read the tor spec. funny thing is, the article calls out everyone for spreading misinformation, yet the site has previously been known to do that itself. ABOUT PROTON VPN TOO HAHAHA
reddit.com/r/ProtonVPN/comments/70wnr6/restoreprivacycom_followup

The “leaked emails” in the article are taken out of context: https://blog.erratasec.com/2018/03/askrob-does-tor-let-government-peek-at.html

the only way to identify Tor users on the network is by doing traffic analysis over entry and exit nodes, which requires a lot of resources as you need to be recording all or most of the internet’s traffic. the NSA might be able to do this (a possibility) but they most likely only do for extreme cases due to the high cost+resources required. NOTE that VPNs are also vulnerable to traffic analysis attacks. a couple of good reads about these type of attacks and how it affects Tor:
https://core.ac.uk/download/pdf/4271895.pdf
https://css.csail.mit.edu/6.858/2023/readings/tor-traffic-analysis.pdf

there’s nothing wrong with using Tor standalone in most cases. use bridges if your ISP blocks Tor, and a VPN before Tor if bridges don’t work as well. (Rare)

in a lot of countries which use Deep Packet Inspection for censorship, ISPs may flag VPN traffic much more easily than a Tor connection through a bridge using obfs4 or meek-azure.

conclusion: use actual vulnerability trackers, research papers , and your own testing to conclude if a service/software is secure or not. don’t blindly trust blog posts. im not saying the tor network is 100% secure, no network/service is. both VPNs and Tor have their benefits/drawbacks/risks. everyone has to analyse their own threat model and decide which tools are best for their situation.

Never trust anyone that doesn’t understand how Tor works to tell you how to use Tor.

i don’t think i’m the one who doesn’t understand how Tor works. you’re the one giving false information and bad advice while citing unreliable and unprofessional sources.