April 22, 2025 • 44 mins
Jordan Bravo and Stephen DeLorme break down the reality of Virtual Private Networks (VPNs) beyond the marketing hype. They explore what problems VPNs actually solve—hiding your IP address from websites, concealing your browsing from ISPs, and encrypting traffic—while addressing their limitations and downsides. Jordan and Stephen compare VPNs with Tor, examine trusted providers including Proton VPN, Mullvad, IVPN, and the innovative Obscura, and discuss the frustrating trend of websites blocking VPN users. Learn practical advice for incorporating VPNs into your digital sovereignty toolkit and why you should stand up for your right to privacy online.
Show Notes: https://atlbitlab.com/podcast/the-truth-about-vpns-beyond-marketing-hype
00:00 Introduction to The Sovereign Computing Show
00:35 ATL BitLab Sponsorship Information
01:55 Welcome and Episode Overview
02:07 Updates and Errata from Previous Episodes
05:06 White House Signal Group Security Mishap
12:17 Amazon Echo Privacy Changes
15:24 Main Topic: Understanding VPNs
16:33 Problem #1: How VPNs Hide Your IP Address
17:56 VPNs vs. Tor: Centralization and Trust Models
21:30 VPN Performance vs. Tor Performance
23:05 Problem #2: Hiding Browsing from ISP Surveillance
24:49 Problem #3: Traffic Encryption Benefits
25:35 VPN Provider Reviews
25:57 - Proton VPN: Features and Netflix Compatibility
27:32 - Mullvad: Privacy Features and Cross-Platform Support
30:08 - IVPN: Privacy-Focused Alternative
32:07 - Obscura: The VPN That Can't Log Activity
36:46 Downsides of Using VPNs
38:12 Website Blocking and VPN Discrimination
42:38 Conclusion and Recommendations
43:44 Show Outro and Support Information
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Jordan Bravo (00:00):
The worst is they will gaslight you into thinking that you're
(00:04):
doing something wrong, like you said,and or they'll try to make it seem
like you are a criminal or guilty ofsomething just because you're using a VPN.
So I say we band together stand upfor our right to be anonymous and
private and not take that crap.
You know, stand up for yourself.
There's nothing wrong with using a VPN.
You're not trying to hide anything,you just are trying to not dox
(00:28):
yourself to the whole internet.
Welcome to the Sovereign ComputingShow, presented by ATL BitLab.
I'm Jordan Bravo, and this is apodcast where we teach you how to
take back control of your devices.
Sovereign Computing means you own yourtechnology, not the other way around.
Stephen DeLorme (00:48):
This episode is sponsored by ATL BitLab.
ATL BitLab is Atlanta'sfreedom tech hacker space.
We have co working desks,conference rooms, event space,
maker tools, and tons of coffee.
There is a very activecommunity here in the lab.
Every Wednesday night isBitcoin night here in Atlanta.
We also have meetups for cyber security,artificial intelligence, decentralized
(01:08):
identity, product design, and more.
We offer day passes and nomad passesfor people who need to use the lab only
occasionally, as well as membershipsfor people who plan to use the lab
more regularly, such as myself.
One of the best things abouthaving a BitLab membership isn't
the amenities, it's the people.
Surrounding yourself with acommunity helps you learn faster
(01:28):
and helps you build better.
Your creativity becomes amplifiedwhen you work in this space,
that's what I think at least.
If you're interested in becominga member or supporting this space,
please visit us at atlbitlab.
com.
That's A-T-L-B-I-T-L-A-B dot com.
Alright, on to our show.
Jordan Bravo (01:51):
Welcome to the Sovereign Computing Show.
I'm Jordan Bravo and I'mhere today recording from ATL
BitLab with Stephen DeLorme.
Stephen DeLorme (02:00):
Hey, how's it going.
Jordan Bravo (02:02):
Today, before we get into our main topic, and it's a good one, I
assure you, we've got a couple of updatesand errata that we want to comment
on regarding some previous episodes.
In our App Store episode, we were talkingabout some of the vulnerabilities or
the downsides of the centralized appstores and native apps in general.
(02:24):
And we kind of waxed nostalgicabout back when browsers were the
only way to get those types ofapps or native apps on desktop.
But basically the pre-mobile app era,App store era, and we kind of, at least I
felt like I might've given the impressionthat browsers don't suffer from the
(02:45):
problems of downloading malware, thatthey're magically immune from issues.
But that's definitely not the case.
I think we can remember the peakera of toolbars that would install
themselves and slow everythingin your browser down to a crawl.
I mean, you had toolbarsupon toolbar upon toolbars.
I remember I would help my grandmaout with her computer and she
(03:10):
would have Internet Explorer.
And literally three quarters of theentire screen of the browser was
toolbars, just spyware installed.
And there was this one little sliverof the actual webpage at the bottom
and it was just riddled with popupsand it, it was barely functional.
I just wanted to put that outthere because it was not all
(03:31):
sunshine and rainbows back then.
We kind of have a different setof problems now with the native
apps and the app store censorship.
So I think, like you alluded to, Stephen,the problems were different because
when you don't have a curation froman Apple or a Google, for example, you
might get something like a crypto minerinstalled or you might get something
like Chinese spyware, but now we getspyware from Google or Apple, and
(03:58):
they're less likely to do something likeinstall a crypto miner on our, devices.
But at the same time,there's downsides as well.
Stephen DeLorme (04:04):
Yeah.
Jordan Bravo (04:05):
The other update I wanted to talk about, or just make an
amendment, which was that during ourbrowser episode, and search engines.
We forgot to mention that DuckDuckGohas both a browser and a search
engine, and they are privacyfocused and that the DuckDuckGo
browser is actually based on WebKit.
(04:25):
So that's important to know becausethere're another browser out there
that's fighting the Chromium monoculture.
We talked about this in depth inthe episode, how basically there
are only three major browsersunder the hood, even though there's
a bunch built on top of them.
And so you had the Firefox and its forks.
(04:46):
You have Chromium and its forks,and then you have WebKit, which is
safari basically, and its forks.
So it sounds like DuckDuckGo beingbased on WebKit might actually
be a good thing just in terms ofmore diversity in the ecosystem.
Stephen DeLorme (05:00):
Absolutely.
Jordan Bravo (05:01):
All right, today, we have a couple of news articles we're gonna
get into, and the first one is somethingy'all might have heard about in the
news lately, and this is about the Trumpadministration accidentally, including
a journalist in its Signal messaginggroup, when they were communicating
about war plans in Yemen or with Yemen.
Stephen DeLorme (05:23):
And wait a minute, the White House Signal Group, it's so funny
to hear somebody say those words out loud.
Like, I think of like a Signalgroup as just like, something with
me and my friends or something.
And it's like very casual.
So it's, I don't know.
It's kind of funny to imagine a bunch oflike federal government officials just
like starting a Signal room together.
Jordan Bravo (05:44):
Yeah.
And while we aren't really interestedin covering politics, per se on this.
I think it's interesting because we'vedefinitely discussed Signal and we've
discussed how you see that the governmentsat least what they talk, what they say
in public is "Don't use encryption."And then Chinese hackers happen and
they say, "Use encryption." and thenthey say, "But just kidding, not really.
(06:08):
We wanna be able to backdoorit." And so it's the, it's funny
to see them now using it at thehighest levels of the government.
Stephen DeLorme (06:16):
Yeah, absolutely.
I mean, it's clearly a useful tooland for anyone who maybe is, uh, just
listening and hasn't, um, you know, readthe article yet or hasn't heard about
it, basically, um, this journalist fromthe Atlantic, um, suddenly found himself
invited to, uh, a Signal chat room, andall these people, uh, start entering the
(06:36):
Signal chat room with like the initialsof like key people in the federal
government, including the vice president.
And they basically start planning, um, inthe Signal room, like a bombing on Yemen.
And you know, the journalist initiallythinks, "Well, this is probably some
kind of um, you know, people tryingto, uh, entrap a journalist, this is
(06:57):
probably all fake." But then, you know,the bombs actually, you know, fell on
Yemen and he is like, "Oh, wow, this isprobably real." So, reaches out to the
White House and gets confirmation thatyes, that was a real Signal chat room.
yeah, so it, it, you know, I thinkthe thing that's interesting about
is, obviously this is, I mean, I, Ithink it's an embarrassing, you know.
(07:18):
Security mishap.
Um, I don't think, uh, and anyone wouldreally disagree about that, to just like
accidentally invite somebody, you know,who doesn't have security clearance.
Like, it's a mishap.
Right.
it is interesting though becauselike, I'm kind of putting myself
in their shoes for a little bit.
Like, you've got these like, busygovernment officials and like,
(07:38):
you know, work, probably workin different physical buildings.
Have a full schedule of differentmeetings with different people.
Um, they should be, I guess, I don'tknow how this stuff works, but they're
probably supposed to be going to likea skiff, which is like one of these
like government faraday cage roomsto like talk about sensitive stuff.
So it's like one of these rooms that likenothing could get, get in and get out of.
(08:00):
But they're not doing that.
they're finding the UX of just downloadingSignal, way more appealing to them.
I'm guessing it probably fits intotheir busy schedule a little bit.
They're getting these assurances oflike, "Oh yeah, we can just use this
encrypted messaging app and then wecan all just, you know, plan this from
our respective offices and all that."
So I think when you're just like planningfor like any organization, company,
(08:25):
government, club, whatever, and it's like.
If your processes are like slow oryour processes, for dealing with stuff
in a secure and private way is, toocomplicated or too slow or too difficult,
then people will try and route aroundthat and find a different solution.
(08:47):
This seems to me like a, an example ofpeople trying to route around kind of a
legacy process to, do something that feelsmore convenient to them, and obviously it
backfired because of the human element.
It wasn't the encryption that wasbroken, just like someone accidentally
invited someone to the chat thatwasn't supposed to be there,
which could happen to any of us.
(09:07):
Right.
but it, it, it just kindof goes with the show.
If you don't, you know, build in aprocess that's like both private and
secure and also easy to do, peoplewill route around it and try to do
something that maybe isn't as secure.
Jordan Bravo (09:21):
Yeah.
It, it's very common in cybersecuritythat you have a system set up with
end-to-end encryption and all kindsof excellent security features from
a technical standpoint, but thenthe human element comes into play
and you have either human error orsomebody just gets socially engineered.
Um, somebody writes their passwordon a sticky note and leaves
(09:42):
it out, that kind of thing.
Stephen DeLorme (09:45):
Yeah.
But hey, it's kind of nice to know that,uh, you know, Signal's technology is, good
enough for these people in the government.
Jordan Bravo (09:54):
Yeah, it is encouraging.
You know, they, they're at the top levelsof the government, so in theory they have
access to the best technology for thiskind of thing, and they are using Signal.
So that is encouraging like yousaid it tells us that it's not
compromised as some people think.
Uh, of course we have no way of knowingfor sure because we, we can't see
(10:15):
the code that's running on the Signalservers and you have some people, like
Tucker Carlson has famously declaredthat Signal is backdoor because he said
that when he was gonna go to Russia tointerview Putin, he, uh, the only person
he ever mentioned it to was via Signal.
And then the people that were spyingon him, he said that they had known,
(10:37):
you know, they were talking about it.
And so if I had to guess, I wouldsay that they probably just got
physical access to his phone.
Stephen DeLorme (10:44):
Yeah.
Jordan Bravo (10:45):
In which case, it doesn't matter what app you're using, if
you physically compromised someone'sphone, you can basically listen to
everything that they're doing on it.
Stephen DeLorme (10:53):
Yeah.
It could have been, the other person'sphone was physically compromised too.
I mean.
Jordan Bravo (10:56):
Exactly.
Stephen DeLorme (10:57):
That's the thing about it.
It's like in this situation, it's like,"Whoa, everything's all encrypted."
But it's like, "Well, you invited if, youknow, if the wrong person gets invited to
chat or the wrong person sees the phonescreen, they can just take a screenshot of
it," which is exactly what happened here.
So, and it's like, yeah, the, you can't,you can't control for all those variables.
Jordan Bravo (11:17):
Alright, well.
Let's move on to the nextarticle and this one.
Stephen DeLorme (11:21):
Oh, wait, before we move on to that.
Jordan Bravo (11:23):
Yes.
Stephen DeLorme (11:23):
We should probably hit this meme real quick.
Jordan Bravo (11:25):
Yes.
Stephen DeLorme (11:25):
This dank meme.
So this, for anyone who, uh, is just,uh, listening, uh, we've got a screenshot
of the Signal disappearing messages,menu, which lets you choose between,
you know, off all the way to, you know,four weeks, down to like 30 seconds.
And, and, and all of that.
And so, uh, for lunch plans, that'sright around off or four weeks.
(11:49):
Uh, if you wanna make war plans,that's around one week to one day.
Uh, if you wanna send nudes that'saround one hour to five minutes.
And, uh, plans to lie aboutsending war plans are 30
seconds disappearing messages.
Jordan Bravo (12:02):
Yeah.
Good stuff.
We'll, we'll upload it andput a link in the show notes.
Stephen DeLorme (12:06):
I'm not sure who to credit this to, but thanks to whoever.
All right.
Next article.
Jordan Bravo (12:12):
The next article we're gonna talk about briefly
is about the Amazon Echo.
If you are an owner of an AmazonEcho, you'll wanna know this.
The Amazon has released a, they send anemail out to Echo owners, saying that on
March 28th, 2025, which is two days awayfrom this recording, that you will no
(12:36):
longer be able to opt out of having allof your recordings sent to Amazon server.
So currently you can select an optionwhere when you talk to the Echo,
it only processes, it processes itlocally - your voice recording, and
that option is going away in two days.
So everything from that time on thatyou say to Amazon will be sent or
(13:00):
to your Echo rather, will be sentto Amazon servers and you are, you
will no longer be able to opt out.
So I think if you did not alreadyhave a good reason to get that
spyware out of your house and outof your life, this might be the push
that you need in that direction.
Stephen DeLorme (13:17):
I actually didn't even know they had a do not send option.
This is actually one of the reasonsI've never gotten an Alexa, because I
actually thought that, uh, it was bydefault all recordings went to Amazon.
But they're actually, they had a waywhere they could process it on device.
Jordan Bravo (13:33):
Well, it might be that it was defaulted to sending it.
Stephen DeLorme (13:36):
Yeah.
Jordan Bravo (13:37):
But you could go out of your way and opt into local recordings.
Stephen DeLorme (13:40):
And so the local recordings, do they actually,
like, would they, were they liketransferring the recording- speech to
text locally or something like that?
Jordan Bravo (13:48):
That's what it sounds like.
Stephen DeLorme (13:49):
Oh, interesting.
Well, we don't have accessto the full article here.
I think because I'm not loggedinto wired.com because I stopped
paying for wired.com during Covid.
But we can, you know, get the headlineand get the basic gist of it from here.
Jordan Bravo (14:05):
Yeah, I mean, I mean, I think the takeaway here is pretty clear.
You know, if you're concerned about yourEcho spying on you and you were relying
on the fact that it was processinglocally, it's, that's no longer an option.
Stephen DeLorme (14:18):
Yep.
Well, you know, for me, I can just, uh,I'm fine with just good old fashioned
clicking on Amazon in a web browser.
Jordan Bravo (14:27):
What you said though, you said that you never bought this
because you didn't know that thelocal transcription was an option.
But I would say that goes to show thateven if it is, it might not be forever.
So
Stephen DeLorme (14:40):
Yeah.
Jordan Bravo (14:40):
If you put a piece of spyware in your home and it's, they're,
they're pinky swearing that they'renot gonna be using it for nefarious
purposes, but the terms in of service saythat they can change those terms at any
time and you have no choice but to eitheraccept them or stop using the product.
So I would just rather only usesomething that I have control of
(15:02):
and not some other third party.
Stephen DeLorme (15:04):
Yeah.
Makes sense.
Jordan Bravo (15:05):
Before we move on, I just wanna say that this will
also tease an upcoming episode thatwe're gonna do about local AI and
LLMs and home assistant type stuff.
So keep an eye out for that.
Stephen DeLorme (15:18):
Awesome.
Jordan Bravo (15:19):
All right.
Today's main topic that we're gonna talkabout is VPNs, Virtual Private Networks.
Most people have heard of VPNs.
Many people even use them.
You've probably seen a millionYouTube advertisements for
Express VPN and Nord VPN.
They really hammer the podcast scenehard with, with their advertisements
(15:41):
and their, their sponsorships.
Um, but I think the problem with a lot ofVPN messaging is that they are supposed
to be a panacea for security and privacy.
And they, that is certainly not the case.
Uh, I would say VPNs have an importantplace in our sovereign computing toolbox,
(16:02):
but it's important to know what problemsthey solve and what problems they don't
solve and how to use them properly.
And then when we do wanna use them,what are some providers that we can
use that are better than others?
And what, you know, what has goodreputations and which ones have
more, uh, technical advantages.
(16:22):
Let's talk about the problem thatVPNs actually do solve, and then we'll
talk about what they don't solve.
VPNs, in my estimation,they have three real uses.
One is they will hide your IPaddress from sites that you visit.
Normally, when you visit any kindof website or have any kind of
internet traffic in general, by thenature of the way that the internet
(16:46):
and the IP stack works is there'sa destination IP and a source IP.
And so the source IP, that'syou, that's your home typically.
And so everywhere that you visit, theirservers, they see where that traffic
is coming from, and IP addresses canbe easily mapped to physical addresses,
(17:08):
and so if somebody has your IP address,they can get a pretty good idea of
geographically where you're located.
So if you want to hide that from the sitesthat you visit, then a VPN does a good job
of that because you are actually tunnelingthrough to the VPN provider and then the
VPN provider is going to your destination.
(17:29):
And so your destination, they onlysee the VPN provider's IP address.
And when you have an a VPN providerthat is a large provider with a lot of
customers, you get a good anonymity setbecause it could be, the traffic could
come from thousands or tens of thousandsor however many customers they have.
It could be any of anybodyusing their service.
Stephen DeLorme (17:52):
So on that note, maybe before like getting into like services
specifically, it would be good tocontrast to this, compare and contrast
to this, with something like Tor.
Jordan Bravo (18:04):
Tor is more decentralized than a VPN provider.
With a VPN provider, you're justdesignating a single company's
servers and you're saying "I'mrouting all my traffic through that."
Whereas Tor is there's a network ofnodes out there running Tor relays
and your Tor browser, let's say,is going to on the fly, find a path
(18:30):
to your destination, and it's gonnado that going through three hops.
You have your entry, yourmiddle, and your exit.
And by doing so, none of therelays have full information.
So the entry node knows your IPaddress typically, but then they don't
know what, where your destination is.
(18:54):
Conversely, the exit node, the last onein the chain, knows your destination,
but they don't know where you came from.
And the middle one doesn't know either.
Stephen DeLorme (19:04):
And I think something worth noting with Tor and versus VPN
might be the kind of UX of it, like whyyou might choose one over the other.
Because I think with, uh, you knowTor, so like, and you know, apologies
if I'm jumping the gun a little bithere, but like, one of the, like
drawbacks I think of with VPNs isthat, as you pointed out, I am hiding
(19:27):
the IP address from the sites I visit.
I'm hiding my I IP address from my ISP.
Um, and, and yes, I'm getting thisencrypted tunnel, but I, there is a bit
of trust involved in that VPN provider.
I am hoping that they're not going to,you know, keep logs of the sites I visit
(19:48):
and hand that over to somebody else.
If they do, then, you know, they'dlose my trust and, you know,
and, and lose me as a customer.
But I'm kind of having the trust, theywon't do that, which I think makes
reputation very important for a VPN,whereas I, I don't have quite the same
trust assumptions with Tor, right?
Like I, I can log onto Tor for free.
(20:09):
All the nodes in the Tor networkare kind of just doing a, a public
service and randomly creating adifferent circuit every single time
and that's good and that's cool.
And so you might think, "Well, whynot? Why not just use Tor all the time,
Stephen?" And the reason is becauseit's, you know, frankly, it's a huge,
(20:29):
you know, I mean, it's, it's slow.
It's just a, it's kind ofa pain in the ass, right?
Like, if you, if you go visit a siteover Tor, it's gonna be way, way slower.
And you're not gonna get, like, especiallyif you're trying to, scroll through
social media or, you know, go lookat something on YouTube or whatever.
Just like the bandwidth for videosand image download and all that,
it's gonna be noticeably slower.
(20:51):
So yes, you might have, you know,some better privacy guarantees.
There may not be nearly as much trustinvolved, but, uh, it is kind of this
like free public resource and it can be,you know, slow to use and you know, if
you're not dealing with something supersensitive, super critical, like you,
you choose your own threat model, right?
(21:12):
If your threat model is not, youknow, super high and super paranoid.
Then, you know, maybe you're better offjust paying a VPN for an exceptional
level of fast internet performance.
Jordan Bravo (21:24):
Yeah.
When you pay a VPN provider, you arepaying for their costs of running
a server with a lot of bandwidth.
And so depending on your provider,you can get bandwidth speeds
that are close to approachingnormal internet browsing speeds.
You're always gonna take a bitof a performance hit, but you
(21:45):
can still get acceptable speeds.
Whereas Tor is a networkrun by volunteers for free.
And sometimes this is just people whohave an extra computer sitting around
and they decide to plug it into theirhome internet and run a Tor relay.
And so you don't have this huge commercialoperation providing tons of bandwidth,
(22:06):
rather it's in incredibly constrained.
And so I would typically only useTor for text-based things in very
sensitive situations, but I find thatday-to-day it's, it makes the UX so slow.
It's, it's not reallyusable for a lot of tasks.
Stephen DeLorme (22:26):
One quick, sidebar is that, uh, I have the timechaincalendar.com
up, uh, as a pleasing visual while we'rerecording this episode and something
is going on on Bitcoin right now.
Blocks are coming in like super fast.
I'm kind of curious to lookafter the episode is over.
Uh, we're still in the middleof a difficulty adjustment apex.
So I wonder if like, some new hashratejust came online, or maybe some people
(22:50):
are just getting lucky, but it's beenlike a block, like I feel like every two
minutes or something looking at this.
Jordan Bravo (22:55):
All right.
It's, it's a good time toget some transactions in.
Stephen DeLorme (22:58):
Yeah, exactly.
Jordan Bravo (23:00):
Going back to the problem that VPN solved, you briefly mentioned
this already, but I wanna emphasize ita bit, which is that we talked about how
it hides the IP address of the site fromthe sites you visit, your IP address.
The other thing it does kind of on theother end of the spectrum is that, it
hides the sites you visit from your ISP.
(23:20):
Normally without a VPN, everything thatyou visit, your ISP sees that traffic and
we know this is not a guess because we'veseen the leaks and the, the breaches that
ISPs, such as At&T and Comcast, et cetera,they surveil everything that you do and
they sell that to data brokers and theyalso give it over to government agencies.
(23:44):
And so while VPNs certainly have theirown downsides, and we talked about how
you have to place your trust in theVPN provider because you're basically
shifting it from all of your traffic beingvisible from your ISP to now all of your
traffic being visible to the VPN provider.
The difference is VPN providers, atleast the good ones with, with good
(24:06):
reputations, they're in the businessof providing a service where they don't
look at your logs, like that's theirwhole reason for existence, whereas your
ISP, they're under no such contract.
In fact, they have tons ofcontracts with data brokers and,
and people who will buy your data,and they just do it all the time.
(24:26):
So you either go with the companythat you know is siphoning your
data, your ISP, or you go with thecompany that's their whole business
model is that they're not doing that.
And so while you're trusting eitherway, I feel like the one with
the, going with the VPN provideris a lot lower bar to get over.
The last thing that VPNs provide whichis not so important these days because
(24:50):
is that they encrypt all of your traffic.
So back in the day when we ran stuffover HTTP unencrypted without SSL
or TLS, this was a big deal becauseotherwise all of your traffic going
to your given site is unencrypted.
And then if you use theVPN, it would be encrypted.
Today, with SSL, that's less ofa problem, but it's still useful,
(25:15):
especially when you're traveling.
Let's say you're on a public wifi, thenall of your traffic can be snooped.
So, because somebody can performin a man in the middle attack.
So using a VPN, in a public wifiis definitely, a good practice.
So let's talk about now some specificproviders that we've known and or used.
(25:36):
And I think the first one wewanna talk about is Proton.
And I've used Proton.
I have a Proton free account, butI am going to ask you, Stephen, if
you, what you think about proton?
Because I know you use ita lot more often than I do.
Stephen DeLorme (25:52):
Yeah.
I love Proton VPN.
It's, uh, really cool.
I mean, you're not familiar with workingwith like OpenSSL and you know, WireGuard
and applications like that, you don'thave to worry because it's got like a
really, you know, easy to use application.
You can download it on your phone, youcan run it, on your desktop or laptop.
(26:13):
Um, and you know, you can choose yourcountry and like which server and
which country you want to connectto and randomize it and all that.
I think the reason I switched, I startedusing it to begin with was because I
was already paying for, um, you know,like a, a business account with them.
And so it, I realized A. account comeswith my plan, but B. the VPN provider
(26:36):
I was using before I could not use withNetflix, which was kind of annoying.
And so at the time you could actuallyYeah, tunnel through Proton VPN and still
watch Netflix, which, was really cool.
I think that has since changed.
I've run into some issues, recently withthat, and I'm not sure if it's Brave
(26:57):
Browser or Proton or maybe both, but atleast in the past you could use Netflix
with it, which was, uh, really cool.
But yeah, overall great experience.
It's easy to use.
It works.
I like it.
Jordan Bravo (27:09):
I really like that Proton VPN has a free account and it's just a
constrained bandwidth version of theirpaid accounts, so I I, I like that.
It lets you test it out, see if youlike the UX, and then if you want
faster speeds, you can just upgrade.
Stephen DeLorme (27:26):
Yeah, absolutely.
Jordan Bravo (27:27):
The next provider I wanna talk about is called Mullvad.
Mullvad has a great reputationin the privacy community, and
they offer all the things youwould expect from a top tier VPN.
They have desktop apps for all,for Mac, Windows, and Linux.
They have mobile apps for iOSand Android, and they also have
(27:49):
WireGuard profiles if you wanna get,uh, super hacker and get under the
hood and install things manually.
They also have anintegration with Tailscale.
For those of you unaware, Tailscale is adifferent kind of mesh VPN, that's used
more for networking rather than privacy.
(28:09):
But what's cool is by usingMullvad with Tailscale, you can
have both at the same time so thatyou get the advantages of both.
The next VPN provider wewanna mention is, I Oh us.
Go ahead Stephen.
Stephen DeLorme (28:24):
I was just gonna say, uh, if you've had a
good experience with Mullvad?
Jordan Bravo (28:27):
I have.
Stephen DeLorme (28:28):
Yeah.
Jordan Bravo (28:28):
I've been using them off and on for the past couple years.
I'm currently using Mullvad via Tailscale.
And I find it to be really usefuland good bandwidth most of the time.
They have servers all over the place.
Stephen DeLorme (28:44):
I used to use them as well a lot.
And before I switched to Proton there,I, I thought they were really cool.
One kind of interestingquirk about them is they, uh.
I thought the account number feature,they don't take an email address from you.
Mm-hmm.
Uh, I don't, I don't think youmentioned that already, did you?
Jordan Bravo (29:00):
I didn't, no.
Stephen DeLorme (29:01):
Yeah, it's like they basically just like when you sign up, you
know, typically you give an email and apassword and they're just like, " Nope.
Here's your account numberwe generated for you.
Don't forget this".
So obviously you want to put that inyour password manager, but if you, um,
sign up for Mullvad, you just storeyour account number which you can think
of as just kind of like a password.
And if you want to top up yourability to use the VPN, then you can
(29:26):
send them Bitcoin or pay with likePayPal or credit card or something
like that which, you know, is oobviously a little less private.
But yeah, you can pay with Bitcoinand uh, just have an account
number and just go completelyanonymous, which is really cool.
Jordan Bravo (29:40):
Thanks for bringing that up.
I, I almost forgot to mention that.
I like that feature because if youdon't want to use a email address,
let's say you don't have an aliasservice or you just don't want
to give Mullvad any information,like you said, you don't have to.
They generate an account numberfor you and that's all you need.
And paying with Bitcoinis also a huge feature.
I believe they accept lightning as well.
Stephen DeLorme (30:02):
I think they do.
Jordan Bravo (30:03):
The next provider we're gonna talk about is IVPN.
And they're very similar to Mullvad.
I would put them neck and neckin terms of competing features.
They're very privacy focusedand they, they have servers all
over the world, including theUS and they also accept Bitcoin.
And they also have the account featurethat where you only need an account
(30:27):
number and you don't have to use anemail or, um, set one up like that.
Stephen DeLorme (30:32):
Hmm.
I've never used this one before.
That's cool.
Jordan Bravo (30:38):
Yeah, I, I don't have much to add except that they're great.
They have a good reputationin the community.
I've used them personally, and I wouldcertainly use them in the future.
The only reason I'm not currentlyis because they don't have an
integration with Tailscale yet.
Hmm.
I see.
Stephen DeLorme (30:59):
Credit card, PayPal, Bitcoin, Lightning Network.
Good.
Monero, and Cash.
Jordan Bravo (31:04):
I forgot to ask, does Proton accept Bitcoin?
Stephen DeLorme (31:08):
That I don't know.
Um, though if they don't,I would hope they would.
They actually, now have a productcalled Proton Wallet, which
has some really cool features.
It's basically an Onchain Bitcoinwallet that runs in the browser and you
know, it, it's got some pretty cleverintegrations with Proton Mail, uh,
that maybe I won't get into right now.
(31:28):
Uh, I don't wanna nerd outover it too hard and, uh, send
us too far off track, but.
so I, yeah, I'm not sure ifthey accept Bitcoin or not,
but that'd be cool if they did.
Jordan Bravo (31:36):
Maybe we'll do another episode on Bitcoin wallets and we
can discuss that in further detail.
Stephen DeLorme (31:40):
Yeah.
Jordan Bravo (31:45):
Anything else on IVPN before you move to the next provider?
Stephen DeLorme (31:49):
Uh, I haven't really used IVPN, so I don't
really have anything to add there.
Jordan Bravo (31:53):
Okay, well the next VPN provider is Obscura, and I'm gonna
let you talk more about this becauseI have not personally used this yet.
Stephen DeLorme (32:02):
Well, so this is an interesting one.
It's actually kind of under the hood.
It uses Mullvad, whichwe've already talked about.
But Obscura's whole pitch is, well,I'll just read out what it, there
says what it says on their website.
"Privacy, that's more than apromise. Meet Obscura, the first
VPN that can't log your activityand outsmarts internet censorship."
(32:23):
So the idea is that like we mentionedearlier, you pay for a VPN provider,
you're kind of trusting that when theysay that, "Oh, we don't log your activity,
you're trusting them to not log it." Andalso if they did log it, you're trusting
them to not share those logs with anyone.
So Obscura's whole thing is, "Well,we've built this in a way to where we
(32:45):
provably can't track your activity." Andthe way that they do that is that I, I
don't, you know, fully understand, theexact details, but it's something to the
effect of they use Mullvad under the hoodand the idea is that you are encrypting
your traffic, I guess, against Mullvad'spublic key or something to that effect.
(33:06):
So it makes it so that they can't actuallydecrypt any of your packets and they're
just kind of acting as this relay thatforwards your packets over to Mullvad.
It's almost like a little bit of likethe, the same way the Tor works, where
you have these kind of like multiple hops.
It's just that instead of like randomlychoosing all these different Tor nodes
(33:28):
around the world and forming a circuit,you're just sending it directly to Obscura
and then they're passing it on to Mullvad.
That's my understanding of it.
And um, you know, they say, "Hey, wehave a, you know, Obscura is purely
private by design. They never see aencrypted packets and it's impossible
for us to log this activity. You caneven verify this yourself." So you can
go to their like GitHub and uh, likelook at the code 'cause it's open source.
(33:51):
I think that because this isyou know, kind of like a, almost
like a white labeled Mullvad.
They also accept Bitcoinand Lightning Network.
And they similarly don't keep trackof your email address and all that.
They just give you an account number.
It's pretty easy to use.
I just downloaded theclient, uh, on my Mac.
It has, I think it'sonly Mac OS right now.
Let's see.
Downloaded for Mac OS?
(34:12):
Yes.
Jordan Bravo (34:13):
Yeah.
Stephen DeLorme (34:14):
So I guess there, there's hopefully there's
talk of, you know, getting moreplatforms supported in the future.
But right now it's a Mac OSthing and it works pretty good.
Jordan Bravo (34:23):
I look forward to trying it out when it comes out for Linux.
If I'm understanding it correctly,
normally, like we said, you'retrusting the VPN provider.
So if I'm using Mullvad, they're seeingall of my traffic and because they have
to decrypt it in order to send it, so,so I have Mullvad's key in my client
(34:45):
and I'm encrypting my traffic, sendingit to Mullvad, then Mullvad decrypts
it and sends it to my destinationwhereas with Obscura, it sounds like
there's two levels of encryption there.
So I encrypt my data with or I encryptmy traffic with Mullvad's key, I
believe, and then I send that toObscura and then Obscura encrypts it.
(35:11):
And I don't know, there's twolevels of encryption there.
I might be getting the order wrong,but it sounds like the, the gist of it
is that Mullvad can't see where it'scoming from, so they don't know it's me.
And then Obscura, theydon't know the destination.
Stephen DeLorme (35:28):
Yeah, I think that's about right.
I mean, it, it's almost like you'reconstructing a, an onion request.
You're just like encrypting to Mullvadand then encrypting to Obscura's key,
sending to them might be how it works.
But we could, uh, you know, I'm sureCarl, the author would love to answer any
questions about this if anybody has them.
Jordan Bravo (35:49):
Yeah.
We'll, uh, we'll tryto get him on the show.
Boost in and let us know if you'reinterested with either, uh, using
Fountain or you can email us atsovereign@atlbitlab.com and let us know
if you are interested in this topic.
We can do a further dive into it.
I'm personally looking forward to whenit's available for Linux, and the only
(36:13):
skepticism I have is I'm wondering ifthe bandwidth would be constrained.
Have you noticed good bandwidth with it?
Stephen DeLorme (36:21):
Yeah, I mean, I haven't like rigorously stress tested it though.
I haven't gone and like, you know,gotten on like you know, video call
while also streaming a YouTube video.
Right.
So I'm not sure in that regard,but I didn't notice any noticeable
performance hit with it, so thatthat part aspect of it was fine.
Jordan Bravo (36:41):
Okay.
Let's talk about nowthe downsides of VPNs.
We already covered a coupleof them, which is trust.
You're putting your trustin one centralized party.
Another would be the cost.
Any VPN provider that is trustworthyand has high bandwidth servers, they're
not gonna provide that for free.
(37:03):
We talked about Proton has a freeaccount, but it's constrained bandwidth.
So the cost is a second,uh, trade off with it.
And the last one is something thatI don't hear talked about too often,
which is that when you are browsingthe internet with a VPN, you're treated
as a second class internet citizen.
A lot of sites of big companies, they haveanti-spam and anti-scammer prevention-
Stephen DeLorme (37:29):
Mm-hmm.
Jordan Bravo (37:30):
software running that automatically flags any traffic
with the VPN, as a scam or spam.
And so they block it.
And so as you mentioned earlier,sometimes you're trying to watch
Netflix or some other streaming siteand they will say, "Sorry, we don't
allow VPNs to connect." And so you haveto turn it off or just not watch it.
(37:50):
Another thing that I think iseven worse is when sites just
straight up won't load with a VPN.
Mm-hmm.
And I see that happen sometimesand it is so frustrating.
And at this point I just I, I'm inthe habit now where if a site is
not working and I think it should, Ijust turn off my VPN and try again.
But I'm, I'm also trying to standup for my internet citizen rights
(38:13):
by choosing my providers carefully.
So if I have, if I'm working witha company and they don't allow
VPNs to connect, I'm gonna considerfinding an alternative in the future.
So, if it's easy for meto pick a, a competitor.
And the competitor does allowme to connect with a VPN, I'm
gonna go with that competitor.
Stephen DeLorme (38:34):
One time I was trying to sign up for a Bitcoin exchange and their
marketing website looked really nice andI clicked, you know, like the login button
or whatever, and I kept giving me likea white blank page where it'd be like,
uh, you know, we're, you know, emailingyou a confirmation code and I'd be like,
"Okay, get confirmation code, enter itin." Oh, and then it would redirect me
(38:55):
to a white page, given all these problemsI got on like a chat with support, was
trying to figure it out and uh, you know,they were kind of blaming the problem on
me and or you know, you know, saying thateverything was working fine on their end.
Then I finally figured out, turnedmy VPN off, and suddenly it worked.
I'm like, "what the heck? It's like aBitcoin exchange and they won't let us
(39:16):
go through a VPN like that's annoying."
Jordan Bravo (39:18):
Yeah, it's ridiculous.
And the worst is they will gaslightyou into thinking that you're doing
something wrong, like you said, and orthey'll try to make it seem like you
are a criminal or guilty of somethingjust because you're using a VPN.
So I say we band together stand upfor our right to be anonymous and
(39:39):
private and not take that crap.
You know, stand up for yourself.
There's nothing wrong with using a VPN.
You're not trying to hide anything,you just are trying to not dox
yourself to the whole internet.
Stephen DeLorme (39:51):
Yeah, absolutely.
I mean, yes, we should stand upfor our rights and our use VPNs.
It is just like, broadly speaking,I think a tricky problem.
It's very similar to problem with emaillike we've touched on briefly in the
email episode where like there's sucha spam problem that a lot of the, you
know, sometimes for like company spamfilters, it's just like easier for them to
(40:16):
just like kind of gray list or blacklistthings that don't come from a known major
email provider like Microsoft or Google.
And I think it's kind of a similar thingwhere there's like, obviously if you're
going to commit some kind of crime,you're gonna wanna obscure your identity.
So it's like, uh, not condoningit, but just, you know, putting
that out there that you wouldwant to if you were a criminal.
(40:38):
So if you're gonna try and perform somekind of crime on a website or you're
gonna try and DDoS it, you know, uh,DDoS attack it, hack it, something
like that, you're probably gonna tryand use some kind of method, VPN or
otherwise to obscure your identity.
So there's these problems were forcompanies, it's not right necessarily,
but it's like, I think it's just akind of like a, it's like a lazy fix.
(41:00):
It's like, it's easier for them to just belike, "Well, let's ban all VPNs because if
we ban all VPNs, then like we're probablygonna ban any bad person as a result.
Like you're probably not going to havea situation where someone's going to try
to attack us or harm us without a VPN."
Jordan Bravo (41:21):
Right.
Stephen DeLorme (41:22):
And so because the, the non VPN group of users
probably doesn't include a bad guy.
Even though they may recognize that theVPN group doesn't necessarily mean they're
all bad guys, the bad guys are probablygoing to be in that VPN group, and so
it's just easier for them to block VPNs.
Jordan Bravo (41:41):
Sounds like they're profiling us as VPN users.
Stephen DeLorme (41:43):
They are.
They're profiling us as VPN users.
Yeah.
Jordan Bravo (41:47):
I think it's also, like you said, a lazy approach because good
security would not have to resort to that.
I think sometimes it's also a matterof overzealous regulation or, or rather
overzealous compliance with regulationbecause they just wanna prove ahead of
time that, "Oh, we're doing everythingin our power to block bad actors." And
(42:10):
to me that's kind of, uh, despicable.
Stephen DeLorme (42:14):
Yeah.
Yeah, so it's annoying, but at least somesites are kind of nice and they'll just
put up a caption and say, "Okay, solvea caption and prove you're a human. If
you're behind a VPN." It's like, allright, I'll, I'll show you my papers.
I'll prove that I'm a human.
You know, every time I switch VPN nodes-
Jordan Bravo (42:31):
I'll, I'll train your AI for you.
Yeah.
So we talked about the downsides, butI think overall, the takeaway that I
would say is VPNs are very valuable.
It's good to have one, you know, chooseone of these providers or do your own
research on another trusted provider andhave one on your phone, on your laptop,
(42:54):
on your desktop, and know how to use itand get comfortable with it because it's
important to have this tool in conjunctionwith all of the other privacy and digital,
self sovereignty approaches that we take.
Stephen DeLorme (43:08):
Yeah.
And if you can find a VPN provider thatwill work with Netflix, boost in and
let us know, uh, when the next seasonof, uh, Rick and Morty comes out.
If, uh, if it continues to go onKorean Netflix, uh, on a weekly
basis, you could use that VPN.
Um, to, watch Rick and Morty on KoreanNetflix as it comes out every week.
Jordan Bravo (43:27):
Sweet.
Stephen DeLorme (43:28):
That's a life choice available to you, but you gotta find
a VPN that'll work with Netflix.
So let us know.
Jordan Bravo (43:33):
That would be the dream.
All right.
Thanks a lot everybody.
We'll see you next time.
Stephen DeLorme (43:38):
Catch you later.
Hey, thanks for listening.
I hope you enjoyed this episode.
If you want to learn more aboutanything that we discussed, you can
look for links in the show notes thatshould be in your podcast player, or
you can go to atlbitlab.com/podcast.
On a final note, if you foundthis information useful and you
want to help support us, you canalways send us a tip in Bitcoin.
(44:01):
Your support really helps us so that wecan keep bringing you content like this.
All right.
Catch you later.
The worst is they will gaslight you into thinking that you're
(00:04):
doing something wrong, like you said,and or they'll try to make it seem
like you are a criminal or guilty ofsomething just because you're using a VPN.
So I say we band together stand upfor our right to be anonymous and
private and not take that crap.
You know, stand up for yourself.
There's nothing wrong with using a VPN.
You're not trying to hide anything,you just are trying to not dox
(00:28):
yourself to the whole internet.
Welcome to the Sovereign ComputingShow, presented by ATL BitLab.
I'm Jordan Bravo, and this is apodcast where we teach you how to
take back control of your devices.
Sovereign Computing means you own yourtechnology, not the other way around.
Stephen DeLorme (00:48):
This episode is sponsored by ATL BitLab.
ATL BitLab is Atlanta'sfreedom tech hacker space.
We have co working desks,conference rooms, event space,
maker tools, and tons of coffee.
There is a very activecommunity here in the lab.
Every Wednesday night isBitcoin night here in Atlanta.
We also have meetups for cyber security,artificial intelligence, decentralized
(01:08):
identity, product design, and more.
We offer day passes and nomad passesfor people who need to use the lab only
occasionally, as well as membershipsfor people who plan to use the lab
more regularly, such as myself.
One of the best things abouthaving a BitLab membership isn't
the amenities, it's the people.
Surrounding yourself with acommunity helps you learn faster
(01:28):
and helps you build better.
Your creativity becomes amplifiedwhen you work in this space,
that's what I think at least.
If you're interested in becominga member or supporting this space,
please visit us at atlbitlab.
com.
That's A-T-L-B-I-T-L-A-B dot com.
Alright, on to our show.
Jordan Bravo (01:51):
Welcome to the Sovereign Computing Show.
I'm Jordan Bravo and I'mhere today recording from ATL
BitLab with Stephen DeLorme.
Stephen DeLorme (02:00):
Hey, how's it going.
Jordan Bravo (02:02):
Today, before we get into our main topic, and it's a good one, I
assure you, we've got a couple of updatesand errata that we want to comment
on regarding some previous episodes.
In our App Store episode, we were talkingabout some of the vulnerabilities or
the downsides of the centralized appstores and native apps in general.
(02:24):
And we kind of waxed nostalgicabout back when browsers were the
only way to get those types ofapps or native apps on desktop.
But basically the pre-mobile app era,App store era, and we kind of, at least I
felt like I might've given the impressionthat browsers don't suffer from the
(02:45):
problems of downloading malware, thatthey're magically immune from issues.
But that's definitely not the case.
I think we can remember the peakera of toolbars that would install
themselves and slow everythingin your browser down to a crawl.
I mean, you had toolbarsupon toolbar upon toolbars.
I remember I would help my grandmaout with her computer and she
(03:10):
would have Internet Explorer.
And literally three quarters of theentire screen of the browser was
toolbars, just spyware installed.
And there was this one little sliverof the actual webpage at the bottom
and it was just riddled with popupsand it, it was barely functional.
I just wanted to put that outthere because it was not all
(03:31):
sunshine and rainbows back then.
We kind of have a different setof problems now with the native
apps and the app store censorship.
So I think, like you alluded to, Stephen,the problems were different because
when you don't have a curation froman Apple or a Google, for example, you
might get something like a crypto minerinstalled or you might get something
like Chinese spyware, but now we getspyware from Google or Apple, and
(03:58):
they're less likely to do something likeinstall a crypto miner on our, devices.
But at the same time,there's downsides as well.
Stephen DeLorme (04:04):
Yeah.
Jordan Bravo (04:05):
The other update I wanted to talk about, or just make an
amendment, which was that during ourbrowser episode, and search engines.
We forgot to mention that DuckDuckGohas both a browser and a search
engine, and they are privacyfocused and that the DuckDuckGo
browser is actually based on WebKit.
(04:25):
So that's important to know becausethere're another browser out there
that's fighting the Chromium monoculture.
We talked about this in depth inthe episode, how basically there
are only three major browsersunder the hood, even though there's
a bunch built on top of them.
And so you had the Firefox and its forks.
(04:46):
You have Chromium and its forks,and then you have WebKit, which is
safari basically, and its forks.
So it sounds like DuckDuckGo beingbased on WebKit might actually
be a good thing just in terms ofmore diversity in the ecosystem.
Stephen DeLorme (05:00):
Absolutely.
Jordan Bravo (05:01):
All right, today, we have a couple of news articles we're gonna
get into, and the first one is somethingy'all might have heard about in the
news lately, and this is about the Trumpadministration accidentally, including
a journalist in its Signal messaginggroup, when they were communicating
about war plans in Yemen or with Yemen.
Stephen DeLorme (05:23):
And wait a minute, the White House Signal Group, it's so funny
to hear somebody say those words out loud.
Like, I think of like a Signalgroup as just like, something with
me and my friends or something.
And it's like very casual.
So it's, I don't know.
It's kind of funny to imagine a bunch oflike federal government officials just
like starting a Signal room together.
Jordan Bravo (05:44):
Yeah.
And while we aren't really interestedin covering politics, per se on this.
I think it's interesting because we'vedefinitely discussed Signal and we've
discussed how you see that the governmentsat least what they talk, what they say
in public is "Don't use encryption."And then Chinese hackers happen and
they say, "Use encryption." and thenthey say, "But just kidding, not really.
(06:08):
We wanna be able to backdoorit." And so it's the, it's funny
to see them now using it at thehighest levels of the government.
Stephen DeLorme (06:16):
Yeah, absolutely.
I mean, it's clearly a useful tooland for anyone who maybe is, uh, just
listening and hasn't, um, you know, readthe article yet or hasn't heard about
it, basically, um, this journalist fromthe Atlantic, um, suddenly found himself
invited to, uh, a Signal chat room, andall these people, uh, start entering the
(06:36):
Signal chat room with like the initialsof like key people in the federal
government, including the vice president.
And they basically start planning, um, inthe Signal room, like a bombing on Yemen.
And you know, the journalist initiallythinks, "Well, this is probably some
kind of um, you know, people tryingto, uh, entrap a journalist, this is
(06:57):
probably all fake." But then, you know,the bombs actually, you know, fell on
Yemen and he is like, "Oh, wow, this isprobably real." So, reaches out to the
White House and gets confirmation thatyes, that was a real Signal chat room.
yeah, so it, it, you know, I thinkthe thing that's interesting about
is, obviously this is, I mean, I, Ithink it's an embarrassing, you know.
(07:18):
Security mishap.
Um, I don't think, uh, and anyone wouldreally disagree about that, to just like
accidentally invite somebody, you know,who doesn't have security clearance.
Like, it's a mishap.
Right.
it is interesting though becauselike, I'm kind of putting myself
in their shoes for a little bit.
Like, you've got these like, busygovernment officials and like,
(07:38):
you know, work, probably workin different physical buildings.
Have a full schedule of differentmeetings with different people.
Um, they should be, I guess, I don'tknow how this stuff works, but they're
probably supposed to be going to likea skiff, which is like one of these
like government faraday cage roomsto like talk about sensitive stuff.
So it's like one of these rooms that likenothing could get, get in and get out of.
(08:00):
But they're not doing that.
they're finding the UX of just downloadingSignal, way more appealing to them.
I'm guessing it probably fits intotheir busy schedule a little bit.
They're getting these assurances oflike, "Oh yeah, we can just use this
encrypted messaging app and then wecan all just, you know, plan this from
our respective offices and all that."
So I think when you're just like planningfor like any organization, company,
(08:25):
government, club, whatever, and it's like.
If your processes are like slow oryour processes, for dealing with stuff
in a secure and private way is, toocomplicated or too slow or too difficult,
then people will try and route aroundthat and find a different solution.
(08:47):
This seems to me like a, an example ofpeople trying to route around kind of a
legacy process to, do something that feelsmore convenient to them, and obviously it
backfired because of the human element.
It wasn't the encryption that wasbroken, just like someone accidentally
invited someone to the chat thatwasn't supposed to be there,
which could happen to any of us.
(09:07):
Right.
but it, it, it just kindof goes with the show.
If you don't, you know, build in aprocess that's like both private and
secure and also easy to do, peoplewill route around it and try to do
something that maybe isn't as secure.
Jordan Bravo (09:21):
Yeah.
It, it's very common in cybersecuritythat you have a system set up with
end-to-end encryption and all kindsof excellent security features from
a technical standpoint, but thenthe human element comes into play
and you have either human error orsomebody just gets socially engineered.
Um, somebody writes their passwordon a sticky note and leaves
(09:42):
it out, that kind of thing.
Stephen DeLorme (09:45):
Yeah.
But hey, it's kind of nice to know that,uh, you know, Signal's technology is, good
enough for these people in the government.
Jordan Bravo (09:54):
Yeah, it is encouraging.
You know, they, they're at the top levelsof the government, so in theory they have
access to the best technology for thiskind of thing, and they are using Signal.
So that is encouraging like yousaid it tells us that it's not
compromised as some people think.
Uh, of course we have no way of knowingfor sure because we, we can't see
(10:15):
the code that's running on the Signalservers and you have some people, like
Tucker Carlson has famously declaredthat Signal is backdoor because he said
that when he was gonna go to Russia tointerview Putin, he, uh, the only person
he ever mentioned it to was via Signal.
And then the people that were spyingon him, he said that they had known,
(10:37):
you know, they were talking about it.
And so if I had to guess, I wouldsay that they probably just got
physical access to his phone.
Stephen DeLorme (10:44):
Yeah.
Jordan Bravo (10:45):
In which case, it doesn't matter what app you're using, if
you physically compromised someone'sphone, you can basically listen to
everything that they're doing on it.
Stephen DeLorme (10:53):
Yeah.
It could have been, the other person'sphone was physically compromised too.
I mean.
Jordan Bravo (10:56):
Exactly.
Stephen DeLorme (10:57):
That's the thing about it.
It's like in this situation, it's like,"Whoa, everything's all encrypted."
But it's like, "Well, you invited if, youknow, if the wrong person gets invited to
chat or the wrong person sees the phonescreen, they can just take a screenshot of
it," which is exactly what happened here.
So, and it's like, yeah, the, you can't,you can't control for all those variables.
Jordan Bravo (11:17):
Alright, well.
Let's move on to the nextarticle and this one.
Stephen DeLorme (11:21):
Oh, wait, before we move on to that.
Jordan Bravo (11:23):
Yes.
Stephen DeLorme (11:23):
We should probably hit this meme real quick.
Jordan Bravo (11:25):
Yes.
Stephen DeLorme (11:25):
This dank meme.
So this, for anyone who, uh, is just,uh, listening, uh, we've got a screenshot
of the Signal disappearing messages,menu, which lets you choose between,
you know, off all the way to, you know,four weeks, down to like 30 seconds.
And, and, and all of that.
And so, uh, for lunch plans, that'sright around off or four weeks.
(11:49):
Uh, if you wanna make war plans,that's around one week to one day.
Uh, if you wanna send nudes that'saround one hour to five minutes.
And, uh, plans to lie aboutsending war plans are 30
seconds disappearing messages.
Jordan Bravo (12:02):
Yeah.
Good stuff.
We'll, we'll upload it andput a link in the show notes.
Stephen DeLorme (12:06):
I'm not sure who to credit this to, but thanks to whoever.
All right.
Next article.
Jordan Bravo (12:12):
The next article we're gonna talk about briefly
is about the Amazon Echo.
If you are an owner of an AmazonEcho, you'll wanna know this.
The Amazon has released a, they send anemail out to Echo owners, saying that on
March 28th, 2025, which is two days awayfrom this recording, that you will no
(12:36):
longer be able to opt out of having allof your recordings sent to Amazon server.
So currently you can select an optionwhere when you talk to the Echo,
it only processes, it processes itlocally - your voice recording, and
that option is going away in two days.
So everything from that time on thatyou say to Amazon will be sent or
(13:00):
to your Echo rather, will be sentto Amazon servers and you are, you
will no longer be able to opt out.
So I think if you did not alreadyhave a good reason to get that
spyware out of your house and outof your life, this might be the push
that you need in that direction.
Stephen DeLorme (13:17):
I actually didn't even know they had a do not send option.
This is actually one of the reasonsI've never gotten an Alexa, because I
actually thought that, uh, it was bydefault all recordings went to Amazon.
But they're actually, they had a waywhere they could process it on device.
Jordan Bravo (13:33):
Well, it might be that it was defaulted to sending it.
Stephen DeLorme (13:36):
Yeah.
Jordan Bravo (13:37):
But you could go out of your way and opt into local recordings.
Stephen DeLorme (13:40):
And so the local recordings, do they actually,
like, would they, were they liketransferring the recording- speech to
text locally or something like that?
Jordan Bravo (13:48):
That's what it sounds like.
Stephen DeLorme (13:49):
Oh, interesting.
Well, we don't have accessto the full article here.
I think because I'm not loggedinto wired.com because I stopped
paying for wired.com during Covid.
But we can, you know, get the headlineand get the basic gist of it from here.
Jordan Bravo (14:05):
Yeah, I mean, I mean, I think the takeaway here is pretty clear.
You know, if you're concerned about yourEcho spying on you and you were relying
on the fact that it was processinglocally, it's, that's no longer an option.
Stephen DeLorme (14:18):
Yep.
Well, you know, for me, I can just, uh,I'm fine with just good old fashioned
clicking on Amazon in a web browser.
Jordan Bravo (14:27):
What you said though, you said that you never bought this
because you didn't know that thelocal transcription was an option.
But I would say that goes to show thateven if it is, it might not be forever.
So
Stephen DeLorme (14:40):
Yeah.
Jordan Bravo (14:40):
If you put a piece of spyware in your home and it's, they're,
they're pinky swearing that they'renot gonna be using it for nefarious
purposes, but the terms in of service saythat they can change those terms at any
time and you have no choice but to eitheraccept them or stop using the product.
So I would just rather only usesomething that I have control of
(15:02):
and not some other third party.
Stephen DeLorme (15:04):
Yeah.
Makes sense.
Jordan Bravo (15:05):
Before we move on, I just wanna say that this will
also tease an upcoming episode thatwe're gonna do about local AI and
LLMs and home assistant type stuff.
So keep an eye out for that.
Stephen DeLorme (15:18):
Awesome.
Jordan Bravo (15:19):
All right.
Today's main topic that we're gonna talkabout is VPNs, Virtual Private Networks.
Most people have heard of VPNs.
Many people even use them.
You've probably seen a millionYouTube advertisements for
Express VPN and Nord VPN.
They really hammer the podcast scenehard with, with their advertisements
(15:41):
and their, their sponsorships.
Um, but I think the problem with a lot ofVPN messaging is that they are supposed
to be a panacea for security and privacy.
And they, that is certainly not the case.
Uh, I would say VPNs have an importantplace in our sovereign computing toolbox,
(16:02):
but it's important to know what problemsthey solve and what problems they don't
solve and how to use them properly.
And then when we do wanna use them,what are some providers that we can
use that are better than others?
And what, you know, what has goodreputations and which ones have
more, uh, technical advantages.
(16:22):
Let's talk about the problem thatVPNs actually do solve, and then we'll
talk about what they don't solve.
VPNs, in my estimation,they have three real uses.
One is they will hide your IPaddress from sites that you visit.
Normally, when you visit any kindof website or have any kind of
internet traffic in general, by thenature of the way that the internet
(16:46):
and the IP stack works is there'sa destination IP and a source IP.
And so the source IP, that'syou, that's your home typically.
And so everywhere that you visit, theirservers, they see where that traffic
is coming from, and IP addresses canbe easily mapped to physical addresses,
(17:08):
and so if somebody has your IP address,they can get a pretty good idea of
geographically where you're located.
So if you want to hide that from the sitesthat you visit, then a VPN does a good job
of that because you are actually tunnelingthrough to the VPN provider and then the
VPN provider is going to your destination.
(17:29):
And so your destination, they onlysee the VPN provider's IP address.
And when you have an a VPN providerthat is a large provider with a lot of
customers, you get a good anonymity setbecause it could be, the traffic could
come from thousands or tens of thousandsor however many customers they have.
It could be any of anybodyusing their service.
Stephen DeLorme (17:52):
So on that note, maybe before like getting into like services
specifically, it would be good tocontrast to this, compare and contrast
to this, with something like Tor.
Jordan Bravo (18:04):
Tor is more decentralized than a VPN provider.
With a VPN provider, you're justdesignating a single company's
servers and you're saying "I'mrouting all my traffic through that."
Whereas Tor is there's a network ofnodes out there running Tor relays
and your Tor browser, let's say,is going to on the fly, find a path
(18:30):
to your destination, and it's gonnado that going through three hops.
You have your entry, yourmiddle, and your exit.
And by doing so, none of therelays have full information.
So the entry node knows your IPaddress typically, but then they don't
know what, where your destination is.
(18:54):
Conversely, the exit node, the last onein the chain, knows your destination,
but they don't know where you came from.
And the middle one doesn't know either.
Stephen DeLorme (19:04):
And I think something worth noting with Tor and versus VPN
might be the kind of UX of it, like whyyou might choose one over the other.
Because I think with, uh, you knowTor, so like, and you know, apologies
if I'm jumping the gun a little bithere, but like, one of the, like
drawbacks I think of with VPNs isthat, as you pointed out, I am hiding
(19:27):
the IP address from the sites I visit.
I'm hiding my I IP address from my ISP.
Um, and, and yes, I'm getting thisencrypted tunnel, but I, there is a bit
of trust involved in that VPN provider.
I am hoping that they're not going to,you know, keep logs of the sites I visit
(19:48):
and hand that over to somebody else.
If they do, then, you know, they'dlose my trust and, you know,
and, and lose me as a customer.
But I'm kind of having the trust, theywon't do that, which I think makes
reputation very important for a VPN,whereas I, I don't have quite the same
trust assumptions with Tor, right?
Like I, I can log onto Tor for free.
(20:09):
All the nodes in the Tor networkare kind of just doing a, a public
service and randomly creating adifferent circuit every single time
and that's good and that's cool.
And so you might think, "Well, whynot? Why not just use Tor all the time,
Stephen?" And the reason is becauseit's, you know, frankly, it's a huge,
(20:29):
you know, I mean, it's, it's slow.
It's just a, it's kind ofa pain in the ass, right?
Like, if you, if you go visit a siteover Tor, it's gonna be way, way slower.
And you're not gonna get, like, especiallyif you're trying to, scroll through
social media or, you know, go lookat something on YouTube or whatever.
Just like the bandwidth for videosand image download and all that,
it's gonna be noticeably slower.
(20:51):
So yes, you might have, you know,some better privacy guarantees.
There may not be nearly as much trustinvolved, but, uh, it is kind of this
like free public resource and it can be,you know, slow to use and you know, if
you're not dealing with something supersensitive, super critical, like you,
you choose your own threat model, right?
(21:12):
If your threat model is not, youknow, super high and super paranoid.
Then, you know, maybe you're better offjust paying a VPN for an exceptional
level of fast internet performance.
Jordan Bravo (21:24):
Yeah.
When you pay a VPN provider, you arepaying for their costs of running
a server with a lot of bandwidth.
And so depending on your provider,you can get bandwidth speeds
that are close to approachingnormal internet browsing speeds.
You're always gonna take a bitof a performance hit, but you
(21:45):
can still get acceptable speeds.
Whereas Tor is a networkrun by volunteers for free.
And sometimes this is just people whohave an extra computer sitting around
and they decide to plug it into theirhome internet and run a Tor relay.
And so you don't have this huge commercialoperation providing tons of bandwidth,
(22:06):
rather it's in incredibly constrained.
And so I would typically only useTor for text-based things in very
sensitive situations, but I find thatday-to-day it's, it makes the UX so slow.
It's, it's not reallyusable for a lot of tasks.
Stephen DeLorme (22:26):
One quick, sidebar is that, uh, I have the timechaincalendar.com
up, uh, as a pleasing visual while we'rerecording this episode and something
is going on on Bitcoin right now.
Blocks are coming in like super fast.
I'm kind of curious to lookafter the episode is over.
Uh, we're still in the middleof a difficulty adjustment apex.
So I wonder if like, some new hashratejust came online, or maybe some people
(22:50):
are just getting lucky, but it's beenlike a block, like I feel like every two
minutes or something looking at this.
Jordan Bravo (22:55):
All right.
It's, it's a good time toget some transactions in.
Stephen DeLorme (22:58):
Yeah, exactly.
Jordan Bravo (23:00):
Going back to the problem that VPN solved, you briefly mentioned
this already, but I wanna emphasize ita bit, which is that we talked about how
it hides the IP address of the site fromthe sites you visit, your IP address.
The other thing it does kind of on theother end of the spectrum is that, it
hides the sites you visit from your ISP.
(23:20):
Normally without a VPN, everything thatyou visit, your ISP sees that traffic and
we know this is not a guess because we'veseen the leaks and the, the breaches that
ISPs, such as At&T and Comcast, et cetera,they surveil everything that you do and
they sell that to data brokers and theyalso give it over to government agencies.
(23:44):
And so while VPNs certainly have theirown downsides, and we talked about how
you have to place your trust in theVPN provider because you're basically
shifting it from all of your traffic beingvisible from your ISP to now all of your
traffic being visible to the VPN provider.
The difference is VPN providers, atleast the good ones with, with good
(24:06):
reputations, they're in the businessof providing a service where they don't
look at your logs, like that's theirwhole reason for existence, whereas your
ISP, they're under no such contract.
In fact, they have tons ofcontracts with data brokers and,
and people who will buy your data,and they just do it all the time.
(24:26):
So you either go with the companythat you know is siphoning your
data, your ISP, or you go with thecompany that's their whole business
model is that they're not doing that.
And so while you're trusting eitherway, I feel like the one with
the, going with the VPN provideris a lot lower bar to get over.
The last thing that VPNs provide whichis not so important these days because
(24:50):
is that they encrypt all of your traffic.
So back in the day when we ran stuffover HTTP unencrypted without SSL
or TLS, this was a big deal becauseotherwise all of your traffic going
to your given site is unencrypted.
And then if you use theVPN, it would be encrypted.
Today, with SSL, that's less ofa problem, but it's still useful,
(25:15):
especially when you're traveling.
Let's say you're on a public wifi, thenall of your traffic can be snooped.
So, because somebody can performin a man in the middle attack.
So using a VPN, in a public wifiis definitely, a good practice.
So let's talk about now some specificproviders that we've known and or used.
(25:36):
And I think the first one wewanna talk about is Proton.
And I've used Proton.
I have a Proton free account, butI am going to ask you, Stephen, if
you, what you think about proton?
Because I know you use ita lot more often than I do.
Stephen DeLorme (25:52):
Yeah.
I love Proton VPN.
It's, uh, really cool.
I mean, you're not familiar with workingwith like OpenSSL and you know, WireGuard
and applications like that, you don'thave to worry because it's got like a
really, you know, easy to use application.
You can download it on your phone, youcan run it, on your desktop or laptop.
(26:13):
Um, and you know, you can choose yourcountry and like which server and
which country you want to connectto and randomize it and all that.
I think the reason I switched, I startedusing it to begin with was because I
was already paying for, um, you know,like a, a business account with them.
And so it, I realized A. account comeswith my plan, but B. the VPN provider
(26:36):
I was using before I could not use withNetflix, which was kind of annoying.
And so at the time you could actuallyYeah, tunnel through Proton VPN and still
watch Netflix, which, was really cool.
I think that has since changed.
I've run into some issues, recently withthat, and I'm not sure if it's Brave
(26:57):
Browser or Proton or maybe both, but atleast in the past you could use Netflix
with it, which was, uh, really cool.
But yeah, overall great experience.
It's easy to use.
It works.
I like it.
Jordan Bravo (27:09):
I really like that Proton VPN has a free account and it's just a
constrained bandwidth version of theirpaid accounts, so I I, I like that.
It lets you test it out, see if youlike the UX, and then if you want
faster speeds, you can just upgrade.
Stephen DeLorme (27:26):
Yeah, absolutely.
Jordan Bravo (27:27):
The next provider I wanna talk about is called Mullvad.
Mullvad has a great reputationin the privacy community, and
they offer all the things youwould expect from a top tier VPN.
They have desktop apps for all,for Mac, Windows, and Linux.
They have mobile apps for iOSand Android, and they also have
(27:49):
WireGuard profiles if you wanna get,uh, super hacker and get under the
hood and install things manually.
They also have anintegration with Tailscale.
For those of you unaware, Tailscale is adifferent kind of mesh VPN, that's used
more for networking rather than privacy.
(28:09):
But what's cool is by usingMullvad with Tailscale, you can
have both at the same time so thatyou get the advantages of both.
The next VPN provider wewanna mention is, I Oh us.
Go ahead Stephen.
Stephen DeLorme (28:24):
I was just gonna say, uh, if you've had a
good experience with Mullvad?
Jordan Bravo (28:27):
I have.
Stephen DeLorme (28:28):
Yeah.
Jordan Bravo (28:28):
I've been using them off and on for the past couple years.
I'm currently using Mullvad via Tailscale.
And I find it to be really usefuland good bandwidth most of the time.
They have servers all over the place.
Stephen DeLorme (28:44):
I used to use them as well a lot.
And before I switched to Proton there,I, I thought they were really cool.
One kind of interestingquirk about them is they, uh.
I thought the account number feature,they don't take an email address from you.
Mm-hmm.
Uh, I don't, I don't think youmentioned that already, did you?
Jordan Bravo (29:00):
I didn't, no.
Stephen DeLorme (29:01):
Yeah, it's like they basically just like when you sign up, you
know, typically you give an email and apassword and they're just like, " Nope.
Here's your account numberwe generated for you.
Don't forget this".
So obviously you want to put that inyour password manager, but if you, um,
sign up for Mullvad, you just storeyour account number which you can think
of as just kind of like a password.
And if you want to top up yourability to use the VPN, then you can
(29:26):
send them Bitcoin or pay with likePayPal or credit card or something
like that which, you know, is oobviously a little less private.
But yeah, you can pay with Bitcoinand uh, just have an account
number and just go completelyanonymous, which is really cool.
Jordan Bravo (29:40):
Thanks for bringing that up.
I, I almost forgot to mention that.
I like that feature because if youdon't want to use a email address,
let's say you don't have an aliasservice or you just don't want
to give Mullvad any information,like you said, you don't have to.
They generate an account numberfor you and that's all you need.
And paying with Bitcoinis also a huge feature.
I believe they accept lightning as well.
Stephen DeLorme (30:02):
I think they do.
Jordan Bravo (30:03):
The next provider we're gonna talk about is IVPN.
And they're very similar to Mullvad.
I would put them neck and neckin terms of competing features.
They're very privacy focusedand they, they have servers all
over the world, including theUS and they also accept Bitcoin.
And they also have the account featurethat where you only need an account
(30:27):
number and you don't have to use anemail or, um, set one up like that.
Stephen DeLorme (30:32):
Hmm.
I've never used this one before.
That's cool.
Jordan Bravo (30:38):
Yeah, I, I don't have much to add except that they're great.
They have a good reputationin the community.
I've used them personally, and I wouldcertainly use them in the future.
The only reason I'm not currentlyis because they don't have an
integration with Tailscale yet.
Hmm.
I see.
Stephen DeLorme (30:59):
Credit card, PayPal, Bitcoin, Lightning Network.
Good.
Monero, and Cash.
Jordan Bravo (31:04):
I forgot to ask, does Proton accept Bitcoin?
Stephen DeLorme (31:08):
That I don't know.
Um, though if they don't,I would hope they would.
They actually, now have a productcalled Proton Wallet, which
has some really cool features.
It's basically an Onchain Bitcoinwallet that runs in the browser and you
know, it, it's got some pretty cleverintegrations with Proton Mail, uh,
that maybe I won't get into right now.
(31:28):
Uh, I don't wanna nerd outover it too hard and, uh, send
us too far off track, but.
so I, yeah, I'm not sure ifthey accept Bitcoin or not,
but that'd be cool if they did.
Jordan Bravo (31:36):
Maybe we'll do another episode on Bitcoin wallets and we
can discuss that in further detail.
Stephen DeLorme (31:40):
Yeah.
Jordan Bravo (31:45):
Anything else on IVPN before you move to the next provider?
Stephen DeLorme (31:49):
Uh, I haven't really used IVPN, so I don't
really have anything to add there.
Jordan Bravo (31:53):
Okay, well the next VPN provider is Obscura, and I'm gonna
let you talk more about this becauseI have not personally used this yet.
Stephen DeLorme (32:02):
Well, so this is an interesting one.
It's actually kind of under the hood.
It uses Mullvad, whichwe've already talked about.
But Obscura's whole pitch is, well,I'll just read out what it, there
says what it says on their website.
"Privacy, that's more than apromise. Meet Obscura, the first
VPN that can't log your activityand outsmarts internet censorship."
(32:23):
So the idea is that like we mentionedearlier, you pay for a VPN provider,
you're kind of trusting that when theysay that, "Oh, we don't log your activity,
you're trusting them to not log it." Andalso if they did log it, you're trusting
them to not share those logs with anyone.
So Obscura's whole thing is, "Well,we've built this in a way to where we
(32:45):
provably can't track your activity." Andthe way that they do that is that I, I
don't, you know, fully understand, theexact details, but it's something to the
effect of they use Mullvad under the hoodand the idea is that you are encrypting
your traffic, I guess, against Mullvad'spublic key or something to that effect.
(33:06):
So it makes it so that they can't actuallydecrypt any of your packets and they're
just kind of acting as this relay thatforwards your packets over to Mullvad.
It's almost like a little bit of likethe, the same way the Tor works, where
you have these kind of like multiple hops.
It's just that instead of like randomlychoosing all these different Tor nodes
(33:28):
around the world and forming a circuit,you're just sending it directly to Obscura
and then they're passing it on to Mullvad.
That's my understanding of it.
And um, you know, they say, "Hey, wehave a, you know, Obscura is purely
private by design. They never see aencrypted packets and it's impossible
for us to log this activity. You caneven verify this yourself." So you can
go to their like GitHub and uh, likelook at the code 'cause it's open source.
(33:51):
I think that because this isyou know, kind of like a, almost
like a white labeled Mullvad.
They also accept Bitcoinand Lightning Network.
And they similarly don't keep trackof your email address and all that.
They just give you an account number.
It's pretty easy to use.
I just downloaded theclient, uh, on my Mac.
It has, I think it'sonly Mac OS right now.
Let's see.
Downloaded for Mac OS?
(34:12):
Yes.
Jordan Bravo (34:13):
Yeah.
Stephen DeLorme (34:14):
So I guess there, there's hopefully there's
talk of, you know, getting moreplatforms supported in the future.
But right now it's a Mac OSthing and it works pretty good.
Jordan Bravo (34:23):
I look forward to trying it out when it comes out for Linux.
If I'm understanding it correctly,
normally, like we said, you'retrusting the VPN provider.
So if I'm using Mullvad, they're seeingall of my traffic and because they have
to decrypt it in order to send it, so,so I have Mullvad's key in my client
(34:45):
and I'm encrypting my traffic, sendingit to Mullvad, then Mullvad decrypts
it and sends it to my destinationwhereas with Obscura, it sounds like
there's two levels of encryption there.
So I encrypt my data with or I encryptmy traffic with Mullvad's key, I
believe, and then I send that toObscura and then Obscura encrypts it.
(35:11):
And I don't know, there's twolevels of encryption there.
I might be getting the order wrong,but it sounds like the, the gist of it
is that Mullvad can't see where it'scoming from, so they don't know it's me.
And then Obscura, theydon't know the destination.
Stephen DeLorme (35:28):
Yeah, I think that's about right.
I mean, it, it's almost like you'reconstructing a, an onion request.
You're just like encrypting to Mullvadand then encrypting to Obscura's key,
sending to them might be how it works.
But we could, uh, you know, I'm sureCarl, the author would love to answer any
questions about this if anybody has them.
Jordan Bravo (35:49):
Yeah.
We'll, uh, we'll tryto get him on the show.
Boost in and let us know if you'reinterested with either, uh, using
Fountain or you can email us atsovereign@atlbitlab.com and let us know
if you are interested in this topic.
We can do a further dive into it.
I'm personally looking forward to whenit's available for Linux, and the only
(36:13):
skepticism I have is I'm wondering ifthe bandwidth would be constrained.
Have you noticed good bandwidth with it?
Stephen DeLorme (36:21):
Yeah, I mean, I haven't like rigorously stress tested it though.
I haven't gone and like, you know,gotten on like you know, video call
while also streaming a YouTube video.
Right.
So I'm not sure in that regard,but I didn't notice any noticeable
performance hit with it, so thatthat part aspect of it was fine.
Jordan Bravo (36:41):
Okay.
Let's talk about nowthe downsides of VPNs.
We already covered a coupleof them, which is trust.
You're putting your trustin one centralized party.
Another would be the cost.
Any VPN provider that is trustworthyand has high bandwidth servers, they're
not gonna provide that for free.
(37:03):
We talked about Proton has a freeaccount, but it's constrained bandwidth.
So the cost is a second,uh, trade off with it.
And the last one is something thatI don't hear talked about too often,
which is that when you are browsingthe internet with a VPN, you're treated
as a second class internet citizen.
A lot of sites of big companies, they haveanti-spam and anti-scammer prevention-
Stephen DeLorme (37:29):
Mm-hmm.
Jordan Bravo (37:30):
software running that automatically flags any traffic
with the VPN, as a scam or spam.
And so they block it.
And so as you mentioned earlier,sometimes you're trying to watch
Netflix or some other streaming siteand they will say, "Sorry, we don't
allow VPNs to connect." And so you haveto turn it off or just not watch it.
(37:50):
Another thing that I think iseven worse is when sites just
straight up won't load with a VPN.
Mm-hmm.
And I see that happen sometimesand it is so frustrating.
And at this point I just I, I'm inthe habit now where if a site is
not working and I think it should, Ijust turn off my VPN and try again.
But I'm, I'm also trying to standup for my internet citizen rights
(38:13):
by choosing my providers carefully.
So if I have, if I'm working witha company and they don't allow
VPNs to connect, I'm gonna considerfinding an alternative in the future.
So, if it's easy for meto pick a, a competitor.
And the competitor does allowme to connect with a VPN, I'm
gonna go with that competitor.
Stephen DeLorme (38:34):
One time I was trying to sign up for a Bitcoin exchange and their
marketing website looked really nice andI clicked, you know, like the login button
or whatever, and I kept giving me likea white blank page where it'd be like,
uh, you know, we're, you know, emailingyou a confirmation code and I'd be like,
"Okay, get confirmation code, enter itin." Oh, and then it would redirect me
(38:55):
to a white page, given all these problemsI got on like a chat with support, was
trying to figure it out and uh, you know,they were kind of blaming the problem on
me and or you know, you know, saying thateverything was working fine on their end.
Then I finally figured out, turnedmy VPN off, and suddenly it worked.
I'm like, "what the heck? It's like aBitcoin exchange and they won't let us
(39:16):
go through a VPN like that's annoying."
Jordan Bravo (39:18):
Yeah, it's ridiculous.
And the worst is they will gaslightyou into thinking that you're doing
something wrong, like you said, and orthey'll try to make it seem like you
are a criminal or guilty of somethingjust because you're using a VPN.
So I say we band together stand upfor our right to be anonymous and
(39:39):
private and not take that crap.
You know, stand up for yourself.
There's nothing wrong with using a VPN.
You're not trying to hide anything,you just are trying to not dox
yourself to the whole internet.
Stephen DeLorme (39:51):
Yeah, absolutely.
I mean, yes, we should stand upfor our rights and our use VPNs.
It is just like, broadly speaking,I think a tricky problem.
It's very similar to problem with emaillike we've touched on briefly in the
email episode where like there's sucha spam problem that a lot of the, you
know, sometimes for like company spamfilters, it's just like easier for them to
(40:16):
just like kind of gray list or blacklistthings that don't come from a known major
email provider like Microsoft or Google.
And I think it's kind of a similar thingwhere there's like, obviously if you're
going to commit some kind of crime,you're gonna wanna obscure your identity.
So it's like, uh, not condoningit, but just, you know, putting
that out there that you wouldwant to if you were a criminal.
(40:38):
So if you're gonna try and perform somekind of crime on a website or you're
gonna try and DDoS it, you know, uh,DDoS attack it, hack it, something
like that, you're probably gonna tryand use some kind of method, VPN or
otherwise to obscure your identity.
So there's these problems were forcompanies, it's not right necessarily,
but it's like, I think it's just akind of like a, it's like a lazy fix.
(41:00):
It's like, it's easier for them to just belike, "Well, let's ban all VPNs because if
we ban all VPNs, then like we're probablygonna ban any bad person as a result.
Like you're probably not going to havea situation where someone's going to try
to attack us or harm us without a VPN."
Jordan Bravo (41:21):
Right.
Stephen DeLorme (41:22):
And so because the, the non VPN group of users
probably doesn't include a bad guy.
Even though they may recognize that theVPN group doesn't necessarily mean they're
all bad guys, the bad guys are probablygoing to be in that VPN group, and so
it's just easier for them to block VPNs.
Jordan Bravo (41:41):
Sounds like they're profiling us as VPN users.
Stephen DeLorme (41:43):
They are.
They're profiling us as VPN users.
Yeah.
Jordan Bravo (41:47):
I think it's also, like you said, a lazy approach because good
security would not have to resort to that.
I think sometimes it's also a matterof overzealous regulation or, or rather
overzealous compliance with regulationbecause they just wanna prove ahead of
time that, "Oh, we're doing everythingin our power to block bad actors." And
(42:10):
to me that's kind of, uh, despicable.
Stephen DeLorme (42:14):
Yeah.
Yeah, so it's annoying, but at least somesites are kind of nice and they'll just
put up a caption and say, "Okay, solvea caption and prove you're a human. If
you're behind a VPN." It's like, allright, I'll, I'll show you my papers.
I'll prove that I'm a human.
You know, every time I switch VPN nodes-
Jordan Bravo (42:31):
I'll, I'll train your AI for you.
Yeah.
So we talked about the downsides, butI think overall, the takeaway that I
would say is VPNs are very valuable.
It's good to have one, you know, chooseone of these providers or do your own
research on another trusted provider andhave one on your phone, on your laptop,
(42:54):
on your desktop, and know how to use itand get comfortable with it because it's
important to have this tool in conjunctionwith all of the other privacy and digital,
self sovereignty approaches that we take.
Stephen DeLorme (43:08):
Yeah.
And if you can find a VPN provider thatwill work with Netflix, boost in and
let us know, uh, when the next seasonof, uh, Rick and Morty comes out.
If, uh, if it continues to go onKorean Netflix, uh, on a weekly
basis, you could use that VPN.
Um, to, watch Rick and Morty on KoreanNetflix as it comes out every week.
Jordan Bravo (43:27):
Sweet.
Stephen DeLorme (43:28):
That's a life choice available to you, but you gotta find
a VPN that'll work with Netflix.
So let us know.
Jordan Bravo (43:33):
That would be the dream.
All right.
Thanks a lot everybody.
We'll see you next time.
Stephen DeLorme (43:38):
Catch you later.
Hey, thanks for listening.
I hope you enjoyed this episode.
If you want to learn more aboutanything that we discussed, you can
look for links in the show notes thatshould be in your podcast player, or
you can go to atlbitlab.com/podcast.
On a final note, if you foundthis information useful and you
want to help support us, you canalways send us a tip in Bitcoin.
(44:01):
Your support really helps us so that wecan keep bringing you content like this.
All right.
Catch you later.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!