fsebugoutzone.org:9999

       Post B2VUmeTan3nuJBSAOO by agowa338@chaos.social
 (DIR) More posts by agowa338@chaos.social
 (DIR) Post #B2VUIMIJpEuZENje5Y by besendorf@chaos.social
       2026-01-20T17:26:53Z
       
       0 likes, 0 repeats
       
       Send your traffic to us instead!Proton VPN talks bullshit to sell their service. HTTPS does exist
       
 (DIR) Post #B2VUINgode6JYeCiuW by Jain@blob.cat
       2026-01-21T10:32:41.195156Z
       
       3 likes, 0 repeats
       
       @besendorf Wrong, imho you are spreading misinformation. Its absolutely correct that they see your traffic, but its also correct that the traffic can be encrypted. People often are bound to one ISP, sometimes ISPs sell their line to other ISPs or rarely people can choose the real ISP tho. ISPs, depending on country and laws are required to store metadata. With VPNs you can choose who is able to see the metadata, thats a real undeniable thing.However choosing ProtonVPN might not be a good decision since they lied about their log policy before.
       
 (DIR) Post #B2VUmdW2MUAJKTabZ2 by Natanox@chaos.social
       2026-01-20T17:39:48Z
       
       0 likes, 0 repeats
       
       @besendorf Yeah, what the ISP can see are merely the servers you connect to (and of course could do a reverse DNS thingy if they want to know the service behind it). If they can see your traffic you do something seriously wrong though.(like using chinese apps, as I just learned at 39C3. Apparently well over 50% don&#39;t encrypt at all, and those who do often use really weird custom stuff full of bugs)
       
 (DIR) Post #B2VUmeTan3nuJBSAOO by agowa338@chaos.social
       2026-01-20T23:42:50Z
       
       2 likes, 0 repeats
       
       @Natanox @besendorf Ehm don&#39;t you forget the TLS Handshake? The DNS name is sent in clear text for enough HTTPS endpoints (encrypted SNI is still not used everywhere). Same for snooping the TLS certificates (which obviously also contain the correct hostname).Also many things (shitty software, but to some extend also some browsers) have shitty fallbacks to resend the request using HTTP when HTTPS fails.However a VPN is still no &quot;fix all&quot;...
       
 (DIR) Post #B2Vc0hhEJZVa1oTnqC by m0xEE@breloma.m0xee.net
       2026-01-21T11:59:08.465959Z
       
       0 likes, 0 repeats
       
       @Jain @besendorf Exactly! I&#39;d rather let an entity in Switzerland &quot;see&quot; my traffic than an entity in Russia.&gt; However choosing ProtonVPN might not be a good decision since they lied about their log policy before.Do you have a link?
       
 (DIR) Post #B2VcrKoq6PPeQK8SDg by Jain@blob.cat
       2026-01-21T12:08:41.093287Z
       
       2 likes, 0 repeats
       
       @m0xEE https://proton.me/blog/climate-activist-arrestThis was related to ProtonMail, however before that and during that issue they claimed to be way more strict about their no log policy and afterwards they changed the complete websites and removed the no log claims completely about ProtonMail. Thanks to that issue, many people lost their trust into Proton as Company. Nowdays, if i would buy a VPN, i would buy Mullvad since they talk openly on how they secure the servers while having no storage at all
       
 (DIR) Post #B2VewVoOrGrvsEWgxk by m0xEE@breloma.m0xee.net
       2026-01-21T12:31:59.768896Z
       
       1 likes, 0 repeats
       
       @Jain Oh, yes, this one I know of!I did not however know that they claimed they had no log policy for ProtonMail too, I believe being a legal entity in Switzerland and being an email provider, they are legally required to keep some data, including IP addresses from which you log into your email account.They can also reveal your recovery email address — which is obviously stored unencrypted, to law enforcement. There was another controversy related to this, when recovery address was Mobile.me (or was it iCloud already? :marseyhmm: ), law enforcement contacted Apple about this account and used it to link ProtonMail account to real identity.I thought they were always open about it and just failed to communicate clearly that no log policy is about VPN only. Well, good to know!I have other reasons why I start to dislike Proton — more technical ones: I&#39;d like to be able to use VPN without any specialised software or &quot;apps&quot;, just plain WireGuard or OpenVPN — and they are making this increasingly more difficult. Mullvad always seemed like a decent alternative, I have to investigate how they fare in this department, and maybe jump ships at some point.
       
 (DIR) Post #B2WoYaAeC5bH8s7Wdc by otso@eientei.org
       2026-01-22T01:54:27.937322Z
       
       0 likes, 1 repeats
       
       @agowa338 @Natanox @besendorf even if you&#39;re not using an encrypted dns and an attacker intercepts your https dns query, then your web browser will give a self signed certificate warning.
       
 (DIR) Post #B2WozURfaaJTCgufkO by lolitechengineer@loli.church
       2026-01-22T01:59:04.096Z
       
       1 likes, 0 repeats
       
       @otso@eientei.org @agowa338@chaos.social @Natanox@chaos.social @besendorf@chaos.social isn&#39;t this what dnscrypt, DoH, and DoT already solve?
       
 (DIR) Post #B2Wpj8mmS0jhLgYUYT by Zergling_man@gearlandia.haus
       2026-01-22T02:00:14.042728Z
       
       1 likes, 0 repeats
       
       @otso @besendorf @agowa338 @Natanox Unless the attacker is a state actor who forced the browser developer to put their cert in the trust store, like, say, cloudflare or google.A VPN is no fix at all because VPNs are necessarily a losing game: &quot;Give us logs or you go to jail in their stead&quot; is perfectly effective.
       
 (DIR) Post #B2WpxdD48FKzlFlACO by otso@eientei.org
       2026-01-22T02:10:13.484780Z
       
       0 likes, 1 repeats
       
       @Zergling_man @Natanox @agowa338 @besendorf yeah vpns definitely don&#39;t give anonymity to users in western countries, because western governments conspire together to enforce subpoenas against these multinational vpn companies. It only provides anonymity in formally authoritarian countries that don&#39;t collaborate with the west.
       
 (DIR) Post #B2Wsosmp9GPdKO0O5g by agowa338@chaos.social
       2026-01-22T02:18:39Z
       
       0 likes, 0 repeats
       
       @lolitechengineer @Natanox @besendorf No, that is DNS. I was talking about the SNI header within the TLS protocol.There is technically also encrypted SNI (ESNI) and the successor encrypted client hello (ECH) but that is a quite recent development and you know how the internet is with new standards...
       
 (DIR) Post #B2Wsou3WQfMbGSpEky by lolitechengineer@loli.church
       2026-01-22T02:42:14.142Z
       
       0 likes, 0 repeats
       
       @agowa338@chaos.social @Natanox@chaos.social @besendorf@chaos.social and you know how the internet is with new standards...So glad we are finally all using ipv6 and sharing images in jxl :D