…because VPNs obscure a user’s true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they’re entitled to under the law…
…VPNs might protect you against garden-variety criminals, but the intentional commingling of origin/destination points by VPNs could turn purely domestic communications into “foreign” communications the NSA can legally intercept (and the FBI, somewhat less-legally can dip into at will)…
Certainly the NSA isn’t concerned about “incidental collection.” It’s never been too concerned about its consistent “incidental” collection of US persons’ communications and data in the past and this isn’t going to budge the needle, especially since it means the NSA would have to do more work to filter out domestic communications and the FBI would be less than thrilled with any efforts made to deny it access to communications it doesn’t have the legal right to obtain on its own.
Since the government won’t do this, it’s up to the general public, starting with everyone sharing the contents of this letter with others. VPNs can still offer considerable security benefits. But everyone needs to know that domestic surveillance is one of the possible side effects of utilizing this tech.
Privacy companies based outside the US can still have VPN servers within the US. That traffic would still look domestic. The company being owned and headquartered outside the US just gives them a bit more protection against the rogue US government.
Some VPNs also allow multi-hop, so that you can connect to one VPN server via another. That could make it harder for the spooks to see that your traffic is leaving the US. Of course it also means that they might suspect any traffic coming out of a VPN server even based in the US, which is basically the point of this article.
And some VPNs allow you to enable a feature that protects against AI-driven data traffic analysis. So that someone who’s really committed can’t just monitor the size and frequency of your outgoing encrypted packets, then find matching patterns in packets leaving the server you’re connected to, tracing it to the destination. Instead, the VPN adds noise and sends uniform packets so that AI can’t trace it from source to destination.
I don’t know if Nord offers these features, cause I don’t use Nord. But I’ve heard some issues about them, which other user’s have already mentioned and offered alternatives for, so I’ll leave it at that
Yeah, sorry, I wasn’t as precise as I could’ve been. I was really just trying to convey the motivations (i.e. that it was due to being mistaken for foreign as opposed to being targeted for using a VPN), not go into the details of exactly which aspect of the VPN (the entrance IP geolocation, the exit IP geolocation, or the company HQ location) would actually trigger the “foreign-ness.”
I mean, even a US-based VPN company could look foreign if they have servers outside the US, or even if they just allow multi-hop to third-party servers to/from outside the US.
Except then they’re even more vulnerable not only to subpoenas but also extrajudicial and unconstitutional raids, as some journalists have discovered, especially in deeply red states but not always…