• CAVOK@lemmy.worldOPM
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      You don’t have to. You can audit the code yourself and build it from scratch. Most won’t. But you can.

      • Banzai51
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        1 year ago

        Only works if you code. For the 99% of us that don’t, open source means little in that regard.

        • CAVOK@lemmy.worldOPM
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          True, but you can. For vpn you have to trust them. There is no other choice.

          If you can’t read code yourself you can pay a number of companies some money to do the audit for you. Or you can learn to code.

          You can’t learn to know how the vpn logs data.

          But I get you. Most of us just put our trust in another entity.

    • alvvayson@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      The trust model is totally different.

      With a VPN you know the VPN dudes can compromise your security and you have to trust the specific guys hosting your VPN and also trust their OpSec. The failure mode is quite realistic.

      With I2P, and Tor you can trust that anyone in the world can audit the code. Including the highly knowledgeable people who know this stuff.

      The failure mode is very low and in reality depends on highly complex zero day vulnerabilities that can only be effectively exploited by a few nation-states, if they actually even have one.

      That said, a VPN is lower hassle and probably good enough for most purposes.