❌ Software Removal | IVPN

[ghost]

Description

"Our VPN Provider Criteria, Jurisdiction, Minimum to Qualify" states "Operating outside the USA or other Five Eyes countries."
Gibraltar is part of the United Kingdom.
That is, Gibraltar is Five-eyes and IVPN is operated by Five-eyes.

Why I am making the suggestion

Inconsistent with Criteria
If not, you should change the criteria.

My connection with the software

Unrelated

• [☑] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

[blacklight447]

if this is true then a removal is in place.

Note though, we are currently rethinking our jurisdiction strategy.
Its been a few years since the snowden revelations, alliances are made and broken, and siutations change. Because of this, we cannot possibly know what countries are save and which are not. We may even lead someone into a false sense of safety.

Also our current approach seems mostly focused on protecting western world users. For example, if your from china, then using an american based vpn might actually be a good idea, as americans would never share data with the chinese government.

We have to research whether the UK can indeed request data from Gibraltar. If this is the case, we should be removing IVPN for as long as our criteria demands it.

[ian-tedesco]

They are a British colony, this does not mean they operate under the same laws, I totally think that this should be inspected but simply because they are territory under the UK crown doesn't deserve a de-list.

[jonaharagon]

Gibraltar is not a part of the United Kingdom. This is like saying Canada or Australia are a part of the United Kingdom.

[ghost]

You should inspect more deeply.

[Mikaela]

Is Canada or Australia ruled by British monarch or (yes and yes) considered as Non-Self-Governing Territories by the United Nations? Apparently the status on the later is considered as an anachronism, but if Wikipedia (I don't think it's necessary to check elsewhere on this case) says that 96 % of population wanted to remain in the EU and they are still leaving with the UK, I don't see how it can be not considered as part of the UK in the context of 5 eyes.

• https://en.wikipedia.org/wiki/Gibraltar#Governance

Edit: the UN also has more information about Gibraltar on Non-Self-Governing Territories and says that the Administering power is on United Kingdom of Great Britain and Northern Ireland which I think supports it being 5 eyes.

[Mikaela]

See also https://github.com/privacytoolsIO/privacytools.io/issues/1437 and this appears to be a duplicate of https://github.com/privacytoolsIO/privacytools.io/issues/1431#issuecomment-546756765. It seems that @dngray and @jonaharagon are aware of this while not considering it as an issue and @blacklight447-ptio is in favour of delisting until #1347 is resolved (I should have been aware having opened the issue, but that has been a bad time for me and I have forgotten, I can see my frustation on having been too much of a relaybot).

As per the VPN criteria on the same page I would either delist it or revoke the criteria resolving #1437 before closing this issue.

[blacklight447]

I will be doing some research on how Gibraltar functions in relation to being part of the UK.

[ian-tedesco]

Gibraltar is not a part of the United Kingdom. This is like saying Canada or Australia are a part of the United Kingdom.

Sadly they are, according to Wikipedia:
"Gibraltar is a British Overseas Territory located at the southern tip of the Iberian Peninsula."

Because it looks like the cradle of civilization, the place where the most intellectual people in the whole globe inhabit still like to have remnants of slavery, to kneel before kings and apply the most advanced form of the panopticon. Cheers for Europe.

[dngray]

I'm thinking we might remove this requirement for VPNs and just suggest:

• Don't select a VPN that exits in the same country as yourself
• Don't do anything illegal or that might cause a government to have interest in you
• Ensure encryption is used (https, E2EE) when connecting to services

VPNs only provide a very basic anonymity, for a threat model where the government isn't investigating you. They are more likely to be interested in online identities. Their goal will usually then be to monitor those accounts specifically until something comes to light that results in de-anonymization.

Acceptable threat models might be:

• Preventing passive data collection your ISP
• Copyright infringement notices (usually by anti piracy outfits who connect to a torrent, and monitor the swarm for incoming IP addressed to connect to).
• Not showing your real IP address when visiting a website for minor privacy

[Mikaela]

Don't select a VPN that exits in the same country as yourself

I think this should be explained open, why? Also https://github.com/privacytoolsIO/privacytools.io/issues/1649 ?

[jonaharagon]

Don't select a VPN that exits in the same country as yourself

I think this should be explained open, why?

If you enter and exit a VPN server in the same country as you, you have accomplished nothing if you are concerned about the networks and governments in your country. It would sort of be like trying to hide from your ISP by connecting to a VPN server on the other side of your house, haha.

[dngray]

Also #1649 ?

Thing about multi-hopping VPNs, is the route is still static and doesn't regularly change. If a person feels they have that kind of threat model then Tor is more appropriate.

[emikaadeo-git]

Hi,
there was some discussion in the past about IVPN and UK jurisdiction.
Maybe this can clarify some things.
https://www.ivpn.net/blog/should-gibraltar-be-classified-as-a-member-of-the-five-eyes-alliance
https://www.reddit.com/r/VPN/comments/421973/should_gibraltar_be_classified_as_a_fourteen_eyes/

[dngray]

@emikaadeo-git Thanks for those links.

I wasn't convinced that Gibraltar "as good as being in the UK" aka five eyes.

I think there is far more likely that some country in Europe that is not a five eyes country will simply have an unofficial intelligence relationship with the UK or a eyes partner.

In regard to VPN providers, the whole "eyes" thing is marketing crap. They also still claim that you should use a VPN on a public wireless network, like most websites aren't https or something.