• CAVOK@lemmy.worldOPM
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        You don’t have to. You can audit the code yourself and build it from scratch. Most won’t. But you can.

        • Banzai51@midwest.social
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          Only works if you code. For the 99% of us that don’t, open source means little in that regard.

          • CAVOK@lemmy.worldOPM
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            True, but you can. For vpn you have to trust them. There is no other choice.

            If you can’t read code yourself you can pay a number of companies some money to do the audit for you. Or you can learn to code.

            You can’t learn to know how the vpn logs data.

            But I get you. Most of us just put our trust in another entity.

      • alvvayson@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        The trust model is totally different.

        With a VPN you know the VPN dudes can compromise your security and you have to trust the specific guys hosting your VPN and also trust their OpSec. The failure mode is quite realistic.

        With I2P, and Tor you can trust that anyone in the world can audit the code. Including the highly knowledgeable people who know this stuff.

        The failure mode is very low and in reality depends on highly complex zero day vulnerabilities that can only be effectively exploited by a few nation-states, if they actually even have one.

        That said, a VPN is lower hassle and probably good enough for most purposes.