Senators Ask Tulsi Gabbard To Tell Americans That VPN Use Might Subject Them To Domestic Surveillance
...because VPNs obscure a user’s true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they’re entitled to under the law...
...VPNs might protect you against garden-variety criminals, but the intentional commingling of origin/destination points by VPNs could turn purely domestic communications into “foreign” communications the NSA can legally intercept (and the FBI, somewhat less-legally can dip into at will)...
Certainly the NSA isn’t concerned about “incidental collection.” It’s never been too concerned about its consistent “incidental” collection of US persons’ communications and data in the past and this isn’t going to budge the needle, especially since it means the NSA would have to do more work to filter out domestic communications and the FBI would be less than thrilled with any efforts made to deny it access to communications it doesn’t have the legal right to obtain on its own.
Since the government won’t do this, it’s up to the general public, starting with everyone sharing the contents of this letter with others. VPNs can still offer considerable security benefits. But everyone needs to know that domestic surveillance is one of the possible side effects of utilizing this tech.
https://www.techdirt.com/2026/04/03/senators-ask-tulsi-gabbard-to-tell-americans-that-vpn-use-might-subject-them-to-domestic-surveillance/Open linkView original on lemmy.world
Oh nooo, we won't be protected by the law they can't be arsed to follow anyway? Whatever will I do when they surveil my encrypted VPN traffic?
Store now, decrypt later. Make sure your VPN is using quantum-safe encryption algorithms with perfect forward secrecy. They are storing ALL traffic that goes outside the country (probably domestic traffic too, realistically).
Don't you think that would take too much storage space?
They can probably use heuristics to keep the 0.1% most interesting traffic (eg traffic that flows towards servers that isn’t too large, that’d catch everything you send to your bank without breaking the budget to store)
Wonder how many individual encrypted copies of bee movie they will be storing!
Time to spread the free word of Tor to everyone.
It is my Calling to spread the Good Word
but i2p
I wasn't crazy about i2p. I really loved Freenet and Zeronet
Doesn’t that have the same problem?
The word is appreciated, but a link would be better...
Link
Whereas not using a VPN will subject one to... domestic surveillance.
LOL what privacy protections? The NSA has proven time and time again that they don't give a single shit about the law, certainly now more than ever.
What do I trust more: Legal protections nobody cares to enforce and could be a multi year battle in court, or well verified strong cryptography.
It's not the cryptography you have to trust. It's the other end of the tunnel. A free VPN most probably sells your data. Nobody offers free services for actually free.
I don't use free VPNs
Respectfully, this is a bit more nuanced than that. There are free VPNs ran by non profits supported fully by donations. Yes somebody is paying for it but it's people donating to the services.
For example there is an open source application called Bitmask that has 2 VPN providers by default, Riseup VPN and the Calyx Institute.
You can download the Bitmask app itself or download the RiseupVPN app which is based on Bitmask but just pre configured to only use that single Riseup provider.
https://bitmask.net/
https://riseup.net/en/vpn
You have to trust them though. That's my point.They may say they are funded only by donations and still sell your data.
In fact the first link says the same as I do as the first phrase. When using a VPN, you are moving your trust from your ISP to your VPN provider.
Of course there may be exceptions that are actually free and don't sell your data. But the ones that sell your data will rarely state so.
Is this another good reason to switch to HeadScale or Netbird?
Idk what either of those are. I don't endorse any VPN. All I'm saying is that it doesn't matter how strong the encryption algorithm is, you still have to trust your provider.
VPNs have the exact same power over you as ISPs. Using a VPN to avoid your ISP is just kicking the can down the road. That's why you better choose a VPN that you trust.
So, I am a remote worker in Healthcare. Obviously, I need to use a VPN to connect to work to ensure that communication is secure. But because I have a job that requires secure access, I am a suspected domestic terrorist?
No, because there are different types of vpn connectivity.
A point to point vpn is what employees use to connect to the office. The intention is to encrypt the connection so a 3rd party can’t access ithe data going through it. The FBI/NSA won’t care about this type of vpn because your work knows who you are and logs all traffic generated by you which could be subpoenaed by the government.
Connecting to a vpn server in another country to then access the internet hides your original ip address, gets around geo-location blocks and the traffic is typically not logged by the vpn provider. This is the type of vpn governments don’t like.
I think it's somewhat naive to assume anything isn't being spied on by the NSA. They don't have a history of being picky.
Of course. I’m sure they are making use of plenty of bugs found in firewall software to access and monitor business traffic, but they can subpoena those logs at any time. It’s the private vpn clients where logs aren’t kept that they are most concerned about, hence why I was outlining the difference.
Yeah, I think people are making some pretty naive assumptions about all the new datacenters popping up for AI.
What the fuck do you think the government is asking AI to do for them? Shitty cartoon artwork? Photoshopping vacation photos? Or, maaaaaaybe...I dunno....something like data collection and analysis on every byte of information sent across the tubes of the interwebs?
What are you doing on your work VPN that you care if the government illegally looked at? I work in an industry that legally requires security like a VPN and I don't care if the government broke the rules. It's above my paygrade.
Suspect or not, you get the same surveillance treatment as suspected domestic terrorists do.
Yes.
They have been surveiling us for years. They just to maximize what they can collect.
They've already collected your modal verb!
I've been pegged as one who serially modals online.
I connected to my VPN so I can see a video of that and now I'm on 7 government watchlists
Correct, and the FBI inadvertently admitted it publicly by releasing video in the Guthrie abduction case that shouldn't exist.
Every device with a wireless connection and a GPS, camera, or microphone is surveilling you.
I was under them impression that just using the internet in America might subject you to domestic surveillance.
Honestly they'd probably throw you on a list for not using the internet lol.
Yes, but with hundreds of millions of people online, they still need ways to cut and sift the data as they identify... well the "demographics" they want. So using a VPN might make you stand out as more technologically included, or more likely to be hiding something. Either way things they might like to know as they build profiles on all Americans.
I'm surprised they're not just buying the data but it's nice that our taxpayers are footing the bill either way for this little service.
I don't get it.
Why should a Russian spy have to tell Americans anything?
lol please tell me more. I've heard kooks like you are roaming around unmedicated?
Gabbard is a pro-Kremlin conspiracy nutter
Oh yes, fact-free drivel from a reliable source!
Oh my god I thought today wouldn't be fun with all the rain. Thanks!
Here, print this out and keep it in your wallet.
RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA RUSSIA
Don't forget, Russians can take the form of socks or freezer-burned ground beef, check your dryer and your freezer tonight!
😂
There's dozens of sources, I linked the first one. The things they mention actually happened and have been corroborated by other sources.
She basically always agrees with Putin's propaganda. Either she's an asset or a useful idiot.
They spy on domestic communications too, with the 5 eyes arrangement, they have their allies scoop up the information and share it back with them, even as it's just the US doing the entire thing with a couple of foreign names on the masthead. Fucking lawyers.
For some unhinged reason, Trump wanted to kick Canada out of the five eyes last year, so as a response we just stopped sharing information with the US, and the US just kind of Kicked themselves out.
Lol. Then they go and immediately say:
In other words, they don't gaf about your sovereignty, and will monitor communications in any way they want, legally or otherwise.
They've been illegally digging into domestic communications for decades. Stallman and Snowden (to name a couple) exposed that a long time ago. Hell, the USA government exposes themselves all the time, the USA people just choose to ignore it.
In contrast to not using a VPN, which subjects them to illegal surveillance already?
Is it safe enough to use vpns based out of the US? I'm using nord which is non us.
Nord is owned by Tesonet, a data mining company which also owns SurfShark.
And Private Internet Access and ExpressVPN are owned by Kape, an Israeli firm.
ProtonVPN is owned by Proton, in Switzerland.
Mullvad is based in Sweden and is the main interest of its seemingly decent, also Swedish, parent company
Fan of Mullvad but just be aware its not what you want if you're using a VPN for torrenting. They had to remove their port forwarding feature due to some bad actors ruining it for the rest of us.
What happens if you are torrenting via Mullvad?
they don't allow port forwarding which nerfs the effectiveness of seeding, seeding is still possible, just not as effective.
TBH modern torrent works well even if majority of users don't have ports forwarded
You'll only be able to connect to certain peers that do have port forwarding setup.
Only if you disable uTP protocol. Or if you have an ancient client that doesn't support it
Shit I rarely make it above 1:1 even if I seed 24/7 for a while, I wonder if I need to work on my settings.
I torrent on Mullvad, it works but its often slow and I don't connect to peers that say are available.
I run into that problem too on CyberGhost, I wonder if my settings are not fully optimized as I tried to go for security over openeness due to my limited knowledge... Sometimes a torrent will have up to 10 seeders but will still stall out / fail, I always thought that was due to those seeders having limited bandwidth and being queued up for hundreds of other downloads before they get to mine, but now I wonder if its my settings... Either way I would rather optimize for security, but I wish I could get some rare stuff sometimes that has few seeders.
Yeah, I've wondered the same thing about my settings. I'm certainly no expert so there may be something I'm doing wrong. It MOSTLY works though so I haven't been hard pressed to dive into it.
If a friend was interested in that, what should I tell them to use instead? Asking for a friend, obviously.
I switched to AirVPN when Mullvad made the change. I think Proton, PIA, and Windscribe have it too.
Thanks. Sounds good
CyberGhost I believe is also owned by Kape or a subsidiary.
Thanks for the extra digging, no true privacy but at least there's some transparency with the vpns.
Those are the ones that would cause them to surveil you.
The issue isn't necessarily "the government will target you for using a VPN;" the issue is "if your IP makes you look like you're outside the US because that's where your traffic exits the VPN, the laws against domestic spying won't protect you properly because you'll look like a foreigner."
Frankly, the headline is heavily spinning it to be anti-VPN fearmongering.
Yeah I reacted way too quickly. Then I realized half of X bot traffic spoofs everywhere. They're intentionally doing a shakeup of everything and this one got under my skin cause I'm a daily user.
But before this was that outside US router ban that was pretty real. The DJI ban. So these types of news cascade and its worrisome.
Privacy companies based outside the US can still have VPN servers within the US. That traffic would still look domestic. The company being owned and headquartered outside the US just gives them a bit more protection against the rogue US government.
Some VPNs also allow multi-hop, so that you can connect to one VPN server via another. That could make it harder for the spooks to see that your traffic is leaving the US. Of course it also means that they might suspect any traffic coming out of a VPN server even based in the US, which is basically the point of this article.
And some VPNs allow you to enable a feature that protects against AI-driven data traffic analysis. So that someone who's really committed can't just monitor the size and frequency of your outgoing encrypted packets, then find matching patterns in packets leaving the server you're connected to, tracing it to the destination. Instead, the VPN adds noise and sends uniform packets so that AI can't trace it from source to destination.
I don't know if Nord offers these features, cause I don't use Nord. But I've heard some issues about them, which other user's have already mentioned and offered alternatives for, so I'll leave it at that
Yeah, sorry, I wasn't as precise as I could've been. I was really just trying to convey the motivations (i.e. that it was due to being mistaken for foreign as opposed to being targeted for using a VPN), not go into the details of exactly which aspect of the VPN (the entrance IP geolocation, the exit IP geolocation, or the company HQ location) would actually trigger the "foreign-ness."
I mean, even a US-based VPN company could look foreign if they have servers outside the US, or even if they just allow multi-hop to third-party servers to/from outside the US.
Except then they're even more vulnerable not only to subpoenas but also extrajudicial and unconstitutional raids, as some journalists have discovered, especially in deeply red states but not always...
No. They will see that you’re using a vpn.
They might decide to record your traffic and save it until it can be decrypted.
In theory, I think all VPN usage is grounds to get you put on a list, but Nord is considered a relatively "normie" company by privacy aficionados. Everybody and their mother has seen an ad for it by this point. (The privacy aficionados will probably tell you it's not good enough, but that's a can of worms I won't get into right now.)
Makes sense I should probably reframe it as is nord not going to sell their users out without a fight.
Only true privacy is like the tails stuff and some complicated routing stuff all the self hosting guys here probably know about.
AFAIK the one company that has been battle-tested is Mullvad, everything else requires (more) crossing your fingers.
Nord has subpar standards when it comes to logging now, and if that's in line with recent Proton behavior, you might that interpret that as a potential willingness to cave to the US with minimal pushback
Depends what you mean by "safe enough". Every country on the planet can subpoena your VPN for traffic data. That's why that data needs to be encrypted, regardless of what company.
yes, just be aware that the gov could require the company to log you without letting you know, even if they have a no log setup. For the everyday person this is a non-issue, but if you are doing shadey stuff or have ties that may make someone super interested in your activities, you may wanna choose elsewhere.
The everyday person has political views that can be categorized as extremist. Freedom is more costly.
Oh, I fully understand that. But the everyday person isn't going to affect the government to the extent where they want to not only issue a court order ordering a company to do this, but also issue a gag order to prevent the company from saying anything.
Political leaders, possibly. Terrorist organizers, definitely. But your typical protest, or right versus left debate, that's not going to be enough for them to bother, let alone a court order forcing it.
The everyday person has political views that are classified as extremist by the actual extremists as a way of deflection.
lol, what a bunch of liars. Americans don't have any privacy protections to waive
Are they retards or did they forget the NSA already does this illegally?
Yes to the first part
Hey, just so you know. Trying to hide from us "totally not spying on you" might force us to totally spy on you.
Technically true, you should choose your VPN provider carefully and not opt for the cheapest one right on.
In practice however, it's safer than whatever surveillance US is trying to implement by forcing down US made routers.
There's a saying in Poland: "Robić kurwę z logiki" Which simultaneously can be translated as "To make a whore out of logic" Or "To turn the logic into a whore"
I use VPN because it actually speeds up my connection on cellular. My theory is the DNS servers that Verizon uses in my area are inefficient, to the point where I’ll get 1 Mbit down on Verizon, but 100 Mbit down connected to Proton VPN.
It has nothing to do with security, unless I’m in a coffee shop on WiFi.
Edit: here are my speeds on cellular, first without VPN, second while connected to a server in Los Angeles.
Bro fast isn't measuring your internet speed, it's measuring how fast you're connected to Netflix. Phone carriers like Verizon generally throttle video streaming if you're on a cheaper plan but everything else is uneffected. A VPN just bypasses the video streaming throttle because then Verizon can't see what you're connected to. Use a real speed test app.
Used Ookla. Got 40 Mbit down off VPN, 2.25 on VPN.
Will continue using this in future tests. I don’t watch Netflix on my phone. I usually am browsing Lemmy, YouTube, or listening to Apple Music. Fast.com has been my indicator of why my speed is so slow off of VPN when using these services on cellular. While it might not be an ideal speed test, its results track with my connections performance with these services.
That is to say, at times I’ll find myself not on VPN, find that my videos are chugging, turn VPN on, and problem solved. I usually only turn it off if I’m on home WiFi.
I'm a fan of testmy.net. Ookla never seemed to give me actual results while I was on spectrum. Several times I'd just get a printout of what my speeds were supposed to be, but then no download would come close, and 480p videos could barely buffer.
I've been using Wifiman lately. I find it pretty reliable and informative. I somewhat manage a wifi mesh network at my work so I use test apps frequently and have found it to be pretty good. I believe it is Ubiquity branded, who make a lot of wifi stuffs.
Tell me you don’t know how dns works without telling me.
As somebody who knows how DNS works, there are certainly cases where DNS servers causing a delayed response to requests will slow down the initial loading of sites. This would result in a layman thinking their wireless speed is “slow”
And how does this affect bandwidth, again?
Net Neutrality was repealed in the U.S. in 2017. ISPs including your mobile phone carrier are allowed to throttle your bandwidth based on the sites you visit. When you use a VPN an tunnel your DNS through it to servers not operated by your ISP, they don’t know which sites you’re visiting, so any automated throttling would not happen.
Hm yeah this one makes sense.
Guess I’m the asshole this time.
Can hardly blame you for failing to keep up with the breakneck pace in which the U.S. government has been assaulting our freedoms and privacy. Some new fresh hell every day an all.
Routing. Back in the day, Charter customers experienced horrible download speeds using Charter’s DNS servers.
Switching to Google’s would result in far more reliable network speeds.
Tell me you’re a dickhead without telling me you’re a dickhead.
How did that work? Are you saying that charters dns servers were sending traffic to completely different places?
Tried to google for this but found nothing so hard to understand the problem.
Why not just switch dns servers instead of getting a vpn?
Yeah fair. Got me there.
EDIT: other guy mentioned throttling, which is interesting. But changing dns servers doesn’t fix that.
Dunno about where Charter was routing. Just knew it was a common best practice for users in my town to manually set their DNS to Google.
Charter became Spectrum and since then this hasn’t been a need.
So far as cellular goes, I don’t think I can manage my IP settings on the phone as one would on Windows. I already use VPN if I travel or use public WiFi, and learned that, holy shit, my speeds are far better while connected than not. So I stay connected almost all the time. It’s counter intuitive, but I can’t argue with the results.
As a long time Charter/Spectrum customer (yay local monopolies) who’s toyed with my network a bit, I have heard about some of their network shenanigans, but they don’t seem to have hit my area. Guess I’m surprised it’d be defeated by something a simple as dns servers, and the MITM of it all if they’re redirecting traffic is terrifying, what with https and all.
Certainly you can change your dns server on nearly any phone.
I don't give a shit.
I trust my billion-dollar a year law firm’s VPN to block out this nonsense; we've got clients who are way more worried about our security than the government sniffing around.
This is utter BS.
A foreign national on US soil doesn't get the same protections as a US citizen would overseas.
What they're saying is "fuck 'em all, let God sort 'em out!" for warrantless data searches and collection. And then waiting for the lawsuit 20 years from now about clear violation of the law to bother thinking about this.
Come at me. I'm behind 7 firewalls.
Those Senators can gargle some uncooked nuts.
Giving you the benefit of the doubt, I think you misunderstood who is at fault here.
The senators aren't asking the government to spy on Americans. They're only asking the DNI to make it clear to the public that the US government already might be spying on them.
I think they're being disingenuous, because the government has been spying on all of us via end runs around the rules like "five eyes" for decades. If they want to go all CIA on you they just ask an ally to do it, then return the favor and spy on the people of other governments for them. All legal and above board, it's just "intelligence sharing".
And the NSA isn't even barred from monitoring you in the fist place.
I'd say a large part of my day is looking for interesting links for the officers and agents in Bothell, WA that have my IP locale originate, so that they can have stuff to their show their spouses/prostitute that they are extorting/your mom after their shift.
Listen I'm just torrenting movies and music and you don't need to know about. Idgaf if Canada knows.