At least in Switzerland, Proton is a case study in the government compelling a service provider to log things they normally didn't because they had the capability to do so.
My take on the value of "no log" providers is that they're at least less likely to have logs going back years and likely even months which is more than can be said with an ISP of any kind.
I've not torrented over home ISP clearnet in over a decade, there are more values in using a VPN than just not getting a letter from your ISP for torrenting capeshit and oriental cartoons. At the very least use custom DNS which is free and easy to do.
You don't hear about the ones who never get caught. Realistically, using Tor properly is enough. Every major case I know of with a dark web pedo getting got is because they slipped up.
Well yes there are some well trained degenerates in the world who go to great lengths to be sick fucks. However, even the smartest ones who flee to other countries using fake identities have been caught with the right amount of media and legal pressure. So it's really a matter of how bad any government or law enforcement agency wants to track them down. Add in the coming age of AI where all the data that is currently collected can and will be parsed, searched and analyzed in real time, no longer requiring the slow human investigative process.
As for TOR being secure, even if someone were to use the strictest of opsec without making any mistakes they are still relying on the entrance and exit nodes, or the entire system for that matter. Unless you take the time to check out all the nodes in your region (
which nobody does) and read the source code for anything suspicious in the TOR browser (
which nobody does) then you are assuming safety under the veil of "open source". Just recently TOR has enabled java by default which that alone should raise red flags, but I suppose convincing anyone who really really really wants to use TOR for that dopamine rush is like convincing a drug addict not to use a shared needle. The familiarity (or addiction in case of addict) with a habit, ritual, product or service is so powerful they will convince themselves nothing can be wrong. Let's not forget that TOR was and still is a military created service.
But let's pretend for a second that TOR is the ultra bad ass super secure network people want it to be. Well, you still have to keep in mind all the baked in spyware within windows and yes potentially Linux (
read the source code lately? does anyone? ) can correlate your user profile (
keystroke fingerprinting, style of speech, location data and much more) to the "anonymous" user profile on TOR.
e.g. unknown user exits node in same city matching location of isp and/or vpn connection which matches to the secretly reporting operating system that says tor being used and matches the exact amount of data being transferred and received.
However, I will still go with, "pretend I'm wrong even about that.."
Well you still have the fact that every computer, laptop and mobile device since 2005 (
maybe earlier, reference tpm) has been outfitted with remote control and spying ability at the hardware level itself. Ever reverse engineer your cell phone or laptop to see what it's doing? Most people don't and usually opt in for brand loyalty and corporate feelz. "My brand would never betray me, I'm an informed consoomer!"
So anyone who hasn't been arrested is either not doing anything that big brother really gives a damn about, poses no threat to the established order or simply being allowed to operate either as unintended pawns in a mass social engineering narrative (fall guy or good guy) or they are being allowed to operate so they can later be caught and be used as examples as to why more freedoms need to be taken away and why the surveillance state needs to grow.
When it comes down to it, all we can really hope is that we are the ones that pose no threat and therefore do not aggro "the gaze of Sauron" so to speak. But it's certainly not
[insert favorite brand here] that is keeping anyone anonymous or secure. So depending on how each individual uses the internet usually dictates the amount of opsec and security they will need. But for anyone to assume safety or security due to brand or service loyalty, or common fallacies like, "been
playing russian roulette for years and im still alive, why stop playing now?" may surprise themselves one day.
