I think they're one of the better VPN companies but they're under US jurisdiction, which makes them vulnerable to NSLs and other forms of government surveillance. Yes they don't log, so they can't be subpoena'd for past information but they can be compelled to provide ongoing interception.
I'd be interested to know however whether the US government can intercept traffic to/from:
- Servers located in the USA but operated by VPN companies incorporated and staffed outside the USA.
- Servers located outside the USA but operated by VPN companies incorporated or staffed inside the USA.
It seems to me that as long as you're using a US-based VPN server, there's always the risk the cloud or transit provider can be compelled to intercept traffic regardless of the owner's jurisdiction.
The question of how well protected non-American servers operated by Americans are still seems to be unanswered too. Microsoft seems to be winning their case against handing over overseas data[0] but Google seems to be losing[1].
> - Servers located in the USA but operated by VPN companies incorporated and staffed outside the USA.
Not terrorism/other serious crimes, but Megaupload had the same constellation (they had some US colocated servers), and it will unfortunately likely end with Kim Dotcom being deported to the US. So yes, such a service constellation may very well lead to deportations to the US as soon as some bought-off or incompetent US judge/DA gets his rubberstamp.
The massive outreach of the US (not just this, but also that their citizenship is bound to paying taxes, even abroad - leading to the massive ... called FATCA) is something that really angers me. But hey, it's difficult to argue with a country that might send four dozen Tomahawks based on the current Fox News programming. (Obviously sarcastic, but the "the US regularly abuses its foreign power" still stands)
I don't think this really affects VPNs though. Megaupload is a criminal case which the US appears to have substantial evidence supporting. I still think it's an overreach but what crime can the US accuse a foreign VPN operator of, that would lead to a successful extradition request?
You need to pick your battles. Not being tapped by the NSA is a pretty high bar, where certainly for me, I just don't want my ISP or sites I visit to have the data.
I totally understand it's not a concern for everyone but given the choice between otherwise equal services, wouldn't you choose the one that isn't in US jurisdiction?
Not particularly, as the ones under US jurisdiction are possibly better protected by US law. I don't trust the vast majority of other countries to stand up to the US.
I feel like I should always shout-out Freedome on these things. Run by F-Secure, who have an excellent pedigree, and the client software is good on Mac and iPhone.
Freedome logs your IP address, which kinda kills it from a privacy perspective. It also seems to make unreasonable claims about its effectiveness and incentivises people to spam social media.
