Soatok DreamseekerJul 7, 2025

Checklists Are The Thief Of Joy

I have never seen security and privacy checklists used for any other purpose but deception. After pondering this observation, I'm left seriously doubting if comparison checklists have any valid use case except to manipulate the unsuspecting. But before we get into that, I'd like to share why we're talking about this today. Recently, another person beat me to the punch of implementing MLS (RFC 9420) in TypeScript.

http://soatok.blog/2025/07/07/checklists-are-the-thief-of-joy/

Checklists Are The Thief Of Joy - Dhole Moments

I have never seen security and privacy comparison tables (henceforth referred to simply as “checklists” for brevity) used for any other purpose but deception. After pondering this obser…

Dhole Moments
Show threadLey (SobbVohoX)Jul 25, 2025

@soatok

I have never seen security and privacy comparison tables <...> used for any other purpose but deception

I believe I have an example of a good checklist: the Techlore VPN Toolkit[1]

Yes, it includes and prioritizes jurisdiction, but in the case of VPNs it actually matters.

It includes a lot of non-security columns, like "P2P Friendly" or "Anon Payment" and subjective stuff, like "Honest Marketing", which I would argue are all important to know.

And while it includes two crypto columns, it does not categorize the values in any way, just providing raw data. And, actually, no non-binary columns have values categorized into "good" and "bad" (apart from maybe "Honest Marketing")

[1] https://techlore.tech/vpn/

VPN Comparison Tool | Techlore VPN Toolkit

Compare VPN providers with Techlore's open-source toolkit. Analyze privacy practices, security features, jurisdictions, and technical specifications to find ...

Techlore
Show threadSoatok Dreamseeker

@SobbV0hoX

Yes, it includes and prioritizes jurisdiction, but in the case of VPNs it actually matters.

https://gist.github.com/joepie91/5a9909939e6ce7d09e29

Don't use VPN services.

Don't use VPN services. GitHub Gist: instantly share code, notes, and snippets.

Gist
Jul 25, 2025 at 12:07pmWeb
Show threadLey (SobbVohoX)Jul 25, 2025

@soatok Well, most VPN providers say that they don't keep logs, and sometimes other people examine their systems and also say that they don't log, so I can trust them a little bit, unlike my ISP, who definitely logs and shares that data.

And I sure as hell don't want the Trevor Project showing up in Rostelecom's logs under my name, or in the logs of a Chinese service under my name. I assume that's the same with most people (Even people who live in a normal country)

And yes, I already know that vpn claims are mostly unverifiable, which is why this account is using Tor