PicoIDE - an open IDE/ATAPI drive emulator

｢ PicoIDE is a device that emulates IDE/ATAPI devices developed by Ian Scott, creator of PicoGUS ｣

https://picoide.com/

#picoide #atapi #retro #retrocomputing #opensource

Swiss surveillance could become worse than US

If passed, chat, email & VPN providers from #Switzerland must:

🚨 Log IP addresses
🚨 Ask for ID upon sign up
🚨 Decrypt data upon request

Swiss Bundesrat is still discussing this draft bill, decision will likely be made in 2026.

Let's fight for #privacy! 👉 https://tuta.com/blog/switzerland-surveillance-plan

@ErictheCerise I do!

TL;DR Logging is always technically possible, but some companies really don't keep them as a matter of policy.

If you don't care about region-shifting for video streaming, I'd recommend Mullvad.
If you don't care about speed or price, Perfect Privacy is good.

NordVPN, Surfshark (these two are related companies) and Windscribe would all be in my shortlist if I wanted to be able to watch streaming services while connected.

Now: a lot more detail
This is all off the top ofmy head, although I'm searching up legal cases as I go just to drop them in, so forgive me if I misspeak here.

The elephant in the room is that you fundamentally only have the word and reputation of the providers to go with to judge whether they'll be any more trustworthy than your ISP (although pretty much all of them are less likely to report you for torrenting movies, at least).

A number of "no-log" VPN services have been shown to keep logs and hand them over when requested.

This includes IPVanish - two parent companies ago (see https://www.techradar.com/vpn/this-vpn-company-comes-clean-about-no-logging-accusations) and PureVPN (https://cyberinsider.com/vpn-logs-lies/).

To quickly detour to a famous case, HideMyAss, before it was a Gen Digital subsdiary, famously handed over logs in the LulzSec case, buuuut at no point did it claim to be a no-logging service - in fact, UK law at the time *could* be interpreted as requiring logging. HMA now says it keeps no logs and has had at least audit carried out to prove the point, but in an industry where a service lives and dies on its reputation, they'd still not be my choice for privacy-sensitive work.

Audits are useful tools - they allow VPN providers to publish external verification of their claims and while some aspects of outsources tech certification and auditing are a bit of a racket, these reports aren't *nothing*. NordVPN, its sister company Surfshark, PIA, ExpressVPN, VyprVPN (not sure if there's been one since they changed hands), Windscribe and others have all been audited regarding the accuracy of their no-logging policies.

My personal gold standard for proving that a VPN provider keeps no logs is "having your hardware seized or being dragged into court and the authorities finding nothing" - the hard way, in other words.

I regard a company changing hands as a reset on this reputation, so following their purchase by Kape Technologies, both PIA (https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/) and ExpressVPN (https://www.comparitech.com/blog/vpn-privacy/expressvpn-server-seized-in-turkey-verifyies-no-logs-claim/) get their reputations reset to zero in real-world terms. They're keeping up audits and maintain their no-logging policies, this is just a personal rule of thumb.

Perfect Privacy had servers seized (https://torrentfreak.com/police-seize-two-perfect-privacy-vpn-servers-160902/) with no indication of any data exposure. Their service is slow and expensive, but they prioritise user security.

Windscribe and NordVPN were both found to expose data. Both took effective action to remediate the causes of this, however.

Both also communicated the situation badly, with NordVPN failing to disclose for an extended period, and Windscribe taking the opportunity to point fingers at other VPN service providers.

I would personally still use either service, but VPN industry drama is incredibly tedious to me and I could fill a book with the stuff.

The key question is *could* a service enable logging if ordered to - there are legal and technical aspects to this, but the answer is always yes.

For example, Proton (to pick someone we already have reasons not to use as an example) has shown that it will honour Europol and Interpol warrants (as it's obliged to under Swiss law) for its ProtonMail service. Does that apply to the VPN service?

It actually addresses this (and was involved in legal work to maintain the law as it currently stands)

"Proton VPN’s Swiss jurisdiction also confers additional benefits which are favorable for VPN services. In most countries, VPNs can be forced to log as the result of government orders, even if they are by default no-logs. However, within the current Swiss legal framework, Proton VPN also does not have forced logging obligations." - https://protonvpn.com/support/no-logs-vpn/

Does $VPN_provider have the ability to enable logging for its VPN service if ordered to? Yes. **This is always a yes**. In practical terms, getting an order would generally require that authorities already know that a suspect used a specific VPN service, but there's always a way of keeping logs, even on those RAMdisk systems that are the gold standard for being proof against hardware seizure.

The fact that logging is always a possibility is a key reason some VPN companies are nominally headquartered in locales with relaxed legal requirements like Panama and the British Virgin Islands, although this is less of a thing than it once was.

Others simply stand up to the authorities. Mullvad states that it will shut down (https://mullvad.net/en/help/how-we-handle-government-requests-user-data) before handing over user data.

And that's fundamentally what you're basing this decision on. Trust and reputation.