I shouldn’t be so upset over an incident that happened on Mastodon yesterday. Ultimately it doesn’t matter what a random person online thinks about me but this interaction bothered me for two reasons:

  1. The behavior was very Twitter-like when it shouldn’t have been. Things should be better on Mastodon.
  2. I take online privacy and security very seriously and the misinformation in these now-deleted toots places people in jeopardy of using bad security services.

Yesterday I saw some toots from two social.lol users posting about VPN services from browser developers:

Not sure which service this was referring to but let’s be clear:

  1. Mozilla VPN infrastructure is provided by Mullvad one of the most respected VPN services available. Mozilla VPN is also audited as is Mullvad.
  2. Brave VPN infrastructure is provided by Guardian

Neither browser company is providing its own infrastructure. The implication in that toot is that such services are untrustworthy which is plain nonsense.

Google recently announced that it was adding its own VPN service to all tiers of the Google One subscription at 2TB of storage and above.

@jeannie” then implied that Google was reading traffic running over the VPN to help serve up more ads to users and that is when I stepped in saying that was a pretty big accusation that goes against their terms of service and please provide proof:

Of course there was no proof and an attempt was made to turn it back on me asking did I really think Google is trustworthy and if I did then I was being naive. I responded:

Yes, Google is trustworthy in this aspect of their business and I say that for three reasons:

  1. Google One is not free and not paid for via ads. The 2TB plan is $99.99 a year/$9.99 a month, a not insignificant amount of money.
  2. Their VPN client is open source and their service has been audited by an independent party.
  3. Google is really, really good at security.

Finding a trustworthy and secure VPN service is important and there are many poor ones out there. Google has the infrastructure and security know-how to do it properly and they have. This is a win for every Google customer.

Yes, I know Google’s primary revenue is via their ad networks. That points to yet another reason they really don’t need to watch user traffic over VPN tunnels even if the above 3 points weren’t true: they already have the means to track you via multiple methods like their ad networks and YouTube.

Large corporations are strange beasts. Google doesn’t just run ad networks and search. They also provide businesses with cloud services like Google Workspace and Google Cloud Platform. These pieces of their business all need to be independently audited for various levels of ISO compliance for security.

If you want to use free services like Gmail, expect them to do things to support that free service. You’re going to pay somehow, it just might not be a direct payment from your bank account.

The original poster also had replied at one point:

Sad face indeed. Trusting Google VPN is not putting oneself in danger. What is dangerous is misinformation being routinely put out there from people who don’t want to spend any time doing any research and just want to jump on the bandwagon when it comes to bad-mouthing companies like Google. Google has problems, their VPN service isn’t one of them.

About that point #1 way at the top of this post…

Mastodon isn’t Twitter and people should be holding themselves to higher standards. That most certainly didn’t happen here. I asked a simple question in a civil manner. I certainly wasn’t treated as such in kind and of course I can’t provide proof because the person didn’t have the guts to keep their posts online, including the post where they called me a troll and said I was just inserting myself into the conversation to be contrarian”. I get that it’s fun to bash Google but asking for proof after an unfounded accusation is not being contrarian”, it’s simply asking for someone to back up what they’re saying.

As to inserting myself into a conversation… You’re on the Internet posting on social media. It’s not a cozy corner of a bar or the privacy of your home. If you didn’t want it heard you shouldn’t have posted it.

If you want to act like you’re on Twitter stay on Twitter, otherwise think before you type. Oh, and maybe when you realize you were wrong and delete your posts maybe an apology to the person you accused of being a troll is in order.



Date
March 14, 2023