If you think that your government does not protect enough your privacy, you may also consider to ask to your representant (congressman/woman or senator) for different laws about that. And lobby for that. Mr Louis Rossmann owns a repair shop in NYC and likes a lot a “right to repair” approach for hardware and consumer electronics, but a lot of other people stand by talking about ECU and diagnostics on their car, heavy duty vehicles, and so on. I can understand that it’s a long and tricky road, but AFAIK a lot of “not nice laws” have been changed in your country.
Or you can change your country if you like more the “newer country” laws about privacy.
Moreover, you’re not bound to… this distro. You have access to the sources, so you can learn how to change your software for fitting your needs
The request was rejected at least one time from the project. And personally, i can understand why.
First of all: in a lot of countries you don’t really need a VPN provider, unless you’re willing to circumvent national bounded license/fee access to content. Or do something worse. Not because the laws are perfect, but because you can access to a lot of resources like DNS servers (and there’s quite a tough job on DNSSEC on IPFire) who can allow you to locate al lot of servers. Also, most of the TLS-enabled protocols can be configured for HSTS, for not allowing a non secure dialogue between your device and your service provider, intended as your mailserver or your website or the content provider you’re contacting. Use of TLS/SSL is quite… everywhere, even for posting these words my connection is encrypted between my browser and the server hosting this discourse installation. ISP i’m using knows that i’m talking to the server, but cannot wiretap or change what i’m posting. Due to TLS/SSL connection.
Also… i’m not aware of every segment from my ISP to the server…
Let’s switch to a VPN provider.
Most of them use OpenVPN as “media” for connect between your computer and them connection points. It’s not the only technology used (some allows also L2TP mostly for enabling connections on mobile devices) but guess what… OpenVPN is based on TLS! In more detailed explanation, it uses OpenSSL as encryption library. It can be a bit more strict about encryption, but if most of your traffic is TLS enabled, you’re wrapping TLS around this once more. Which can only reduce performances.
Moreover: VPN Providers are companies who wants revenues. But they still have to obey laws into countries they are founded. And if a customer using the services is breaking the law, a court from another country may want do all the steps to gain access to traffic to the VPN provider, and they have to comply. They’re not immune to their domestic and international laws. And for few bucks par year, i don’t think that they’re willing to piss of cops or their domestic court. Thousands of bucks par year is still “few” for messing with courts.
But let me extend the reasoning…
If you’re using a VPN provider, exactly in the same way if you’re using a ISP, they have take logs of your traffic. What are ISP and VPN provider allowed to do with this data? Depends on the contract you subscribed so seems more a matter of what you’re signing for, instead of paying twice (ISP and VPN).
You want more privacy? If paying a second company to take note of all your traffic instead of your ISP makes you feel better, i cannot ease this false sense of security. Problem may not be really privacy, but fear.
IMHO you can do something more… effective: know what you’re doing.
What means typing www.myfavoritewebsite.splash on your browser. What means using this mail provider instead that mail provider. How any company you’re browsing on the web use the data you provide. How the software you’re using behaves… It would make me laugh if you’re using Microsoft Edge or Google Chrome How your network devices work. How internet really works. How website and web technology work.
Or pay someone enough and give him/her time and will to teach you info and how to learn. I must stress enough because it’s not only a matter of tech skill, but also human skill to understand people and deliver the full message to minds and hearts.
It’s not a nice world, but paying two companies may not be the most effective way to defend in a better way.