Also sad that this website that is reporting this is peddling bad VPN options (alongside only one good one - based on the ad I see between paragraphs).

Yet it is fine when the CISA says “Don’t use a VPN”?

Make it make sense at this point

[EXCEPT The questionable policy especially on free VPNs {with the exception of ProtonVPN}, that is true]

Nobody in the know about VPNs says that’s fine either. One thing has little or nothing to do with another.

The point is to know that not all VPNs are made equal and choosing one to use is one of the most important decisions you make for your digital life or even your safety if the situation is such.

Yet another reason I will likely never set foot in the UK.

Here is the relevant portion of the document.

Engagement in Hostile Activity

6.16. Under Schedule 3 a person may be engaged in hostile activity even though unaware that their activity is hostile activity.

• […]

6.17. Since hostile activity does not require any knowledge or tasking by a foreign state, the phenomenon of double-ignorance could arise. A person may be engaged in hostile activity if they do something which, unknown to them threatens, national security and which is in the interests of another State, also entirely in the dark. For example:

• The developer of an app, whose selling point is end-to-end encryption which would make it more difficult for UK security and intelligence agencies to monitor communications. It is a reasonable assumption that this would be in the interests of a foreign state even if though the foreign state has never contemplated this potential advantage.
• The lobbyist for a foreign firm, who seeks to persuade an electronic chip manufacturer to build its factory in France rather than the UK. This would engage the UK’s economic well-being in a way relevant to national security even though France is entirely unaware of the lobbying and the lobbyist is only doing his normal day job.
• A journalist carrying information that is personally embarrassing to the Prime Minister on the eve of an important treaty negotiations affecting UK security interests.

What looks clear is the UK government may very well treat end-to-end encryption developers as “hostile actors.” But the governments of UK, Europe, US, Australia, Five Eyes etc have already long demonstrated their hostility towards end-to-end encryption and privacy-enhancing technologies in general. Recent examples include Samourai Wallet and Tornado Cash by the US government, and Apple Advanced Data Protection by the UK government. Practitioners, researchers, developers and advocates of privacy, particularly privacy-enhancing technologies, would be wise to treat those governments as hostile actors.

The UK government may also treat lobbyists and journalists, or anyone who does anything it deems undesirable, as “hostile actors.”

It was CISA not the CIA.

And in context it sorta made sense as their point is most consumer facing VPNs are awful.

As for the UK…WTF is going on over there? Any UK folks able to provide context? It seems insane.

Idk how SimpleX is going to face this