Disappointment with PG teams handling of the "Remove ProtonVPN" post

[EDIT: This was originally a reply in another thread. It has been moved and stripped of context in which it was made. I don’t think that was correct, but it’s not my call.

I’m muting this thread and the proton one until tomorrow, to get some distance to reflect and let things settle. As it stands right now I’m pretty deeply disappointed with the conduct of the team in the handling of the initial situation and the handling of the fallout from it. I can only speak for myself, but this is the first time I have felt this way here on this forum.

Below are comments that were made in response to this comment and the subsequent comments.]

[Original comment below]

I’d like to start out by saying I respect you all, including those who I’m about to strongly disagree with.

We are not removing Proton VPN for something that amounts to a platform implementation issue

Assuming this was meant as an authoritative statement, I am deeply disappointed by this response.

Repeated misinformation and attempts to derail from random 6 hour old anon accounts in this thread has been frustrating, but that’s just the nature of brand loyalty and anonymous users on open forums. But for a team member to flippantly use that misinformation to justify keeping a favored [popular] VPN that fails to meet the minimum criteria established by Privacy Guides is surprising and troubling to me.

A seemingly knee jerk decision based on inaccurate information without even making an effort to first understand the context or scope of the problem is in my opinion both insulting to the OP and to the people who have put a lot of effort into explaining and documenting the issue, and showing beyond a reasonable doubt how this isn’t simply an OS issue or edge case, as well as insulting to Proton’s competitors who have put in the work to build killswitches that don’t share ProtonVPNs limitations on MacOS (despite smaller teams and smaller budgets).

I don’t really know what to say other than how deeply disappointed I am with how this has all played out. It has somewhat shaken my confidence in the seriousness and objectivity of the decision making processes and the objectivity of PG recommendations. I do not feel this has been handled well regardless of what the eventual outcome is.

I’ll just end by saying, I have much respect for both the core Privacy Guides community as well as the Privacy Guides team for the contributions and commitment to advancing privacy.

edit: to anyone following this thread, be advised that the meaning of ‘killswitch’ and the criteria for VPNs is seemingly being quickly rewritten on PGs github right now, in a way that appears to sidestep the shortcomings of ProtonVPN’s kill switch (but also in a way that waters down the meaning and relevance of a killswitch in general, and in a way that seemingly means that PG can no longer make VPN recommendations for platforms outside of GrapheneOS and Linux (because the change states that the minimum criteria only apply to recommended operating systems) I hope that I am misunderstanding the change, but that is how it reads to me.

It is not a favored VPN provider, and now that I’ve looked into it in more detail, its obvious why ProtonVPN chose to do it the supported Apple Way rather than relying pf which has other known issues. Apple very clearly say not to use pf for widely distributed applications. Mullvad and IVPN chose to disregard this, and may find themselves in the same situation a year or two from now.

This will probably accelerate the need for a hardware guide where we handpick a few items and see how well they work. Typically at home you’ve got more options for routers, but some of those Gl.inet travel routers that run OpenWRT look pretty cool. I think there was someone on here a while ago who swore by the mudi, but I haven’t used that.

as said @dngray doesn’t even use Proton, and you being around here long enough could have known that . We disagree on the other semantics too because the issue is not that we don’t want kill switches but that they frankly are unreliable and we realize that more and more as we go over this. Several members this evening in the team have been doing quite a lot of research and I expect more will come out of that in the coming days.

I didn’t write (nor mean to imply) it is his “personally favored” VPN, but I can see how it could be misread that way given the rest of my comment. To be clear, I don’t mean to imply it’s their personal preference, I don’t know their preference. I’m speaking broadly about you as a team, us as a community, and the privacy space broadly (Signal or Mullvad or GOS are other projects I might call ‘favored’). Maybe there is a more accurate word to choose than ‘favored’? I do not know much about their personal preferences, and I do not want my comment to imply they are simply pushing a personal preference, I’ve interacted with them (and you) enough to know y’all have more integrity than that. I want that to be clear.

If anything, to me Proton seems to be a fairly disfavored solution, both broadly and within the team, so I don’t quite follow this logic, but I have definitely seen other people make the same argument as you so it comes from somewhere

Ye’old conspiracies would be my guess, the kind that originate on Reddit, the most privacy friendly platform to exist.

You replied right before my update at Remove ProtonVPN - #341 by jonah but since your topic has nothing to do with Proton whatsoever it does not belong in that thread, so I’ve moved it here for you.

What an odd strawman.

To be clear, my issues are not so much with the time it took as the attitude of staff toward it. Like…

Ignoring requests for an updated for weeks

Not taking any time to actually read the thread and getting well-established and oft repeated facts straight before either asking for the information when it’s already been provided or outright stating falsehoods

(Note that the link above is for a clearly entirely unrelated issue)

Or insinuating that the support in this thread for removing ProtonVPN is due to brigading

To finally, long after the community has spent countless hours of their own time discussing and testing and confirming the issue, only have decisions be made by staff members acting entirely unilaterally

The community was ignored because a few members of staff disagreed with the clear consensus, and rather than engaging in the discussion, the community was sidelined and finally nearly shut down.

And now^[1] they are continuing to sideline the community by imposing a 4 hour slow mode that doesn’t apply to themselves while they continue to post falsehoods in the pursuit of stopping the removal that we were led to believe was already in motion. This behavior is frankly gross.

Nowhere in that article does it say that pf is going away. The reasoning behind their guidance is stated clearly

the PF rules you install might clash with those installed by:

• The user
• macOS system services, either now or in the future
• Other third-party products

This is also the case with iptables rules on Linux and I’m sure VPN app developers can handle those potential issues. If they don’t want to, they shouldn’t claim to have a functional kill switch on macOS.

This issue has been reported to Proton. They don’t care, and continue to push marketing that is false and portrays their product as if it doesn’t have this issue.

Let’s just recommend anything then. Get rid of the minimum criteria entirely.

I don’t see why VPN providers are expected to just follow Apple’s advice if it makes their products inferior considering there’s been no indication pf is actually going away.

Microsoft also wants you to use UWP on Windows. Many continue to use Win32 because UWP does not provide what they need, and it isn’t going to be removed any time soon.

Cite this if you are going to assert it please. I can not find any statement by Apple that they are planning to remove pf. It would be crazy if they did considering it’s what their own system services rely on under the hood.

You continue to fail to understand the issue. Read the thread.

I am giving up. PG staff clearly have some reason causing them to look for any reason to keep Proton recommended. No other company would receive this treatment and we all know it. Why? I genuinely am at a loss. As I’ve said before, it’s their site, so fine, let them do what they want. I just wish they’d stop pretending they care about the community’s input while doing so.

1. they seem to have reduced it very recently but it was 4 hours when I wrote this ↩︎

Decisions are made on merit usually not immutable consensus. The reason for this is because merit requires research and consensus can be manipulated with people that either haven’t provided anything meaningful but an uninformed opinion or have funneled from some other website.

The reality is not a whole lot of research has actually gone on that is meaningful, ie as to why this leak occurs with Network Extensions. I have reviewed the thead now and the most that was said is thast it doesn’t happen with providers which still use pf. The tests didn’t prove anything further.

Likewise, @lyricism, your post has nothing to do with ProtonVPN, so I’ve moved it here. Since you continue to repeatedly bring up these topics that have nothing to do with the technical discussion at hand, I’m asking you to take a break from the community for a few days, details emailed

I agree with your sentiment, that team members shouldn’t make such blanket statements and give more thoughts to their response as they represent PG as whole, which subsequently reflects onto the project. I have seen team members been patronising, if not down right rude, to the point someone had to make the post to address the issue.

The forum has been trending downwards for a while now, and I say this as a person who has immense respect for dngray, and no horse in this whole proton ordeal.

In @dngray’s defense, I think that thread was ridiculously confusing and people were talking over each other about completely different things constantly. I personally believe @dngray was mainly talking about the one problem described at What should we require of VPN providers on macOS? and his response to that problem was fairly justifiable. However, if you were in that thread wanting to talk about one of the other two problems with Proton then you’d indeed probably read his response as unreasonable.

In defense of the entire team, this remains a volunteer effort and I think people should be more understanding of this, but I also agree people should generally be more careful about speaking on behalf of others, and on behalf of the project as a whole.

For me the biggest issue I had was the lack of response.

I know @jonah made it very clear there is no SLA but when you have a team member in @nateb saying we will internally discuss and get back to everyone and then there is silence for 7+ weeks that doesn’t come off right. i think its reasonable to expect some sort of an update within a couple of weeks. Even if its just “hey we didn’t forget, internal discussions ongoing…”

Sorry had a 2nd thought i wanted to add…

For me, from an outsiders perspective (outside of the PG team) i don’t think it looks great on the rest of the staff that the thread got so unyielding. It seems like PG has these peaks of drama that staff lets get out of hand and then big daddy @jonah saves the day. To me, there is no reason reason the proton issues couldn’t have been split up and managed by other staff members earlier on.

My thoughts exactly. And after a months long wait for any kind of meaningful input from the team on what to many including myself seemed like an urgent issue since the site was continuing to actively mislead people in multiple ways. I appreciate the efforts of those who took the time that I was not willing to give to spoon feed information to staff that had already been discussed ad nauseam throughout the thread, much of which they would have understood had they even taken the time to read the very first post. But that should not have been necessary.

+1 to everything said by @lyricism. I take issue with the decision to silence them. It only adds to the feeling that community input is not welcome here if it doesn’t fit the narrative of the admin team.

I’ve been here for a while now because I really do love the community, but I’m not sure I’ll stick around much longer if recent events are any indication of how things will be handled going forward.

I think there is some fundamental misunderstanding of what the “team” does here. I was not aware of this thread before I read the whole thing and then posted in it for the first time 5 days ago, and frankly there should be no expectation of “internal discussions” behind the scenes (although I’m sorry this impression was apparently made).

The entire team writing the website are volunteers on no set timetable/schedule, and the discussions are happening here where you are involved with them: What you see on the forum is what you get. The handful of people who are being paid to be involved in other things aren’t being paid to work on the website or post on the forum, and certainly don’t have the power to force other people to volunteer their time. A lot of people are away at school, or working day jobs, or just otherwise living their lives at the moment.

This isn’t going to change, in fact it was a conscious decision to not pay anyone to work on the recommendations, knowledge base, and forum, because those things are best to remain community-run.

The best thing we can do, given that the forum discussions are the only thing that matters, is try to be better at steering conversations from becoming the unreadable and disorganized mess that was the “Remove ProtonVPN” thread.

My main takeaway is simply that we should not allow “Remove X” threads going forward, because the threads about highly specific complaints…

image1348×438 39.6 KB

…are generally far more productive.

I agree this should not be necessary, but—and maybe I’m biased lol—I think I cannot blame other people for not doing the exact things I would do in a given situation, and I think we are on the whole still a lot better than other communities in this space who seem to be given a lot more slack for whatever reason.

That’s fine but i think we can agree if a team member makes a commitment to the community its reasonable to expect them to uphold it. I dont think @nateb ever responded again and he obviously didn’t internally discuss it if you weren’t aware of the thread until recently.

I agree.

My expectations are for the moderators to moderate, not the project director. Maybe thats just not possible when relying on volunteers.

@Anvil If you genuinely believe conspiratorial comments like…

…are reasonable complaints, when we’re frankly far more forgiving to most companies more than Proton, and have repeatedly demonstrated we are acting in good faith for like 7 years running, then I do not know what to tell you. It is not valuable nor within our community guidelines to receive “input” like this from people who do not respect us as people and would rather treat Privacy Guides as some opaque monolith that nobody has any say in.

Asking them to take a day and a half to reflect on that is more than fair, and if they come back to double down on statements like that, or to delete their account, then we will see they are not as genuinely invested in this community as they claim to be. I hope this is not the case, because I understand the thread their comment was originally made in was, again, extremely heated. Now maybe things can cool down.

I think they generally do an excellent job, but people are not perfect of course, and things do occasionally get out of hand. The only thing we can do is learn and move on.

Just gonna point out that you are really reading into those comments if that is what you’re taking away from it

We occasionally have repeated issues with specific users, and if we are going to interpret every moderation action completely in a vacuum, only looking at a single post, then yes maybe you will continue to have problems with how things are handled here, but there is a reason only one person needed to be temporarily silenced tonight.