We shouldn’t assume we know everything the NSA, CIA, etc. can do. We know that the US military keeps a lot of their abilities classified, so we should assume the same for intelligence agencies. I think these things are important to consider.
Take AI traffic analysis. Mullvad VPN made DAITA in case tools like this emerge in the future, even though they didn’t know for sure. This seems like an important thing to consider with VPN recommendations. IMO it should be in the best-case criteria, and a quantum-resistant encryption setting should be moved into necessary.
I get that we can’t address every threat we think might be happening, but when there are solutions being offered, like with DAITA, those should be strong factors to consider in my opinion. What does the PrivacyGuides team think of this?