hckrnws

Note that all of these companies are also under the umbrella of Tesonet, a Lithuanian VC firm also headed by Tomas Okmanas (Tom Okman in TFA). Their flagship investments are Nord Security, Hostinger, Oxylabs, Surfshark, Decodo, Mediatech, and nexos.ai - all closely related business models around proxying.

They don't seem to have Russian ties: "In 2022, CyberCare opened an office in Lviv, Ukraine. Although planning for the move started before the war, according to Dainius Vanagas, CEO of CyberCare, one of the reasons why it was followed through was a desire to help Ukraine rebuild."[0]

They also donated money to help arm Ukraine.

0: https://en.wikipedia.org/wiki/Tesonet

Don't forget ProtonVPN links to Tesonet, which they're trying hard to "debunk" (though no clue why, I have nothing against Tesonet). They only shared employees and accidentally signed apps with the same certificates, but are "totally unrelated". Their PR people are already on this thread.

If they didn't try so hard to fight it, people might care less.

Back when I was running PIA, they threatened me a significant amount just for pointing these facts out.

Now that I launched a verifiable VPN, they are once again sending legal threats [1].

[1] https://vp.net/l/en-US/blog/Verified-Privacy-vs-Trust

So did you sell pia? Why won’t you sell your next venture ?

I did not sell PIA. I entered into a merger agreement to create a publicly owned privacy company. Without getting into detail, I left the company on principle receiving only 1/3rd of the value for the shares.

Btw I used to love pia, I think I’ll check your new one out!

I used to work at Tesonet (as software engineer) and I'm not familiar with corporate politics / ownerships but they're lovely people that would 100% walk out if there were some real Russian ties involved.

Lithuania is a really small country and IT has been a huge economic strategy since early 00s as a way to become economically independent specifically because of Russia and it worked out really well.

Are we allowed to discuss (edit: if it's not too political?) if Kape Technologies has any connections to Israeli security services, given the nature of VPNs and given the amount of data that can be trivially collected, and:

"Being from Israel, Teddy Sagi had connections with the Israeli military intelligence sphere and was able to procure himself a real-life cyber spy [his co-founder] from the famed Unit 8200 (kinda like Israel’s version of the NSA)" [0]

?

[0] https://windscribe.com/blog/what-is-kape-technologies/

Unit 8200 is the premier software development track in the Israeli military.

Every Israeli tech company likely has multiple developers from Unit 8200 in it. Whether it's building e-commerce shops or making video games.

While 8200 definitely falls under the military intelligence wing, I don't think describing people in it as Cyber Spies is anywhere near accurate. And unless that guy was very high ranking it is a stretch to imply that's an indication that IL military intelligence is involved in the company.

That is not to say that the military isn't involved with the company - that might very well be true, just that someone being from Unit 8200 isn't an indication of it.

>Teddy Sagi had connections with the Israeli military intelligence sphere

Does this mean much given that israel has mandatory military service? Unlike in the US where you have to make a conscious choice (eg. patriotism or desperation) to join the CIA/NSA/military, that's not really the case in israel. "has ties to unit 8200" might as well mean "has ties to stanford/MIT/caltech" or "has ties to big tech".

If I was running an intelligence agency and was given my choice of conscripts,

I wouldn't hand my intelligence secrets to people who resented being forced to be there; or to mouthy people I thought might blab about it after the end of their service; or to people with an anti-authority streak or at risk of a Snowden-style attack of conscience about civil liberties.

I would select for people with a deep love of their country; and a sense of loyalty that would extend well beyond the end of their service. The rest I'd send elsewhere - plenty of other units need tech folks, that drone/radio/printer isn't going to fix itself.

[flagged]

> I definitely want to know if they are involved with any tech I'm using so I can avoid it

Are you going to stop using Linux because the NSA is a major code contributor?

Huawei is too, and they were founded by a guy from the PLA.

Linux is not operated by NSA and is open for inspection. Can you say the same about VPN services in question?

It would be naive to think Huawei is isn’t influenced by CCP, specially if it is found, by presumably someone from PLA intelligence unit by your suggestion.

this is not a helpful argument. this isn't about not using Israeli OSS software but services that feed data into the surveillance grid of quasi rogue state.

[flagged]

[flagged]

[flagged]

[flagged]

> Does this mean much given that israel has mandatory military service?

Yes. Mandatory military service is still military service. It's still following government orders at an impressionable age in a culture that deliberately inculcates a mentality of following orders even when they go against your every human instinct. It still means working for an organisation that knows its job is killing people, even if you're not the one pulling the trigger yourself. And Israeli military intelligence specifically has a long history of keeping supposedly retired civilians on as sleeper agents who infiltrate supposedly neutral companies.

(Does that mean this guy specifically is definitely one of them? Of course not. But to anyone with reason to be using a VPN at all it's probably too much of a risk)

I think VPNs are one of the clearest cases of tech/politics intersection, it's not just OT for tech but also for hacker culture.

What do you think @dang ?

[flagged]

[flagged]

The second part of your comment seems like a non sequitur

I'm a pragmatist

Calling out Israeli conspiracy isn't Jew hating.

This is the whole issue. No one can question what Israel is doing for fear of anti semitimtism.

If everyone is "anti-semitic" then you allow real antisemitism to foster unabated.

> No one can question what Israel is doing

I literally said "it certainly should be allowed"

but it goes both ways. no one can question what Jew haters are doing for fear of anti-anti-semitism. If no one is a "Jew hater" then you allow real antisemitism to foster unabated.

Not allowed to have any meaningful discussion on this site. @dang will tell you to edit your posts before banning you.

I specifically put the OP in the second-chance pool (https://news.ycombinator.com/item?id=26998308), which is why it got re-upped (https://hnrankings.info/45469376/). Rather an odd way to suppress discussion, no?

Israeli crypto ag

I liked Express VPN

I’m not a big expert on the VPN tech side, but it always seemed to me that the most logical option for those that actually understand about VPN is Proton, or am I missing something here?

Im a happy Proton user myself but if someone wanted the absolute most secure and private and reputable VPN I would point them to Mullvad. The main reason I use Proton is because I use the other apps in their suite as well and I get the VPN in the package deal. The threat model is good enough for my use cases

Mullvad doesn't support port forwarding [1] for users that need it unlike proton vpn [2].

Although I have never needed it myself, which in that case Mullvad might be better since they require minimal registration details.

[1]: https://mullvad.net/en/blog/removing-the-support-for-forward...

[2]: https://protonvpn.com/support/port-forwarding

Company who's blog post this is ain't bad either if you're looking for a non-ecosystem VPN. Proton is trying to be Nord and create an ecosystem of products that store all your most private data, all under the umbrella of 1 company which defeats the whole point of a VPN who should have no data on you (not even an email).

PS. I'm from the company who's blog post this is.

> Proton is trying to be Nord

I feel like it's Nord who's trying to be Proton but worse, no? Nord had just the VPN until recently, unlike Proton which was already trying to build an ecosystem (although they did speed up the new product drops significantly in the past few years). And unlike Nord, at least Proton actually has proper zero-access encryption and stuff, and they seem to know what they're talking about rather than just relying on influencer marketing.

The companies to trust are the ones that don’t run ads. I’ve used mullvad for a decade, before that airvpn.

A long time ago, I have difficulty removing payment card information from ExpressVPN.

Managed to contact support to remove it but they merely zeroed out (it shows 0 for the visible fields) the card details rather than truly removing payment information.

This link displays just the map, freed from it's painfully small frame.

https://kumu.io/embed/9ced55e897e74fd807be51990b26b415#vpn-c...

Anyone got this as a regular single image infographic or (better yet) a text-only bulleted outline?

I have to admit that discovering that ProtonVPN was actually just owned by Proton Technologies feels underwhelming.

Idk what's the official status, but it's Tesonet.

Some fake debunking in the comments of this thread that is factually almost correct: https://www.reddit.com/r/ProtonVPN/comments/8ww4h2/protonvpn...

EDIT: ProtonVPN app was "accidentally" signet by Tesonet. How do you think this could happen?

It’s not Tesonet, Proton is wholly self-owned and managed. Proton VPN was briefly sharing employees with Tesonet during initial app bringup, and that partnership is long over. Naturally due to competition and the huge importance of privacy in this space, people still bring this up, but Proton VPN does not and never will sell or share your data with anyone.

Source: I am a Proton VPN employee.

So, why were the employees shared?

EDIT: I'm not saying being related to Tesonet is bad, but it is a fact that you cannot run away from.

> Proton VPN was briefly sharing employees with Tesonet during initial app bringup

I assume they needed the experience in how to run a VPN company, so that initial partnership was needed.

thanks, this reddit thread doesn't inspire confidence in proton's story :/ at all

[dead]

We should really be moving towards a world of Multi-Party Relays rather than Single-Party VPN operators: https://www.privacyguides.org/articles/2024/11/17/where-are-...

With Multi-Party Relays you no longer have a trust a single entity not being malicious or compromised.

Disclaimer: I run obscura.net, which does exactly this with Mullvad (our partner) as the Exit Hop.

Can you control the geography of the exit node? I really like Private Relay but it doesn't get around geo restrictions because the IP is still in the same country you are.

Yes, you can with Obscura. That limitation of Private Relay is just an arbitrary limitation made by Apple.

If you’re worried about your VPN provider but you can trust your VPS provider, try an SSH Tunnel.

https://joeldare.com/ssh-tunnels-my-vpn-alternative-for-priv...

Thanks for the link. How does this work on the server side? It gets packets on 8080 and then what? The article needs to explain the server config, even if it is just how to install ssh-server.

I have tried setting up OpenVPN on my own VPS and I didn't get very far with it. I have also had to use OpenVPN in the day job and I much prefer just using ssh without some extravagant OpenVPN layer.

My experience of failing to configure a VPN of my own (primarily for testing GeoIP) led me to try a few VPNs and the amount of junk adverts and whatnot made me wonder if it was time to fdisk my computer and start over due to the virus-vibes I was getting from a VPN. This was in the days before VPN adverts on lame YouTube channels, so I presume the product has improved since then.

In theory, someone smarter than me can rent a VPS and get OpenVPN on there, or, better still, a remote desktop so that only the screen image goes over the internet from the VPS to the PC, X-Window style but better. This could be further obfuscated by using 443 and one's own special ROT13 'encryption'.

Presumably a skilled person that knows what they are doing could get it all setup in an hour, to write concise instructions that 'civilians' can work through in pretty much the same time.

If you were highly invested in porn, watching Netflix in foreign countries and with even worse stuff to hide, you would think that some investment in getting a proper VPN with your own VPS would be the way to go, but no. Cost isn't the problem if you are deeply into something worth hiding, so why do so few people roll their own VPN?

The reality is that the typical product is marketed with FUD and the goal is to turn you into a 'sleeping giant'. A 'sleeping giant' is a customer that has a standing order or other payment arrangement that is for a service that is not used, and for that to not be noticed on bank statements. Everyone wants you to be a 'sleeping giant', including some 'worthy' charities, dating websites and every software subscription service. They aren't using FUD marketing though.

The commercial VPNs have mastered the art of selling a product that deserves technical knowledge to understand to the masses, so you have got to respect the hustle.

VPS's that you can easily spin up for an hour or two tend to charge $$$$ for egress bandwidth, which makes them an unattractive option for streaming video over.

Ohh cool, we made that map (I'm from Windscribe). If you spot any errors, let me know.

Is there any other real world usecases for VPN nowadays other than:

1. Getting access to geolocked data

2. Torrenting "Linux ISOs"

?

In Germany (and probably in the UK too), you now have to be very careful about what you write online. There is actually a section 188 that makes insulting, defaming, or slandering people in political life a criminal offense. You can now face heavy fines for minor insults (“idiot”) or even have your home searched. A VPN can be useful here.

What idiot signed that bullshit into law?

That law has existed since 1951 and is based on an executive order from 1931 by Hindenburg.

Australian ISPs are legally required to retain metadata for two years.

That's one of the best reasons to use a VPN if you're in Australia. Give up as little as possible.

I have found, however, lots of sites block or Captcha-restrict IP addresses that are (somehow determined as) non-residential, and Netflix restricts its content as well.

The original use for a VPN - getting access to private resources - is still very much in play.

I don't just mean being able to access some private web interface you have on a private server in your at home, I mean connecting a satellite office to the main corporate office.

But for all of these consumer marketed VPNs, I think your list has 90%+ covered...

Interesting that we use the same word to describe both technologies, but semantically and technically they are very different.

Perhaps we use the same word to describe them because initially they did use the same technologies, but they have branched out ever since? Maybe IPSec would be a common tech used. But the algorithms are not the same anymore since they serve different purposes (Personal privacy vs corporate/sysadmin security)

In the corporate world VPNs were usually a lower level abstraction security mechanism or a redundant security mechanism to either complement application layer_security, or to hot-patch modern security unto legacy LAN systems. VPN encryption is usually provided by the local router. Common algorithms are IPSec/IKev2.

In the personal privacy world, we are talking about a proxy that hides identification such as IP addresses, and pools connections to provide privacy. The actual encryption is not the main security mechanism even, as it only covers the transit between consumer to proxy, leaving (a potentially longer transit) between the proxy to the actual destination.

In terms of purpose and architecture it's closer to bitcoin tumblers, or Tor or Freenet, or money laundering placement. The fact that they call it VPNs seems to me more of a marketing scheme or political play to avoid association with all of the above, than an actual technical or academical description. If someone were to analyse these technologies, I'm sure a neutral or critical approach would avoid uncritically calling them VPNs in the same way that research is published not about Viagra, but on Sildenafil.

> Interesting that we use the same word to describe both technologies, but semantically and technically they are very different.

That's where my head was at. When i hear my colleagues talk about a VPN, i'm thinking about an IPSEC tunnel and an afternoon of swearing at ios on some outdated ASA. When I hear regular people talking about a VPN, my mind immediately goes to "oh, so you want to watch rick and morty on netflix and don't know anybody hosting a jellyfin/plex server".

When do we coin a new term? Or do we? Does "vpn" turn into a word like "truck" where it's only the context that tells you if we're talking about a 2 axle pickup truck in a home depot parking lot or something pulling a 40ft container unit?

Accessing services from the UK without handing over your personal ID to a service that will inevitably get hacked.

This happened to discord literally a few days ago.

"Hacked" will be "left the data on a public S3 bucket until someone noticed" or similar.

One others seem to have missed 3. ad blocking on your phone away from home. Almost all VPNs have a block ads / known malicious traffic function. This can be done with just a DNS but often mobile carriers will block using your own DNS.

> Getting access to geolocked data

I use VPNs when I'm trying to ferret out the scope of an outage. I have VPN servers on local ISP which moves me around different routing. I use a commercial service to move me further out and to other countries.

A ton of ISPs use deep packet inspection for various kinds of filtering (and other shenanigans). When they get it wrong it manifests to the user as certain websites or access patterns being inaccessible and the ISPs customer support agreeing that you should have access and being able to do fuck all to fix it. A VPN in the middle usually solves the issue.

Wait, I think an ISP cannot inspect the content of packets that are encrypted, say, with HTTPs. In order to inspect TLS encrypted packets you need access to the end-device, controlling the end-router is not sufficient since you would not have access to the device certificates.

If you can prove that an ISP can inspect packets, it would be major news.

You don't need fully broken encryption to gain useful information. Knowing how much data is transferred, to which servers, and when (especially with details like how various endpoints will inadvertently chunk up HTTPS requests based on the details about the content or how interactive sessions will have certain back-and-forth transmit patterns) is sufficent to generate a traffic "fingerprint" which you can correlate to other users, to automated traces crawling those same servers, and otherwise get a very good sense of what a user is up to online even above and beyond just knowing which IP is being queried.

Toss that into any sort of "anomaly detection" or other such nonsense, and it's easy to create rare edge cases at an ISP level.

It's somewhat analogous to how you can sometimes "reverse" hashes like SHA256. E.g., suppose the thing you're hashing is an IPV4 address. There are only 4 billion of those, so a pre-image attack just iterating through all of them and checking the forward direction of the hash is extremely effective. TLS makes that a little more complicated since the content itself is actually hidden, but time and space side-channels give you a lot of stochastic information. You might not be able to deduce somebody's bank password, but you can probably figure out where in the bank's login flow they are and approximately what they did once they logged in.

They may not need the contents, seeing you're connecting to a netflix IP and having a lot of data transfer may be a good reason to throttle, for example.

* Russia

* Kazakhstan

* China

* Belarus

* Iran

* Mayanmar

- list of countries that are known or suspected to MITM traffic, including SSL

Accessing "the internet" while visiting your family in China/Russia/Iran/Thailand/...

Another one is getting around content filters / service-specific throttling (think college dorms and campuses, hotels, public hotspots etc).

Protection from IP tracking, especially if your ISP doesn't do CGNAT. Of course there's a trade-off here between

a) your ISP (who knows your billing information) knowing which sites you visit, and any site you visit can correlate internet activity back to your household

b) your VPN provider knowing all the sites you visit

CGNAT won't save you in a world where everything is fingerprinted to within an inch of it's life.

3. When you know/suspect your ISP is more shady than the VPN you're using. This applies particularly when you're doing something your government doesn't like.

VPNs don't increase privacy, they just change who has the opportunity to spy on your traffic. Sometimes, it's much better if it's some foreign random ISP instead of your local government, who can send law enforcement agents where you live.

Those two are pretty big already to be honest. I guess a third one would be avoiding eavesdropping on public wi-fis.

With TLS being everywhere, and just few clicks away from having DNS over TLS, I really don't get eavesdropping on public wifi prop value.

1. example.com is not on the HSTS preload list

2. Because you normally visit example.com using an incognito window, your browser hasn't cached the redirect to SSL, or the address bar suggestion, and you haven't bookmarked the site.

3. You key in example.com, the browser connects over http, and the evil wifi MITMs your unencrypted connection - removing the redirect to SSL and messing with the page however the evildoer wants.

Obviously a VPN provider can also do this, but you might hope they're less likely to.

VPN unifies all destination IPs to server.ip.addr.ess. IP reverse lookups tells some stories if you are to be so paranoid

TLS doesn't hide which websites (hostnames) you visit

It does if you do DNS over TLS or HTTPS, although I guess that information would still be knowable to your DNS provider if they terminate your TLS behind the scenes

Not quite. In order to make TLS certs work on a per-site basis, requests sent over HTTPS also include a virtual host indicator in cleartext that shows the hostname of the site you’re trying to connect to, so if the IP on the other end is hosting multiple domains it can find the right cert. For this reason some people feel that DNS over TLS is pretty pointless as a privacy measure.

SNI leakage is what encrypted client hello (ECH) tries to solve: https://blog.cloudflare.com/announcing-encrypted-client-hell...

It's still not perfect since you're still leaking information about the privacy set implied by the outer ClientHello, but this possibly isn't much worse than the destination IP address you're leaking anyway.

I think this is only true if SNI is disabled. Otherwise you really only get the IP of SRC and DEST.

Which is more likely, your barista collecting this data for nefarious purposes, or your ISP?

Or that dude in the black hoodie in the corner who always seems to be camped at whatever cafe you and your cow orkers are using as your startup "office"?

3. Not revealing your IP/location with every outgoing web request.

3. Hosting websites with DDNS (though the abuse from that caused Mullvad and IVPN to drop port forwarding)

4. Though it hurts anonymity, and is relatively rare: I2P or Hyphanet, because some websites block known P2P nodes[1]. Important if your bank or work is being a jerk about it.

5. As ThatMedicIsASpy notes, ISP issues: some routers soil the bed from P2P, some ISP's throttle P2P traffic regardless of legality, etc.

[1] https://old.reddit.com/r/i2p/comments/tc3bhs/is_anybody_else...

ISPs bad routing and peering

3. Avoiding government-mandated record keeping by ISPs in a country like the UK, where all ISPs have to keep a year of your browsing history and it can be accessed warrant free by 17 different agencies(including DEFRA, the agriculture agency).

And yes, I'm aware that you're most likely trading one surveilence for another - but honestly at this point I'd much rather trust my paid VPN provider with my browsing data than my ISP and ultimately the government.

Given that most of the web has TLS and you can easily do DNS over TLS - that's very very high level metadata, where I personally just don't see much ROI vs to giving that metadata to random company with no regulations whatsoever.

> but honestly at this point I'd much rather trust my paid VPN provider with my browsing data than my ISP and ultimately the government.

Your ISP will need to comply with local laws and regulations, and you'll have some recourse if broken. A third-party VPN operating in an overseas jurisdiction could be doing anything with your data.

Unless it's selling the data back to my own government, I'd rather a foreign commercial VPN provider have that information rather than my own domestic ISP or my own domestic government.

My government can do parallel construction, can send teams of armed gunmen to my house, and otherwise find far more methods to persecute me than the intelligence services of Russia or China can.

Being innocent of any kind of crime does not necessarily remove one from the crosshairs of law enforcement organizations, particularly the FBI, who have an extensive, well-documented history of violating citizens' constitutional rights, conducting partisan witch hunts against political opponents, being a lawless menace to civil rights activists, anti-war activists, gay rights activists, both pro-abortion and anti-abortion activists, and is probably busy right now planning on being a menace to trans inclusivity activists.

There is no such thing as a friendly government, but I'd much rather have my data in the hands of a government 10,000 miles away than in the hands of my own government. My own government hunts, injures, stalks, harasses, socially ostracizes, and even kills my fellow citizens far more than any foreign government ever has.

Sharing corporate info with your employees and not everyone else. You know, the "go to work" thing some people do.

Just because something is called with the same name, doesn't mean it's the same thing. Especially if the naming is done on a product by a company that wants to sell the product, and especially if the name is not a protected trademark.

Express VPN, NordVPN and Surfshark belong to another category of software than the VPNs used by companies.

Some differences are:

1- One is used by consumers, the other is used by businesses.

2- One protects communications to a client-controlled Local area network. The other protects communications with third party services.

3- One provides encryption, the other provides anonymization.

I VPN into my home network for added privacy in public wifis, and to access private services.

Free wifi hotspots

Nowadays most traffic is tls encrypted, but there are still metadata that can be collected.

>but there are still metadata that can be collected.

That logic is questionable given how poorly "spying on public wifi users" scales. You either need to put a bunch of eavesdropping radios in a bunch of public places or somehow convince a bunch of small businesses to use your "free wifi" solution. Even if you do have access, it's hard to monetize the data, given that nearly every device does MAC randomization (so you can't track across different SSIDs) and iOS/windows rotates mac addresses for open/public networks. OTOH setting up metadata capture on a commercial VPN service is pretty straightforward, because you control all the servers.

Doesn't pretty much every Starbucks location in the United States use a nationwide provider?

Despite the randomized Mac address, you can still fingerprint devices using all the usual tricks when they connect to the authentication and authorization page before you allow them to access the broader internet.

If the receipt had a passcode on it, you've got a link between all of your browser fingerprint, radio fingerprint and payment detail fingerprint and possibly customer loyalty provided at time of payment.

>Despite the randomized Mac address, you can still fingerprint devices using all the usual tricks when they connect to the authentication and authorization page before you allow them to access the broader internet.

Fingerprinting is overrated given that every iPhone 17 is identical to any other iPhone 17. If you leave system settings at stock, which most people do, there's very little to fingerprint.

>Doesn't pretty much every Starbucks location in the United States use a nationwide provider?

True, although mobile data is cheap and plentiful enough that I rarely bother using wifi at cafes or fast food places. The only time I use public wifi is if I'm staying long term, which basically only encompasses trains, airports, and hotels. Those are diverse enough that it's tough to build a complete profile.

>If the receipt had a passcode on it, you've got a link between all of your browser fingerprint, radio fingerprint and payment detail fingerprint and possibly customer loyalty provided at time of payment.

I don't think I ever saw a place that was that guarded about their wifi. The closest I've seen is hotels requiring your room/last name, which would allow them to identify you, but at the same time I'm not sure how much information they can glean, other than that I'm logging into gmail or airbnb. Persistent monitoring that ISPs can do is far more useful.

> Those are diverse enough that it's tough to build a complete profile.

Debatable; i promise you that somebody out there is willing to buy the info and will attempt to combine it with $otherInfo such that it becomes valuable enough for somebody else to buy. Lots of adtech/survalence-tech operates with thin margins at _massive scale_.

> I don't think I ever saw a place that was that guarded about their wifi.

It's rare; i'd run into it only a few times a year. Typically PoS systems and WiFi are not integrated. I also haven't really been paying attention since LTE is good now :).

Access sites the government has blocked in your state/country

3. Creating multiple accounts with platforms to break their ToS without getting chainbanned.

4. Perform DDoS

5. brute force passwords

6. try out leaked passwords

7. exploit vulns.

8. CSAM

9. Phish

10. Spam

11. Evade taxes with crypto

12. Sell drugs

13. Terrorism

Lots of malicious uses for VPNs, or was your question about legitimate usecases? In which case:

14. Sending emails about cryptography

15. Pornography

16. activism

17. Journalism/Whistleblowing

18. Military

Although some of the legitimate/ilegitimate categories might be subjective, which is precisely why it's a grey legal area at all.

I mean the EU has completely given up on free speech so if you want to say anything you better be hiding who you are.

TL;DR: you shouldn't assume your data or activity is in any way anonymous when using these services. These VPNs are useful for changing your region for streaming and not much else. Otherwise, the traffic being routed through these VPNs is basically much more likely to involve "questionable" activity than ordinary traffic - and when you send your traffic through it, you are basically highlighting it as such - and all of this is well-known and of extreme interest to anyone interested in snooping on or analyzing such "questionable" activity.

Um, is it some intelligence agencies?

> ExpressVPN was founded in 2009 by Peter Burchhardt and Dan Pomerantzwe who later sold it to British-Israeli security software company Kape Technologies

Close enough.

I tried Proton but their VPN wasnt as good as NordVPNs…

But if Nord is sketchy, what is the recommended one?

You will have to be a lot more specific than "wasn't as good as", to get a response that is helpful to you. What are you looking for in a VPN provider?

Depends on what you mean by "good".

Fast/low latency is to some extent diagrammatically opposed to high quality privacy. The fastest route is always you to source. The more hops/mixers/proxies/things you add the worse the experience gets

Handy that while connected via ExpressVPN, this is blocked

Mullvad nuff said

Why you probably don't need a VPN: https://stevesrantsnraves.blogspot.com/2024/09/why-you-proba...

Been saying it for YEARS: 95% of VPNs sell your data. It's where they make their money. It's absolutely insane the push-back I get when I say this online. I get downvoted to hell and back.

Source: I bought this data from VPN companies... Hell, you can inject ads and surveys if you want!

> 95% of VPNs sell your data

This is believable.

> It's where they make their money.

I'm much more skeptical of this. I know linus tech tips is not exactly an expert organization, but I believe the discussions they've had about almost starting a VPN and backing out for ethical reasons, and they made it clear that the core VPN product would have huge profit margins. You can always do greedy things to make more money, but for a paid VPN I'd need some solid evidence to believe that data sales are a huge line item or especially that they're the main source of money.

If you're including the swaths of free VPNs then that makes your number a lot harder to use.

I wouldn't be surprised if a lot of them have like a Crypto AG thing going on and have the capability to use paying customers as exit nodes as a way to launder consent-manufacturing bot bullshit through legitimate-looking residential and mobile connections.

what VPN companies?

And what types of data?

> Hell, you can inject ads and surveys if you want!

So am I right in saying that the data that's encrypted by VPNS is only in transit? It then sits on a server in plain text, ready to be queried by third parties for money.

Yes, VPNs add encryption only between you and the VPN servers.

How were they able to convince anyone that that matters?

People seem to use VPNs to avoid IP based issues, like Netflix or ip bans/associations, not sure anyone would use it for actual privacy -- at best its obsfucation.

How does that work with HTTPS being practically ubiquitous?

HTTPS spills what services you are communicating with, but not the content…

…except approximate content sizes and timing patterns.

They sell metadata. DNS queries, locations, apps using data, device info. Usually anonymized, but both unscrupulous and "better" providers do have access to your account and payment info.

I reckon that if HTTPS was sufficient to hide your online activity, then you wouldn't need a VPN to hide it in the first place.

If HTTPS were for privacy it would be called HTTPP. Security features tend to make things less Private, like how opening apps on a Mac makes it phone home for OCSP check.

> 95% of VPNs sell your data. It's where they make their money. It's absolutely insane the push-back I get when I say this online.

People love to stick to what they irrationally believe in. I would give you push back as well by saying 95% is a very conservative number. I would say 98-99%

But hey, they say they don't sell my data isn't it?

NSA presumably?

Just pay for and use Mullvad.

Just spin up a server with wireguard.

This is the way (or Tailscale). Easier to move around between datacenters to find one with an ASN/IP that isn't blocked by the apps/websites you use. If you do want a more off-the-shelf solution, Mullvad is probably the best choice. All of the consumer VPNs (including Mullvad) get blocked by various services - I get degraded/intermittent connection to Google Maps on them. GCC countries block most of the well-known VPNs as well, if you ever travel to the Arabian/Persian Gulf region. My private datacenter VPN gets blocked only very, very rarely.

or with Tailscale (and configure the server as an exit node).

I do and I like them, but Cloudflare blocks their ips aggressively.

There was a bumpy ride with CF a while ago but they seem fine now (still plenty of captchas, of course)

Reddit too, I wished they offered residential or dedicated and/or unlisted ips. But most of the time you just have to cycle through different ips to unblock.

At this point in the cat/mouse game, wouldn't any set of IPs used by a VPN eventually be able to be sussed out by anyone interested?

Some vpn services offer dedicated residential IP addresses, meaning you get an IP from just a regular private ISP in some other country. It's admittedly a bit shady though, and more expensive ofc but that will unblock everything

By mailing cash, if you like. They don't care if they know who you are or not. They don't ask for your email address, you just log in with a randomly-assigned account number and a password.

I did until they killed port forwarding.

OOC what's your current favored provider? AirVPN? Proton?

Proton right now. It's okay but it causes some network issues even when it's set to split tunnel default-exclude.

I tried Airvpn but the MacOS client is beyond trash.

And the website just gives 2005 amateur PHP coder vibes. Not just the design. The session expiry is seems very long - I hadn't visited for a few days and I'm still logged in. I'd be surprised if it wasn't infinite.

On Mac you can just use OpenVPN/Wireguard and import one of the profiles you can generate through their website.

Not for feature parity.

And I find there's a good correlation between the quality of the apps and the overall quality of the company. No surprise that the Mullvad VPN app is excellent

For multiple reasons it's better and safer to avoid using official provider client in the first place, regardless of provider, and connect with a good wireguard/openvpn/whatever client.

Not universally true. The Mullvad client has lots of additional features to enhance privacy. Killswitch, split tunnelling (you might otherwise disconnect the VPN to use a certain app, so it can overall improve privacy), Shadowsocks, Lockdown mode etc

It's extremely high quality on MacOS in my experience. It's never crashed for example whereas Airvpn's crashes daily. It connects almost instantly. I don't think I've ever seen it give an error

Proton for me.

Yep.

And I was on Proton for 3y, until the CEO were backing Trump and Vance on Reddit and other places. Their port forwarding was also painful as well, but it worked.

Cancelled. PIA does the port forwarding nicely and stabily. No jank scripts to run every 60 seconds.

Now evidently PIA is a bunch of scum capitalists. But in reality, who isn't?

Mullvad? But they killed port forwarding for "abuse".

> the CEO were backing Trump and Vance on Reddit and other places

Something happened, but THAT didn't.

https://medium.com/@ovenplayer/does-proton-really-support-tr...

> Given Proton’s outstanding track record and reputation thus far as a free, open-source, crowdfunded organization, owned by a non-profit and based in Switzerland (a country known for its neutrality), this topic is worth a deep dive.

Either it was someone paid to write this, or if author really believes this, they are not someone I trust.

Maybe the organization is non-profit (which I do not believe is practically true), it does not explain them sharing so much with Tesonet.

The Proton CEO is not "backing Trump and Vance." He wrote something positive about a narrow policy Trump supported that's favorable to little tech over big tech. That's it. It's certainly possible that someone you detest can still occasionally support a particular policy you think is good.

Particularly when dealing with someone like Trump, who has, on occasion, backed both sides of an issue, depending on the day of the week! ;P

They dont port forward unfortunately

[dead]

[dead]

scary AF