> “VPNhub is free and unlimited, anonymous and easy to use, [...] a good number of [people] use [VPNs] to circumvent and bypass restrictions to access adult content. It only makes sense that they use Pornhub’s.”
So wait, as a UK citizen I can use Pornhub's VPN to circumvent the UK Government's "Porn Filter", a system that's run by..... Pornhub.
I don't really understand how a country can ask a website to comply with its laws if the content is not hosted in that country. I guess it could be asked to comply under threat of being blocked in response to non-compliance.
You could also argue it's like a shoe company based in the US, where UK people are ordering from them and asking them to ship it to the UK, while UK government threats to set up import restrictions.
Mindgeek has an age verification product to comply with the UK law but by no means is in charge of age verification in the UK, there are several competitors with their own age verification products.
> AgeID, has been developed by MindGeek, a company that also owns several pornographic websites including Pornhub, RedTube and YouPorn.
> AgeID currently uses official documents such as driver's licences and passports to verify a person's age - but submitting a mobile number tied to a contract phone could be another option.
> The tool is due to be implemented from April 2018 across all adult sites within the UK in accordance with The Digital Economy Act 2017 that was laid out by the government.
It will be regulated by the British Board of Film Classification (BBFC).
It would be so much less overhead to require adult sites and user content driven sites to simply add the RTA adult header and put the responsibility on parents to use parental control software.
It looks like this:
rating RTA-5042-1996-1400-1577-RTA
and it can be sent via http headers, or embeded in web pages.
Requiring people to register with PII is just asking for trouble.
The third point is incorrect. It will be implemented on Mindgeek sites and any other sites that wish to use it instead of the competing age verification products.
Now tell me how you feel about US credit rating agencies, which were started by former FBI agents after the FBI was restricted from keeping dossiers without cause.
The system was mandated by UK law. Mindgeek isn't the only provider that makes an age verification service, though they are the largest (since they own most of the largest pornographic brands on the web).
David Cameron was the one who pushed for the law that put all of this into effect; Pornhub isn't remotely responsible. They're just creating a verification service that they're now legally required to run to comply with the law.
Huh? A porn site company runs a porn filter? Surely the individual ISP's have devices in their DC that filter the specified things?
Edit, so after reading - the filter is less a filter, and more mandated age-check verification? Isn't that like claiming a guy checking ID's at the door to a pub is an alcohol filter?
It's a conflict of interest in that it's in the bars' (financial) interest to let people through.
It's not in the bars' financial interest to create a minimum drinking age via regulatory capture just so they can hire bouncers, or accept bribes or sell fake IDs or whatever. That's analogous to the insinuation I picked up upthread (if I read that comment correctly). Expecting industries to self-regulate until they show themselves incapable of doing so is pretty standard.
It is, but in practice it doesn't matter too much. In most (all?) jurisdictions in the US, bars can be fined pretty heavily or even lose their liquor license if they're caught serving people illegally, or if they even have people on the premises without their ID with them. Any extra revenue they might generate from letting in underage people isn't worth the risk of the consequences if caught.
The difference is that essentially no one minds a guy glancing at their id and handing it back, and no one cares if your coworker happens to see you going into a bar.
The law is a filter because of the obvious chilling effect: do you really want to risk an inevitable leak where your co-workers will potentially look up info about your porn habits tied to your real name?
> do you really want to risk an inevitable leak where your co-workers will potentially look up info about your porn habits tied to your real name
Why would it have your 'habits' tied to it? It's meant to ensure you're over 18 or whatever age - what possible reason would it have to identify individual URLs a particular identity visited?
>what possible reason would it have to identify individual URLs a particular identity visited?
Money. Marketing. Targeted advertising. Etc, etc, etc. Pornhub (and others) are completely free and use more bandwidth than I can wrap my head around. How do you think they pay for that stuff?
Wasn't the porn filter supposed to be enabled by default, but optional for adults? As in the adults could change whether or not they could see the porn, at will?
I believe there was some bureaucracy involved and maybe a "porn tax" you had to pay to disable the filter, but maybe this VPN service effectively solves both of those problems.
No, the Age Verification system (recently delayed[1]) is compulsory that porn sites must implement to be able to trade in the UK. It requires that they perform age verification on everyone accessing the site from the UK. This verification would be performed by supplying ID and linking it to your account.
This is separate from ISP supplied filters in that it applies to the porn companies themselves, not the end consumers. Obviously a company like Mind Geek having your ID and all your porn browsing history is not worrisome at all.
From the article:
"there is a premium subscription available that gets rid of the ads and promises faster speeds. In the U.S., this will cost between $12 and $14 per month, depending on the platform."
So unlimited free use, but restricted speed and injected ads. Not horrible, but I'd definitely read the T&C very carefully, I didn't see any mention of what logs they keep.
I can also think of many things a bad employee might do that the employer should probably care about.
But if you hired someone you've given them a tremendous amount of responsibility and power, if you can't trust them to do their job without monitoring everything they do then you should just fire them and hire someone more trustworthy.
I would be interested of the reason because we've been fighting this successfully for a number of years with our clients IT departments (while we were smaller). They hired us to make the developement process better and one of the things we always found problematic was that when the software developers didn't have normal internet access (but instead tunneled everything through some bottleneck http proxy) they both lost the good developers because they were fed up with not being able to do their job efficently and thus the quality of their software went down.
A year ago we've been bought by a big company to help them do what we did untill then but on a much bigger scale. The first thing we did was to get rid of the restricted internet. And now we again help our customers (big car manufacturers) to make their processes better. And even for here every developer has free access to the Internet to be able to work efficiently.
But as I said in the beginning, I'm really interested in the reasons for this behaviour of those large companies. My suspission is that it's just easier for the IT department to work against the developers instead of helping them to do their job.
There are IT shops with large dev teams that don't put proxies between their users and the Internet, but in every one of them that I'm aware of, developer laptops are subject to intrusive continuous monitoring. And, even at firms where there are no proxies, VPNs are problematic.
The reason is that large firms are legally obligated to make sure that insiders aren't exfiltrating protected or confidential information.
The reason is that large firms are legally obligated to make sure that insiders aren't exfiltrating protected or confidential information.
If it makes people feel better about this, the same countermeasures also help with the case "Adversary pops any laptop in the company via e.g. phishing or malware and then pivots to All The Things." i.e. you don't need to posit non-trust of employees to want to implement continuous monitoring of work equipment.
> If it makes people feel better about this, the same countermeasures also help with the case "Adversary pops any laptop in the company via e.g. phishing or malware and then pivots to All The Things." i.e. you don't need to posit non-trust of employees to want to implement continuous monitoring of work equipment.
Even assuming we don't care about worker privacy and all the stuff, I think we can still do better.
I have no insider information about this (not a Google employee and definitely not associated with the project) but I read some good things about BeyondCorp
Regardless of the threat model, "security" has be practical. The main thing business should care about is productivity. I've done subversion checkouts that slow down to a crawl because the malware detection hogs down the disk IO. I've seen "anti-theft" agent go haywire sending a heartbeat too often and making network access unusable.
I haven't had to deal with being denied access to stack overflow and frankly I would take the first offer and quit if I ever had to.
That being said, I think I am OK with random crap running on company owned machines as long as it is reasonable and does not hurt performance. Oh and there should be no expectation that I will take them home with me.
This reminds me of another funny story. One place I worked at, we were not allowed to leave our computers at our desk at the end of the day. We either had to put it in a locked cabinet or take it home with us. Nobody believes me when I tell this story but it is true.
That would only make sense if tethering via your phone, USB-sticks, cameras, and every other way of doing copies weren't allowed on those premisses either. But this is (almost) never the case.
> But if you hired someone you've given them a tremendous amount of responsibility and power, if you can't trust them to do their job without monitoring everything they do then you should just fire them and hire someone more trustworthy.
Trust but verify, as Reagan used to say. We give even more power to the presidents and senators, but imagine what would happen in there was not plenty of people around to monitor what they did with that power.
To bring up just one thing that doesn't have to do with trustworthiness: If you let an employee onto a 3rd party VPN you open yourself up to a whole new vector of attacks that you can't prevent.
And then there's the problem with allowing unrestricted, unmonitored Internet access with regards to auditing and establishing a timeline of events if you ever need to do so.
You can visit sites that aren't blacklisted on the company's network which makes it easier to social engineer you. You have less control over what stupid things your employees can do.
You're right, this wouldn't be any more dangerous than being on a coffee shop's wifi but you already don't care about network security if that's how you're working.
I imagine most companies trust the ISP with sensitive company information more than they trust Pornhub. I am not saying one is more trustworthy than the other, but I am quite certain others do.
Afaik, Tor is not recommended for high bandwidth activities like bittorrent and streaming. I'm sure it works, but probably would break the network if too much of it went on. I'd be happy to know this never was the case or changed. Its the reason I never got on the tor bandwagon.
Trying to stream video over tor is a terrible experience, even if you stay within tor onion sites and don't rely on the too-few-and-too-overloaded exit nodes
bittorrent as a protocol isn't even any more secure over Tor, so you're just taking up bandwidth on the network by using it. Direct downloads and streaming may be less of a concern, but it's probably too slow right now to really do streaming effectively.
The fundamental problem with this is that it's charity / freeloading. I don't mean this as an ethical complaint, just that the economic incentive isn't there.
I could imagine cryptocurrency potentially offering a solution to this which solves both issues of trust and economics, but it would be a challenge to guarantee its security.
I seem to remember implementations like this already being in formation.
Jay Freeman (aka saurik) is working on one called Orchid with a handful of other big names IIRC. I think I read about it here on YC.
It would be easy to make the Tor browser also a tor node. This would unfortunately however have negative effects for users depending on secrecy, I think.
it would be nice if TOR had reciprocity where a user using it will also donate some network bandwidth. But i guess that might not really work since it forces you to run an exit node, which is where the dangers of running TOR is currently.
Assuming that people were using a VPN to browse pornography, doesn't the ownership of this VPN by a Porn hosting company kind of eliminate the anonymity benefits of using it?
I'm also confused by why the gentleman in the ad was going to browse PornHub in a crowded coffee shop while waiting on his coffee.
I imagine this service would appeal to people who want to remain anonymous to local law enforcement. Pornhub realises there is a huge untapped market in eg Islamic countries, for example.
Regarding the coffee shop thing: I was walking past a place some time back and I saw a woman staring thoughtfully at her laptop. She was sitting with her back to the wall. Behind her was a glass-covered painting, allowing me to see a reflection of her laptop screen. She was browsing porn. I guess it's not that uncommon.
> this service would appeal to people who want to remain anonymous to local law enforcement
It doesn't make you anonymous at all. It announces: "I'm using Pornhub".
> ge untapped market in eg Islamic countries
Do you have any evidence of that? What's an 'Islamic country'? Is every country that you've lumped together in this category the same in regard to this issue? Is Islam even one uniform religion?
> I guess it's not that uncommon.
That is not evidence of frequency except in that coffee shop at that moment. I have far more evidence: In all the time I've been in coffee shops, I've never observed it.
It is unclear why you are asking these questions in the first place. What is a "Christian country"? It's a country founded on predominately christian ideals. If you thought about it, I think you can come up with some countries that definitely fall under that category. Do something similar to come to a list of countries that are predominately Muslim. While they obviously will not have identical standpoints, there is at least one that springs to mind instantly when you think "banned pornography". No, it is not one uniform religion, but thankfully that also wasn't the point.
That is false, and it's important that VPN users are not mislead about it: Anyone with visibility into your network traffic, including your employer, your ISP, and government, knows exactly the address of the VPN you are using; they will know the address belongs to Pornhub's VPN. If you want to mitigate that risk (imperfectly), use Tor. And if you try to use both Tor and a VPN, make sure you know what you are doing or you could get it very wrong.
> What is a "Christian country"? It's a country founded on predominately christian ideals.
Most advanced countries actively eschew support of any specific religion, are overwhelmingly secular, and are founded on Enlightenment ideals such as individual liberty (including freedom of religion), limited government, and on reason and science as opposed to religion. This isn't the Middle Ages.
And certainly Christianity doesn't embrace pornography! I don't see religious leaders of any stripe advocating for it. Let's drop the absurd, hateful Christian nationalism - nationalism has a really bad track record, and is a convenient excuse to abuse and exclude others, including Muslims. For a religion founded on the compassion and love of the Gospels, it's ironic that the nationalists are the most judgmental, prejudiced, and abusive toward others - but the reality is that it's true of all nationalists.
> there is at least one that springs to mind instantly when you think "banned pornography".
I think of the UK, and almost every business' HR policy.
People use a VPN for much more than browsing porn. Jsut because Pornhub is behind it doesn't mean it's limited to that.
And I care less about a Pornhub knowing what I watch - if anything ;) - than the Government, ISP, or anyone in a position of power. With browser/cookie fingerprinting PH probably already can id people reasonably accurately, VPN or not, if they wanted to.
Certainly, however I have to assume Pornhub is jumping into the VPN game because they realize a substantial number of their users use VPNs for exactly that.
It's not about anonymizing to PornHub, but about anonymizing to your ISP or AP.
Some people don't care about anonymity, but only need to evade ISP filters.
For example, I use tor to access torrent sites that have been blocked by ISPs after high court orders in the UK. I have no interests in the privacy aspects of tor for that use. I just want to get around the filter.
I suppose people (at least those targeted by this ad) worry about snooping in transit, not about endpoints. A porn site you visit will have plenty of data on you from your browser anyway - and compromised public Wi-Fi spots are a real risk.
The pricing on this seems out of line with other VPN providers unless I'm missing something. $12-14/month = $144/year give or take. Even if they do a "2 months free if you pay annually" it's still $120/year while something like privateinternetaccess is $7/mo, $40/year or $70/2 years.
Unfortunately the vpnhub site appears to have been hammered into the ground as of time of posting.
Or you could just rent the cheapest cloud server you can find and install a VPN daemon on it. Scaleway is 2€/mo. The smallest AWS spot instances are comparable in price but more of a hassle.
I could also just set up my home router so I could VPN to it then back out from there.
However, I'm just as happy paying someone a nominal amount for convenience. It's the same reason I don't tend to spin up my own servers for basic web hosting - there are people who do that and who keep track of security updates affecting their specific systems, and for a small amount of money per month I don't have to worry about it.
Wow that’s a lot to pay for this kind of thing. Maybe I’m the minority on here but I watch Tech shows on YouTube. Linus Sebastian is quite popular on there. He has been recommending https://www.privateinternetaccess.com and their prices are lower.
Keep in mind that his show is sometimes sponsored by PIA. But on that note, I've used them and have no complaints. Their speeds aren't as good as Mullvad though. Actually, no VPN that I've ever tried is as fast as Mullvad.
I see a lot of technologies being talked about that I've not heard of - what's the difference between WireGuard and StrongSwan - do they fulfil different purposes?
Or did Algo use StrongSwan and now uses Wireguard?!
OpenVPN is its own protocol, using TLS as a control channel.
WireGuard is also its own protocol, based on Noise.
strongSwan has cryptography designed in the 1990s. OpenVPN relies on TLS, which for all intents and purposes is also 15-20 years old. WireGuard is modern, with a design that comes from Signal Protocol's cryptographer.
strongSwan and OpenVPN have gigantic C codebases. WireGuard's kernel implementation is just 4500 lines of carefully designed code.
Interesting, I totally understand that this is adult entertainment and that it carries it’s own implications. But I hope this isn’t the way of the future, direct tunneling to get through restrictions, snooping, and regulations.
My parents live in Dubai and had a VPN for VoIPing, but recently the VPN stopped working. I'm terrible at networking and don't really know how all of this works, but is it possible for ISPs to block particular VPNs ?
Yes, as long as they can recognise them. It's possible to selectively reveal IPs to customers, so an attacking ISP would need the perspective of multiple users to find all VPN hosts. At an extreme, ISPs could run a whitelist instead of a blacklist (allowing connections only to approved hosts; denying by default). It's possible for services to be run on the same IPs / ports as legitimate services, forcing an ISP to choose between blocking both or none. An example of this is Telegram's use of AWS IPs, which when blocked by Russian ISPs caused disruption to other services. ( https://www.theregister.co.uk/2018/04/17/russia_blocks_googl... )
>but is it possible for ISPs to block particular VPNs ?
yes, at both the network level (by blocking IP ranges belonging to VPN services) and protocol level (ie. known handshake sequences for VPN software). but both can be easily bypassed with a few google searches.
According to the OpenVPN docs, running it in static key mode makes the traffic indistinguishable from ordinary HTTPS. Regardless, my university network still manages to block it even though I use TCP mode + port 443. What gives?
Does it block it right away? If it works for a minute or two (or ten) then cuts off they might be doing more deep heuristics, but that's usually something only governments do (ex, great firewall). They also might have just blocked the IP range of your VPN because you connected to it in a different mode before and the network just remembers that.
AFAIK even in static key mode + TCP, it doesn't perfectly resemble a "normal" TLS connection. I think openvpn adds some custom headers to each packet or something. Something like stunnel + openvpn in TCP mode should look more similar to https.
Yes, but most paid VPNs have several different servers and ports to choose from for this very reason. Its been a while but Private Internet Access' chat support was very helpful in troubleshooting my ISP throttling my VPN connections.
Perfectly possible. If it's possible for China to ban Google and for Turkey to ban Wikipedia, you can be sure that an ISP can block a VPN. :) All they have to do is bad a certain range of IP addresses that correspond to that VPN provider.
Interestingly, the VPN clients connect to https://wlvpn.com and the whole service seems to actually be run by WLVPN, a white label VPN service, and not actually MindGeek (the company running PornHub).
A company of that size who's core product is video streaming is (or should) have some way of abstracting the CDN(s) away from most other stuff so that they can shuffle things around in real time or close to real time.
Can anyone who tried this elaborate on what are the ads on the free tier? Are they only in the iOS app or is the service intercepting unsecured traffic to insert ads?
It seems strange to me that PornHub would be entering the VPN space - it's already got pretty stiff competition as it is, it'll be tough to beat off the exiting players if they wanna get a firm handhold. Though with various governments banning any VPNs they come across, maybe it's not so bad to get some fresh meat.
Free version is very limited and monthly model costs a fortune. Why not stick to well-known brands that keep your data secure for a fraction of that cost? I'll stick to NordVPN or ProtonVPN or any other more known brand thank you very much.
So wait, as a UK citizen I can use Pornhub's VPN to circumvent the UK Government's "Porn Filter", a system that's run by..... Pornhub.