People should take this list with a serious health warning. Firstly, a lot of this is just 'internet sleuth'ing and innuendo. Plenty of companies want to operate multiple services to be able to use different marketing and differentiation strategies. Secondly, the fact that the site is funded by affiliate links to a coupole of the big VPN services should really ring alarm bells. I trust we all learned from the Mattress review debacles? [1]
Thirdly, the companies who are funding this site through affiliate links, despite not being investigated in this article are arguably more worth of some serious suspicion. For example: NordVPN, one of their "Top VPN providers" is run by the same guy who runs a Lithuanian data harvesting company[2], but don't worry, lots of websites who make money from affiliate links to NordVPN (Sign up Now! 75% off when you use the code "SCAM" at checkout!)
Now, maybe I'm being cynical - but I suspect if NordVPN weren't lining the pockets of all these referral websites their reviews of NordVPN would involve a lot more of the faux concern they show about other VPN companies in this hit piece, rather than the credulous write-ups about how it's totally not a problem that this shifty Panamanian company has suspicious links to data harvesters.
I know someone making tens of thousands a month from shilling VPNs. They have site where they "review" and "rate" VPNs.
The reality is that the customers of those products barely understand them and are buying into the BS of "stay anonymous" and "be private online". It's an easy market, especially considering you don't even need to develop the VPN software, just run instances on some cloud/VPS provider and do a ton of marketing.
The person doing the shilling is marketing himself as a "privacy & crypto expert" and having a masters degree in cybersecurity, reality is dude barely graduated high school. He actually works for a friend of his who runs a whole variety of these sites and is about to clear $10M+ this year alone.
What I've learned from this is that if you Google for some popular product, the first 5 pages are going to be SEO-optimized shilling sites. Just skip to page 10.
But, joking aside, you can install greasemonkey/tampermonkey and get the googlemonkeyr script to manage your search results to be a bit more effective.
> What I've learned from this is that if you Google for some popular product, the first 5 pages are going to be SEO-optimized shilling sites. Just skip to page 10.
This is a big problem with Google, today. Say I want to search for something - not to buy it - just some facts. The immediate first pages are all sites on how to buy, costs, online stores. I have to go to 8 or 9 to start seeing what I want.
Can you trust reddit, though? There's plenty of social media campaigns out there that have people plugging stuff on reddit to promote some company or agenda.
Reddit is very useful for niche results that are normally functionally impossible to find any information on at all. If that is not the case, it's not really the shilling that's the biggest trouble, it is that people on Reddit have just become a cross-slice of regular society now. That means that when they answer questions about anything that even remotely requires domain knowledge, you can be entirely certain that they will be wrong in ways that you do not expect.
Try it and see. It’s good for fixing many problems that relate to coding too, but are of the type closed on Stack Overflow. Sure, the problem is basic, but when I’m stuck a ‘duplicate closed’ is unhelpful.
Blatant spam, yes, but if it’s like what’s being discussed here I’d be hesitant that it goes much better than amazon reviews. It’s just too easy to create fake accounts and you don’t need to be that smart to avoid telegraphing this.
Yes but at least Reddit has downvoting. I still take the results with a grain of salt, but most times the Reddit user points you in the right direction.
> What I've learned from this is that if you Google for some popular product, the first 5 pages are going to be SEO-optimized shilling sites. Just skip to page 10.
Is a less SEO-optimized site less likely to be a scam?
If shilling sites are more likely to be SEO-optimized, yes. One of the implications of Bayes' Theorem is that if observing A makes B more likely, then observing B also makes A more likely. A worked example:
Yes, because knowledge isn't SEO-optimized by default. It takes time to do so. And time is money. And 99% of the time, those who are willing to spend a lot of time to get on the first page of Google are doing it to gain money, not to spread knowledge.
> Yes, because knowledge isn't SEO-optimized by default.
Isn't it? I thought Google was trying to optimize their search engine for finding useful information, so if someone were to make an honest website that just tries to provide useful information (anachronistic as that may seem) wouldn't they hypothetically have the full manpower of Google's search team optimizing for finding it?
Is it really easy market? I thought about running a VPN service, but how do I deal with abuses? People would use VPN for all kinds of things including bad ones. And investigators will come at me.
I watch a bunch of tech related YouTube channels and the amount of NordVPN shilling is outrageous. Some fine folks making good content telling their audience that "your ISP is seeing everything you do but if you use a VPN you are safe, it's totally not like the VPN provider is then able to do exactly what the ISP could before!"
Even worse the VPN provider is usually operating from some country with much less regulation regarding privacy. If it were revealed that some ISP here in Germany is sniffing traffic and selling your data, shit would hit the fan, but if your trusty VPN provider from whoknowswhere does this, good luck going after them.
I mean, there’s something left unsaid in all of those VPN advertisements, that goes something like this:
> You live in the US, right? And you pirate stuff, right? Or maybe you Google things that would get you put on the TSA no-fly list? Well, with a VPN, it won’t be your US ISP that has access to your traffic—and then has to give it over to the MPAA and the NSA—but rather a VPN company from some foreign country, who has no such obligations. Sure, they can sell your data to anyone they like... but it’s not like the USGOV or the various media cartels are buying data. If they can’t compel it for free, they don’t bother (and they certainly couldn’t fully trust data sourced from a company headquartered in a non-allied country anyway, so why would they bother?) Someone somewhere might know about your VPN traffic, but it probably won’t be someone out to get you. Just someone out to sell you stuff.
Or, if you prefer:
> You live in Hong Kong, right? And you have some vocal opinions about Chinese sovereignty, right? Well, with a VPN, it’s not the Chinese government that sees your traffic, but rather....
In the US, we know that ISPs and government agencies are harvesting data for their own proposes.
So using a VPN comes down to the fair gamble that someone who promises not to log and use your data is possibly better than the guys who definitely log and use it.
eh. I wouldn't take that as a strike against them. It's pretty impossible to communicate crypto to laypeople using technical language, like AES or even SSL. You have to use analogies, to banks or militaries. For better or worse, that's just how it goes.
You don't have to use "bank-grade", "military-grade", etc. in your marketing. They don't actually mean anything, and only serve as a red flag for "we don't know what the fuck we're doing".
You can use almost-equally meaningless phrases like "state of the art", "industry standard", etc.
You can sell on a "proven track record" of not selling out to data brokers or yielding to government search warrants (although that mostly hinges on "never been subpoenaed" rather than "resisted a subpoena" in practical terms).
There's lots of other paths to take besides using "${DUMB}-grade" in your marketing copy. Saying "that's just how it goes" is yielding to a lazy cop-out with another lazier cop-out. It absolutely isn't just how it goes.
I fail to see how using "equally-meaningless phrases" is worse than using other "equally-meaningless phrases."
Nord also says they never hold logs, and locate in Panama to avoid gov't subpoenas. It's not either/or. You can (should) put the technical information on a 'security' page for the people who know enough to find it and read it.
Yes I can confirm VPNPRO is most likely owned by NordVPN. The site itself wrote a hit piece trying to defame me (falsely claiming I work for one of there competitors). Ironically, lots of Nord shills also think I am the CEO of PIA or something. This article lines up perfectly with Nord's "MO" of casting blame around at other companies to deflect themselves from the bad PR.
Now NordVPN is trying to remove my reviews on my Youtube: https://youtu.be/gZdQx9iv_1U, and they've been caught blackmailing another VPN provider.
The site always rushes to NordVPN's defense when any bad news is going on, and there are several shills on Reddit trying to spread this article around.
The article you cited, to support your claim that NordVPN is owned by a data harvesting company, says the opposite. It says that Tesornet only provided general business consulting to Nord, and that Nord users have nothing to worry about.
It seems there are a lot of back and forth allegations about this topic on the internet. I don't know the truth. That article doesn't really demonstrate anything, though, and your tone seems unhelpful.
As a general rule of thumb, adjectives are often a crutch for weak arguments.
>"Shifty panamanian company"
But they explicitly chose to locate in Panama because it is exempt from 5 Eyes government data spying. That seems the opposite of shifty.
> "Suspicious links to data harvesters"
Have you ever used Google or Facebook? Run a service on GCP? If you run a service on GCP I could say you have "suspicious links to data harvesters." This seems like a scare tactic, lacking substance.
Yeah, the article I cited concedes all the facts, but tries to play it off. I thought it would be funny to cite that website specifically because it's another website sponsored by NordVPN and is literally doing exactly what I claim - playing down the exact behaviour that the original article is playing up about their competitors.
All I'm saying is that if you're predisposed to buy into the concerns this website is pushing about NordVPN's competitors, then you should absolutely have the exact same worries about NordVPN themselves.
This is why I self host algo vpn. I seriously doubt my hosting provider would jeopardize their business by snooping on/messing with a vpn given the breach of trust would cause large customers to ditch them.
I feel like thats just trading one ISP for another. At least with a VPN service they can do things like not keep logs and make torrenting email nastygrams go to /dev/null, because they honestly cannot forward it to the right person.
1. Tunnelled & encrypted (and in most cases, easily identifiable as VPN) traffic coming from your VPN client to your server
2. Untunnelled traffic from your server to whatever server endpoint you're visiting.
Correlating the two, even when it's a massive multi-user service, is not difficult for a hosting provider with half a clue to do. Especially when handed a police order (which they usually have an obligation to not tell you about).
Running your own VPN server doesn't provide you with anonymity, but if configured right, it'll give you more privacy compared to just blindly trusting some random VPN companies with your data. Your data that passed through your own VPN server will only be seen by you and your vps vendor (as opposed to your VPN provider and whatever vendors they used to run their services).
Completely agreed, however the parent comment suggests that they aren't aware that their vps provider's underlying network infrastructure is 'snooping' on them by default:
> I seriously doubt my hosting provider would jeopardize their business by snooping on ... a vpn given the breach of trust would cause large customers to ditch them.
Any half decent network provider logs sampled flow data by default. This is all that is needed to de-anonymise any vpn session. Even on a host that is shared by hundreds of VPN sessions.
better yet it makes it really easy to pinpoint traffic to a single person despite all other measurements to make this harder. I would guess being an IP transit provider would be a lot more beneficial for them otherwise with regards to the amount of traffic they would handle....
There's nuances. ISP is whole household, VPN is device. ISP has a business, VPN might be interested in selling data especially the many free ones. You can VPN over ISP but can't hide VPN on VPN.
> For example: NordVPN, one of their "Top VPN providers" is run by the same guy who runs a Lithuanian data harvesting company [2]
Did you even read the article you linked? Nowhere in that article it says that NordVPN is ran by the same guy as data harvesting company. Also the same article you linked says in the end: "However, after thoroughly investigating this recent “scandal”, we still feel confident that NordVPN is still one of the safest VPNs around. It’s quite possible that its rapid growth and increasing popularity are part of the reason it’s being attacked by other VPN providers."
I am a bit confused -- are you saying that the article in your second reference is one of those "credulous write-ups" that we should be wary of or are you using it as a genuine reference?
This post is almost surely funded by affiliate commissions paid by ExpressVPN, NordVPN, and Astrill VPN, all of which are listed as "Top VPN providers" before the article even begins. Therefore, there are some serious omissions[1] in this list.
Serious question: What's the context of the provided diagram?
Is it to imply that the named companies are closely associated with each other? ie/ Tesonet, NordVPN, HolaVPN, ProtonMail/ProtonVPN (and other named company I missed) are proven to have common interest and the common interest involve/include putting customers' privacy in danger?
> Serious question: What's the context of the provided diagram?
There are multiple partnerships and ownerships in VPN and data mining industries that are not publicly admitted, unless something goes wrong[1][2].
Although the presence of these relationships alone is not always enough to claim that customers' privacy has been violated, it makes these companies look much less trustworthy in the long run.
Just checked out vpnscam.com for the first time, and its content scream in tinfoil hats giving me negative first impression.
It's really a dilemma to me: small providers haven't proven themselves to be trustworthy, while well established ones are connected to another business somewhat. How does one choose a reliable VPN provider?
And same goes with self hosted OpenVPN server, what's to say that the VPS provider will always put customers' interest first?
> Just checked out vpnscam.com for the first time, and its content scream in tinfoil hats giving me negative first impression.
I think that's because this site is most likely run by some other competing VPN company. They are all trying to win by collecting and publishing everything about each other.
> It's really a dilemma to me: small providers haven't proven themselves to be trustworthy, while well established ones are connected to another business somewhat. How does one choose a reliable VPN provider?
I am personally more inclined to trust VPN providers that don't pay affiliate commissions, don't hide behind offshore companies, don't ask for their costumers' email addresses, state the full names of the people behind the company publicly, and adopt the most advanced open-source solutions early[1].
The other option is self-hosting Algo[2] on OVH or Hetzner.
Probably. So what? Doesn't make the facts of the article any less true. Just need to do research on those three companies as well independently if you want to know more.
It's important to know where one's information is coming from, even if that information is "technically" accurate. Mere facts can be misleading through context, and it's important to know where biases are.
If you extrapolate a bit, apply some basic correlation twisting you can infer a lot of wrongful conclusion that is useful to specific agendas. We see this a lot in politics
None of these are seriously privacy-centric VPNs. I was very pleased to not see any of my old favorites (AirVPN, IVPN, Mullvad and PIA).
Although it's not easy to find them on their site, I believe that the https://cure53.de/ vulnerability assessments are more interesting. Google "vpn site:cure53.de".
Yep, IVPN user here. Couldn't be happier. Have used 3 other VPNs over the years, IVPN's privacy, features, speed, and corporate policies are the best I've found.
Just a satisfied user. Its 2x what I used to pay, but IMO it's worth it. I don't think it's /always/ true "you get what you pay for", but sometimes it really is.
Glad I chose one of the better ones, their mission list, that they have a status page, that their servers are named after stars and my subjective opinion, that "AirVPN" is actually a bad name (a transparent privacy tunnel?), all pointed me towards believing there are actual nerds behind that one, and in this topic, I consider that very important...
They started as a collective, somewhat like Autistici/Inventati and Riseup, in France. And moved to Italy after the French police took one of their servers.
A lot of people I know are using free VPNs to circumvent the state censorship. It has nothing to do with privacy, only with the fact that when you search for something, about 20-80% of links end with "connection timed out" (depends on what you're looking for, obviously). Most of those sites don't have any "ungood" information and are basically just collateral damage.
I wonder if with a free vpn ... would state pressure even be needed?
Maybe just a wad of cash?
Considering their costs / questionable ownership / ability to just roll out repeated new "free vpns" that nobody knows who is behind or took the money for the other one?
> Nearly as disturbing as the number of people who tell me they use free VPNs.
This is absolutely not an apples to apples comparison, but why is it outrageous to believe there couldn't be a free VPN that focuses on privacy when there are search engines like Duckduckgo and browsers like Firefox that are completely free and are pro-privacy? I haven't done the research, so consider it a rhetorical question.
Maybe "browser" was too specific. Replace that with an "organization" and that's Mozilla. They make firefox, but they're more than just an application, they're a group of applications developers that are pro privacy.
So what organization with that kind of credibility is offering a free vpn?
If Mozilla did, it probably would get the kind of attention and focus you’re suggesting.
I just don’t see a lot of companies with a similar vision as Mozilla that are successful.
Last year, Cloudflare announced[0] a product called Cloudflare Access[1] which solves the same problem as VPN, not sure if it can be used as a replacement of VPN totally.
The marginal cost to Cloudflare for the extra engineering, compute, and bandwidth is lower than it would be for many other organizations, and it's good marketing for the things they actually make money on.
Actually it's provide them much more than just marketing. They'll be only one company to know detailed information about client connection quality, they'll able to optimize routes for their CDN even more. It's crucial competitive edge for their primary service.
That's a really good point, they'll be able to place VPN endpoints near their CDN endpoints and minimize additional latency, while still knowing the client's original IP for filtering, analytics, and providing geography based views. There's value added for both the VPN users and Cloudflare clients.
Though if you're in the right DCs, that traffic will be mostly internal, I suppose, since VPN providers and seedboxes aren't that spread out (for price and TOS reasons).
Because DDG and Mozilla both have sources of revenue and so don't need to sell their users down the river to keep the lights on. If Cloudflare does offer a free VPN that's a good bit of marketing for their actual services. How's FreeVPNCo going to pay for its servers? What about bandwidth?
Firefox and its pro-privacy push bundling a VPN, a user account, telemetry and DNS-over-https (I think, Mozilla is very much informed about every! installation). It's the same sort of privacy most greedy monopolists offer...
The intelligence community has a record of infiltrating activist orgs to direct their ideas. I wouldn't trust anything made specifically for activism unless some other valuable merit is presented.
Yes, a more secure and practical alternative to "VPN services" is the Tor network, which externalizes the cost of infrastructure to volunteers and thus reduces the risk inherent with centralized control. While Tor is also not without risk, I really wish more privacy oriented services and software had decentralization as a core tenet of their design.
Why is this downvoted? It took less than 30 seconds to fire up Orbot, connect, open YouTube and start streaming a video without any issue or fuss.
Sometimes when people talk about Tor, it reminds me of how people talked about Linux up until a couple years ago - often touting very out-dated impressions as if they were current observations. Tor bandwidth is very different than it was 5-10 years ago.
It's not very consistent. Sometimes you get a gateway which is great, sometimes one which is limited to 10kbps, sometimes one running some monitoring experiments which doesn't care if you get any bandwidth (I was running one for a while).
My understanding is that bad/poor gateways are penalized. In my own experience, I've only ever needed to change circuits manually once (but I'm primarily using Tor to NAT punch to hidden services, not sure if that matters ).
While I said less than 30 seconds, it really was about 10 seconds but I didn't want to sound like I was exaggerating. And that was of course including switching apps, the initial Tor connection, switching apps back, waiting for my feed to load, clicking a video.
I just tried again, it took 6 seconds to open Orbot and completely connect to Tor. The rest was business as usual. Maybe a 1, 1.5 second delay getting to YouTube and for the video to start playback. For what Tor offers, that is impressive, and I don't know what could possibly be convincing beyond that point. Not to mention that one can just leave Orbot running as well. And since I'm on Android, I can opt to have specific app traffic sent through Tor, or Orbot can act as a system-wide VPN.
I'd make a video showing how painless it is, but setting it up, recording and uploading would take a hundredfold more time than just trying it out.
edit: I know that it's purely anecdotal, but I just enabled Orbot VPN mode and fired up "Speedtest". It is reporting 7Mbps and 3.65Mbps up. It's not great, but to me that is usable if your privacy needs outweigh need for speed. And a screenshot if it's of interest, you can see that it's in VPN mode and Orbot is running: https://i.imgur.com/UZu4aJs.png
edit2: yikes, I actually just backed up 29 full-resolution screenshots to my Google Photos account without even realizing Orbot was still connected. Convinces me!
If you block non-tls traffic period and you never click through on invalid cert sites the only concern is 0day exploits. As much as https is popupar there is still alot of plain http sites and sites that upgrade to https after the first request. Data collection and running JS in your browser aside,there are clever tricks used to track and possibly deanonymize youand obviously they are hostile when it comes to exploutation.
At least VPN providers need your money and their reputation and you can chain them for tor like privacy without the poor performance and anonymity.
> Tor exit nodes have been caught injecting malware into binaries downloaded over HTTP through them
It's more accurate to say bad actors have been injecting malware into HTTP-downloaded binaries. Some of these bad actors use Tor exit nodes, some use free WiFi hotspots, and some run their own VPN services. Framing this as a Tor problem is like blaming violence on weapons instead of the perpetrators.
Or those who think they can use unlimited bandwidth on 5 devices and have all of it decrypted on the other end for just $3 a month, with no string attached.
Tinfoil hats aside, it wouldn’t surprise me one bit if the NSA and other intelligence agencies around the world operated VPN service providers as a way to spy on users.
If the Snowden affair showed anything, it's that the tinfoil hat wearers were right all along - you'd have been ridiculed if you'd suggested just about anything from the Snowden files.
the difference is speculation to outright imagination which does no favor to real threats. there are plenty of crackpots and conspiracy nut-jobs out there.
It's one thing to say without evidence, "I know for a fact that intruders are logging in to my system on SSH." It's another thing entirely to say, "it's reasonable to expect intrusion on SSH, so I'm not going to leave that port open on my firewall unnecessarily."
I still think the NSA employs Linux devs so they can deliberately insert flaws. Why would they not? It would be very easy. But every time I mention it people reply "But but many eyes! They'd get caught!"
I want to point out that they could similarly hire someone working at microsoft, or get someone up for a position there, to do this and it would be at least as hard to detect...
Large companies like Microsoft assume that there are advanced persistent threats that are willing to place HUMINT inside of their companies. The companies have dedicated internal teamd focused on detecting them.
For example, Twitter recently fired someone that was leaking information on dissidents to a foreign government.
You could, but it would be more difficult (though easily within the ability of the NSA).
To contribute to the Windows kernel you'd have to get someone hired by Microsoft, who presumably check their employment history (maybe), they have to actually go and work for Microsoft, etc. Obviously none of that is impossible but it's also obviously much harder than sending a patch to a mailing list.
Or you find someone who already works there who's having an affair and blackmail them into working for you. It's no different to how spies have operated for centuries.
The Wests' military-industrial-pharmaceutical complex has weaponised groupthink to such an extent that the ease by which incitement of mass hysteria at scale can be manifested is a non-issue for these players.
Too many times, the western collective is convinced of its own righteousness in regards to issues which factually were counter to its own survival.
The point is, even if the NSA did have key Linux devs on its roster, we don't have the tools - as the unwashed masses - to counter it. Besides which, the Linux kernel is hardly the right target - compilers, however, are...
Now you just need to figure out which one owns which and then chain them cross vendor, and hope that "he's connecting to a chinese spy vpn" doesn't put you on any list ;)
If I mention "The Anarchist Cookbook" then I imagine every username on this page will be added to a GCHQ list, I'll probably have my internet traffic mined to establish if I downloaded it (which they arrest people for in the UK -- https://www.bbc.co.uk/news/uk-england-bristol-41802493). Presumably they have my online purchase history that relates to reagents, etc..
I also expect to be on lists for being critical of the establishment, doing online web security courses, buying remote connectable electronics, etc..
The difficulty I expect is profiling to reduce those lists to meaningful actions that have indicative value.
I don't believe they'll bother putting you on a list for anarchist cb. So many of the recipes have been modified so that you'll blow yourself up that they'll just let nature run its course... /s
the AC probably doesn't do much. but...as the subject of a joint FBI/NCIS investigation some years ago I can definitely say that at least in the USA they have a long memory...
> The Tor Project, a private non-profit that underpins the dark web and enjoys cult status among privacy activists, is almost 100% funded by the US government.
The hyperbole is strong in this article. It's no secret nor mystery that the US Government is interested in Tor, but the thesis that it's untrustworthy because it is funded "100%" by them is just ridiculous.
The point is not to make a choice but to be informed about how the industry is somehow tied together in interesting ways. I would also add that many of these VPN services turn your machine into a drone where you knowingly or unknowingly enter into a contract so that they can sell your bandwidth to paying customers to provide them with randomized IP pools so that they can scrape amazon and alibaba.
Better yet, use IKEv2, not openvpn. Windows, MacOS and iOS has native IKEv2 clients. And most probably in Linux too :) Just make and install VPN profile as yourvpn.mobileconfig text file.
That is interesting, but openvpn also has clients for android, macos, ios and windows as well as linux (gnome nmcli has it baked in, you can just import an ovpn file)
It's not illegal, it's against their TOS, bug difference. In any case, if there's money to be made, you'll find even more reputable entities will operate at the margins of ethics and legality. In any case, probably more cost effective to come up with a technical solution rather than suing every pop up scraper of Amazon. Or just sue the VPN provider itself?
Not sure about VPNs, but data centers usually harbor their own RBL services to blackmail you to stop doing whatever you are doing as soon as you put their network under stress or continually visit a certain domain/ip range (or get hacked and be used as a drone to DDOS some website)
ExpressVPN are on a podcast advertising spree, so I thought I’d give them a look. I tried to pay using Bitcoin and got a generic “There was an error” error.
And when I say generic, I mean ‘I recognise the Semantic UI React default error block’ generic.
I used their live chat support. “Is this normal,” I asked. “No,” I was told.
I tried again a day later. Same.
I tried them on Twitter. Nothing.
So, it seems that ExpressVPN have a good marketing budget and little else. I shan’t be bothering to try again.
Podcasts/Youtubers attract the shadiest of sponsors. If an amateur content producer is pushing something its almost always a subpar product paid for by an obscene marketing budget.
(They also have no discretion-- no problems at all shilling Bang energy drinks to an audience of children...)
> So, it seems that ExpressVPN have a good marketing budget and little else.
you don't happen to work for any one of the competition do you? anyhow I have been very happy with them, their servers tend to be pretty fast. So add that positive anecdote to his negative anecdote, how useless.
My research into VPNs led me to a strange thing: VPN Gate [0]. It is community run VPN servers, by University of Tsukuba, Japan (6953 Public VPN Relay Servers) with free public access, Username: 'vpn', Password: 'vpn'. Still trying to grasp what it is :)
Naive in the sense that they only address issues such as blocking LAN networks and email spam traffic and there is zero mention of what happens when someone anonymously abuse the service.
The volunteer effort is laudable and quite refreshing but can a VPN relying on volunteers be ignorant of the risks those volunteers incur when they open their connection to anonymous traffic?
I understand that this is an issue that every VPN has to face but there should at least be some mention of how that particular VPN service handles law enforcement and abuse requests, or do they expect the volunteers to face the consequences?
Maybe I’m missing that point and it’s clarified somewhere?
Private Internet Access (PIA) doesn't seem to be mentioned in the article nor HN posts.
I think that must be good then. I've been a happy PIA customer for about 5 years. They probably arn't the fastest (I get aprox 3.5mbit/sec on them) but so far none of the mud slung against them sticks.
There's a lot of shady shit in the VPN industry, so glad they are above it.
I used PIA for a long time, but at some point it seemed like every single site I visited triggered that Cloudflare protection page that forces you to fill out Google Recaptcha before proceeding.
I haven't seen a Cloudflare page in ages and I use them often. I honestly cannot recall the last time when browsing the web I saw a Cloudflare page, with any ISP or VPN.
> at some point it seemed like every single site I visited triggered that Cloudflare protection page that forces you to fill out Google Recaptcha before proceeding
That's kind of par for the course on a public VPN -- your traffic is being aggregated with a lot of other users, some of whom will be behaving in unusual ways.
I made bad experience with NordVPN based on reliability but they gave my my money back after 3 months with no questions asked.
Astrill is good but pricey. Astill will work in countries that try to block VPNs. CON: Astrill leaks DNS like a mother...er. I can get it under controll with ufw
ufw default deny outgoing && ufw allow out on tun0 && ufw allow out on tun0 to [IP of your DNS] port 53
You may want to use Softether instead of OpenVPN or the provided client of your VPN. I am only awar of two VPNs that provide Softether access:
I do think it's still true that the VPN market is teeming, even if a lot of the smaller services are owned by the same company. I keep seeing ads for ExpressVPN and NordVPN everywhere these days, some of these really trying to sell the idea that you can't ever browse the web without VPN. It seems like they're having a lot of success and growing very quickly these days, hence all these duplicate ones too.
I use a vpn for certain traffic, but I treat it more of just one more layer of BS someone has to jump through to see what I’m doing and so maybe they’ll pick an easier someone to watch. I don’t have to run faster than the bear...
Your ISP could still see the servers you connect to and how much data is transferred, they don't need to look in any packets to know you browse YouTube or PornHub, and when, and for how long.
But its also about hiding your identity from the sites you visit (dependent on how well your browser protects your privacy).
> Why would I need a VPN for browsing if all my traffic is https and I use HTTPS DNS?
Until TLS 1.4 is deployed, each HTTPS-protected site you visit will still reveal the domain name in its certificate, giving your ISP a pretty good idea of your browsing patterns, which it will in turn sell or turn over to authorities when asked.
TLS 1.3 already encrypts the full certificate. The only place where TLS 1.3 reveals the domain name is the SNI field, but there are ESNI proposals currently being worked on to fix this issue, although realistically, this will only work well with sites behind CDNs. If an IP hosts only a single site, and you connect to it, it will be possible to tell who you are connecting too.
They can also be used to avoid some geographic restrictions, although some services now actively look to block people on VPN. I used to watch new episodes of certain show about a time traveler live via the BBC website despite being in the US.
- Preventing websites from seeing your true IP? (you'll want to disable webrtc as well[1].) Mostly yes.
- preventing your ISP from spying on your traffic? (allowing Amazon to spy on your traffic in exchange...) Yes.
- Avoiding risk of legal threats if you engage in copyright infringement? Mostly no. They can subpoena Amazon instead of your ISP, and your lightsail/EC2 ip isn't shared.
Routing through a vpn, whether it's a commercial one or through AWS, linode, digitalocean, etc. will get you blocked on far more sites, because it's more difficult to identify individual clients, and there's more fraud and bot activity on any kind of vps or vpn netblock than there is on typical residential netblocks.
I live in Turkey and I got myself Wireguard set-up with wireguard+lightsail. I can say I got same trouble as no-VPN. For example I cant view profiles on Twitter when im on VPN.
btw Turkey is notorious for blocking sites, Youtube got blocked for months, Wikipedia is still blocked today..
This is why I always advise friends to use smaller VPN services, less chance of a site recognizing the VPN. In any case, if you're going to engage in illegal activity you're better off hooking a clean computer to a long-range antenna and connecting to the nearest McDonald's. Keep that computer off your home network entirely and only transfer files with a flash drive.
except for long forgotten http-tricks inserting scripts: what do ISPs do today? I guess they log a lot of connection data (which AWS certainly does too)
i can't speak to the safety, but i think you'll find browsing with an AWS IP to be a frustrating experience. Many sites block traffic from known AWS IP ranges in an attempt to prevent scraping or abuse.
Yep plus 1000 to this. I tried doing this 4 years ago and it was a miserable experience. And rightly so to be honest. For every privacy focused nerd, there are 1000 lowlife hackers and spammers trying to use something as a bounce proxy.
FWIW, most modern VPN providers spread their infrastructure around to evade ASN bans so there is some value added in paying a service to manage that for you.
I use an Azure VM as a proxy, and don't see many issues. Every now and then Google asks me to do a captcha, and there are literally a handful of sites that do the same.
if a VPN is right for your use case, ProtonVPN is the best possible solution if you want a moderate degree of herd anonymity from endpoints you visit. if you don't care about that, run your own VPN.
those are the only two answers. ProtonVPN is the only VPN company to own any of their own hardware (they own one physical data center in Switzerland). "SecureCore" = route through switzerland data center to destination country, also useful. CEO is a public figure. free service is surprisingly good. company is ideological.
could it all be fake? yes, but it is far less likely than any other company's VPN service to be. if there's one VPN in the world that would go lavabit, it'd be them.
as others have said vpnpro.com and any VPN review websites are all untrustworthy and paid off by VPN companies.
Thirdly, the companies who are funding this site through affiliate links, despite not being investigated in this article are arguably more worth of some serious suspicion. For example: NordVPN, one of their "Top VPN providers" is run by the same guy who runs a Lithuanian data harvesting company[2], but don't worry, lots of websites who make money from affiliate links to NordVPN (Sign up Now! 75% off when you use the code "SCAM" at checkout!)
Now, maybe I'm being cynical - but I suspect if NordVPN weren't lining the pockets of all these referral websites their reviews of NordVPN would involve a lot more of the faux concern they show about other VPN companies in this hit piece, rather than the credulous write-ups about how it's totally not a problem that this shifty Panamanian company has suspicious links to data harvesters.
[1]:https://www.fastcompany.com/3065928/sleepopolis-casper-blogg...
[2]:https://www.vpnmentor.com/blog/is-nordvpn-operated-by-tesone...