A lot of people I know are using free VPNs to circumvent the state censorship. It has nothing to do with privacy, only with the fact that when you search for something, about 20-80% of links end with "connection timed out" (depends on what you're looking for, obviously). Most of those sites don't have any "ungood" information and are basically just collateral damage.
I wonder if with a free vpn ... would state pressure even be needed?
Maybe just a wad of cash?
Considering their costs / questionable ownership / ability to just roll out repeated new "free vpns" that nobody knows who is behind or took the money for the other one?
> Nearly as disturbing as the number of people who tell me they use free VPNs.
This is absolutely not an apples to apples comparison, but why is it outrageous to believe there couldn't be a free VPN that focuses on privacy when there are search engines like Duckduckgo and browsers like Firefox that are completely free and are pro-privacy? I haven't done the research, so consider it a rhetorical question.
Maybe "browser" was too specific. Replace that with an "organization" and that's Mozilla. They make firefox, but they're more than just an application, they're a group of applications developers that are pro privacy.
So what organization with that kind of credibility is offering a free vpn?
If Mozilla did, it probably would get the kind of attention and focus you’re suggesting.
I just don’t see a lot of companies with a similar vision as Mozilla that are successful.
Last year, Cloudflare announced[0] a product called Cloudflare Access[1] which solves the same problem as VPN, not sure if it can be used as a replacement of VPN totally.
The marginal cost to Cloudflare for the extra engineering, compute, and bandwidth is lower than it would be for many other organizations, and it's good marketing for the things they actually make money on.
Actually it's provide them much more than just marketing. They'll be only one company to know detailed information about client connection quality, they'll able to optimize routes for their CDN even more. It's crucial competitive edge for their primary service.
That's a really good point, they'll be able to place VPN endpoints near their CDN endpoints and minimize additional latency, while still knowing the client's original IP for filtering, analytics, and providing geography based views. There's value added for both the VPN users and Cloudflare clients.
Though if you're in the right DCs, that traffic will be mostly internal, I suppose, since VPN providers and seedboxes aren't that spread out (for price and TOS reasons).
Because DDG and Mozilla both have sources of revenue and so don't need to sell their users down the river to keep the lights on. If Cloudflare does offer a free VPN that's a good bit of marketing for their actual services. How's FreeVPNCo going to pay for its servers? What about bandwidth?
Firefox and its pro-privacy push bundling a VPN, a user account, telemetry and DNS-over-https (I think, Mozilla is very much informed about every! installation). It's the same sort of privacy most greedy monopolists offer...
The intelligence community has a record of infiltrating activist orgs to direct their ideas. I wouldn't trust anything made specifically for activism unless some other valuable merit is presented.
Yes, a more secure and practical alternative to "VPN services" is the Tor network, which externalizes the cost of infrastructure to volunteers and thus reduces the risk inherent with centralized control. While Tor is also not without risk, I really wish more privacy oriented services and software had decentralization as a core tenet of their design.
Why is this downvoted? It took less than 30 seconds to fire up Orbot, connect, open YouTube and start streaming a video without any issue or fuss.
Sometimes when people talk about Tor, it reminds me of how people talked about Linux up until a couple years ago - often touting very out-dated impressions as if they were current observations. Tor bandwidth is very different than it was 5-10 years ago.
It's not very consistent. Sometimes you get a gateway which is great, sometimes one which is limited to 10kbps, sometimes one running some monitoring experiments which doesn't care if you get any bandwidth (I was running one for a while).
My understanding is that bad/poor gateways are penalized. In my own experience, I've only ever needed to change circuits manually once (but I'm primarily using Tor to NAT punch to hidden services, not sure if that matters ).
While I said less than 30 seconds, it really was about 10 seconds but I didn't want to sound like I was exaggerating. And that was of course including switching apps, the initial Tor connection, switching apps back, waiting for my feed to load, clicking a video.
I just tried again, it took 6 seconds to open Orbot and completely connect to Tor. The rest was business as usual. Maybe a 1, 1.5 second delay getting to YouTube and for the video to start playback. For what Tor offers, that is impressive, and I don't know what could possibly be convincing beyond that point. Not to mention that one can just leave Orbot running as well. And since I'm on Android, I can opt to have specific app traffic sent through Tor, or Orbot can act as a system-wide VPN.
I'd make a video showing how painless it is, but setting it up, recording and uploading would take a hundredfold more time than just trying it out.
edit: I know that it's purely anecdotal, but I just enabled Orbot VPN mode and fired up "Speedtest". It is reporting 7Mbps and 3.65Mbps up. It's not great, but to me that is usable if your privacy needs outweigh need for speed. And a screenshot if it's of interest, you can see that it's in VPN mode and Orbot is running: https://i.imgur.com/UZu4aJs.png
edit2: yikes, I actually just backed up 29 full-resolution screenshots to my Google Photos account without even realizing Orbot was still connected. Convinces me!
If you block non-tls traffic period and you never click through on invalid cert sites the only concern is 0day exploits. As much as https is popupar there is still alot of plain http sites and sites that upgrade to https after the first request. Data collection and running JS in your browser aside,there are clever tricks used to track and possibly deanonymize youand obviously they are hostile when it comes to exploutation.
At least VPN providers need your money and their reputation and you can chain them for tor like privacy without the poor performance and anonymity.
> Tor exit nodes have been caught injecting malware into binaries downloaded over HTTP through them
It's more accurate to say bad actors have been injecting malware into HTTP-downloaded binaries. Some of these bad actors use Tor exit nodes, some use free WiFi hotspots, and some run their own VPN services. Framing this as a Tor problem is like blaming violence on weapons instead of the perpetrators.
Or those who think they can use unlimited bandwidth on 5 devices and have all of it decrypted on the other end for just $3 a month, with no string attached.
It is a bit mind boggling that folks are concerned about something and use a VPN...but choose a free one...