Kind of interesting idea, but looking at the per gb price, not really sure who this is targeting. 100gb is $4, which is at or more than the monthly price of many vpn companies. So downloading is out of the question, leaving only just web browsing really.
Honestly I feel vpns are just kind of like gym memberships, it's not expected for everyone who gets one to use it every day, even though they could.
Don't forget the per/hour connected price if you stayed connected 24/7 for 30 days thats $14.40 + BW charges.
The only real use case I can foresee this for is for people who might use a VPN for a few hours, a few times a month. With that kind of usage pattern $10 (The min topup value by the look of it) could last you a fair few months so works out cheaper than some of the other mainstream VPN providers who offer a flat fee service.
I like your analogy of gym membership to other VPN providers!
If I may use analogy to describe UpVPN - its like buying Milk - you pay upfront you bring it home consume it and go to grocery store and buy more.
UpVPN is an option in spectrum of VPN providers. Only you can determine based on your usage if this option makes sense for you.
What UpVPN does provide (unlimited devices without subscription and your never expiring balance stays if you come back months later) other providers do not. And vice-versa UpVPN for its pricing model does not provide unlimited usage.
nor the intended customer base. This seems more for someone who needs to use a VPN occasionally, for example to watch a specific movie or VPN back into their home country while on vacation
Most of them a subscription services though? When you are using little bandwith every now ans then this service could be the better option. Not saying it is better for every use case, but I can see situations where it is more practical and easier to use (no subscriptions to cancel)
For streaming that doesn't get detected as being via a VPN the only successful way i've found is to use a custom VPN server on an IP no service knows as a known VPN.
My home country has TV networks that refuse to work on any of the known VPN providers. They've actually gone to the trouble of IP blocking known exits and the VPNs don't seem to change that often enough.
I know enough to buy a lowendbox and set it up as a VPN and use that and it works (provided the host is oddball enough not to be a known datacenter based IP). But i wonder if the above would work better than the more regular VPN providers.
It would be a pyrrhic victory for you even if you prove it wasn't you that was downloading it. Your name is going to be in court documents associated with prosecution over csam or other illegal materials. This information will be easily found. If you're the first case of it's kind, you will also have to deal with whatever tales the media spins about this. If you're somewhere like Florida, you might end up with your photo next to a label of 'pedophile' being plastered publicly.
A lot of people will simply see the headline, assume you're guilty and treat you as such. And a lot of people are willing to treat those they think are pedophiles very very badly (there was a case recently where a murderer serving life in jail killed his pedophile cellmate) Anyone that knows about this incident will probably never allow you to be around kids unattended, regardless of your innocence. You will be a social pariah.
Innocent until proven guilty had to be enshrined in law because most people will treat you guilty until proven innocent, and they don't have much concern about forgetting the 'proven innocent' bit.
So I guess it's time to disconnect from the internet, at least your PC b/c you can't be certain it's not used as a vpn/proxy service through an exploit or rough app.
If you want the "full experience," just set yourself up as a Tor exit node. You'll rapidly find it's impossible to use the internet from the same connection. VPN services are more and more falling into the same category. Even just "cloud provider" IP ranges are broken often enough to be noticeable - I run an Outline VPN on DigitalOcean droplets every now and then, and I've found that that's enough to get me 403'd from a lot of sites.
"Arrest first, deal with nerds protesting their innocence later" still involves getting arrested.
In a perfect world for sure, but in practice if there is any rumor that something as socially toxic as that went through your network, ultimately your reputation is ruined regardless of the legal outcome.
Would you want to turn over your computer to a forensics expert to prove your innocence?
I would hope that authorities at least would try to build an actual case against you and not just raid your home because of some fraudulent traffic from your IP. I might be too optimistic in that regard.
I'd like to write up the details sooner rather than later, and I've got pages of notes I've written, but
1: it makes me angry to think about it
2: I have other, positive things I'd rather do
It took them 8 months to return the ~$10k of gear they "stole" from me, and they found nothing.
No apology, no explanation of how I was somehow caught up in their data, just "come collect your stuff".
Ironically, they traumatized my kids (I don't think they even did any background checks on me - I don't believe they even knew there were kids in the house before they barged in).
Luckily my kids are resilient and we can sometimes even joke (bitterly) about it.
All good, I wouldn't have replied if I wasn't up to it.
Don't feel bad for asking.
I do want to "get it out", and one of the things holding me back is "what's the best way of doing it" (along with "what's not going to invite further negative police attention").
Along with a family member, we've approached our local government representative for advice on how to go about pursuing some kind of action that might help "make the system better" to minimise the incidents of innocent parties being subjected to the violence of the state, but it's mostly been a dead end. But I also don't want it to be what defines the rest of my life either, and pursuing this kind of thing could easily end up eating who I am currently (and I'm quite happy with my current self).
I also don't want media attention, really, in any context.
Now I'm mostly just writing this to understand my own motivations...
> But I also don't want it to be what defines the rest of my life either, and pursuing this kind of thing could easily end up eating who I am currently (and I'm quite happy with my current self).
I also don't want media attention, really, in any context.
Now I'm mostly just writing this to understand my own motivations...
Man I really feel this part, though admittedly for a shorter-lived and much simpler reason so I don’t want you to think that I think I fully get it.
My wife and I had two officers walk into our apartment when we were a younger couple. Unannounced, 1 or 2am. Just lights shining around and I jumped up looking for a blunt object. They then announced themselves. Mind you we live in an incredibly gun, friendly state, so if they have done this is somebody else, it is incredibly likely they would’ve had a gun drawn on them, and who knows how it would have gone down. They let themselves in because “the door was unlocked and they were looking for someone.” Mind you to get to our apartment wasn’t a simple thing. You had to walk around a gravel parking lot and up these rear steps. We lived above a restaurant and all that jazz.
I didn’t do anything about it after they left. I just kind of wanted to forget the situation and not think about what could have been. Think god I am white and didn’t have a gun on me, I’ll just leave it at that.
We didn’t even talk about it until probably 5 or 6 years later. What you wrote above made me better realize why.
As long as p2p exit nodes are relatively uncommon, it will be relatively unbelievable for you to claim that "someone else" was doing the illegal things on your network.
But if p2p exit nodes were orders of magnitude more common, then the burden of proof would indisputably be the responsibility of the prosecutors, since anyone could credibly claim "someone else did it."
And that's why this trope of "but what if someone does bad stuff on your network?!" is so frustratingly self-defeating: if everyone just ignored that risk, then everyone could have a p2p exit node, and the risk would be mitigated. It's a sort of prisoner's dilemma where nobody wants to be the early adopter of a system that would, on the whole, benefit all of us.
A society is difficult to surveil when everyone uses Tor as both a client and an exit node, and onion routing is the default method of exchanging packets (some might say it should have been incorporated into the original design of the internet). So it's perhaps worth noting that adversaries of society, such as the NSA or FBI, have a great incentive to perpetuate fearmongering about p2p networks and the threat of "but whatabout muh criminals on muh network!"
If you're reading this, maybe it's time to setup a Tor relay (with config flag `ExitRelay 1`).
> But if p2p exit nodes were orders of magnitude more common, then the burden of proof would indisputably be the responsibility of the prosecutors, since anyone could credibly claim "someone else did it."
I think I'm more cynical about our justice system, but the way I see it, this just gives them ammunition to go after anybody on a whim. Simply getting tangled up in the justice system, even if innocent, is an expensive and stressful thing. Most of us do not have the resources to just have a dedicated team of lawyers taking care of everything. So if everyone was running a Tor exit node, and it was known that there was CSAM accessed through some of them, an overzealous prosecutor could probably push through at least a search warrant of your computers because as a Tor exit node runner, there's a reasonable chance that CSAM was accessed via your node. You're not getting your stuff back for a while if that happens.
I agree, but that's why I labeled it a prisoner's dilemma. If literally everyone ran an exit node, then if prosecutors wanted to assume that any exit node facilitated the transfer of illegal material, then they would need to find other ways of proving criminality other than what packets were sent from your IP address. They can't seize everyone's hardware. If they wanted to obtain a warrant for you, they'd need more probable cause than "he's running an exit node" (because everyone runs an exit node).
As it stands, there's already a certain level of injustice, because corporations like Google and Microsoft facilitate all sorts of illegal communications, and the worst that happens is they get a letter from the feds asking them nicely for their subscriber's information. The investigators don't jump to the conclusion that the CEO of Google is a child predator and seize all the Google servers. But for an independent system admin on a home network, that's exactly what they do, even though there's no fundamental difference other than the size of the operation (and the implicit assumption that exit relays are unusual, which is the unfair assumption I'm trying to draw attention to as an explanation for lack of plausible deniability on the part of the idealistic sysadmin in a world where exit nodes are unusual).
This is impossible in practice though, so while an interesting thought experiment, it has little bearing on reality. Your local court isn't going to be running a Tor exit node on their systems. Your friendly nearby S&P500 corp isn't going to be running Tor exit nodes on their systems. Your local public library probably won't either.
> They can't seize everyone's hardware.
With your thought experiment, yes, but in practice that's not going to be the case. You're more likely to end up with very selective enforcement instead -- if you run a Tor exit node, the justice system can effectively blackmail you because at the very least they can cause you a very expensive headache. "Shame if we had to get a search warrant to make sure it wasn't you downloading some CSAM"
Would you want to provide infrastructure for Russian and Chinese citizens to access the parts of the internet that are censored by their autocratic regimes? What if the only way to do that also requires incurring a risk that a child predator might use your computer too?
What are you trying to get at with this question, and how does it matter in the context of this thread?
Are you asking about the consequences of breaking laws while using someone else's internet access as an exit point, or are you asking about the dynamics of CSAM production?
This is what the "residential proxies" do. They push out a free VPN or buy out a game in the play/app store and integrate their p2p network on it, so that other people can then use your device as a proxy.
Never ever would you want to pay to do that to yourself lol.
Is it worth dying on the “machine isn’t the server, it is the application that serves” hill or has that shipped sailed in the 90s?
More seriously, serverless has come to really mean “almost fully outsourced ops”. If all you need to do is check logs and your bill, but you can still
run arbitrary code, then it is serverless.
To me, "serverless" means "you'd normally be setting up a server yourself in some way (whether low-level and manually, or via a standardized VM or container image orchestration solution), but here you don't have to".
As a VPN user (of this type of VPN in any case; corporate VPNs are a different beast), I've never had to set up a server myself – I'm paying to use somebody else's server!
In other words, we also don't call Gmail "serverless".
...or "on-demand VPN server" in the case of UpVPN. But none of these alternative names market as well as "Severless", so we're stuck with "Serverless" whether we like it or not.
You'd have to try the service and test the IP addresses to be sure, but yeah maybe it's running on Fly. Or any other cloud network(s) with servers in those locations, which could be any (or multiple) of them - it's a fairly common set of regions.
The reason most cloud providers have overlapping datacenter locations is generally explainable by the fact that they all rent space in the same physical buildings (e.g. an Equinix datacenter), where they peer with each other and classify the building as an "internet exchange point" (IXP). These buildings tend to congregate near each other for historical or geographical reasons, like proximity to the landing terminal of an undersea cable, or inheriting a building from the old DARPA network.
It's actually quite annoying how clouds will label their region e.g. "gcp-eu-1," but it's actually just a reference to some rack space that Google rents in the same London Equinix datacenter as AWS and Azure.
15:21:52 $ curl https://upvpn.app/install.sh
#!/bin/sh
# Based on Tailscale: Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
#
# This script detects the current operating system, and installs
# upvpn on supported OS.
To be clear, I don't mean to disparage upvpn, in fact I'm impressed they pulled it together so quickly.
Just feels crazy to read about it a month ago and see it today, you know?
I think honestly you should try to phase out the "per hour" pricing, and just somehow make it so that each connection doesn't need a separate server, as it is just routing in the end, I think it would be easier to market just as a "no BS subscription!" VPN service, which I think could have a market.
As for the California LLC, I just asked because the California LLC is kind of known for being a PITA, with the fees, privacy, etc. and from what I know, you don't actually have one unless you have physical presence, but then there's some tax filing implications if you file in e.g. Delaware or Wyoming so I don't know too well.
I read it as $10 is the minimum to add to your account not a monthly fee, so just $13.5 for you and potentially cheaper than mullvad for light users, is that correct?
Who cares if it's on big 3? If it takes off and they start getting charged 10c/GB, after about 10-20k spend for the month they'll be paying about 5c/GB so close to breaking even. More importantly, at that point they'll have a business with 10s of thousands of revenue which is an opportunity to either
- work on minimizing the cost and carve out a margin
- go to VC and say "hey I have this VPN service, people seem to like it"
Because if you come out of their IP space every major website assumes you are a bot and will start slamming you with obnoxious CAPCHAs and sometimes just outright block access.
Mullvad has a policy of not keeping logs, and they have gone to extreme lengths to implement the technical side of things to ensure that this really is true.
Other VPN providers claim to not keep logs and you have to take their word for it. But then whoops it turns out they did keep logs after all.
Mullvad is the only VPN provider that puts its money where its mouth is.
Meanwhile ProtonMail was legally forced to reveal one of its users IP logs a few months ago. https://www.privacyaffairs.com/protonmail-surrenders-user-lo... What reason is there to believe that Proton will be in a better position to protect their VPN users, than they were at protecting their Mail users?
It's important not to confuse the various Proton services. Proton Mail is considered to be a communication service, and in most countries (including Switzerland), communication services are regulated to some extent. Privacy isn't a blank check to break the law with impunity, and all companies need to comply with the local law.
That being said, Swiss law is very restrictive, and there are a lot of hurdles that one needs to jump through to get a court order. And even with a court order (and has been proved multiple times in court), there is no way to break Proton Mail's encryption. Privacy is not the same as anonymity, and due to the way the internet works, if anonymity is what you are going after, you have to exercise proper infosec and take preventive measures, such as using Tor or VPN.
Under Swiss law, the treatment of VPNs is different. So VPNs can indeed be no-logs. No-logs VPN, is also possible in other countries as well. What makes Switzerland different, and possibly unique, is that within the current Swiss legal framework, Proton VPN also does not have forced logging obligations. So, a no-logs US VPN could for instance, get a NSL (National Security Letter) to start logging particular users, but that's not possible in Switzerland. In addition to that, VPN is mostly impossible for law enforcement to ask for something reasonable, as there's no "identity" for the traffic going out of our server. There's practically no chance of law enforcement to know what account to ask for.
Finally, it's worth noting that in October 2021 (after the case you mentioned), Proton won in court against the Swiss government and as a result, email services cannot be considered telecommunications providers, and consequently are not subject to the data retention requirements imposed on telecommunications providers. You can find more details here: https://proton.me/blog/court-strengthens-email-privacy.
If that ruling were to be overturned, would Proton be open to integrating the VPN service in a way that people who access Protonmail from the clearnet would be tunneled in some way? Or some kind of mode where it would reject any logins unless coming from the Proton VPN ASN etc?
From what Proton has said, it seems like the Swiss courts allow the authorities to compel email service providers like Proton to log IPs for them, but they've also said that they can't do that for VPNs, I don't know if the situation has changed but I remember them saying that.
Pretty neat idea, but it leaks DNS requests unfortunately: see point 5 "When We Share Information" in [privacy policy](https://upvpn.app/privacy-policy/).
If they used some sort of disposable or "trustable" DNS server, it would be awesome!
>We provision a VPN server on-demand when you connect.
>We deprovision it when you disconnect.
Do you still share an IP address with the other users? One of the main ways a VPN grants privacy is because everyone shares a handful of IPs. There is still demand for dedicated IPs though, because they trigger blocking less.
I have a need for a good "residential"/"mobile" proxy/VPN service, but I have yet to see a company that I was confident that they were ethically sourcing the servers.
> I have a need for a good "residential"/"mobile" proxy/VPN service, but I have yet to see a company that I was confident that they were ethically sourcing the servers.
If your willing to manage/self-host it yourself, some ISPs do provide hosting as well, my old ISP provides a VPS at ~$10/mo with a completely clean IP identical to their broadband customers.
Your discord is full of people complaining that the service is down, that they haven't received the proxies or that you aren't responding to support tickets.
Yes IP address is shared with other users - by pooling users on single server.
However, if you find provisioning time to be greater than few seconds then its a good assumption that you're the only one using the server.
This is unrelated to the product, but I’m on mobile and I can see your website is using a full-height scrollable container instead of allowing the document to scroll naturally. This causes buggy scrolling and prevents default browser behaviour - the address bar doesn’t collapse and tapping the top of the screen doesn’t scroll to the top of the document.
I feel like this needs a pricing calculator. 3 different pricing axes makes it really hard to know how much you'll use.
Perhaps you could present some common use-cases with example prices?
If you're avoiding doing that because it should show the pricing to be too high, then perhaps that's something that needs to be worked on. In general pay-as-you-go pricing should be lower for the same outcome than the all-you-can-eat version of the same thing, because you should be able to not pay for the downtime.
> In general pay-as-you-go pricing should be lower for the same outcome than the all-you-can-eat version of the same thing, because you should be able to not pay for the downtime.
Could you clarify why this should be true? In the long run, given the costs are the same, then the income of the company also needs to be the same. This means that on average you'd pay the same. Some power-users would pay more with pay-as-you-go, some rarely-users would pay less, since they are cross-subsidizing the power-users in subscription models.
I can imagine some dynamics caused by power-users avoiding pay-as-you-go plans, so subscription plans see different usage patterns. But it's not at all obvious to me why this should be cheaper. On the contrary, all those on-demand resources need to exist and there needs to be infra for spin up/down etc, so I'd actually expect higher pricing.
From the customer perspective there needs to be an advantage to paying by usage. The reason PAYG phone plans exist is to appeal to those who don't need or want everything a monthly contract provides, particularly for budget conscious users.
Contracts/bundles/etc appear to charge less because they bundle together things on the assumption that consumption will follow a predictable distribution, however they are actually a mechanism for raising average selling price by giving people more than they need/want/use and charging them more for it.
They build in a margin on top of the average, or somewhere above it on that curve. This means the average user is likely paying more than for their share of usage. Sure, from the company's perspective they have to keep the resources around, but that's a scaling and cost-base issue for the company, not the concern of the user, and if the company scales well it shouldn't be much of an issue.
Ultimately with this service, the competition is $5/m for effectively unlimited usage. If this service costs the average user $10/m, then only a small fraction at the bottom end of the usage distribution are going to make a saving, and find it a compelling offering, all things being equal in terms of product quality etc.
This doesn't apply to everything of course, different industries, product categories, etc, are priced in different ways and have different customer expectations, but it's common and I think it applies here.
This is a reasonable argument to make if the usage is fixed. But it is not. Depending on which price plan you have, your usage will differ. If it's unlimited anyway, well let me just leave that video running even when I'm in the shower and don't see it. Let me just download this large file again, it's for free anyway, no need to store it. Let me just watch this movie even though I know I'll fall asleep in 5 minutes. Once you PAYG, your usage pattern changes. You wouldn't do the same "wasteful" pattern as with the flat pricing since you are concious that you pay every second/kilobyte/meter of it.
This dynamic is pretty complex and it's not at all clear that your argument holds even with the dynamic considered.
If you translate this site & product into Russian, Farsi and Chinese and accept crypto, you're going to a make a lot of money. Those countries activity block the well known commercial VPNs and I'm sure others.
I think a lot of people are getting tired of subscriptions everywhere. For the average user, it's not possible to spin up a VPN because of lack of technical knowledge. So, if you are an infrequent VPN user and hate subscriptions, this could be a nice service.
Who is this for, exactly? The only way this makes sense, in my eyes, is if you're:
1. Someone who uses VPN very infrequently, likely a couple of times per year while using less than 500GB of traffic, and
2. Someone who doesn't use a VPN to bypass georestrictions, excluding most travelers, and
3. Someone who doesn't mind being classified as a bot
That must be an extremely tiny group of people, right?
Pricing is outrageous for daily VPN users, while your use of datacenter IPs means it's going to be almost useless for evading georestrictions.
Besides, I'm struggling to wrap my head around the concept of a "serverless VPNs". If you're actually spinning up a VPS for each customer then that seems like a very wasteful use of resources for no reason.
I know you're taking a lot of shit from everyone else on this thread, but you should know that your landing page and onboarding experience are absolutely flawless, and that you've just made at least $10.
Minimum charge, billed by hour and bandwidth, no mention of what provider the ips belong to, no bueno for me.
I'd rather just use Mullvad for €5/mo.
12 hours of average usage for me would cost $4
Also: you say "when you end your VPN session, we promptly delete the record from our database that links your session to the specific cloud server", does it also get deleted from the database backups? (assuming you do any)
Interesting - but expensive and limited! This seems to just be a different take on the company that did it first called ValeVPN.com - except they give you unlimited options and also multi-protocols and configuration options - and they work in all the clouds... So how is this better? It is more expensive and more limited? I like the design though...
I don't see the freakin' difference between buying credits or getting a subscription for a VPN. But here's the deal: a subscription seems more damn convenient 'cause you know the exact sum of cash you're gonna shell out, no surprises there. With their fancy credit system, who knows how much extra they'll squeeze outta you? It's like they're playing games with your wallet. I ain't into that. Keep it simple, keep it transparent. That's how I roll.
True, the design of UpVPN is quite nice! But JUST the design)
The privacy policy of UpVPN worries me.... Although they assert that protecting user privacy and data is a TOP priority, their logging procedures and data retention guidelines raise some red flags.
By the way, I highly recommend ValeVPN, which you used as an example, to anyone looking for a trusted VPN service to protect their privacy and improve their online experience. I've been a subscriber for over 4 months now, so I checked it out by myself!
Agree. Also, I don't see the freakin' difference between buying credits or getting a subscription for a VPN. But here's the deal: a subscription seems more damn convenient 'cause you know the exact sum of cash you're gonna shell out, no surprises there. With their fancy credit system, who knows how much extra they'll squeeze outta you? It's like they're playing games with your wallet. I ain't into that. Keep it simple, keep it transparent. That's how I roll.
Well, it doesn't really seem like it's any better. It's just another company trying to make a buck without really offering anything special. They might have a fancy design, but when it comes down to it, they don't seem to bring anything new or exciting to the table.
How long have you been rockin' ValeVPN? I spotted it somewhere too, and it seemed pretty promising with its dedicated server concept. So, is it living up to the hype? I'm curious to know if it's good enough. Share your thoughts
I get where you're coming from, but honestly, it feels like VPNs these days are just copying each other. They claim to offer something unique, but in the end, it's all about making money off users.
This sure reads like a botnet being resold as a VPN service.
In other words, the pitch is suspiciously light on details that actually matter to back their "serverless" claim. The only technical way to parse "serverless" is that their exit nodes are spread over end-user devices. So how did they end up there?
$10/month is already double what most unlimited VPN providers charge, and then you're putting bandwidth and time costs on top of that? Even worse, for the ultra-premium price you are getting...an AWS IP address. So enjoy your CAPCHAs and service denials from bot detectors.
Opening account is free. There is no per-month cost.
$10 is a prepaid balance you start with (which never expires) and consume by using UpVPN. One you run out of balance say few months down the line - you purchase again.
I love the no subscription, pay as you go pricing model. Is it a bit expensive than a full month for other providers? yes. I wish they made the data pricing cheaper or included in bundle. Quite hefty if you want to stream a show while roaming.
But in this case it actually is a onliner to spin up a VPN and the relevant mobile/PC client apps are already there.
One click deploy scripts are available for digital ocean, AWS, GCP, Azure etc.
This OG Dropbox comment was too snarky, for a genuine use case, the solutions in those comments were actually complicated than using Dropbox, while spinning up your own VPN is actually safer and better wrt streaming services etc, not easy but serves the purpose in a safer and better way.
There are plenty of VPN users “intersect” never used the command line.
And maybe a smaller set like me who are geeks but prefer not to manage their own server even from a script. As if using such a script means no problems and you wont be googling for why x y or z isn’t working.
I used to do Algo with a VM on GCP. But fly.io and tailscale has made this really simple. Try this if you are looking for an easier alternative https://github.com/patte/fly-tailscale-exit
Honestly I feel vpns are just kind of like gym memberships, it's not expected for everyone who gets one to use it every day, even though they could.