[hellcow]

I recently purchased a subscription to NordVPN in light of this new legislation. They claim not to keep any logs, and I've found their servers to be quick with low latency. A speed-test right now shows 41mb/sec down and 15ms ping. They also don't throttle specific kinds of traffic, like torrents.

No affiliation, just a happy customer.

[RKearney]

The whole "we don't keep logs" statement is snake oil.

Picking a US server at random, (US20) it seems to be hosted here[0]

In what appears to be their NJ datacenter located at:

DuPont Fabros, 101 Possumtown Road, Piscataway, NJ 08854

Per their own privacy policy available here[1], they mention the following

  > Internet Protocol (IP) Addresses
  
  > DigitalFyre uses your unique network address and SessionID
  > to help diagnose potential problems with equipment, to help
  > tailor content to match your preferred interests and to
  > otherwise administer the Site.

So while NordVPN (and frankly, any VPN service that colocates or rents servers) may claim not to keep logs, their service provider most certainly does. Even though your ingress traffic is encrypted, it would still be trivial to match it to egress flows based off packet counts, sizes, and flow durations.

  [0] https://www.digitalfyre.com
  [1] https://www.digitalfyre.com/privacy-policy/

[hellcow]

Great point. Do you know of any VPNs that dodge this with reasonable ping times in the US?

[RKearney]

Honestly, I never understood the interest people had in companies providing VPN for personal use. The way I always saw it is if I was traveling and needed VPN while on public/unencrypted Wi-Fi, I would just VPN back to my home. Of course this means I trust my ISP not to do anything nefarious.

This topic has the opportunity to become a huge discussion, so for the sake of brevity I'll summarize with my personal, opinionated solutions for various use cases.

  1. You don't trust your ISP
  1.1 Switch ISPs (not always practical)
  1.2 Setup a VPN on a $2.50/mo or $5/mo VPS (this could incur bandwidth costs
      if you're pushing multiple TB per month across the VPS. Note you're still
      at the mercy of the VPS and their colo, but no different than today with
      a VPN provider.)
  2. You don't trust the public network you're on
  2.1 VPN back to your home. This would be free.
  2.2 See 1.2
  3. You don't trust the site operator of the site you're visiting
  3.1 Use Tails linux and Tor

I can't think of any other use cases.

[thomastjeffery]

> 1.1 Switch ISPs (not always practical)

That's the use case. For many Americans there is literally no viable option here.

Take Albuquerque for example: if you want a solid 20mbit connection or better, your only option is Xfinity (Comcast).

Don't even get me started on mobile data.

[covercash]

"6. Yes, we allow P2P traffic. We have optimized a number of our servers specifically for file-sharing; ensuring other servers, which are meant for streaming and other purposes, have uninterrupted speeds. In any case, we do not engage in bandwidth throttling for P2P users."

- https://torrentfreak.com/vpn-services-anonymous-review-2017-...