[ganoushoreilly]

What blows my mind is the number of people signing up for these "VPN" services thinking it's secure. Time and time again we've found that they are logging and if they aren't it's logged at the flow point (as linked in this article).

I'm fine with VPN to evade restrictions or whatever purpose you want, but stop pretending it's all that different.

I can say though for a fact that a few of the largest security companies have been paying for strategic access to netflow in the us for years. The reality is there are good arguments pro and against.. and that doesn't even account for any "netflow" visibility US and Foreign Agencies may have.

We really have to determine what we want to be standard for privacy and what advancements we're willing to give up in exchange.

[relax88]

Is anyone actually pretending it’s different?

Most people I talk to buy VPN services to avoid legal threats from pirated movies or to avoid traffic surveillance from their local ISP / workplace / institution.

I’ve never heard someone describe it like a hard-to-denonymize tor node or anything.

[eloff]

Lots of services are advertised that way. It's probably half the ads I encounter on YouTube.

[relax88]

Hmm, I block all ads at the network level so maybe I’m just out of the loop on this topic.

[yosito]

Also to prevent people on your local network from snooping on your traffic and stealing credentials and other sensitive data that might be passed over the wire. I once had my AWS API keys compromised this way. It was a pain to resolve that situation. I'm a lot more careful now.

[switch007]

> I once had my AWS API keys compromised this way.

Presumably you were copying them over the network unencrypted?

[nisegami]

I've held the same opinion for a long time, but this news gave me pause. Why would it be worth paying for data that can trace VPN traffic if they weren't doing _something_?

[hnthrowtier1]

Power, paranoia, crime, curiosity.

Power: Businesses are run by humans, who do not merely optimize discounted cashflows. Some humans enjoy wielding power, and frequently do so in an antisocial manner. See eg Stanford Prison Experiment.

Paranoia: Royalty have always been paranoid. Much has been written about the intelligence operations of paranoid merchants in Renaissance Venice. You should think of huge private entities like Koch Industries and Bloomberg as kingdoms. Maybe security teams want to see threats, which increases their importance to the organization.

Crime: Theft, manipulation, subversion. Companies do crime all the time, and are rarely held to account. There are indirect indicators that this type of conduct is becoming more common.

Curiosity: According to Snowden, even cleared NSA employees who pass a polygraph and invasive FBI background check abuse their access to personal data out of curiosity. This is probably a human invariant.