Anyone who knows anything about VPN services knows that they don't stop people from looking in on what you're doing; they only stop people other than the provider from doing so.
Most if not all of the big VPN providers collect data and give it to law enforcement, which isn't exactly news to us.
Tom Scott had a pretty good video on what VPNs can actually deliver on, despite the claims of many sponsored content creators. He lost his VPN sponsorship because he pointed out, among other things, that you don't actually have guaranteed privacy with these services.
My read is that it was more about the stuff he was calling out as legitimate[1] use-cases (which iirc included piracy).
ETA: I'm surprised these providers are even able to market with the use-case of evading geo-locking without getting sued (tbc I'm against drm in general and geo-locking in particular)
[1] from the standpoint of, "is this a good reason to use a vpn", not "does society/the law consider this a legitimate thing to do"
>"From day one of our operations, we have never provided any customer data to law enforcement.. We never, for a second, logged user VPN traffic,"
Dutch ISP KPN was the target of a blackmail attempt in October 2017 by an ex-employee who was using NordVPN. According to a lecture given by KPN's cert team members at BalCCon 2019, NordVPN gave out everything they had including logs to law enforcement. Pretty sure someone can find the court documents about it.
It's mind boggling that selling VPN services became a thing. Was I the NSA or any state level actor, selling a VPN service as a front seems the best thing to do to cast a pretty wide net.
Yeah but Netflix is better than most (possibly not better than the NSA but likely on a par with them) at determining which users are coming in via VPN.
I had a VPN buster bot on an IRC channel I was moderating because of some persistent troll who kept switching between every VPN that is out there.
Apart from using a deny list that you can find on Github, you just look at the size of the subnet the IP is coming from in WHOIS output. VPN IP adresses are part of very small subnets unlike legit ISP ip addresses that come from wide subnets
I don’t want my ISP (AT&T) fucking with my web traffic and inserting their own ads, throttling access to sites they don’t like (such as Netflix) because those sites compete with company-owned assets or partners that they would like to force everyone to use.
Yes, AT&T has been shown to be doing all these things.
Something to hide? How about something to protect. I'm overseas in a country that has a strong Chinese presence and a monopolistic semi-untrustworthy goverment owned ISP. I have a VPN profile installed on my wifi router so all my traffic is encrypted from my wifi WAN port all the way back to my home country and a trusted endpoint. If the VPN goes down, my router blocks all traffic until it's back up. Not all VPN users are dark web operators selling raw fentanyl or viewing Netflix from the "wrong" geographical area.
Which is why wide spread use is so important. Same for secure messaging. Same reason why free speech applies to and is protected for everyone and not just selected journalists.
Also recall that multiple ISPs have been caught tracking their users and selling their user’s data.
The expansion of secure connections limited that to a degree, but we know ISPs are still extracting and selling data based on their response to people switching over to encrypted DNS requests.
It is surprising for me how people can't imagine a scenario where:
Some government agency (KGB, FBI, CSI, whatever) comes to VPN, secure mail, etc provider;
Informs that some "enemy of the state" is using the service;
Demands to overtake the service, install some software etc;
Or else CEO of the service is also an "enemy of the state".
From this moment this service is not only "not secure" but directly allows access to your email data, leaks all the keys, passwords, browsing history, logs whatever they want etc.
Yeah VPN will allow you cheat Netflix. Never trust any service to not comply to some government agency.
Most people can imagine that scenario. The problem is that there is literally no other alternative. You either use a VPN (which _might_ be compromised), or you don't (in which case your traffic is even less protected).
The only real way out is quitting the country iirc like lavabit. Though even then it's either too late or not in accordance with shareholders for most companies.
Hm, how does the VPN leak email data, passwords etc? Those things should never be passed in cleartext anyway, so I don't see how they can intercept anything except the metadata of what IP addresses you connect you, provided they aren't MITMing SSL somehow.
NordVPN is incorporated in Caymans, while actual dev team is in Lithuania (Tesonet). They also sell “ethically” sourced residential proxies via Oxylabs :)
Most if not all of the big VPN providers collect data and give it to law enforcement, which isn't exactly news to us.
Tom Scott had a pretty good video on what VPNs can actually deliver on, despite the claims of many sponsored content creators. He lost his VPN sponsorship because he pointed out, among other things, that you don't actually have guaranteed privacy with these services.