[HN Gopher] ExpressVPN employees complain about ex-spy's top rol...
___________________________________________________________________
ExpressVPN employees complain about ex-spy's top role at company
Author : hassanahmad
Score : 266 points
Date : 2021-09-24 14:20 UTC (8 hours ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| logronoide wrote:
| All these companies seem to have a different understanding of
| what business ethics are.
| seneca wrote:
| I think there's a potentially valid argument in saying "who
| better knows how to protect us from these people than one of
| their own?". It's perfectly valid to doubt their motivation (and
| I do), but there's a reason defectors are valuable.
| jmarbach wrote:
| You can use https://satoshivpn.com if you want to be anonymous.
| You get access to your own private server, and user registration
| is not even possible.
| pydry wrote:
| The list of countries they offer endpoints in are not
| encouraging.
| smoldesu wrote:
| I can choose between 800 and 1200ms of latency, lucky me.
| good8675309 wrote:
| Private server? So all of your traffic comes from the same ip?
| That defeats the purpose of the VPN.
| reedjosh wrote:
| > IP Refresh
|
| > Does the service limit your usage of a single IP address?
|
| From the linked page listed as a yes in the features list.
| jimmygrapes wrote:
| The use cases for a single IP not associated with your person
| are numerous: avoidance of ISP retribution for your use of
| certain network connections (ie torrenting), avoidance of
| direct targeted attack, avoidance of geofencing, avoidance of
| censorship by IP location, as a few examples. All the better
| if the private static IP can be changed on demand and
| adjusted for location.
| good8675309 wrote:
| Does the IP on the instance change on a regular interval?
| Or do you have to request it? I use VPNs to protect against
| tracking. If the IP is mostly static then using it as a
| defense against tracking is useless.
| burnaway wrote:
| no team disclosed, no ownership information, no real privacy
| policy, no real terms of service, no info on infrastructure and
| provider partners, promises "complete privacy" and "anonymity"
| (as if attainable, especially with no traffic mixing and BTC
| payments)...
|
| don't trust services that promise things they can't deliver and
| you cannot vet properly.
| danlugo92 wrote:
| Get a VPS, they are actually cheaper than VPNs (if you only need
| one country location).
|
| You will have one single IP and you won't share IP with hundreds
| of other people thus being flagged.
|
| I have never been blocked from a site when using my VPS,
| including sites that otherwise block VPNs, I think they don't
| care for whatever reason.
|
| Doesn't mean they can't know, they will, but they seem to not
| care?
|
| Some websites might do.
|
| Only way you can get a completely "native" experience is for
| someone to set up a VPN in a computer connected to a residential
| connection in the country you want appear in.
| folkhack wrote:
| Popular VPS hosts like Digital Ocean, Linode, etc are all going
| to smack you down if you do anything remotely fishy on their
| networks. They have to have a pretty good idea of what's
| happening with their VPS systems, and I've seen them
| (DO/Linode) smack down everything from specific VPN connections
| to web scraping.
|
| If you're going to use a VPS for anything remotely sketch you
| probably don't want to go with a reputable provider - they're
| reputable for a reason.
| mhitza wrote:
| > specific VPN connections to web scraping
|
| What strange ToS clause would those fall under? Skimmed the
| DO ToS and found nothing, while they also have a separate
| page promoting the deployment of your own VPN
|
| https://www.digitalocean.com/solutions/vpn/
| [deleted]
| alfalfasprout wrote:
| The problem is a VPS isn't anonymizing because your traffic
| isn't pooled with others. So if your goal is to bypass
| geoblocking, etc. then sure a VPS is a good choice. If improved
| anonymity is what you're after then a VPS isn't going to do
| that.
| cowpig wrote:
| Making someone with a history of doing exactly the thing that a
| company purportedly stands against the CTO seems like an
| absolutely baffling choice... unless the company is doing that
| thing (enabling surveillance).
|
| If I were to use a VPN service, this news would certainly
| disqualify ExpressVPN from my list of possible options.
|
| I imagine that if I were working for a company like that out of
| belief in the mission that this news would be difficult.
| drak0n1c wrote:
| In the field of legal representation oftentimes the best
| defense lawyers that specialize in defending against federal
| probes and investigations have years of prosecutorial
| experience leading those government teams.
|
| That idea of insider knowledge turned to the client's benefit
| might be utilized here - but yes it is a bit less comforting in
| contexts where the legal duty to client does not apply.
| SahAssar wrote:
| If that was the case I would expect it to be disclosed. The
| reason there is a reaction from customers and employees is
| that they were not forthright with this info.
|
| Besides that, I think Kape is highly suspect, and the whole
| VPN space is filled with marketing of false promises and FUD.
| vjust wrote:
| A lot of people in the Cybersecurity industry are solely
| motivated by money. This is an egregious case. In milder cases,
| I've seen US SAS Cybersecurity providers being casual about
| customer protection, only caring if it starts hitting their
| reputation. Protecting people's privacy is much lower on their
| list of priorities. Human rights activists , and other vulnerable
| people of human-rights-abusing - they're not even on the horizon.
|
| He must've made a nice packet of money. Must have taken care of
| his retirement - the company's even promoting him. Some citizen's
| family is now at risk, or already imprisoned without a legal
| process. This must've come as a shock to the Human Rights
| community. VPN usage is universal there. And this _is_ the tip of
| the iceberg - surely we know how fine of a dragnet the FBI has.
| Iran, China, Saudi Arabia, UAE, there 's a long list of nations
| that'd like to snoop on their own people wherever they may be
| living. Like someone said, Tor is the way to go (tails).
| elagost wrote:
| It's been clear for a long time that every single commercial VPN
| service is a waste of money. At best, you replace trusting your
| ISP with trusting a different group of unknown people with
| similar motivations. At worst, it's a government agency honeypot
| or someone like Facebook.
|
| If you think you want a VPN for "privacy", use Tor Browser. If
| you want a VPN for any other reason that "normal people" think
| they want a VPN, you're probably wrong.
|
| Why do we even give these companies the time of day?
|
| (Small clarification - Most people who want VPNs should use a
| proxy instead. It fits the use case better. Those still exist and
| don't route ALL of your device's traffic over the tunnel.)
| missinfo wrote:
| Tor is too slow and often blocked by sites. And how do you know
| if an exit node is a honeypot or not?
|
| Mullvad VPN seems like the best choice.
| guerrilla wrote:
| > It's been clear for a long time that every single commercial
| VPN service is a waste of money.
|
| This is nonsense. It depends entirely on your goals. It's
| important to me that my ISP doesn't know what I'm doing while I
| couldn't care less if my VPN provider does. I also need to
| circumvent geoblocking from time to time.
| neom wrote:
| I'm not sure I totally agree, sure I don't know every single
| employee, but I use Nord because I like and respect Tom
| Okman[1]
|
| [1] https://en.wikipedia.org/wiki/Tom_Okman
| [deleted]
| jrootabega wrote:
| Having an easily-replaceable IP address is also of some value
| in case someone tries to DOS you in IRC/game chat/etc.
| baron_harkonnen wrote:
| > you replace trusting your ISP with trusting a different group
| of unknown people with similar motivations
|
| I've always seen this argument but it's never made sense to me.
|
| For starters I absolutely _don 't_ trust my ISP. I know they
| are collecting, storing, likely selling my data and that they
| are 100% going to comply with any government requests from my
| government (I don't even trust that they would only respond to
| legal requests).
|
| Years ago I used to use AirVPN. They claimed:
|
| > AirVPN started as a project of a very small group of
| activists, hacktivists, hackers in 2010, with the invaluable
| (and totally free) help of two fantastic lawyers and a
| financing from a company interested in the project and operated
| by the very same people.
|
| Maybe they're lying but at least there's some chance they
| actually care about privacy.
|
| But even if they _don 't_ care about privacy at all and are
| lying, at the very least they are based in Italy and have their
| servers spread throughout Europe. Additionally you can pay via
| crypto (which gives you more anonymous payment options than
| your ISP). Simply being in another country then the one I live
| in makes it much harder for my government to arbitrarily
| request my data.
|
| Yes if I want to do highly illegal activity that is going to
| get my government interested in me I absolutely don't think
| that would be enough. But if I want privacy from routine
| surveillance this seems like a fantastically better option that
| 100% giving up.
| dannyw wrote:
| Plus, you can chain through a couple VPNs. Both VPNs have to
| be compromised for you to lose privacy.
| ralusek wrote:
| The first one would still know everything though.
| simiones wrote:
| The first one would know that _you_ are talking to the
| second VPN. The second VPN would know that _VPN1 User_ is
| talking to facebook.com. In principle, neither of them
| has the full picture. In practice, you may leak enough
| information that _both_ of them could get the full
| picture.
| ralusek wrote:
| My IP: 1234
|
| VPN A IP: 4321
|
| VPN B IP: 6543
|
| ---
|
| Unless I'm missing something, the request would go like
| this:
|
| VPN A sees that 1234 is going to facebook.com
|
| VPN B sees that 4321 is going to facebook.com
|
| facebook sees that request is coming from 6543
|
| Am I misunderstanding the technology, or didn't VPN A see
| everything?
| monocasa wrote:
| VPN A only sees that the request is going to VPN B.
| sxg wrote:
| But VPN A has to relay the request for facebook.com to
| VPN B, meaning that VPN A has to be aware of the user's
| final destination. If my interpretation of this is
| incorrect, then how does VPN B become aware of the
| request for facebook.com?
| monocasa wrote:
| VPN A only sees a request to VPN B. Because of that they
| don't need to know anything about the final destination
| or even that there is a final destination beyond VPN B.
| deelowe wrote:
| VPN A knows there was a request to VPN B, that's it. The
| request is encrypted on twice the client. VPN A removed
| it's encryption but is only left with an encrypted
| request to VPN B. VPN B then removes it's encryption and
| then forwards the request to fb.com.
| lilsoso wrote:
| That seems like a great technique if it is correct.
|
| Seems obvious to me that many of the top VPN providers
| are operated by intelligence agencies or have ties to
| data brokers: they can afford to operate the services at
| an initial loss for the benefit of information learned
| later.
|
| For example, touting that a VPN is operated outside of a
| country with ties to the "five eyes" doesn't seem like a
| benefit, it likely means they can operate with impunity
| on your data.
| [deleted]
| elagost wrote:
| Use an alternative DNS server, Firefox/Brave/Ungoogled
| Chromium, uBlock Origin, and disable JavaScript everywhere
| you can possibly help it. As far as reclaiming some privacy
| from routine surveillance, this is probably better advice
| than "Pay Unknown Company X $9/mo to maybe be slightly better
| than your ISP in terms of privacy".
| HanaShiratori wrote:
| But wouldn't the measures you mentioned make routine
| surveillance easier due to the much more unique
| fingerprint?
| Seirdy wrote:
| It is far easier for a bad actor to compromise or start a
| commercial VPN provider than it is to do the same for an ISP.
|
| If you want online anonymity, use Tor. And torrent with a
| seedbox.
| wintermutestwin wrote:
| What if my ISP _is_ a "bad actor?"
|
| Using Tor is:
|
| 1. a huge PITA 2. a red flag 3. potentially exposing me to
| unsavory actors
| samstave wrote:
| >*are collecting, storing, likely selling my data and that
| they are 100% going to comply with any government requests
| from my government (I don't even trust that they would only
| respond to legal requests).*
|
| https://en.wikipedia.org/wiki/Carnivore_(software)
|
| And this was the very very crude version, what is happening
| today is obviously _light years_ ahead of what Carnivore
| was...
|
| We really need a "*Moore's Law For Surveillance Capabilities
| Multiplying by X Every N Period*"
| qw3rty01 wrote:
| > If you think you want a VPN for "privacy", use Tor Browser
|
| so replace a vpn, which _might_ be logging your traffic, for a
| service which absolutely is logging your traffic?
|
| Tor is an anonymity service, not a privacy service.
| joconde wrote:
| What traffic does it log exactly, and who logs it? As I
| understand Tor:
|
| - the exit node knows the second-to-last node, the cleartext
| data and the destination,
|
| - each intermediate node knows the previous and next nodes,
|
| - the entry node knows the sender and the second node.
|
| And using HTTPS prevents the exit node from knowing the
| cleartext data.
|
| This doesn't enable any individual node to know who sent what
| to whom, assuming that the whole path isn't entirely
| controlled by one person.
| qw3rty01 wrote:
| Everything you mentioned goes back to my point that it's an
| anonymity service, not a privacy service. Tor exit nodes
| don't know who sent traffic, but they do see all the
| traffic that passes through them.
|
| HTTPS can mitigate some of that, just like it can for VPNs,
| but the site you're going to is still very much visible.
|
| Don't get me wrong, Tor is a very useful service if
| anonymity is your goal, but it requires a solid
| understanding of what can go wrong, which torproject
| provides a decent list for:
| https://support.torproject.org/faq/staying-anonymous/
| saurik wrote:
| With Tor the site you are going to is visible, but not
| who you are (there actually are some quibbles with this,
| but those don't seem to be your better argument); that
| someone--somewhere out there--is accessing a specific
| site doesn't seem to be particularly secret information.
| I think Tor might tend to use a single circuit for all of
| your traffic, which allows for correlations, but that is
| trivially fixable (you can hash the websites you are
| accessing to multiple circuits that egress with separate
| exit nodes, so you don't provide the attacker that
| information).
| can16358p wrote:
| The main reason that I use (and many around here) VPNs is to
| access sites blocked by the government. And these blocked sites
| even included Wikipedia until recently.
| ashtonkem wrote:
| The utility in a VPN is in travelling, not at home. I'm not
| sure if I trust ProtonVPN more than I trust my ISP, but I sure
| as hell trust them more than I trust the little hotel I stayed
| at in Brooklyn.
|
| Long term I'll probably just solve this by setting up a VPN
| server at home, so I can tunnel through to my local services
| and protect myself from wifi endpoints I use on the go.
| garyrob wrote:
| Honest question: it's still a consensus that they do have value
| in situations such as airport Wi-Fi, correct?
|
| Separately from that, I still do wonder whether, if you
| subscribe to a VPN that has well-examined security practices
| and whose reputation depends on such practices, whether it
| still may have value over relying on the security over a local
| ISP which may not have as much expertise or reputation
| investment with respect to security.
|
| I'm not arguing, just trying to understand the issue better.
| gizdan wrote:
| > Honest question: it's still a consensus that they do have
| value in situations such as airport Wi-Fi, correct?
|
| No. I don't think this was ever a consensus. When is the last
| time you've used a (sensitive) website that is not run over
| HTTPS? Unless the CAs (or the certs) are compromised, you
| have no reason to use a VPN when on public Wi-Fi, because it
| is encrypted with this so-called "military grade encryption"
| that VPN providers love to mention.
|
| Edit: forgot to add, if the CAs or the certs are compromised,
| VPNs won't help anyway.
| elagost wrote:
| Argument is the spice of life! An argument doesn't have to be
| angry. But nonetheless I appreciate your earnest kindness.
|
| It's less of an issue when every site you connect to uses
| https, and every app you use employs ssl/tls for its
| connections. That is common practice these days. Getting man-
| in-the-middle'd on airport Wi-Fi is less feasible these days
| than it was 10 years ago. The attacker would have to also
| install a certificate on the user's device. I welcome
| corrections if I'm wrong.
|
| VPNs aren't obligated to tell you the truth. They don't have
| to have good security or even honor what they say on the
| front page. People trust marketing, not actual policy or
| actions - just look at Apple. Still waiting on "HMA" VPN to
| go out of business because they handed over users to the FBI.
| They're still around and claim No Logs just like everyone
| else, just like ProtonMail did until this month.
|
| https://arstechnica.com/information-
| technology/2021/09/priva... https://hacker10.com/internet-
| anonymity/hma-vpn-user-arreste... https://www.theregister.com
| /2011/09/26/hidemyass_lulzsec_con...
| garyrob wrote:
| "Getting man-in-the-middle'd on airport Wi-Fi is less
| feasible these days than it was 10 years ago. "
|
| I think the "consensus" I'm referring to may actually have
| been from at least 10 years ago. I'm an old-timer!
|
| Thanks for the feedback
| marderfarker2 wrote:
| Most public wifi block all the ports necessary for VPN except
| 80 and 443. Even then DPI will stop most VPN protocol right
| in its track.
|
| I've never had reliable VPN working over public wifi/mobile
| network, unless I roll my own custom protocol that
| masquerades as HTTP traffic.
| wintermutestwin wrote:
| I've used VPN over literally hundreds of public WiFi...
| garyrob wrote:
| Interesting. I'm an ExpressVPN subscriber (maybe I won't be
| much longer) and haven't had any problem using it on public
| Wi-Fi networks.
| brewdad wrote:
| Same here with multiple different VPN providers. Once I
| get through the TOS screens I can activate the VPN and
| have no issues. At one hotel chain (rhymes with a moldy
| British cheese), I have to activate my VPN first since my
| DNS provider won't resolve their login page.
| fortuna86 wrote:
| > Honest question: it's still a consensus that they do have
| value in situations such as airport Wi-Fi, correct?
|
| No, with SSL and https now the default for 90%+ of the web,
| you can be sure no one is casually listening in.
| young_unixer wrote:
| > At best, you replace trusting your ISP with trusting a
| different group of unknown people with similar motivations. At
| worst, it's a government agency honeypot or someone like
| Facebook.
|
| My ISP is required by law to be an informant for government
| agencies, so the VPN can only be equal or better than my ISP.
| angelzen wrote:
| To make it slightly more expensive for the adtech industry to
| spy on all my internet traffic. I have little illusions that
| any tech measure whatsoever can thwart government entities.
| dangerface wrote:
| You are right that most people are just signing up with the
| same credit card and details as their isp and even if they
| claim they don't keep logs the vpn needs to link the use of
| their service to your details for billing just like your isp.
|
| That said if you live in the UK the government logs your
| internet history to be used against you at their convenience.
| Using a vpn like mullvad.net that you can buy with bitcoin and
| no details prevents the government logging my history, thats
| worth the PS5 a month.
| zelphirkalt wrote:
| Accounts can be completely decoupled from the payer. As long
| as the account is paid for, it should work. If there are no
| speed or time limits imposed, then why worry about who is
| using the VPN? If you allow a reasonable number of
| connections to the account at any given time, the rest
| shouldn't matter.
| wintermutestwin wrote:
| These are the reasons why I use a VPN provider:
|
| 1. my threat model is not my government. It seems that the TLAs
| have thoroughly pwned our privacy for a long time now. (please
| note that I am in no way advocating for this mass surveillance,
| but I don't see that I have much choice in the matter)
|
| 2. My threat model includes my ISP. I am forced to use a scummy
| ISP who would openly steal my data if I let them. Same with my
| mobile provider.
|
| 3. My threat model includes the data thieves who have obvious
| business models built around selling my stolen data to the
| highest bidder.
|
| 4. My threat model includes black hats and script kiddies.
|
| 5. Do I trust my VPN provider? Eh. A little. For now. The thing
| is, I trust them more than #s 2,3,4 above. What other choice do
| I have?
| hammock wrote:
| >If you think you want a VPN for "privacy", use Tor Browser.
|
| Isn't using Tor browser trusting a group of unknown people as
| well (nodes)? I hear all the time theories that Tor is a giant
| honeypot
| elagost wrote:
| Diversification. Theoretically most of the nodes are owned by
| different people, and every connection will randomize your
| node list route between them, making it difficult to track,
| unless most of the nodes were owned by one organization. With
| VPNs, all of your connections are through servers owned by
| one company, identified by an account ID.
| dijit wrote:
| I think there's been good criticism of your arguments so far
| and I don't want to pile on; but I see _a value_ in commercial
| VPN companies.
|
| I, a tech savvy person, have no issue creating an SSH proxy
| server in any country in seconds.
|
| But I also make online video games, and the US sanction system
| means I must block people from accessing our services; even if
| they have a copy of the game.
|
| They did nothing wrong, my company isn't even US based: we just
| used a cloud provider and all of those are US based.
|
| So, I encourage those users to use a vpn if one is available to
| them.
| fnord77 wrote:
| Tor is practically unusable in 2021. Tor is blocked or is very
| difficult to use for a growing number of sites. Google is the
| big one (whether one should use google at all is a different
| story).
|
| Plus ISPs can detect tor use by its customers just from packet
| patterns. I don't want to be flagged as a tor user by either my
| ISP or the sites I visit.
|
| The only other option is to set up your own ISP either in a
| colo rack or on a cloud VM. That's going to cost $50-$100 month
| plus your time fiddling with it and any network overages
| WastingMyTime89 wrote:
| > Why do we even give these companies the time of day?
|
| My understanding is that most people use a VPN to either watch
| the foreign catalogs of streaming services or insert a third
| party in a foreign country to make themselves less tempting
| targets for random enforcement of copyright laws.
|
| Obviously they don't advertise like this because these
| activities are illegal.
| Raed667 wrote:
| What if you want a VPN to unlock location based content?
| elagost wrote:
| Then either do without (because, come on, nobody's gonna die
| if they can't watch reality TV), buy it on disc, or pirate
| it? Netflix is blocking IP ranges so hard that residential
| space is getting caught in the blast radius. It's a cat and
| mouse game that you'll only win by refusing to play.
| https://torrentfreak.com/netflix-intensifies-vpn-ban-and-
| tar...
| pjmlp wrote:
| Some of us would like to get home country news besides the
| quite poor international channels, it is not always about
| Netflix.
| onli wrote:
| To pirate it you need a VPN, in countries that have a
| surveilled internet and laws that enable suing file
| sharers. Germany for example.
| nyuszika7h wrote:
| What do you think the pirates who rip the content use to
| get it? There's not always going to be a local user to rip
| every single title.
| BRedSox wrote:
| I use a VPN to watch my local sports team - whose owner is
| currently in a contract dispute resulting in the team not
| being played on local tv.
| cm2187 wrote:
| Also create a fuse between DMCA requests and your sole
| broadband provider if you do any torrenting.
| hannob wrote:
| Circumventing geoblocking is legit, but don't tell people
| that VPNs are about "security".
| Sebb767 wrote:
| They are, it's just in very rare circumstances (monitored
| public wifi + possibly unsecured connection, for example).
| Most people should do fine and thanks to https, public wifi
| is far less of a threat than it used to be (plus, some
| started blocking VPNs).
| trutannus wrote:
| Essentially the only valid use of a VPN. That, or masking
| your location from other _users_ online.
|
| I find YouTube in my country is just filled with content
| being pushed because it's local to my country. Some VPN exit
| points have less local content pushing, which gives me more
| options. Eastern European content is really good, but also
| completely missing from American YouTube suggestions.
| h_anna_h wrote:
| Mind you, tor had basically the same issue a while ago
| https://archive.is/4FMxm
| nitrohorse wrote:
| https://www.doineedavpn.com enumerates legitimate use cases
| well I think.
|
| > This site was conceived and built by IVPN to challenge
| aggressive marketing practices in the VPN industry.
| Semaphor wrote:
| > Hide geographic location
|
| > VPNs do not effectively solve this issue. Most modern
| browsers can detect the geographic location of a device based
| on data from GPS, available Wi-Fi networks and GSM/CDMA cell
| IDs and will submit this information to websites requesting
| it.
|
| Did I miss something? Even the ad-tech browser will ask the
| user before sharing that?
| withinboredom wrote:
| I block the Mozilla positioning trackers. They were getting
| over a million request per month from my household. It's
| just a regular API call from any website and doesn't need
| any browser permissions.
| bsdnoob wrote:
| I wouldn't say commercial VPNs are waste, It depends for what
| purpose do you want to use the VPN. Privacy? Yeah maybe not the
| best for that but these are extremely useful to bypass
| geoblocking of content. Moreover, many ISP do not like you
| downloading content via torrent. How do you propose we solve
| it? User experience with Tor is not always the best as well.
| Tor network does not have lots of bandwidth, It is okay for
| browsing but the moment you want to download something using
| Tor you'd notice that its actually very slow. I'd bet my money
| that using Tor would attract lot more attention by your ISP
| than using a regular VPN.
| cool_scatter wrote:
| > At best, you replace trusting your ISP with trusting a
| different group of unknown people with similar motivations.
|
| I'm not sure what country you live in, but in the US, all the
| big ISPs might as well be run by the government, at least when
| talking about privacy. Private VPN companies are far more
| trustworthy, all else being equal.
| babypuncher wrote:
| I'm convinced that you can get most of the privacy "benefits"
| of a VPN with an encrypted DNS, which a pihole can be
| configured to provide for your whole home network.
|
| Your ISP could still figure out which sites you are visiting by
| what IP addresses your traffic gets pointed to, but I'd be
| willing to wager that the bulk of their data collection for the
| purpose of advertising comes from logging DNS requests, since
| it is far easier to do and captures 99.99% of their customers
| habits.
|
| This won't do anything to protect your IP from being sniffed
| out by media companies when seeding copyrighted torrents, but
| that has never been a major concern in my house. This is
| probably also meaningless if you are being targeted for
| surveillance.
| mintplant wrote:
| > At worst, it's a government agency honeypot
|
| Kevin Poulsen's book _Kingpin_ , about the takedown of
| CardersMarket, describes how the FBI ran a VPN service as a
| honeypot for quite a while as part of the operation, logging
| everything that passed through it. As you say, it could be
| anyone on the other end of that connection.
| karaterobot wrote:
| > At best, you replace trusting your ISP with trusting a
| different group of unknown people with similar motivations. At
| worst, it's a government agency honeypot or someone like
| Facebook.
|
| You're starting with the (completely correct) observation that
| any VPN is not _guaranteed_ to be secure, confidential, or
| private, and then making an argument as though it were the case
| that every reputable VPN is equivalent to every untrustworthy
| ISP. I think that 's why your argument doesn't make sense to
| me: I don't think there's an equal chance that a VPN provider
| with a good reputation is going to sell me out as my ISP.
|
| It's axiomatic in risk management that there is no way to
| completely remove all risk. Running a proxy and Tor is not a
| guarantee of security any more than running the world's
| shadiest VPN is, though it's obviously more secure by far. But,
| it's a question of what the acceptable level of risk is, and
| what the marginal cost to reduce that risk is. For many people,
| a $5-10 (non-shady) VPN is a perfectly reasonable step to take.
| caymanjim wrote:
| Tor is almost certainly a government honeypot, but if you're
| just trying to hide from Google and other ad companies, it'll
| help. Except that it's cripplingly slow.
| [deleted]
| dkersten wrote:
| > If you think you want a VPN for "privacy", use Tor Browser.
|
| What about Tor over VPN, so that your ISP can't see that you're
| using Tor? That is, the VPN hides your usage of Tor from your
| ISP and Tor hides your browsing from the VPN (and since many
| VPN services even advertise Tor support, its not like it would
| be suspicious, plus you can pay for many VPN's with
| cryptocurrency while I definitely can't hide my identity or
| location from my ISP).
| addingnumbers wrote:
| > At best, you replace trusting your ISP with trusting a
| different group of unknown people with similar motivations.
|
| When one party with auditors says they will protect your
| privacy, and the other openly spells out in their stated
| policies that they will run roughshod over your privacy,
| cataloging and trading your data as much, as long, and as
| insecurely as they like...
|
| You don't have to trust the former party a lot to recognize the
| lesser evil.
| lol123456789 wrote:
| idk mullvad seems pretty alright
| z3c0 wrote:
| It is - they know their market and they serve them well. One
| of the few VPNs that actually don't log traffic.
|
| That said, I've had websites flat-out refuse me because of
| using Mullvad (not just because it's a VPN, but a supposedly
| "disreputable" VPN). Meaning blackhats love it. Meaning it
| works.
| antegamisou wrote:
| > One of the few VPNs that actually don't log traffic.
|
| How can one be so certain that this is the case? The only
| thing that's for sure is the claim they do not keep any
| evidence. I don't have anything against this VPN, it's
| really just an inherent trust problem with any provider.
| You take their word for it and be smart/ethical enough not
| to have any sketchy activity when you use it because
| there's a pretty good chance logs are being kept.
|
| I don't mean to make this personal to you but it's weird
| seeing a tech-literate crowd like HN act naive when it
| comes to VPN usage, based on arguments like "oh X is shady
| you should use Y instead, it's 100% private!".
|
| My point being, don't expect that doing extremely dumb shit
| online means any service, no matter how reputable, that may
| aid you do so will have your back.
| darthvoldemort wrote:
| The only ones you can trust are the ones that have
| actively fought court orders. That is a reasonable show
| of certainty that they do what they say otherwise there
| are real legal consequences.
| lilsoso wrote:
| You still don't know if they're feeding your data to an
| intelligence agency or data broker.
|
| For example, why wouldn't China run a few top VPN
| companies -- or at least compromise them? The benefit
| would outweigh the costs. So they shield you from piracy
| lawsuits and the like, they gain data to blackmail and
| compromise key figures later on.
| lemoncookiechip wrote:
| It's far from a waste of money. They help with things such as
| skipping geoblocking, able to deceive ISPs that send mail
| warning users about pirated content, can in some cases help
| with gaming ping, allow users to trick sites that rely on IP
| logging and many other applications besides cybersecurity and
| privacy.
|
| The main issue is that they all seem to advertise themselves as
| these privacy and cybersecurity services first, while ignoring
| all the other added benefits.
| warent wrote:
| And no wonder! All of those things you listed as benefits
| sound shady and illegitimate to people who aren't very tech
| savvy or have a poor understanding of their rights to a free
| web. Notice you're using words like "Trick" and "deceive"
| good luck selling that!
| anamexis wrote:
| I think VPNs are having no problems selling that, for
| exactly those reasons.
| babayega2 wrote:
| True. I use VPN to get behind the geoblocking on my banking
| app which is prohibited to work in my African country. Also
| viewing movies banned in my country.
| elagost wrote:
| Browser fingerprinting works much better than checking IPs.
| With multiple devices being behind the same IP, it's
| necessary to distinguish between users.
|
| I'm not saying VPNs are worthless - I'm on one right now for
| work. Commercial VPNs, for most people who purchase them, are
| completely worthless.
|
| And I very much doubt that tunneling your connection through
| a VPN can improve ping.
| everdrive wrote:
| What about using a VPN inside a VM? (or even a separate
| computer) Presumably all of your browser fingerprints would
| be different, yes?
| filmgirlcw wrote:
| Yeah, but unless you are blowing the VM away all the time
| (and maybe you are, but that takes a certain amount of
| effort, even if you try to automate it), you're still
| going to have a fingerprint tied to that VM and
| browser(s). Will it be linked with your other devices?
| Maybe not, but depending on what accounts you are signed
| into (Google, Facebook, etc), there could still be a more
| robust profile associated with your various locations and
| devices, even if the fingerprints are different.
| trutannus wrote:
| Browser fingerprinting does not work for geofencing.
| Browser fingerprinting _and_ IP geotags work, but
| fingerprinting just tells you if a user is the same person,
| on a different IP address. I run a website to monitor bot
| traffic, and really all something like a Picasso
| fingerprint can get you is visibility into who 's spoofing
| their IP.
|
| You get a hash value that's roughly unique to the browser-
| device configuration. You don't know from that hash where
| the user is located. You have to pair the hash up with
| geolocation services to get that info. Once you do that
| though, you get a decent idea of if the person is changing
| their IP, but there's still no way to tell what the 'real'
| IP is. You just end up with a unique ID that's associated
| with a handful of different IP addresses.
| selykg wrote:
| > And I very much doubt that tunneling your connection
| through a VPN can improve ping.
|
| Yea... as someone who used to play a lot of online games,
| this was always a surefire way to increase ping time lol.
| "Crap, my VPN is still on... brb"
| weinzierl wrote:
| Just for a moment close your eyes and imagine a world where
| you have to fill-in a mildly complicated form before you
| visit a website (or blindly sign away whatever rights you
| might have had).
|
| A world where every second funny video you might have found
| on Reddit leaves you with a cryptic message that some
| "rights holder" doesn't permit you to see it (and denies
| you from joining the fun everyone else seems to be having
| in the thread).
|
| A world where you cannot buy half of the cool stuff you
| want (and everyone else seems to be having) because you
| cannot even see the online store where it is sold.
|
| A world where you're even denied access to old and
| seemingly public domain e-books.
|
| Open your eyes. This is the world most of us live in.
|
| We're not on commercial VPNs because we love to, but
| because often there is no other way. They are in a sense
| invaluable when it comes to geo-restrictions, even though I
| agree with you that they are worthless for many of the
| reasons they claim to exist.
| elagost wrote:
| Ok. Use a proxy, or set up your own Proxy/VPN on a VPS?
| Then you also have a VPS - you can host your own website
| there, use it to download stuff and rsync it back to your
| local machine, deploy nextcloud, etc., all for less than
| the cost of ExpressVPN. And bonus points, you can use
| unlimited devices.
| Tenoke wrote:
| Less of the cost sure but you are saving a couple bucks a
| month tops and replacing that with work on setup and
| maintenance instead. Moreover that way you get a single
| IP rather than the 40 different countries with multiple
| IPs my provider gives me.
| trhway wrote:
| By analogy with CDN VPN in that role is "Content Receival
| Network".
| dannyw wrote:
| 90% of the average population doesnt know the first thing
| about command lines.
| schoen wrote:
| Geoblocking, and a practical way around it, could be a
| great motivation for them to change that!
| jjoonathan wrote:
| It can improve bandwidth too! Network operators LOVE to
| mess with traffic based on service type: prioritize it,
| throttle it, cap it, the games don't end.
|
| "Turn on VPN, network performance improves" is a regular
| occurrence these days.
| dtech wrote:
| > And I very much doubt that tunneling your connection
| through a VPN can improve ping.
|
| Surprisingly this can be the case as long as the combined
| link to VPN + target is better than the direct link to
| target. Keep in mind that the target might be geo
| distributed.
|
| Like driving, going over 2 highways might be fasted than
| going over a direct dirt road, or a longer road might be
| faster because the direct road is congested.
| Shared404 wrote:
| One case where I saw this was a friend who for some
| reason was being routed to game servers around the world
| when trying to connect to an Overwatch game, and a much
| closer server with the VPN.
|
| Was this a bug in Overwatch? Almost certainly, but the
| VPN was an effective workaround.
| samhw wrote:
| > Surprisingly this can be the case as long as the
| combined link to VPN + target is better than the direct
| link to target
|
| Is that surprising? I think that's what you would expect,
| and it's what the above commenter is suggesting (quite
| reasonably IMO) is very unlikely.
|
| I think the issue is that you're implying the road to the
| target is a dirt road, but the road to the VPN is a
| highway, which seems a bit questionable.
| marderfarker2 wrote:
| Most of the time the end user equipment is the bottleneck
| rather than the internet backbone
| netflixandkill wrote:
| As a frequent international traveler, using VPNs as a
| method to change routing absolutely can improve the
| results. Routing is not always done to get your specific
| packets someplace as fast as possible, particularly when
| submarine cables are involved.
| filmgirlcw wrote:
| Yup, I was going to say the same thing. I'm also a
| frequent international traveler (tho not in the last 20
| months, alas, but before pandemic I averaged 2
| international trips a month) and one of the benefits,
| security or not, of a commercial VPN service is the
| access to different nodes that can drastically improve
| speeds vs whatever routes the network you're on is using.
| It's not a guarantee but I've had it come in handy quite
| a few times.
| LorenPechtel wrote:
| This. I'm an occasional customer of ExpressVPN because
| they're pretty good about getting past the Great Firewall.
| When we go visit her family I want access to the same things
| I have in the US. It's not going to be any real protection if
| the government is after you.
| saurik wrote:
| Meanwhile, a lot of users really can't trust their ISP: your
| "ISP" might be coffee shop, or someone renting on AirBNB, or
| your friend (as you are at their home or office). If you are
| in any of these circumstances, I would probably _first_
| recommend "tether off your phone or something", but if you
| are finding yourself needing or merely wanting to use someone
| else's internet connection (maybe for speed or because you
| don't have a good cell signal), it totally makes sense to use
| a VPN.
|
| (Also: I don't think anyone has mentioned this yet, as maybe
| it is somehow "gauche" to do so, but one of the top reasons
| people use VPNs around the world is because they want to
| browse porn and they don't want people around them to know.
| At some point, the people in the apartment next door to me
| figured out my wi-fi password and seemingly felt the correct
| solution to this issue was to use me for their porn browsing,
| but it was then all the more awkward when I figured out why
| my network was slow and knew all of the porn sites they were
| browsing. Most people seem more OK with the idea of paying a
| company like ExpressVPN--even if they are legitimately run by
| "spies"--to be their dedicated porn access point than hoping
| that someone else more locally won't find out what sites they
| are browsing.)
| ybbond wrote:
| correct in some part, but I think other main reason people
| use VPN is because their ISP block access to porn. VPN
| allows them to watch
| bcook wrote:
| >At some point, the people in the apartment next door to me
| figured out my wi-fi password
|
| That seems implausible.
| saurik wrote:
| My wi-fi password was loudly spoken often and our windows
| were open constantly. Honestly, if they had asked one of
| us for the password, I am sure we would have given it to
| them also (and for all I knew at the time that was how
| they got it: I am just saying they figured it out, not
| that they stole it). (It wasn't designed to be secure or
| anything... is yours? I do not even think I changed the
| password once they started using it... I just upped my
| cable modem plan so I wouldn't get affected by it ;P. I
| might have, though... this was like 15 years ago (I have
| been using the same wi-fi password at least since right
| after that, certainly?)
| UncleEntity wrote:
| I leeched off my old neighbors' WiFi for a few years
| until everyone in the complex upgraded to routers which
| weren't vulnerable to the pin key attack (or whatever it
| was called).
| willcipriano wrote:
| I've used this personally:
| https://www.whatsmyip.org/lib/fios-wep-key-calculator/
|
| WEP can be broken with: https://www.aircrack-ng.org/
|
| WPS can be defeated with:
| https://tools.kali.org/wireless-attacks/reaver
| SkyMarshal wrote:
| _> Meanwhile, a lot of users really can 't trust their ISP:
| your "ISP" might be coffee shop, or someone renting on
| AirBNB, or your friend (as you are at their home or
| office)._
|
| Or your ISP may be one of the big ones - Comcast, Time
| Warner, etc or whatever they are in other countries, and
| you may legitimately not trust them either.
| jon-wood wrote:
| It is in fairness not a winning business strategy to go out
| and advertise with "we make breaching copyright easier".
| vineyardmike wrote:
| The tech crown is probably not the crowd that would shed a
| tear over this industry.
| filmgirlcw wrote:
| Totally agree. The geoblocking is the most common reason a
| lot of people use VPNs, even if that isn't always how they
| are directly marketed. A friend's mom asked me a few weeks
| ago for VPN recommendations so she could watch British TV
| easier. She's 70. Her concern isn't about safer browsing
| stuff but watching GBB more easily.
|
| *Disclosure: ExpressVPN has sponsored my podcast in the past
| (tho I don't handle ad sales fwiw) and I've always chosen to
| do the "this is how I watch X service in X country" use case
| in ad reads, b/c that's the value in it for me vs rolling my
| own Wireguard/Tailscale setup (I actually have Tailscale
| setup for my home network).
| edgyquant wrote:
| It's funny express has you advertise as being able to watch
| X service considering when I used express I couldn't watch
| Netflix because they throw an error saying they know I'm
| using a VPN. Same with Amazon prime. I've switched to
| nordvpn but they are no different I can't even use fast.com
| to check the speed when the vpn is on.
|
| False advertising I'd say
| spurgu wrote:
| Yeah Netflix is the reason I switched from ExpressVPN to
| NordVPN.
| ignoramous wrote:
| NordVPN unblocks services by routing through residential
| IPs without explicit consent:
| https://news.ycombinator.com/item?id=21664692
| filmgirlcw wrote:
| Netflix has been particularly vigilant as of late to
| combat VPN usage so it is a cat and mouse game. I haven't
| had an ad from them in months but last time I did, it
| worked with the services I've used without a problem. For
| all VPN services, the geoblock stuff is a moving target
| so what works one day or week, won't necessarily work the
| next. It's unfortunate but it is what it is.
| gumby wrote:
| My kid contacts ExpressVPN when this happens and he says
| they are pretty good at following up.
|
| We have no illusion that a third party VPN adds any
| security; we use it for this reason. I vpn to my personal
| colo machines when away from home.
| j-bos wrote:
| XV works with Netflix, just not the default servers.
| acchow wrote:
| > If you want a VPN for any other reason that "normal people"
| think they want a VPN
|
| As far as I can see, normal people are asking for VPNs to
| access Netflix catalogs of other countries.
| deelowe wrote:
| What assurances do we have that most tor end points aren't
| compromised as well?
| atok1 wrote:
| Well, I would complain too if I worked there!
|
| A modern VPN outside of the workplace is used for anonymity.
|
| I'm not sure what some people are saying when they state a VPN
| isn't useful for this case. Either they are very misinformed, or
| working for an entity that undermines human rights for a living,
| ex. NSA.
| alimbada wrote:
| Decentralised VPNs are the future.
|
| Edit: https://dvpnalliance.org/
| 3np wrote:
| Any reason Orchid isn't a part?
|
| https://www.orchid.com
| saurik wrote:
| Ok, so there doesn't seem to be any _benefit_ to this
| "alliance", so I am personally not sure why anyone is a part
| of it, much less us ;P... but like, frankly, "to be real
| about this" for a moment, the Sentinel community is so
| actively _hostile_ --in a kind of _nasty_ "personal" way that
| involves stuff like them "bullying" (their term) people who
| work at Orchid or posting memes constantly of stuff like
| Sentinel users as soldiers marching through the bloody
| carcasses of dead Orchid defenders (somewhat hilariously to
| me one of their favorite images for this is a specific re-
| drawn painting that I can't imagine they know the origin of,
| as I would _not_ want to be affiliated with those particular
| attackers)... and like, this is in addition to adamantly
| insisting false things about our project (such as that we
| somehow aren 't open source?! we literally do all our
| development in public and have GitHub CI doing reproducible
| builds of all of our assets!)--that there is very little
| interest in having any involvement with them (particularly so
| given the lack of any real benefit to this alliance).
| alimbada wrote:
| I have no idea and wasn't even aware of its existence. I have
| no affiliation with either dVPN Alliance, Mysterium or
| Sentinel but I have used both of the latter two as well as
| Privatix. Mysterium is my go to choice but there's an issue
| with split tunneling which prevents me from using it right
| now.
| saurik wrote:
| FWIW, I do not believe that either Sentinel nor Mysterium
| (though I don't bother looking at their product often; I am
| very confident about this for Sentinel, though) currently
| have any support for "multiple hops" through VPNs, and so
| for the complaints people are talking about here I would
| consider them "somewhat actively dangerous".
|
| (To be fair, Orchid has for some reason decided to hide
| multiple hops behind an advanced settings panel currently;
| I feel like this must have been some kind of
| miscommunication internally, and I annoyingly-to-me don't
| directly do the development on the front-end app; but it
| _is_ supported, if slow.)
|
| Like, if you want to, right now, you can run a Sentinel
| node... and then you just get to "be the spy" and collect
| all of the information about the users who select your
| node. They claim this isn't possible, but that makes no
| sense and I can tell you from first-hand experience that it
| is... they seriously seem to think that because their code
| is distributed using a docker container that no one can
| either edit its behavior or add logging around it? It is
| really awkward, actually :(.
|
| And, worse, part of the goal of these "decentralized VPN"
| projects is to let you not care so much about which node
| you are using... which means that, over time, you are
| likely to _eventually_ use an attacker as your exit node
| (which is actually somewhat intrinsically "dangerous"
| anyway, _even with multiple hops_ , as, if you allow any
| non-authenticated--in the cryptographic sense of that term
| --traffic to go through your tunnel, as even with multiple
| hops the final node can edit the traffic).
|
| (I am very curious, BTW, what your specific use case is
| with split tunneling that isn't being supported currently
| by Mysterium.)
| johnklos wrote:
| For any company, ask why they'd actually care about doing the
| right thing.
|
| Is it reputation? Integrity? Is the reasoning purely financial?
|
| Then ask whether the company operates in a way that suggests
| they'd do the profitable thing over the right thing if they think
| they might get away with it. Does that picture look realistic?
|
| As an example, look at Apple. Leaving the tangential discussion
| about scanning iCloud photos for CSAM aside, they are a company
| that claims to care about users and about privacy. Whereas every
| other company is literally trying to send _all_ data to the
| cloud, Apple is telling us they 're working to process everything
| they can on the device itself.
|
| What would happen if they were caught selling location data?
| Caught allowing companies direct access to data aggregated from
| users that they explicitly say they're not collecting? They'd
| stand to lose literally many billions of dollars of sales because
| the thing differentiating them from everyone else would be
| erased.
|
| Which is greater - those billions of dollars of sales as a
| premium device maker, or those scraps of money they'd make from
| underhandedly selling data?
|
| Now look at the same scenario but with Facebook, or Google - is
| it the same? No, because we have no realistic expectation of
| privacy with either company. They're in the news quite often
| because they're doing nefarious things, allowing access to data
| most people didn't even know they're collecting, yet people
| aren't really doing things differently because of the news.
|
| Imagine the same with companies like ExpressVPN. How much would a
| disclosure hurt them? How much money could they possibly make by
| selling private data? Do they employ the kind of people who'd
| take the gamble between the two?
| s_dev wrote:
| Just look at Proton Mail removing the "We don't log IPs" claim
| from their website last week after it emerged they are forced
| to log IPs .
| eldaisfish wrote:
| this is a bad faith argument.
|
| Proton logged IPs in response to Swiss court order and handed
| over that data after the order was received. They do not log
| IPs otherwise. And bear in mind, the specific request in
| question here had the involvement of the French state as
| well.
| vore wrote:
| How is this a bad faith argument? Proton's claim was they
| didn't log IPs and then it turns out that in certain cases
| they do - regardless of the reason, they reneged on their
| claim.
| mdavis6890 wrote:
| Because the way it was phrased might imply that Proton
| had always been logging all IPs, despite their claim,
| when in reality the breach was of a much smaller scope
| than that. They only logged IPs for a particular user
| after a particular legal demand was made, and not
| otherwise (as far as I know).
| bjohnson225 wrote:
| Their original claim was that they don't log IPs by
| default, not that they don't log them even when required
| by law.
| [deleted]
| adamdusty wrote:
| I have never in my life met anyone that has an iPhone or a Mac
| because Apple is processing everything on the device itself.
| People have iPhone and macs for 2 reasons. iMessage and because
| Apple is a premium brand that even that richest of richest
| people use. The money Apple would lose if they started mining
| your data like Facebook would be indistinguishable from random
| noise.
| badsoftware wrote:
| I am in the Apple ecosystem primarily for privacy reasons. We
| exist.
| julietdg wrote:
| Privacy online or anywhere is an absolute psyops.
| Everything is logged recorded and stored. Every website
| visited, every email opened or sent, every text message
| sent or received. No matter who the company is.
| gizdan wrote:
| They're not at the level of Facebook and Google, but they
| still mine your data. You've gained nothing.
| StevenRayOrr wrote:
| I'm more comfortable with Apple's decisions than some on
| Hackers News, so take this with a grain of salt... but the
| difference between what Google/Facebook does and Apple does
| _is_ a difference. It may not be as vast a difference as
| Apple claims, but it 's also not nothing.
| [deleted]
| Pick-A-Hill2019 wrote:
| _It [ExpressVPN] said it had not known of the federal
| investigation or the details of Gericke 's work in UAE_
|
| Seriously?
|
| So either he lied or they are lying. I'm not an expert in
| American employment laws but would have assumed that one of the
| conditions of employment would be disclosing/reporting being
| under a federal investigation.
| stronglikedan wrote:
| You don't have a legal duty to tell a prospective employer
| anything. The burden is on them to perform any background
| checks, if they want.
| whoknowswhat11 wrote:
| Does cloudflare WARP not work?
|
| Or AWS self hosted VPN?
| darthvoldemort wrote:
| I can't believe that employees and customers are falling for the
| Big Lie technique. "Yes, our CTO is an ex-spy that we never
| revealed, but he's totally not doing it anymore! We promise!"
|
| Honestly, how stupid do you have to be to believe this?
| morpheos137 wrote:
| If you don't like your job you can always quit. Something I don't
| get is present employees denouncing their employer while
| expecting to keep their job.
| [deleted]
___________________________________________________________________
(page generated 2021-09-24 23:01 UTC)