[HN Gopher] Who owns Express VPN, Nord, Surfshark? VPN relations...
___________________________________________________________________
Who owns Express VPN, Nord, Surfshark? VPN relationships explained
(2024)
Author : walterbell
Score : 147 points
Date : 2025-10-04 00:30 UTC (2 days ago)
(HTM) web link (windscribe.com)
(TXT) w3m dump (windscribe.com)
| holyknight wrote:
| scary AF
| WarOnPrivacy wrote:
| This link displays just the map, freed from it's painfully small
| frame.
|
| https://kumu.io/embed/9ced55e897e74fd807be51990b26b415#vpn-c...
| schiffern wrote:
| Anyone got this as a regular single image infographic or
| (better yet) a text-only bulleted outline?
| plmpsu wrote:
| Just pay for and use Mullvad.
| Dylan16807 wrote:
| I did until they killed port forwarding.
| bilegeek wrote:
| OOC what's your current favored provider? AirVPN? Proton?
| octo888 wrote:
| I tried Airvpn but the MacOS client is beyond trash.
|
| And the website just gives 2005 amateur PHP coder vibes.
| Not just the design. The session expiry is seems very long
| - I hadn't visited for a few days and I'm still logged in.
| I'd be surprised if it wasn't infinite.
| mk89 wrote:
| On Mac you can just use OpenVPN/Wireguard and import one
| of the profiles you can generate through their website.
| octo888 wrote:
| Not for feature parity.
|
| And I find there's a good correlation between the quality
| of the apps and the overall quality of the company. No
| surprise that the Mullvad VPN app is excellent
| baobun wrote:
| For multiple reasons it's better and safer to avoid using
| official provider client in the first place, regardless
| of provider, and connect with a good
| wireguard/openvpn/whatever client.
| octo888 wrote:
| Not universally true. The Mullvad client has lots of
| additional features to enhance privacy. Killswitch, split
| tunnelling (you might otherwise disconnect the VPN to use
| a certain app, so it can overall improve privacy),
| Shadowsocks, Lockdown mode etc
|
| It's extremely high quality on MacOS in my experience.
| It's never crashed for example whereas Airvpn's crashes
| daily. It connects almost instantly. I don't think I've
| ever seen it give an error
| 201984 wrote:
| Proton for me.
| mystraline wrote:
| Yep.
|
| And I was on Proton for 3y, until the CEO were backing Trump
| and Vance on Reddit and other places. Their port forwarding
| was also painful as well, but it worked.
|
| Cancelled. PIA does the port forwarding nicely and stabily.
| No jank scripts to run every 60 seconds.
|
| Now evidently PIA is a bunch of scum capitalists. But in
| reality, who isn't?
|
| Mullvad? But they killed port forwarding for "abuse".
| 0points wrote:
| > the CEO were backing Trump and Vance on Reddit and other
| places
|
| Something happened, but THAT didn't.
|
| https://medium.com/@ovenplayer/does-proton-really-support-
| tr...
| ashirviskas wrote:
| > Given Proton's outstanding track record and reputation
| thus far as a free, open-source, crowdfunded
| organization, owned by a non-profit and based in
| Switzerland (a country known for its neutrality), this
| topic is worth a deep dive.
|
| Either it was someone paid to write this, or if author
| really believes this, they are not someone I trust.
|
| Maybe the organization is non-profit (which I do not
| believe is practically true), it does not explain them
| sharing so much with Tesonet.
| subtextminer wrote:
| The Proton CEO is not "backing Trump and Vance." He wrote
| something positive about a narrow policy Trump supported
| that's favorable to little tech over big tech. That's it.
| It's certainly possible that someone you detest can still
| occasionally support a particular policy you think is good.
| saurik wrote:
| Particularly when dealing with someone like Trump, who
| has, on occasion, backed both sides of an issue,
| depending on the day of the week! ;P
| elorant wrote:
| I do and I like them, but Cloudflare blocks their ips
| aggressively.
| lyu07282 wrote:
| Reddit too, I wished they offered residential or dedicated
| and/or unlisted ips. But most of the time you just have to
| cycle through different ips to unblock.
| dylan604 wrote:
| At this point in the cat/mouse game, wouldn't any set of
| IPs used by a VPN eventually be able to be sussed out by
| anyone interested?
| lyu07282 wrote:
| Some vpn services offer dedicated residential IP
| addresses, meaning you get an IP from just a regular
| private ISP in some other country. It's admittedly a bit
| shady though, and more expensive ofc but that will
| unblock everything
| octo888 wrote:
| There was a bumpy ride with CF a while ago but they seem fine
| now (still plenty of captchas, of course)
| 0x073 wrote:
| Just spin up a server with wireguard.
| celaleddin wrote:
| or with Tailscale (and configure the server as an exit node).
| nerdsniper wrote:
| This is the way (or Tailscale). Easier to move around between
| datacenters to find one with an ASN/IP that isn't blocked by
| the apps/websites you use. If you do want a more off-the-
| shelf solution, Mullvad is probably the best choice. All of
| the consumer VPNs (including Mullvad) get blocked by various
| services - I get degraded/intermittent connection to Google
| Maps on them. GCC countries block most of the well-known VPNs
| as well, if you ever travel to the Arabian/Persian Gulf
| region. My private datacenter VPN gets blocked only very,
| very rarely.
| nerdsniper wrote:
| By mailing cash, if you like. They don't care if they know who
| you are or not. They don't ask for your email address, you just
| log in with a randomly-assigned account number and a password.
| VonGuard wrote:
| Been saying it for YEARS: 95% of VPNs sell your data. It's where
| they make their money. It's absolutely insane the push-back I get
| when I say this online. I get downvoted to hell and back.
|
| Source: I bought this data from VPN companies... Hell, you can
| inject ads and surveys if you want!
| throwawayq3423 wrote:
| > Hell, you can inject ads and surveys if you want!
|
| So am I right in saying that the data that's encrypted by VPNS
| is only in transit? It then sits on a server in plain text,
| ready to be queried by third parties for money.
| mr_mitm wrote:
| How does that work with HTTPS being practically ubiquitous?
| rileymat2 wrote:
| HTTPS spills what services you are communicating with, but
| not the content...
|
| ...except approximate content sizes and timing patterns.
| zubiaur wrote:
| They sell metadata. DNS queries, locations, apps using data,
| device info. Usually anonymized, but both unscrupulous and
| "better" providers do have access to your account and payment
| info.
| Lammy wrote:
| If HTTPS were for privacy it would be called HTTPP. Security
| features tend to make things _less_ Private, like how opening
| apps on a Mac makes it phone home for OCSP check.
| tredre3 wrote:
| I reckon that if HTTPS was sufficient to hide your online
| activity, then you wouldn't need a VPN to hide it in the
| first place.
| Lammy wrote:
| I wouldn't be surprised if a lot of them have like a Crypto AG
| thing going on and have the capability to use paying customers
| as exit nodes as a way to launder consent-manufacturing bot
| bullshit through legitimate-looking residential and mobile
| connections.
| justapassenger wrote:
| Is there any other real world usecases for VPN nowadays other
| than:
|
| 1. Getting access to geolocked data
|
| 2. Torrenting "Linux ISOs"
|
| ?
| ThatMedicIsASpy wrote:
| ISPs bad routing and peering
| bilegeek wrote:
| 3. Hosting websites with DDNS (though the abuse from that
| caused Mullvad and IVPN to drop port forwarding)
|
| 4. Though it hurts anonymity, and is relatively rare: I2P or
| Hyphanet, because some websites block known P2P nodes[1].
| Important if your bank or work is being a jerk about it.
|
| 5. As ThatMedicIsASpy notes, ISP issues: some routers soil the
| bed from P2P, some ISP's throttle P2P traffic regardless of
| legality, etc.
|
| [1]
| https://old.reddit.com/r/i2p/comments/tc3bhs/is_anybody_else...
| zer0tonin wrote:
| Those two are pretty big already to be honest. I guess a third
| one would be avoiding eavesdropping on public wi-fis.
| justapassenger wrote:
| With TLS being everywhere, and just few clicks away from
| having DNS over TLS, I really don't get eavesdropping on
| public wifi prop value.
| octo888 wrote:
| TLS doesn't hide which websites (hostnames) you visit
| IggleSniggle wrote:
| It does if you do DNS over TLS or HTTPS, although I guess
| that information would still be knowable to your DNS
| provider if they terminate your TLS behind the scenes
| optimalquiet wrote:
| Not quite. In order to make TLS certs work on a per-site
| basis, requests sent over HTTPS _also_ include a virtual
| host indicator in cleartext that shows the hostname of
| the site you're trying to connect to, so if the IP on the
| other end is hosting multiple domains it can find the
| right cert. For this reason some people feel that DNS
| over TLS is pretty pointless as a privacy measure.
| MrOwen wrote:
| I think this is only true if SNI is disabled. Otherwise
| you really only get the IP of SRC and DEST.
| pfexec wrote:
| Which is more likely, your barista collecting this data
| for nefarious purposes, or your ISP?
| numpad0 wrote:
| VPN unifies all destination IPs to server.ip.addr.ess. IP
| reverse lookups tells some stories if you are to be so
| paranoid
| 0x073 wrote:
| Free wifi hotspots
|
| Nowadays most traffic is tls encrypted, but there are still
| metadata that can be collected.
| gruez wrote:
| >but there are still metadata that can be collected.
|
| That logic is questionable given how poorly "spying on public
| wifi users" scales. You either need to put a bunch of
| eavesdropping radios in a bunch of public places or somehow
| convince a bunch of small businesses to use your "free wifi"
| solution. Even if you do have access, it's hard to monetize
| the data, given that nearly every device does MAC
| randomization (so you can't track across different SSIDs) and
| iOS/windows rotates mac addresses for open/public networks.
| OTOH setting up metadata capture on a commercial VPN service
| is pretty straightforward, because you control all the
| servers.
| baby_souffle wrote:
| Doesn't pretty much every Starbucks location in the United
| States use a nationwide provider?
|
| Despite the randomized Mac address, you can still
| fingerprint devices using all the usual tricks when they
| connect to the authentication and authorization page before
| you allow them to access the broader internet.
|
| If the receipt had a passcode on it, you've got a link
| between all of your browser fingerprint, radio fingerprint
| and payment detail fingerprint and possibly customer
| loyalty provided at time of payment.
| gambiting wrote:
| 3. Avoiding government-mandated record keeping by ISPs in a
| country like the UK, where all ISPs have to keep a year of your
| browsing history and it can be accessed warrant free by 17
| different agencies(including DEFRA, the agriculture agency).
|
| And yes, I'm aware that you're most likely trading one
| surveilence for another - but honestly at this point I'd much
| rather trust my paid VPN provider with my browsing data than my
| ISP and ultimately the government.
| justapassenger wrote:
| Given that most of the web has TLS and you can easily do DNS
| over TLS - that's very very high level metadata, where I
| personally just don't see much ROI vs to giving that metadata
| to random company with no regulations whatsoever.
| retube wrote:
| > but honestly at this point I'd much rather trust my paid
| VPN provider with my browsing data than my ISP and ultimately
| the government.
|
| Your ISP will need to comply with local laws and regulations,
| and you'll have some recourse if broken. A third-party VPN
| operating in an overseas jurisdiction could be doing anything
| with your data.
| anonym29 wrote:
| Unless it's selling the data back to my own government, I'd
| rather a foreign commercial VPN provider have that
| information rather than my own domestic ISP or my own
| domestic government.
|
| My government can do parallel construction, can send teams
| of armed gunmen to my house, and otherwise find far more
| methods to persecute me than the intelligence services of
| Russia or China can.
|
| Being innocent of any kind of crime does not necessarily
| remove one from the crosshairs of law enforcement
| organizations, particularly the FBI, who have an extensive,
| well-documented history of violating citizens'
| constitutional rights, conducting partisan witch hunts
| against political opponents, being a lawless menace to
| civil rights activists, anti-war activists, gay rights
| activists, both pro-abortion and anti-abortion activists,
| and is probably busy right now planning on being a menace
| to trans inclusivity activists.
|
| There is no such thing as a friendly government, but I'd
| much rather have my data in the hands of a government
| 10,000 miles away than in the hands of my own government.
| My own government hunts, injures, stalks, harasses,
| socially ostracizes, and even kills my fellow citizens far
| more than any foreign government ever has.
| mr_mitm wrote:
| I VPN into my home network for added privacy in public wifis,
| and to access private services.
| gruez wrote:
| Protection from IP tracking, especially if your ISP doesn't do
| CGNAT. Of course there's a trade-off here between
|
| a) your ISP (who knows your billing information) knowing which
| sites you visit, and any site you visit can correlate internet
| activity back to your household
|
| b) your VPN provider knowing all the sites you visit
| Havoc wrote:
| CGNAT won't save you in a world where everything is
| fingerprinted to within an inch of it's life.
| hemabe wrote:
| In Germany (and probably in the UK too), you now have to be
| very careful about what you write online. There is actually a
| section 188 that makes insulting, defaming, or slandering
| people in political life a criminal offense. You can now face
| heavy fines for minor insults ("idiot") or even have your home
| searched. A VPN can be useful here.
| hansvm wrote:
| What idiot signed that bullshit into law?
| skrause wrote:
| That law has existed since 1951 and is based on an
| executive order from 1931 by Hindenburg.
| hansvm wrote:
| A ton of ISPs use deep packet inspection for various kinds of
| filtering (and other shenanigans). When they get it wrong it
| manifests to the user as certain websites or access patterns
| being inaccessible and the ISPs customer support agreeing that
| you should have access and being able to do fuck all to fix it.
| A VPN in the middle usually solves the issue.
| msp26 wrote:
| Accessing services from the UK without handing over your
| personal ID to a service that will inevitably get hacked.
|
| This happened to discord literally a few days ago.
| WarOnPrivacy wrote:
| > Getting access to geolocked data
|
| I use VPNs when I'm trying to ferret out the scope of an
| outage. I have VPN servers on local ISP which moves me around
| different routing. I use a commercial service to move me
| further out and to other countries.
| ragequittah wrote:
| One others seem to have missed 3. ad blocking on your phone
| away from home. Almost all VPNs have a block ads / known
| malicious traffic function. This can be done with just a DNS
| but often mobile carriers will block using your own DNS.
| baby_souffle wrote:
| The original use for a VPN - getting access to private
| resources - is still very much in play.
|
| I don't just mean being able to access some private web
| interface you have on a private server in your at home, I mean
| connecting a satellite office to the main corporate office.
|
| But for all of these consumer marketed VPNs, I think your list
| has 90%+ covered...
| zer0tonin wrote:
| I have to admit that discovering that ProtonVPN was actually just
| owned by Proton Technologies feels underwhelming.
| ashirviskas wrote:
| Idk what's the official status, but it's Tesonet.
|
| Some fake debunking in the comments of this thread that is
| factually almost correct:
| https://www.reddit.com/r/ProtonVPN/comments/8ww4h2/protonvpn...
|
| EDIT: ProtonVPN app was "accidentally" signet by Tesonet. How
| do you think this could happen?
| DyslexicAtheist wrote:
| thanks, this reddit thread doesn't inspire confidence in
| proton's story :/ at all
| jibcage wrote:
| It's not Tesonet, Proton is wholly self-owned and managed.
| Proton VPN was briefly sharing employees with Tesonet during
| initial app bringup, and that partnership is long over.
| Naturally due to competition and the huge importance of
| privacy in this space, people still bring this up, but Proton
| VPN does not and never will sell or share your data with
| anyone.
|
| Source: I am a Proton VPN employee.
| octo888 wrote:
| Are we allowed to discuss (edit: if it's not too political?) if
| Kape Technologies has any connections to Israeli security
| services, given the nature of VPNs and given the amount of data
| that can be trivially collected, and:
|
| "Being from Israel, Teddy Sagi had connections with the Israeli
| military intelligence sphere and was able to procure himself a
| real-life cyber spy [his co-founder] from the famed Unit 8200
| (kinda like Israel's version of the NSA)" [0]
|
| ?
|
| [0] https://windscribe.com/blog/what-is-kape-technologies/
| qntmfred wrote:
| I'm not dang but it certainly should be allowed. we should also
| be able to call out jew-hating conspiracy theorizing, which
| would inevitably poison the discourse.
| greekrich92 wrote:
| The second part of your comment seems like a non sequitur
| qntmfred wrote:
| I'm a pragmatist
| gruez wrote:
| >Teddy Sagi had connections with the Israeli military
| intelligence sphere
|
| Does this mean much given that israel has mandatory military
| service? Unlike in the US where you have to make a conscious
| choice (eg. patriotism or desperation) to join the
| CIA/NSA/military, that's not really the case in israel. "has
| ties to unit 8200" might as well mean "has ties to
| stanford/MIT/caltech" or "has ties to big tech".
| sporkxrocket wrote:
| Unit 8200 is a cyberwarfare and spy unit. They were
| responsible for the Lebanon pager supply chain terror attack.
| I definitely want to know if they are involved with any tech
| I'm using so I can avoid it.
| pfexec wrote:
| > I definitely want to know if they are involved with any
| tech I'm using so I can avoid it
|
| Are you going to stop using Linux because the NSA is a
| major code contributor?
|
| Huawei is too, and they were founded by a guy from the PLA.
| jasonvorhe wrote:
| this is not a helpful argument. this isn't about not
| using Israeli OSS software but services that feed data
| into the surveillance grid of quasi rogue state.
| sobelabwhaman wrote:
| Linux is not operated by NSA and is open for inspection.
| Can you say the same about VPN services in question?
|
| It would be naive to think Huawei is isn't influenced by
| CCP, specially if it is found, by presumably someone from
| PLA intelligence unit by your suggestion.
| gruez wrote:
| I don't see how that addresses my point that enlistment is
| mandatory in israel. You can make similar claims about
| other israeli military units. If anything, given the
| current war in Gaza whatever the other IDF branches/units
| are doing are probably worse than hacking a few phones.
| sporkxrocket wrote:
| Unit 8200 is part of the IDF and contributing to those
| war crimes. I as a consumer only need to consider my own
| risk profile, not the politics of an entity that's
| committing acts I consider to be terrorism.
| gruez wrote:
| >Unit 8200 is part of the IDF and contributing to those
| war crimes
|
| So would you say it's fair game to not hire an israeli
| babysitter? After all, would you really want someone that
| was part of a war crime/"terrorism" force to watch your
| kids?
|
| >I as a consumer only need to consider my own risk
| profile, not the politics of an entity that's committing
| acts I consider to be terrorism.
|
| So you admit it's all just vibes and consistency doesn't
| really matter?
| Hikikomori wrote:
| Israeli crypto ag
| dagaci wrote:
| I liked Express VPN
| 0points wrote:
| Not allowed to have any meaningful discussion on this site. @dang
| will tell you to edit your posts before banning you.
| dang wrote:
| I specifically put the OP in the second-chance pool
| (https://news.ycombinator.com/item?id=26998308), which is why
| it got re-upped (https://hnrankings.info/45469376/). Rather an
| odd way to suppress discussion, don't you think?
|
| (We detached this comment from
| https://news.ycombinator.com/item?id=45496427.)
| dboreham wrote:
| NSA presumably?
| tacker2000 wrote:
| I tried Proton but their VPN wasnt as good as NordVPNs...
|
| But if Nord is sketchy, what is the recommended one?
| Havoc wrote:
| Depends on what you mean by "good".
|
| Fast/low latency is to some extent diagrammatically opposed to
| high quality privacy. The fastest route is always you to
| source. The more hops/mixers/proxies/things you add the worse
| the experience gets
| zelphirkalt wrote:
| You will have to be a lot more specific than "wasn't as good
| as", to get a response that is helpful to you. What are you
| looking for in a VPN provider?
| brikym wrote:
| Um, is it some intelligence agencies?
|
| > ExpressVPN was founded in 2009 by Peter Burchhardt and Dan
| Pomerantzwe who later sold it to British-Israeli security
| software company Kape Technologies
|
| Close enough.
| nerdsniper wrote:
| Note that all of these companies are also under the umbrella of
| Tesonet, a Lithuanian VC firm also headed by Tomas Okmanas (Tom
| Okman in TFA). Their flagship investments are Nord Security,
| Hostinger, Oxylabs, Surfshark, Decodo, Mediatech, and nexos.ai -
| all closely related business models around proxying.
|
| They don't seem to have Russian ties: "In 2022, CyberCare opened
| an office in Lviv, Ukraine. Although planning for the move
| started before the war, according to Dainius Vanagas, CEO of
| CyberCare, one of the reasons why it was followed through was a
| desire to help Ukraine rebuild."[0]
|
| They also donated money to help arm Ukraine.
|
| 0: https://en.wikipedia.org/wiki/Tesonet
| dongcarl wrote:
| We should really be moving towards a world of Multi-Party Relays
| rather than Single-Party VPN operators:
| https://www.privacyguides.org/articles/2024/11/17/where-are-...
|
| With Multi-Party Relays you no longer have a trust a single
| entity not being malicious or compromised.
|
| Disclaimer: I run obscura.net, which does exactly this with
| Mullvad (our partner) as the Exit Hop.
| sporkxrocket wrote:
| Can you control the geography of the exit node? I really like
| Private Relay but it doesn't get around geo restrictions
| because the IP is still in the same country you are.
___________________________________________________________________
(page generated 2025-10-06 23:00 UTC)