How many more VPN leaks/hacks are needed to stop people from advertising them?

[RejZoR]

Frankly, only VPN provider I trust right now is Proton VPN, the providers of Protonmail. Assuming I need a VPN. I just make sure connections are encrypted directly to webpages/services as much as possible. That's where core "trust" and "security" comes from.

[Kisai]

13 hours ago, lambrosgg said:

I just watched the latest Techlinked and to no one's surprise, another vpn made the news for having user data leaked.

https://torrentfreak.com/most-dedicated-vpn-ip-addresses-are-not-anonymous-200719/

Quote

While we have no reason to doubt these results, not all VPN subscriptions are perfectly anonymous. Even companies with no-log policies can keep records that can link VPN IP-addresses to user accounts.

 

That is, when they also offer dedicated IP-addresses, which are different from regular VPN connections.

The Drawback of Decidated VPN IP-Addresses

With a dedicated IP-address, which is often sold as an add-on, users get a unique IP-address as opposed to a shared one. This can be very convenient as it reduces annoying captchas and can bypass regular VPN blacklists. However, it comes at an anonymity cost.

 

By connecting through a single IP-address, monitoring outfits can build up a profile of the user’s online activity. The real anonymity tradeoff, however, is that the VPN provider knows the user’s IP-address and can connect it to other account information it has on record. This sometimes includes an email address.

 

This may not be a concern for most people, but it’s certainly something to keep in mind for the small subset of subscribers that use a dedicated VPN IP-address.

VPN Providers Confirm Anonymity Tradeoff

Broadly speaking, we would say that the “no logs” policies of VPN providers don’t apply to dedicated IPs. That conclusion is backed up by several VPN providers we reached out to, which include VPNArea, NordVPN, CyberGhost, and Torguard.

 

Just to point this out, the weakest point in the VPN is always going to be the account management. Even if there was no logging, there is still an account processor, there is still a data center, and there is still upstream bandwidth providers. If law enforcement knows they are dealing with a VPN, they could tap the routers and managed switches at the data center, or employ a cold-boot attack on the server.

 

Either way, VPN's still create a way to reduce the amount of dragnet fishing for criminals and shotgun enforcement actions. However the fact that VPN's operate this way at all is explicitly to break unjust/immoral laws in other countries by design (eg dodging censorship or copyright-geoblocking) but as a consequence also can do nothing about immoral crimes (eg sex trafficking, drug trafficking, weapons trafficking, and assassins-for-hire) either. Law enforcement never knows how deep a rabbit hole may go, and layers of anonymity only work in favor of information, not physical goods.

 

eg, it's easier to hide anonymously as long as you aren't in it to make money.

[lambrosgg]

4 hours ago, kpluck said:

So, in your world, if any company does something wrong, all companies offering the same service or product are doing the exact same thing? That would pretty much make it impossible to buy any product or service. I doubt any industry would be unaffected by such a mindset. Ted Kaczynski? You finally got internet access eh?

 

-kp

Its not just one or two of them. From the 6(?) big ones, 3 made the news already and more than half of the small ones. Search VPN on the google playstore and see how many there are available. All with the same promises/sales pitch. Then google about VPN scandals and see many of them you haven't even heard about, doing sketchy stuff. When so many of them GET CAUGHT (very important), its safe to assume that most of them do the same thing, but haven't yet got caught. And again, this is not a "this is a shitty product, just don't buy" situation, this is about privacy. Privacy should not be treated as a product, but a human right. Companies won't respect our privacy when its about money, but influencers (yes i used that word) should at least have the decency to protect the people that they look up to them, even when something just "could be sketchy".

3 hours ago, RejZoR said:

Frankly, only VPN provider I trust right now is Proton VPN, the providers of Protonmail. Assuming I need a VPN. I just make sure connections are encrypted directly to webpages/services as much as possible. That's where core "trust" and "security" comes from.

And that trust is based on....?

[divito]

So the OP's main gripe is that they get advertised too much? And some of them have logs when they claim they don't?

 

The blanket assessment of all VPN providers as scams is not only fallacious, it's a bit irritating. That's like deriding all used car dealerships because several of them have been caught doing shady things to make money at the expense of the end user.

Yes, there are VPN providers that have been lax with security, or that have misled the public with how their services operate (no one ever bothers to read the ToS). That doesn't mean every single provider is like that, and unless all of them get hacked to see what they do behind the scenes, that's an impossible statement to make.

Plus, for fun, I looked into VPN scandals and log scandals, and really, unless Google is hiding all your sources, I don't see anything that supports your tinfoil hat position. Yes, some data centers have been compromised that house certain VPN's servers, and some other aspects of their servers have been shown to be exploitable, but there aren't troves and troves of internet activity logs as you're claiming. You're basically taking totally different exploits and "scandals" and using it as some complete judgment when they're mostly unrelated. 

[RejZoR]

@lambrosgg

You have to ask? Proton didn't just drop out of nowhere. They've been around and they've been committed to privacy and security for many years now. Unlike bunch of no name VPN providers which just rent up bunch of servers worldwide and away we go with VPN service.

[piratemonkey]

I haven't read through this thread, but what I can say is that you should not rely on a VPN for privacy and anonymity. If anything it makes you less anonymous. 

With that being said, there are a few cases that is useful. Open wifi, getting past network firewalls, and preventing your ISP from snooping (though it isn't as bad as you think). 

I recommend protonVPN, as they are not for profit, and have been audited. Furthermore, they are based in Switzerland, and due to how their central servers are set up, it makes physical attacks either really hard, or impossible. 

[Letgomyleghoe]

15 hours ago, Sauron said:

That is, in fact, the only good reason to use a VPN on a personal device.

Unless your worried about people having your ip. 
 

sure there’s proxy’s but seriously they slow down your speed a hell of a lot.

[poochyena]

VPNs are a scam, trying to sell its product based on fearmongering.

Its the one thing Linus does that really annoys me. I would think he is smart enough to VPNs aren't a real need for the average person.

[imreloadin]

2 minutes ago, poochyena said:

VPNs are a scam

 

2 minutes ago, poochyena said:

VPNs aren't a real need for the average person.

Uhhh...just because you don't think most people fit into the use case for using a VPN doesn't make them a scam? I don't think you know what the word scam means...

[poochyena]

16 minutes ago, imreloadin said:

 

Uhhh...just because you don't think most people fit into the use case for using a VPN doesn't make them a scam? I don't think you know what the word scam means...

maybe I should say it this way; the way they are advertised is a scam. A VPN has its use, but its advertised as a necessity to protect you, which its not. You aren't putting yourself at rick by not having a vpn, like the ads convey.

[Benjy98]

I'd like to chime in and just say that you have to think critically when it comes to VPN's, just like with any other service.

Don't go giving your data away to some unvetted, new player in the market, just because their introductory price is fractionally better than the established brands. Do your research, if you can't find anything, maybe it's not the best choice. Most brands will have something good and at least a bit of bad things about them on the internet.

I personally use nordvpn, because they are an established brand, I like the 3-rd party audits they do now, that they're based in a country that does not have any data retention laws, and most importantly that their product is one of the best in the market, it does what it's supposed to do.

[Sauron]

4 hours ago, Letgomyleghoe said:

Unless your worried about people having your ip. 

But you're not worried about the VPN provider having it and being able to trace your entire connection history...?

[piratemonkey]

3 minutes ago, Benjy98 said:

I personally use nordvpn, because they are an established brand, I like the 3-rd party audits they do now, that they're based in a country that does not have any data retention laws, and most importantly that their product is one of the best in the market, it does what it's supposed to do.

Their "military grade encryption" (AES-256) is just so unique /s. Imo with their nonsense with the leak and other problems, they have irreparably damaged their reputation (with me at least). And while Panama doesn't have any data retention laws or anything else problematic in regards to that, it's interesting why they aren't in Switzerland. That is the country for privacy based companies. 

[Letgomyleghoe]

3 minutes ago, Sauron said:

But you're not worried about the VPN provider having it and being able to trace your entire connection history...?

Not personally, more worried about the servers I’m connecting to having my I.p, part of my hobby’s.

[Sauron]

Just now, Letgomyleghoe said:

Not personally, more worried about the servers I’m connecting to having my I.p, part of my hobby’s.

I don't see the difference but whatever floats your boat I guess... have you considered tor?

[Letgomyleghoe]

1 minute ago, Sauron said:

I don't see the difference but whatever floats your boat I guess... have you considered tor?

I am an active tor user, but find the speed to be dreadful for my pi cluster I use for pen testing.

[piratemonkey]

4 hours ago, Letgomyleghoe said:

Unless your worried about people having your ip. 

That is kinda right. But that's a really, REALLY bad reason to use one. You make it sound like VPNs are useless, except for that use case, which is wrong. There are still really good uses for then besides that. 

 

4 hours ago, Letgomyleghoe said:

sure there’s proxy’s but seriously they slow down your speed a hell of a lot.

A VPN is a proxy. A proxy is something you use before an internet request reaches the target server (basically).

[Letgomyleghoe]

1 hour ago, piratemonkey said:

That is kinda right. But that's a really, REALLY bad reason to use one. You make it sound like VPNs are useless, except for that use case, which is wrong. There are still really good uses for then besides that. 

 

what do you mean thats a really bad reason, it works.

 

1 hour ago, piratemonkey said:

A VPN is a proxy. A proxy is something you use before an internet request reaches the target server (basically).

proxys tend to be slower while vpns tend to be faster while also encrypting your data, a vpn is not a proxy, but a proxy is not a vpn, theyre not the same.

[piratemonkey]

5 minutes ago, Letgomyleghoe said:

what do you mean thats a really bad reason, it works.

It works, but it's a bit overkill. Most tracking isn't done by an IP address, but by cookies. It's kinda like putting yourself in a freezer if you're hot. You can do it, but it's a lot of hassle and tradeoffs when you could just turn down the temperature. (weird analogy, I know)

 

8 minutes ago, Letgomyleghoe said:

proxys tend to be slower while vpns tend to be faster while also encrypting your data, a vpn is not a proxy, but a proxy is not a vpn, theyre not the same.

They're pretty much the same thing. They work the same way, they just achieve different things and are for different uses. 

[Benjy98]

1 hour ago, piratemonkey said:

Their "military grade encryption" (AES-256) is just so unique /s. Imo with their nonsense with the leak and other problems, they have irreparably damaged their reputation (with me at least). And while Panama doesn't have any data retention laws or anything else problematic in regards to that, it's interesting why they aren't in Switzerland. That is the country for privacy based companies. 

Yeah, fair, don't blame you, I tried following to what happened and nord's reaction seemed pretty reasonable to me. Good question about Panama, but I guess you can ask the same about expressvpn who are based in the Virgin islands, or most of the other market leaders. Might be a good reason for it, but never thought about it. Maybe because Switzerland is smack dab in the middle of Europe?

[piratemonkey]

24 minutes ago, Benjy98 said:

Maybe because Switzerland is smack dab in the middle of Europe

I doubt it's because that. It could really anything from difficulty setting up there (tough laws probably make it hard) to just expenses. 

I didn't look into nords response as I didn't care enough tbh lol

[TehDwonz]

2 hours ago, Sauron said:

I don't see the difference but whatever floats your boat I guess... have you considered tor?

I love seeing people suggest tor - more than half the exit nodes are US Naval Intelligence and/or DoD owned, as they created it in the first place.

Primary consumer VPN use is for when you don't trust your immediate access point, like public wifi, or even your own ISP. It's a way to get out of their controlled domain, via an encrypted tunnel. That's all. It falls under privacy, as that untrusted access point can't see what you do. Calling them "scams", whilst simultaneously promoting a literal honey-pot like Tor is hilarious.

[TehDwonz]

22 hours ago, Sauron said:

That is, in fact, the only good reason to use a VPN on a personal device.

That you can think of. Lots of anti-VPN chatter lately. CCP propaganda?  

[Sauron]

7 minutes ago, TehDwonz said:

I love seeing people suggest tor - more than half the exit nodes are US Naval Intelligence and/or DoD owned, as they created it in the first place.

If you knew how Tor works you would know this isn't a problem.

8 minutes ago, TehDwonz said:

Primary consumer VPN use is for when you don't trust your immediate access point, like public wifi, or even your own ISP.

Again, how is a VPN provider more trustworthy than your ISP? As for the public wifi hotspot... what relevant information would they gain by logging a random user's visited domains? They don't know who you are (whereas a VPN provider or your ISP do).

12 minutes ago, TehDwonz said:

It falls under privacy, as that untrusted access point can't see what you do.

But a random corporation is trusted... ok dude.

14 minutes ago, TehDwonz said:

Calling them "scams"

I literally never did that.

14 minutes ago, TehDwonz said:

whilst simultaneously promoting a literal honey-pot like Tor is hilarious.

Again, clearly you don't understand what Tor is.

8 minutes ago, TehDwonz said:

That you can think of. Lots of anti-VPN chatter lately. CCP propaganda?  

LMAO, remember when I LITERALLY SAID THAT WAS THE ONE GOOD REASON TO USE A VPN and you QUOTED ME?

Spoiler

 

I hope VPN boots taste great.

[TehDwonz]

2 minutes ago, Sauron said:

1) If you knew how Tor works you would know this isn't a problem.

2) Again, how is a VPN provider more trustworthy than your ISP? As for the public wifi hotspot... what relevant information would they gain by logging a random user's visited domains? They don't know who you are (whereas a VPN provider or your ISP do).

3) But a random corporation is trusted... ok dude.

4) Again, clearly you don't understand what Tor is.

5) LMAO, remember when I LITERALLY SAID THAT WAS THE ONE GOOD REASON TO USE A VPN and you QUOTED ME?

1&4) It would seem YOU do not know what Tor is. Ever heard of Silk-Road?
2) It wasn't a point about trusting the VPN. It's about not trusting that public wifi. But a few of the top VPNs have actual real-world test cases that proved no-logging/tampering, not to mention independent audits verifying the same.
3) Not "random". Anyone trusting a white-box Chinese VPN is stupid. Jurisdiction is what counts most for a VPN. Not because you are hiding wrongdoing either. 

5) You claimed there was only one good use with a generally dismissive attitude to VPNs - counts as anti-VPN.