Most active commenters
  • IlikeKitties(3)

←back to thread

Who Owns, Operates, and Develops Your VPN Matters

(www.opentech.fund)
201 points sdsantos | 24 comments | 03 Sep 25 16:51 UTC | HN request time: 0.43s | source | bottom
Show context
fujigawa ◴[03 Sep 25 17:28 UTC] No.45118394[source]
Commercial VPNs will go down as one of the greatest money-making schemes of the last decade. Outside of a few specific use cases their sales often rely on leveraging non-technical users' fear of what they don't fully understand.

I have non-technical friends and relatives that have fully bought into this and when I asked why they use a VPN I got non-specific answers like "you need it for security", "to prevent identity theft", or my personal favorite: "to protect my bank accounts".

Not a single person has said "I pay to route my traffic through an unknown intermediary to obscure its origin" or "I installed new root certificates to increase my security."

replies(16): >>45118443 #>>45118486 #>>45118558 #>>45118644 #>>45118672 #>>45118693 #>>45119064 #>>45119252 #>>45119261 #>>45119717 #>>45119817 #>>45119936 #>>45120136 #>>45120782 #>>45124630 #>>45126517 #
1. some-guy ◴[03 Sep 25 17:38 UTC] No.45118486[source]
Mine is simple: avoid my ISP complaining about torrents.
replies(4): >>45118552 #>>45118646 #>>45118933 #>>45118941 #
2. IlikeKitties ◴[03 Sep 25 17:44 UTC] No.45118552[source]
And shitposting here in germany has become slightly more dangerous. If you use a vpn to call your local politician an idiot, you are much less likely to get into legal trouble.
replies(1): >>45118744 #
3. 2OEH8eoCRo0 ◴[03 Sep 25 17:54 UTC] No.45118646[source]
Which provider? How do you forward ports?
replies(2): >>45118712 #>>45118724 #
4. NoMoreNicksLeft ◴[03 Sep 25 18:00 UTC] No.45118712[source]
Run docker and the haugene-transmission image if you don't want your wife complaining and asking why Facebook thinks she's visiting Romania.
5. timpera ◴[03 Sep 25 18:02 UTC] No.45118724[source]
Port forwarding is really easy with PIA's client. I had to switch to them because Mullvad doesn't offer port forwarding anymore unfortunately.
replies(1): >>45118751 #
6. NoMoreNicksLeft ◴[03 Sep 25 18:03 UTC] No.45118744[source]
Here in the United States, I don't know that I could trust the vpn to protect me from that. I remember an incident from a few years ago, some idiot at Harvard emailed in a bomb threat to get out of finals. They arrested him only a few hours later. It's possible he misused the vpn, but I suspect that they merely contacted the vpn provider, got a shortlist of people going through that endpoint, and eliminated all of them not in Boston. Didn't require any Stuxnet-type fuckery or super-secret technology. Be careful and good luck.
replies(4): >>45118802 #>>45118824 #>>45119351 #>>45122944 #
7. leptons ◴[03 Sep 25 18:04 UTC] No.45118751{3}[source]
Damn! I was thinking about switching to Mullvad from PIA, but now I guess I won't.
replies(1): >>45118919 #
8. jofla_net ◴[03 Sep 25 18:10 UTC] No.45118802{3}[source]
I remember that, Schneier talked about it on his blog.

It was actually tor (the threat came from tor), and harvard 'found' him by constantly logging what connections were going to known tor entries from on campus. As it turns out he was one or possibly the only one using tor that morning from harvard.

Bruce outlines it that he certainly could have stayed tight-lipped (all evidence was circumstantial) but, nevertheless confessed as soon as they approached him.

replies(1): >>45119104 #
9. ◴[03 Sep 25 18:12 UTC] No.45118824{3}[source]
10. freedomben ◴[03 Sep 25 18:22 UTC] No.45118919{4}[source]
Yeah, PIA is great. You can even use regular wireguard with it if you don't want to use their client. Been a happy use for many years
replies(3): >>45119281 #>>45119659 #>>45128053 #
11. ThatMedicIsASpy ◴[03 Sep 25 18:24 UTC] No.45118933[source]
Avoid my ISPs piss poor routing and peering - especially during peak times.
replies(1): >>45119161 #
12. nostrademons ◴[03 Sep 25 18:24 UTC] No.45118941[source]
Mine are:

1) I like Canadian shows in Netflix more than American

2) People in Silicon Valley get charged more on certain travel sites than people in Detroit.

replies(1): >>45119073 #
13. giancarlostoro ◴[03 Sep 25 18:38 UTC] No.45119073[source]
> 2) People in Silicon Valley get charged more on certain travel sites than people in Detroit.

I wonder how this compares to Florida vs Detroit... Hmmm...

14. sodality2 ◴[03 Sep 25 18:42 UTC] No.45119104{4}[source]
Network traffic analysis/DPI strikes again. I wonder how many people think that their VPN usage obscures their identity, when the flow of traffic at certain times gives X% probability that this person visited the site based on the timing/size/speed/length of each TCP stream, increasing in confidence every repeated visit. Hell, how often will someone download a file of exactly 7060378032 bytes? It may not be damning evidence, but it'll surely put you under suspicion; sometimes that's all it takes.

I'm looking forward to when VPNs always throw up chaff traffic.

replies(2): >>45119385 #>>45120107 #
15. thisislife2 ◴[03 Sep 25 18:48 UTC] No.45119161[source]
My ISP is smarter - they just block all the torrent and streaming site I visit, and try to push me to upgrade to a plan with many streaming platforms bundled in it. Sucks for them, because I already subscribe to a few of them but still prefer torrent-ing to download videos to watch them offline whenever I want, without unnecessary time limits, in the video / audio quality I want, in the medium I want (TV, computer, mobile devices etc.), with the software (player) I like, without ads and other nags.
replies(1): >>45124895 #
16. gchamonlive ◴[03 Sep 25 18:59 UTC] No.45119281{5}[source]
Being able to use wg-quick to create a tunnel is also something mullvad supports, just fyi
17. IlikeKitties ◴[03 Sep 25 19:04 UTC] No.45119351{3}[source]
Yeah, it's not gonna help you for that but for low level "crime" (and those "" do some heavy lifting) where the police basically asks providers for logs once and than give up you are fine with any of the more "trustworthy" (and those "" do some heavy lifting) vpn providers.

Correlation attacks are a bitch and i'm sure i'm on a shortlist already but calling a politician an idiot with a burner account made using a vpn should be fine.

18. IlikeKitties ◴[03 Sep 25 19:07 UTC] No.45119385{5}[source]
> I'm looking forward to when VPNs always throw up chaff traffic.

Mullvads DAITA (Defense Against AI-guided Traffic Analysis) is going into that direction[0] and Mullvad is one of the better providers. Tor also has some protections against this afaik and the upcoming nym vpn is also doing some traffic obfuscation [1]. But as the saying goes: Correlation Attacks are a bitch.

[0] https://mullvad.net/de/vpn/daita [1] https://nym.com/

replies(1): >>45124935 #
19. leptons ◴[03 Sep 25 19:39 UTC] No.45119659{5}[source]
I'm a happy PIA user for many years, but I probably won't really trust any US-based VPN with what the Republicans are going to be doing in the next couple of years. They will absolutely destroy all privacy for the "save the children" boogeyman. A VPN not based in the US is the only workaround I can see, and that's if we're even allowed to use them.
20. heavyset_go ◴[03 Sep 25 20:34 UTC] No.45120107{5}[source]
It's not even that complicated, the list of Tor entry nodes is public, all they had to do is look in their logs for connections to those IP addresses coming from their network.
21. ◴[04 Sep 25 02:46 UTC] No.45122944{3}[source]
22. crossroadsguy ◴[04 Sep 25 08:14 UTC] No.45124895{3}[source]
I used to do private P2Ping actively. Now I don't. Not enough time - for that, not motivated enough - for that. So I was planning to let go of that VPS of mine where my Seedbox resides. But I am not sure anymore. I do feel I may let it up and running just like many others who did it when I couldn't afford a Seedbox.

Then on the other hand I feel that the real need are from people who come to find those Linux ISOs from public P2Ps and for that I think I will be booted off my VPS in a day or two. So eventually I think this will be better - dust off that old r-pi (or maybe get a new one), get a cheap HDD, get a VPN and let it stay at home and keep seeding.

23. crossroadsguy ◴[04 Sep 25 08:20 UTC] No.45124935{6}[source]
> https://nym.com/

The first line on the landing page says:

"The world’s most private VPN 80% off today!"

Very intresting.

24. NoGravitas ◴[04 Sep 25 14:59 UTC] No.45128053{5}[source]
Reminder: PIA is owned (was bought in 2019) by a company with ties to Israeli intelligence, and which started out producing advertising malware.

https://hackread.com/private-internet-access-pia-vpn-sold-is...