←back to thread

Who Owns, Operates, and Develops Your VPN Matters

(www.opentech.fund)
201 points sdsantos | 6 comments | 03 Sep 25 16:51 UTC | HN request time: 0s | source | bottom
Show context
fujigawa ◴[03 Sep 25 17:28 UTC] No.45118394[source]
Commercial VPNs will go down as one of the greatest money-making schemes of the last decade. Outside of a few specific use cases their sales often rely on leveraging non-technical users' fear of what they don't fully understand.

I have non-technical friends and relatives that have fully bought into this and when I asked why they use a VPN I got non-specific answers like "you need it for security", "to prevent identity theft", or my personal favorite: "to protect my bank accounts".

Not a single person has said "I pay to route my traffic through an unknown intermediary to obscure its origin" or "I installed new root certificates to increase my security."

replies(16): >>45118443 #>>45118486 #>>45118558 #>>45118644 #>>45118672 #>>45118693 #>>45119064 #>>45119252 #>>45119261 #>>45119717 #>>45119817 #>>45119936 #>>45120136 #>>45120782 #>>45124630 #>>45126517 #
zoeysmithe ◴[03 Sep 25 17:56 UTC] No.45118672[source]
This is my feeling too. I also don't think these people realize how none of these groups can refuse a subpoena so the scenario of "the government coming after me," doesn't get addressed either.

Worse, some of these are tied to foreign nation state intelligence, who are now analyzing your data when before they couldn't because they didnt have a relationship with your ISP. Domestically, I wouldnt be surprised if all of this data from US owned VPNs is shipped to the NSA or other groups and analyzed. After the Snowden reveals its hard to really see this stuff as conspiracy anymore.

Weird technical issues happen because a lot of services don't keep vpn's in mind. I saw a lot of people were having issues connecting to multiplayer game servers. The vpn provider broke something, maybe it was on a blacklisted IP, maybe increased latency, maybe the IP is in the wrong region and people are connecting to a NA server but are in LATAM, etc.

I really dont know the use case for a vpn, not to mention advertising snooping happens on the application level anyway. Its javascript running on my browser and html5 and heaven knows what else analyzing me for ads, not "what IP did you connect from."

Lastly, there are privacy tools like onion and running a browser with no js active. These vpn types dont do that. They're actually not getting the privacy and security they want because tor is slow and a no-js firefox is unfun. So this weird cargo cult of VPNs has appeared, similar to stuff like "disable UAC" and other "computer enthusiast" knowledge you see in gamer or low information forums. Its the blind leading the blind here and these capitalist opportunists absolutely are taking advantage of that. "I'm safe I have a vpn," is a normal thing to say even though its almost entirely wrong.

The only practical use case I can think of is torrents where the legal and political will to subpoena a vpn provider is low, so its this weird loophole where you can torrent but your ISP will never be informed. For now I suppose until the IP holders think the legal fees are worth it or get a law passed to sidestep subpeonas.

replies(3): >>45118877 #>>45119211 #>>45124097 #
1. TGower ◴[03 Sep 25 18:19 UTC] No.45118877[source]
Many major VPN providers claim to keep no logs, and some have had third party audits supporting that claim. Subpeonas don't do anything if the company doesn't keep logs.
replies(3): >>45119431 #>>45119751 #>>45120257 #
2. ◴[03 Sep 25 19:12 UTC] No.45119431[source]
3. stackskipton ◴[03 Sep 25 19:50 UTC] No.45119751[source]
I also wouldn’t trust VPN provider standing up to the pressure of really angry Western government. If Mullivad gets US FISA warrant followed by threat to destroy their ability gain access to US payments, they are going to flip logging for you on so fast.
replies(1): >>45125369 #
4. heavyset_go ◴[03 Sep 25 20:48 UTC] No.45120257[source]
Third party auditors aren't going to be allowed into Room 641A.

Courts can order providers to keep logs on certain users. Wiretapping laws also allow for it. And all of that goes out the window if the government decides there's a threat to national security.

5. reorder9695 ◴[04 Sep 25 09:38 UTC] No.45125369[source]
I'm not necessarily sure they would, they've built their company based on no logs and privacy and seem fairly ideological, if this occurred their business would likely be permanently crippled. Most of their users use them because of their strong guarantees.
replies(1): >>45130016 #
6. stackskipton ◴[04 Sep 25 17:44 UTC] No.45130016{3}[source]
Turning on Logs for single user vs taking what could be crippling business hit? Maybe their CEO is ethical but that would be behavior I haven't seen from CEO ever.