[HN Gopher] Consolidation of the VPN industry spells trouble for... ___________________________________________________________________ Consolidation of the VPN industry spells trouble for the consumer Author : InvOfSmallC Score : 93 points Date : 2021-09-18 17:03 UTC (5 hours ago) (HTM) web link (blog.windscribe.com) (TXT) w3m dump (blog.windscribe.com) | goodpoint wrote: | Use Tor. | armchairhacker wrote: | I'm may be dumb wrt this but i really don't get the VPN business. | Why so much advertising for VPNs in particular? | | Looking at why someone would want to use a VPN: | | - Protection from governments or big businesses: you probably do | actual research, not listen to some ad by your favorite gamer | | - Protection from scummy ad tracking: Most people still do some | research here albeit less carefully. But again, if you're worried | about ad tracking, wouldn't you worry about a VPN aggressively | advertising themselves? | | - Access region-locked content: Any VPN works here. This could | explain some of the advertising. But still, most VPNs talk a lot | about security, and only a small section on region switching. I | would imagine if this was the main target audience VPN | advertisements would be different. | | Are people so gullible that they see an ad for NordVPN, think "oh | shit I need to protect my security", and then buy NordVPN, | without questioning at all if it's worth the money, if there's an | alternative, or why NordVPN advertises on XxGamerClipz? So much | that NordVPN makes money off of its ads? And if so, why don't | other companies do this that could better target dumb people? | vkou wrote: | There is one other use case that is rare, but the one I needed. | | Sue to shitty peering, and some bad connection between me and a | service, I was seeing horrific latency and packet loss. | | A VPN let me route my packets through Chicago, which had a | better connection to the service in question. | chaz6 wrote: | I just do not understand it either. When I want some protection | I use tor. I would never trust a paid vpn service. | legrande wrote: | > Are people so gullible that they see an ad for NordVPN, think | "oh shit I need to protect my security", and then buy NordVPN | | Well not the people serious about VPNs. The ones I consistently | see popup in online discussions about what VPNs to use are | Mullvad, ProtonVPN (Because of their Switzerland location), & | iVPN (because they're based in a non fourteen-eyes | jurisdiction, namely Gibraltar). | | Of course jurisdiction doesn't matter since the point-of- | presence of the particular VPN country is usually housed in | some cheap colocation datacenter that could have questionable | ethics and could be feeding logs to adversaries, without the | VPN provider even knowing. | | Then there's the whole 'we never keep logs' claim which can't | be proven. So, _caveat emptor_ folks! | ohdannyboy wrote: | Then there's the whole 'we never keep logs' claim which can't | be proven. So, caveat emptor folks! | | It can be trusted with a fair degree of certainty depending | on the company. For instance, we know that PIA at the very | least was willing to testify under oath that they had no | records to provide the US government. Could they be keeping | secret logs or have changed practices since? Sure, but at | some point the claim seems credible. | | Now those flavor-of-the-month budget VPNs that cannot | possibly be profitable unless you're the product? Different | story. | bennysomething wrote: | i thought pia got bought recently by a much less trust | worthy vpn? | ohdannyboy wrote: | Huh, looks like it was. That would make me apprehensive | about continuing to trust them. | astura wrote: | They were bought by Kape Technologies which used to be | called Crossrider and has a history of producing malware | and the owners used to work at the Israeli version of the | NSA. | | https://restoreprivacy.com/private-internet-access-kape- | cros... | kbenson wrote: | The issue is that yesterday they may not have kept logs, | and today they might, and there's no feasible way to know | for sure. Even warrant canaries can't be relief on if the | type of warrant requires no notification whatsoever. | [deleted] | everdrive wrote: | >Protection from scummy ad tracking: Most people still do some | research here albeit less carefully. But again, if you're | worried about ad tracking, wouldn't you worry about a VPN | aggressively advertising themselves? | | Importantly, most advertising and tracking does not care what | your IP address is, and so a VPN does nothing here unless you | can separate your cookies / hardware profile / etc. | Hamuko wrote: | > _And if so, why don't other companies do this that could | better target dumb people?_ | | I see ExpressVPN ads all the time and they're almost always | advertised as "protecting yourself from hackers or your ISP". | jayski wrote: | i think a vast majority of it is people who want to stream | content, pirate torrents, etc, without getting a strike letter | from their ISP | Hidios wrote: | > i think a vast majority of it is people who want to stream | content, pirate torrents, etc, without getting a strike | letter from their ISP | | This use case is definitely very underrated, people usually | associate VPNs with higher latency but if your ISP has bad | peering to certain locations, which many of them do, a good | VPN can do wonders. | marcus_holmes wrote: | I live in Germany but don't speak (or read) German. Almost all | internet sites completely ignore my browser's "preferred | language" preference and serve me content in German because I | have a German IP address. | | So I use a VPN to pretend I'm in the UK, and get English | language. | | I actually have to turn this off to watch streaming services, | because they detect it too easily. The streaming services then | cheerfully serve me English UI (because my account preference | is for English) but German language content. I understand why, | but this is such bullshit. | | If you want people to stop using VPN's, then stop assuming that | their IP address has anything to do with their physical | location, culture, language, bank account region, home address, | telephone prefix or anything else. | pydry wrote: | >Are people so gullible | | Yes? I think theyre usually riding off the trust of the content | creators they advertise with. | | >And if so, why don't other companies do this that could better | target dumb people? | | NordVPN arent the only ones. | ajsnigrutin wrote: | I watch many, many youtubers... there are probably only two | or three that i trust with their reviews, and none of ther | reviews are sponsored. | vehemenz wrote: | It's a bit weird that you omit the main reason for VPNs-- | avoiding dumb copyright strikes from your ISP when torrenting. | To be fair this is a US-only reason. Maybe you live in Bulgaria | or Finland. | saurik wrote: | > Access region-locked content: Any VPN works here. This could | explain some of the advertising. | | Actually, most of the time your VPN is just going to be blocked | entirely by the service: they have a limited pool of IP | addresses being shared by users, so the patterns of access of | users randomly popping up on their addresses makes even | automated bans pretty easy. | | https://news.ycombinator.com/item?id=28143238 | | To really get this right requires crazy tricks like taking all | of the traffic destined for a service and routing it to per- | user stable addresses that you cycle much more slowly. NordVPN | seems to do this with Disney+, for example. There was a great | analysis of this done (but to get it you will need to use an | archive site as the author mysteriously deleted it). | | https://news.ycombinator.com/item?id=21664692 | | The result is that users trying to do this tend to have to keep | using different VPN services until they find a server on one | that actually works today, and probably in the process keep | accumulating subscriptions to "too many" VPN services for "too | long". A lot of random review sites are then just claiming to | tell you which service is best able to access such content at | any time (but honestly, it is a losing battle: there is no | obvious way to win this in the long term). | OJFord wrote: | > Actually, most of the time your VPN is just going to be | blocked entirely by the service | | Actually, my experience is Netflix blocks some of the time; | Wikipedia blocks (edits) all of the time (which really pisses | me off - I'm logged in!); and nothing else that I use blocks | me. | Tenoke wrote: | >Actually, most of the time your VPN is just going to be | blocked entirely by the service | | Doesn't seem to be the case 'most of the time' for non-free | VPNs or at least mine. You can definitely access YouTube | videos available abroad or BBC iPlayer or whatever. I'm on | VPN a 3rd of the time and it's only very occasionally I have | issues. Sure, maybe it's worse with some services but not | 'most of the time'. | eptcyka wrote: | Yep, but Amazon for instance blocks first party content | when accessing it via a VPN. Some delivery services block | my VPN outright. | saurik wrote: | I am doing an implied integral here over over all random | VPN services and servers, as the person I am replying to | said that "any" VPN would work. If you have found one that | seems to consistently work for the BBC--and based on their | efforts against Disney+, I bet NordVPN would work?--you are | now a single data point: if you search for BBC blocked VPN | on Google, however, you will see that it is an extremely | common issue that the BBC blacklists VPNs from accessing | their service. | | (FWIW, I could accept an argument that I am not "weighting" | my certainly-informal statement well on actual usage | figures: if NordVPN and ExpressVPN are even the only two | VPNs that work well against the BBC, maybe they are alone a | considerable percentage of the market. I am pushing back on | the idea that "any" VPN would work, and so I am looking | more at the idea of choosing a random brand, equally | weighted.) | Tenoke wrote: | Actually, you are right. I just tried again and now only | 1 of my ips works for BBC so they are clearly getting | more aggressive (or my provider hasn't been changing them | as often recently). | greggman3 wrote: | I wonder if this will continue with Apple (and my guess is | other similarly sized tech companies) offering VPN. In other | words, shutting out Apple's VPN might mean losing 5-10% of | your market? Probably not but it will certainly be a new | situation for so many non-tech people to have easy access to | a VPN and Apple likely pushing it as "good for your privacy" | judge2020 wrote: | Apple's VPN explicitly maps users to an IP with a | [relatively] close IP address[0] (as in, for IP geolocation | purposes), and does minimal actual proxying: | | > In iOS 15 and macOS 12, Private Relay will apply to all | web browsing in Safari, all DNS name resolution queries, | and a small subset of traffic from apps. | | > Specifically, this will include all insecure HTTP | traffic, such as TCP port 80. | | So I can see most services not needing to block iCloud | Private Relay. | | 0: https://mask-api.icloud.com/egress-ip-ranges.csv | azalemeth wrote: | At some point, we're going to have more and more users | behind NAT and IP address looks even worse as a device for | banning someone. Them making impossible journeys and | changing country every five minutes, however, provides more | useful information. | Pmop wrote: | I use it mainly because my ISP does traffic shaping, videos and | images load painfully slow on a full duplex half gigabit fiber | connection. We do have a law that makes traffic shaping | illegal, but it's not enforced, so the only way around it is to | use a VPN. | xvector wrote: | It's for protection from ISPs. | legrande wrote: | > It's for protection from ISPs. | | Insofar as there are shitty ISPs that sell your data, yes. | Most ISPs don't though. Also: I trust a VPN based in | Gibraltar more than an ISP which is known to sell your data. | MattGaiser wrote: | In North America at least, your ISP will happily comply | with copyright notices and threats of lawsuits and pass | them along. | api wrote: | VPNs are cheap to run snake oil that you can sell to people who | don't really understand security. Snake oil in general is a | great business. | michaelt wrote: | VPNs, much like gas stations, are selling an almost | indistinguishable product. Essentially every VPN is fast | enough, and secure enough in its selection of software. | | The only differences are: | | * Undetectable things (they say they don't keep logs, but do | they _really_ not keep logs?) | | * Price - which they don't want to compete on if they can avoid | it | | * Reputation - which advertising can buy you a simulacrum of | | Some VPN companies have decided the way they're going to stand | out in the sea of very similar looking options is by being the | company whose name you recognise. | brighton36 wrote: | Great comment. | Tenoke wrote: | I've tried a few VPNs and they are pretty distinguishable. | Some offer more countries, some higher speeds, some rotate | IPs more often etc. | this_user wrote: | "Secure enough" depends on your threat model. Many VPNs were | poorly configured in the past and were leaking information. | Only a few (like IVPN) were doing a proper job and had that | verified by a third-party audit. | | The next big question is jurisdiction. I would never trust a | VPN that is based in the US, UK or a similar country where | government access is virtually a given. | tptacek wrote: | You could remove the first two words of this headline | ("Consolidation of") and end up with a headline that is as true, | if not more true. | ignoramous wrote: | Windscribe themselves got pwned not long ago: | https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-b... | Ownership is just one part of the equation. | fuj wrote: | Meh looks like a cheap shot at the recent acquisition news. | martinmunk wrote: | Apart from legal protection, I've found that if you are behind a | crappy ISP router, bundling a bunch of Torrent connections in one | VPN connection can prevent the router from becoming unstable. | math-dev wrote: | Can someone explain how VPNs work / why they are cheap to run? | | If I download 1TB through my VPN, dont they have bandwidth costs | for 1 TB as well? | no_wizard wrote: | As part of a software package I get 1Password, AdGuard, the | AdGuard VPN and Malware Bytes, all for the same price as paying | for 1Password yearly, so I got the bundle deal. | | I often wonder how good AdGuard really is, anyone know about | this? I'm aware they use some kind of proprietary connection | scream, but the actual VPN tunnel appears over IPSec, I think | it's the negotiation that is for some reason non standard. | | Anyone know anything about this? I am only testing it out cause I | get it in this package deal | ignoramous wrote: | AdGuard's VPN isn't IPSec? IIRC, to evade censorship, they | tunnel through HTTP (or something that looks like HTTP): | https://archive.is/HxZG5 | no_wizard wrote: | Ah I may be confused as the client registers on my device as | IPsec (in this case my iPhone) | mmarq wrote: | These so-called VPNs are only good to bypass Nexflix's regional | filters, and shouldn't even be called VPNs. Nobody should assume | these services can be used to improve security or privacy. | dreyfan wrote: | VPN companies make a lot of money selling your browsing activity | to governments, fintech, and adtech. | fuj wrote: | Free or close to free VPNs? Maybe. | | Paid VPNs like Nord, Proton, Express. Seriously doubt it. Their | estimated subscribed count * subscription cost is worth a lot | more than selling data, specially considering it would kill | their business the minute it came out. | threecheese wrote: | Do you have evidence of this? | greyface- wrote: | https://www.vice.com/en/article/jg84yy/data-brokers- | netflow-... https://news.ycombinator.com/item?id=28300234 | sdrawkcabmai wrote: | They do not keep logs on your browsing history but they do | route it immediately to various parties paying for the live | feeds. /sarcasm sort of | | I think those vpns are monetizing your traffic everyway they | can and are often circumspect about it. | monkeybutton wrote: | The best way to find out would be to try and buy such data. | TheSpiceIsLife wrote: | What would that look like? | | Do you have evidence _some don't_? | etaioinshrdlu wrote: | Here is some: | https://www.buzzfeednews.com/article/craigsilverman/vpn- | and-... | cortesoft wrote: | "VPN companies are all scummy and make false promises in their | advertising" | | "Anyway, here is an advertisement for our VPN company" | Reubend wrote: | That's not what the article is actually saying, and they make | some good points in the article about how other VPNs have | conflicts of interest. But you're right that this post | basically amounts to content marketing rather than a real | discussion of the complicated issues at play. | t0bia_s wrote: | VPN is just another "man in middle". If you need anonymity, use | TOR. | Andrew_nenakhov wrote: | Yeah, many men in the middle is better than just one! /s | novok wrote: | This post finally inspired me to try out mullvad, and I wish I | did sooner. It's actually really easy, and the way they set | things up and writing about how they work is a breath of fresh | air. ___________________________________________________________________ (page generated 2021-09-18 23:00 UTC)