> Unfortunately, because VPNs will have many requests being sent from one server, website hosts can recognize when a VPN is being used. A constant stream of requests coming from one computer’s IP address is, of course, unusual behavior.
> NordVPN claims to have found a way to make traffic from its service look normal, though admits that it may not always work perfectly. It also says the NordWhisper protocol may introduce more latency.
That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes. But then again this "journalist" might be a too typical one, one who doesn't know what they're talking about.
And on the other side of the block, a VPN user in a suppressive regime trying to connect to a regime-known VPN server will just get a spoofed "connection refused" from the regime's firewall. interestingly a P2P-system where they connect to a random home computer somewhere on the planet instead of known commercial VPN servers, plus a hard-to-detect protocol (pretend to be a game? Do games do P2P nowadays or do they always talk to a server?), might be able to get away with it.
I get the occasional request to NordVPN image assets beginning with `/nordvpn/media/` on my server. Apparently this is or was a way to find out if an IP address is acting as an exit node.
> That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes.
Why the fear? That would probably improve overall access to privacy/anonymity, and I would assume NordVPN would take any legal heat over this, not their users.
Other services used users' computers as exit nodes without clear disclosure. Users found out when services blocked their IP addresses. And why would you assume NordVPN would take any legal heat?
NordVPN can't indemnify you against the cops executing a search warrant at your house, and perp walking you out in front of your neighbours because a NordVPN user used your exit node to download child abuse material.
Is a person running an exit node responsible for the requests coming out of that node? Or will it just make for a very awkward conversations with the authorities if someone requests CP or terrorist paraphernalia via your exit node?
The vpn NordVPN is backed by USA to return decryption and then decryption for the USA to turn around and send results. All PCs have SSL Decryption available via the US Government... Thus, they have all results which they can decrypt. My PC has Bitdefender that does the same thing. Install their software and view encryption. You will see the encryption is deencryption/middle man/reencryption.
Long story short, NordVPC is the USA monitoring individual suspect connections.
It doesn't grab your real IP, but it does more times than is doesn't.
Reading the comments here, it's clear that many have a less than favorable view of NordVPN. With that said, what VPN provider would readers here recommend? I don't know if there is a consensus for a "good VPN provider" that respects privacy, etc or if they are all shitty in one way or another.
They make an effort to store as little customer info as possible, including getting rid of subscriptions to reduce payment information they have to keep [1]. Despite subscriptions being a great way of getting consistent revenue.
As well as card, they allow payment in cash, crypto and quite a few others.
They have open source clients and are one of few providers with an official client on F-Droid.
They don't try to lock you in for years. It's €5 per month no matter how long you pay for.
They have regular external audits. [2]
If you read their website you'll find they focus on privacy rather than 'watching TV while you're on holiday'. [3][4]
Mozilla use Mullvad for Firefox VPN. Tailscale have partnered with Mullvad. [5]
Also many people forget its not just the VPN, its the combination of the VPN and your browser. There are many ways to unmask you even if the provider does everything right. They can't protect against attacks like dom battery monitoring, complex fingerprinting, UDP timing attacks, etc... read the Mullvad audit for more details. They cite the need to enable DAITA by default as a shortcoming. https://www.x41-dsec.de/static/reports/X41-Mullvad-Audit-Pub...
While not empirical proof I typically distrust anything that has massive marketing budgets. Nord seems to sponsor every Tom, Dick, and Harry on YouTube to push their product and, as we've seen from many other unmasked operations that do that (Honey, Established Titles), that doesn't bode well.
I don't use Mullvad, but I've never seen them run ads directly, and they've gotten exposure via word of mouth very effectively.
I forgot the name but 10 years ago there was a popular free vpn extension for browsers that let each user exit by the other users ip and you could choose the location with a click.
But behind that free service, the model was to provide an expensive service to companies needing high frequency testing or scraping (sometime illegal) with multiple ips and locations. I got a trial for 1 week after a visio with them, it was complicated to setup, but it felt like exploiting unknowing free users.
Is there any technical description of this protocol somewhere? Nord blog[1] (I presume, the original source) is not too heavy on details either. Granted, the company may not want to release _all_ details but quick skim of the TFA reads like it's some form of pixie dust that will bring us to the promised land.
I really wish Apple and Google would run VPNs. Then, given their markets are so large, they couldn't be blocked by anyone that wanted customers/eyeballs.
You'd think "Privacy First" Apple would do this.
HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
This is the last thing I would want. Hypothetical, but not totally unlikely scenario: I live in Florida. I use a Google VPN service to access Pornhub. The Florida AG decides to subpoena Google to see who's been using a VPN to watch porn. Of course Google bends over and provides the data. The AG finds that I've been looking at porn, so now I'm a criminal. Google suspends my account(s) because I've violated their TOS (criminal activity). I just lost access to GMail and I'm never gonna get it back because that's how Google rolls. In this scenario, if I had used an independent VPN service (not Google or Apple), perhaps, my VPN service would've been cancelled, but that's it.
Yeah but apple gave in to Chinese government and all their server in China are under monitoring of the CCP, the party have keys to decrypt every bit of data that goes through them, Chinese icloud private relay included.
That's like when apple still refuses after years to fix the airdrop protocol so that Chinese police forces can't find anymore who sent what file to who. Since 2022, Chinese police forces openly brag about the fact they can retrieve the identity of people who spread unallowed propaganda through airdrop in crowded area.
Good guy apple for pretending to do the right stuff but no one should rely on them.
>HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
I have showdead enabled in my profile and I sometimes see new users that are shadowbanned (i.e. their posts/comments are automatically "dead"). If it's not spam or low quality, I'll vouch for them.
Readit News
> NordVPN claims to have found a way to make traffic from its service look normal, though admits that it may not always work perfectly. It also says the NordWhisper protocol may introduce more latency.
That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes. But then again this "journalist" might be a too typical one, one who doesn't know what they're talking about.
And on the other side of the block, a VPN user in a suppressive regime trying to connect to a regime-known VPN server will just get a spoofed "connection refused" from the regime's firewall. interestingly a P2P-system where they connect to a random home computer somewhere on the planet instead of known commercial VPN servers, plus a hard-to-detect protocol (pretend to be a game? Do games do P2P nowadays or do they always talk to a server?), might be able to get away with it.
Anyway, the page doesn't give much detail either: https://nordvpn.com/blog/nordwhisper-protocol/
Why the fear? That would probably improve overall access to privacy/anonymity, and I would assume NordVPN would take any legal heat over this, not their users.
This is already standard practice for commercial VPN providers, and is one of ten thousand reasons you should never use one for any reason ever.
I know those freebie VPNs do that, but many commercial providers are still sane.
But yeah who knows, zero detail.
Dead Comment
Long story short, NordVPC is the USA monitoring individual suspect connections.
It doesn't grab your real IP, but it does more times than is doesn't.
https://www.dropbox.com/scl/fi/ika4tc7yr0h6kikkdqc5y/Screens...
http://acmenews.com/imgtest/scan32.html
They make an effort to store as little customer info as possible, including getting rid of subscriptions to reduce payment information they have to keep [1]. Despite subscriptions being a great way of getting consistent revenue.
As well as card, they allow payment in cash, crypto and quite a few others.
They have open source clients and are one of few providers with an official client on F-Droid.
They don't try to lock you in for years. It's €5 per month no matter how long you pay for.
They have regular external audits. [2]
If you read their website you'll find they focus on privacy rather than 'watching TV while you're on holiday'. [3][4]
Mozilla use Mullvad for Firefox VPN. Tailscale have partnered with Mullvad. [5]
[1] https://mullvad.net/en/blog/were-removing-the-option-to-crea... [2] https://mullvad.net/en/blog/tag/audits [3] https://mullvad.net/en/why-privacy-matters [4] https://mullvad.net/en/chatcontrol [5] https://mullvad.net/en/help/partnerships-and-resellers
The ability to pay with cash in the mail and login with just a generated ID is great.
All VPNs require trust however.
What is the evidence? Is Deloitte part of the scam?[1]
[1] https://cybernews.com/news/deloitte-verifies-nordvpn-no-logs...
I don't use Mullvad, but I've never seen them run ads directly, and they've gotten exposure via word of mouth very effectively.
See, e.g, https://www.justice.gov/opa/pr/deloitte-touche-agrees-pay-14...
https://news.bloomberglaw.com/ip-law/deloitte-sued-over-clai...
https://www.ndtv.com/india-news/deloitte-clears-nigerian-fir...
https://www.cohenmilstein.com/case-study/ibew-local-98-pensi...
This is a random sampling, there is plenty more.
But behind that free service, the model was to provide an expensive service to companies needing high frequency testing or scraping (sometime illegal) with multiple ips and locations. I got a trial for 1 week after a visio with them, it was complicated to setup, but it felt like exploiting unknowing free users.
[1]: https://nordvpn.com/blog/nordwhisper-protocol/
[1] https://en.wikipedia.org/wiki/Spread_spectrum
You'd think "Privacy First" Apple would do this.
HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
That's like when apple still refuses after years to fix the airdrop protocol so that Chinese police forces can't find anymore who sent what file to who. Since 2022, Chinese police forces openly brag about the fact they can retrieve the identity of people who spread unallowed propaganda through airdrop in crowded area.
Good guy apple for pretending to do the right stuff but no one should rely on them.
Wow is that true?