> Unfortunately, because VPNs will have many requests being sent from one server, website hosts can recognize when a VPN is being used. A constant stream of requests coming from one computer’s IP address is, of course, unusual behavior.
> NordVPN claims to have found a way to make traffic from its service look normal, though admits that it may not always work perfectly. It also says the NordWhisper protocol may introduce more latency.
That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes. But then again this "journalist" might be a too typical one, one who doesn't know what they're talking about.
And on the other side of the block, a VPN user in a suppressive regime trying to connect to a regime-known VPN server will just get a spoofed "connection refused" from the regime's firewall. interestingly a P2P-system where they connect to a random home computer somewhere on the planet instead of known commercial VPN servers, plus a hard-to-detect protocol (pretend to be a game? Do games do P2P nowadays or do they always talk to a server?), might be able to get away with it.
I get the occasional request to NordVPN image assets beginning with `/nordvpn/media/` on my server. Apparently this is or was a way to find out if an IP address is acting as an exit node.
> That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes.
Why the fear? That would probably improve overall access to privacy/anonymity, and I would assume NordVPN would take any legal heat over this, not their users.
Other services used users' computers as exit nodes without clear disclosure. Users found out when services blocked their IP addresses. And why would you assume NordVPN would take any legal heat?
I mean, if this is the case, and their users aren't aware. If the users are aware, and want to run nordvpn equivalents of tor exit nodes, then I don't see a problem.
NordVPN can't indemnify you against the cops executing a search warrant at your house, and perp walking you out in front of your neighbours because a NordVPN user used your exit node to download child abuse material.
Is a person running an exit node responsible for the requests coming out of that node? Or will it just make for a very awkward conversations with the authorities if someone requests CP or terrorist paraphernalia via your exit node?
I’m not aware of specific case law, but there has been an ongoing case regarding a Tor Exit Node and copyright infringement that suggest the exit node hoster is not legally responsible for the data, at least in terms of copyright infringement. Who know about other actions
>>> and one fears they'd use other users' computers as exit nodes
>> This is already standard practice for commercial VPN providers
> I know those freebie VPNs do that, but many commercial providers are still sane.
True. There are free VPN apps that rope their users into a residential proxy net. The combined userbase is sold to bad actors as a residential proxy service.
This is not what major VPN providers like Mullvad, OVPN or even Nord do.
The first two have a good reputation. Nord, not so much. However, for all it's faults, Nord is no bad actor - they're not in the same category as a ResProxy seller.
I'm a user of Mullvad, I can get configurations for Wireguard and OpenVpn through my dashboard. This eliminates the possibility of being used as an exit node as I can read the wg config and see exactly what it does. I think other providers should do the same with their systems. It allows for high flexibility.
Off the top of my head Warframe is massive and uses p2p while in most missions, Helldivers 2 was a huge launch last year with p2p, dead by daylight, a lot of indie multi-players like risk of rain 2. It's quite popular for coop style games where you need to worry less about cheating. They will use servers to create the matchmaking and then will pick the user with the strongest computer and network typically to actually host the game. I don't know of any games that do p2p asset transfer anymore
Steam has a feature for this where for supported games like Counter Strike 2 or Team Fortress 2, your connection will be routed through other players, or just people on your friends list depending on your settings.
The vpn NordVPN is backed by USA to return decryption and then decryption for the USA to turn around and send results. All PCs have SSL Decryption available via the US Government... Thus, they have all results which they can decrypt. My PC has Bitdefender that does the same thing. Install their software and view encryption. You will see the encryption is deencryption/middle man/reencryption.
Long story short, NordVPC is the USA monitoring individual suspect connections.
It doesn't grab your real IP, but it does more times than is doesn't.
Reading the comments here, it's clear that many have a less than favorable view of NordVPN. With that said, what VPN provider would readers here recommend? I don't know if there is a consensus for a "good VPN provider" that respects privacy, etc or if they are all shitty in one way or another.
They make an effort to store as little customer info as possible, including getting rid of subscriptions to reduce payment information they have to keep [1]. Despite subscriptions being a great way of getting consistent revenue.
As well as card, they allow payment in cash, crypto and quite a few others.
They have open source clients and are one of few providers with an official client on F-Droid.
They don't try to lock you in for years. It's €5 per month no matter how long you pay for.
They have regular external audits. [2]
If you read their website you'll find they focus on privacy rather than 'watching TV while you're on holiday'. [3][4]
Mozilla use Mullvad for Firefox VPN. Tailscale have partnered with Mullvad. [5]
Also many people forget its not just the VPN, its the combination of the VPN and your browser. There are many ways to unmask you even if the provider does everything right. They can't protect against attacks like dom battery monitoring, complex fingerprinting, UDP timing attacks, etc... read the Mullvad audit for more details. They cite the need to enable DAITA by default as a shortcoming. https://www.x41-dsec.de/static/reports/X41-Mullvad-Audit-Pub...
You can even buy them from Amazon. The cards don't have any sort of exposed code to scan when it gets sold to activate it like other gift cards. Nothing on them makes one identifiable from another until you scratch it off.
While not empirical proof I typically distrust anything that has massive marketing budgets. Nord seems to sponsor every Tom, Dick, and Harry on YouTube to push their product and, as we've seen from many other unmasked operations that do that (Honey, Established Titles), that doesn't bode well.
I don't use Mullvad, but I've never seen them run ads directly, and they've gotten exposure via word of mouth very effectively.
I forgot the name but 10 years ago there was a popular free vpn extension for browsers that let each user exit by the other users ip and you could choose the location with a click.
But behind that free service, the model was to provide an expensive service to companies needing high frequency testing or scraping (sometime illegal) with multiple ips and locations. I got a trial for 1 week after a visio with them, it was complicated to setup, but it felt like exploiting unknowing free users.
Is there any technical description of this protocol somewhere? Nord blog[1] (I presume, the original source) is not too heavy on details either. Granted, the company may not want to release _all_ details but quick skim of the TFA reads like it's some form of pixie dust that will bring us to the promised land.
I really wish Apple and Google would run VPNs. Then, given their markets are so large, they couldn't be blocked by anyone that wanted customers/eyeballs.
You'd think "Privacy First" Apple would do this.
HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
This is the last thing I would want. Hypothetical, but not totally unlikely scenario: I live in Florida. I use a Google VPN service to access Pornhub. The Florida AG decides to subpoena Google to see who's been using a VPN to watch porn. Of course Google bends over and provides the data. The AG finds that I've been looking at porn, so now I'm a criminal. Google suspends my account(s) because I've violated their TOS (criminal activity). I just lost access to GMail and I'm never gonna get it back because that's how Google rolls. In this scenario, if I had used an independent VPN service (not Google or Apple), perhaps, my VPN service would've been cancelled, but that's it.
Yeah but apple gave in to Chinese government and all their server in China are under monitoring of the CCP, the party have keys to decrypt every bit of data that goes through them, Chinese icloud private relay included.
That's like when apple still refuses after years to fix the airdrop protocol so that Chinese police forces can't find anymore who sent what file to who. Since 2022, Chinese police forces openly brag about the fact they can retrieve the identity of people who spread unallowed propaganda through airdrop in crowded area.
Good guy apple for pretending to do the right stuff but no one should rely on them.
I don't see how this could prevent unsafe sites leaking credentials (Assuming unsecure == No TLS) as unencrypted data will be sent through the exit node to the web server. It does however help for wifi snooping.
>HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
I have showdead enabled in my profile and I sometimes see new users that are shadowbanned (i.e. their posts/comments are automatically "dead"). If it's not spam or low quality, I'll vouch for them.
you have gained a rep enough to not be ghost banned somehow.
the ghost banning makes it hard to make a temp account to whistle blow. And, even if you weren't whistle blowing bit making legit comment, it won't appear until you pass that threshold of not being shadowbanned, at which point your comment is worthless since it's days or weeks later
I already have to because many places I frequent (hotels, airports/planes, random shops) block not only UDP (so no Wireguard), but also OpenVPN explicitly.
For the average person? Sure. For someone trying to access region blocked content? No. For someone trying to torrent files? No. For someone trying to do... uh... hacker things? No.
VPNs have their uses. The vast majority of people don't need VPNs, but some people do find a use for them.
I'm assuming if you are getting let's you are in violation of TOS you agreed to.
Advocacy aside, the solution is to not. I know a lot of people can't pick another provider but at the same time they probably didn't need what they were torrenting...
Now do I think what I do with my internet is my problem and my ISP can go f themselves. Yes, but I'm also in the privileged position to have many options and quite a few have the "its your internet connection, we will inform you about throttling if we have a technical reason, also if the police asks we are compelled by law to do x"
A VPN does not solve your problem and isn't advocacy, it's at best bootlegging.
Some are, but not all. That’s why you do your research and pick reputable services. I’ve been a happy user of Mullvad & protonvpn for years. They’ve had ample opportunities to mitm me, but I reckon if it hasn’t happened by now it probably won’t
> NordVPN claims to have found a way to make traffic from its service look normal, though admits that it may not always work perfectly. It also says the NordWhisper protocol may introduce more latency.
That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes. But then again this "journalist" might be a too typical one, one who doesn't know what they're talking about.
And on the other side of the block, a VPN user in a suppressive regime trying to connect to a regime-known VPN server will just get a spoofed "connection refused" from the regime's firewall. interestingly a P2P-system where they connect to a random home computer somewhere on the planet instead of known commercial VPN servers, plus a hard-to-detect protocol (pretend to be a game? Do games do P2P nowadays or do they always talk to a server?), might be able to get away with it.
Anyway, the page doesn't give much detail either: https://nordvpn.com/blog/nordwhisper-protocol/