Attempting to use a VPN location in Somalia and actually getting routed to an exit in Paris or London is not what I would consider "close enough". That's off by 3000 miles. That's like claiming to be in the Amazon Rainforest in Brazil while being in Montreal, Canada. And apparently 28% of locations are off by at least this much

And if I do it for privacy, the actual exit location seems very relevant. Even if I trust the VPN provider to keep my data safe (which for the record I wouldn't with the majority of this list), I still have to consider what happens to the data on either end of the VPN connection. I'm willing to bet money that any VPN data exiting in London is monitored by GCHQ, while an exit in Russia probably wouldn't be in direct view of NSA and GCHQ

Yes. Let’s take an extreme example: you think you exit in Japan, but you’re actually exiting in China. This means your traffic will be analyzed and censored by China.

The routers don’t care about where the provider says the IP comes from. If the packet travels through the router, it gets processed. So it very much matters if you do things that are legal in one country, but might not be in another. You know, one of the main reasons for using VPNs.

A more general case is for legal and SLAs. If a company uses one of these vpns to make sure their traffic only travels through a specific legal path, and then it's found that their traffic entered a different territory, there can be a lot of consequences.

The case I can think of most accessible would be anything that streams copywriten video.

I've wondered about jurisdiction in copyright for a while -- if I access a USA website from a Swedish server, make a copy on that server, then stream it to a French location for viewing all the while being in UK. Where has any crime/infringement occurred; which courts have jurisdiction?

Anyone know of any caselaw addressing these issues.

Are any VPN's getting China wrong? It would be pretty obvious. In fact, common VPN's I'm looking at don't even support China as an option. Obviously no VPN's are mixing countries up where it becomes clear from what you're allowed to browse.

But so "if you do things that are legal in one country, but might not be in another" is what I'm specifically asking about. Ultimately, legality is determined by the laws that apply to you, not the country your packets come out of. So I'm asking for a specific example.

And I already said, that if a site is attempting to determine permissions based on the country, it's doing so via the same list. E.g. when the country is actually Greenland, but you think it's the UK, and Netflix also thinks it's the UK. Which is why I'm saying, at the end of the day, is there any real consequence here? If both sender and receiver think it's the UK, what does it matter if it's actually Greenland?

China was just an example. Try to extrapolate on your own.

Take someone from Russia, Iran, wherever, trying to access information they aren't allowed to access, or sharing information they aren't allowed to share. They think they're connected to a neighboring country, but in reality are exiting from their own country. Therefore, the traffic gets analyzed and they fall out a window.

Imagine Snowden sharing information about the NSA while using a VPN that actually exited from the US. Things might have developed differently.

Yes, it won't matter for most services. But as soon as states or ISPs are involved, you're fucked if you get it wrong.

> Try to extrapolate on your own.

No need for the snark. Obviously we're not talking about somebody in Iran or Russia connecting to a VPN that just leads back into their own country, that would be idiotic. None of the VPN providers are providing anything like that. Those don't even make sense conceptually. A Western VPN provider that an Iranian or Russian is using isn't even legally allowed to operate nodes inside of Iran or Russia due to sanctions.

I'm talking about the realistic mix-ups that the article is using as examples. Where Somalia is actually going to France or something. That's why my original comment started with "Is there any real-life situation..."

No VPN providers are accidentally routing into an oppressive dictatorship.

I really don't understand what you're not getting here. I'm not trying to be condescending, but I explained it as simple as possible. But let's break it down again:

1) You currently reside in Iran for whatever reason.

2) You download, or have downloaded previously, a VPN software that does not tell you where you exit truthfully.

3) You connect to Pakistan, because you want to spread information that is illegal in Iran, but legal in Pakistan. You choose Pakistan because it is near you, so you get better latency.

4) In reality, your VPN exits not in Pakistan, but in Iran. Because they lied.

5) Iran is now able to monitor both your connection traffic to the VPN, and your VPN's exit traffic.

6) You die.

Simple as that. I don't see why this is not a realistic use case in your mind? One very prominent selling point for VPN providers is exactly this. Allowing reporters and other minorities to still safely access the internet in areas in which it is not allowed by law. You don't have to be an Iranian for that. You can just be there, as an international correspondent, using a western VPN, for example. Or you're visiting family after purchasing that VPN in Europe somewhere.

> No VPN providers are accidentally routing into an oppressive dictatorship.

The entire point of this article is that you as the user can't know that. And almost every country is applying some kind of censorship that may or may not affect you. As I mentioned in my previous example, Snowden is a real life situation in which this exact thing would have mattered. He didn't live in an oppressive dictatorship, yet a VPN exiting in Canada vs. exiting in the U.S. would have made a significant difference in safety for him.

You know what? Adding another example from a "non oppressive dictatorship" country: Germany.

Every few years, Germany tries to push for [Vorratsdatenspeicherung](https://de.wikipedia.org/wiki/Vorratsdatenspeicherung), which forces ISPs to store all connection data for later analysis by law enforcement. This is against the German constitution, so it gets overturned after a few years and the cycle starts again.

Point is, if you want your data to not be analyzed by law enforcement, and you live in Germany, you may want to use a VPN and connect to, for example, the Netherlands, where no such law exists.

Now, as we established, the VPN providers lie about it and maybe they don't have an exit point in the Netherlands, so they just let you exit in Germany again.

Same situation as before, but less extreme. Germany now will be able to put together metadata and find out what you were actually doing.

Are you going to jail for that? Maybe, if you did something highly illegal. You probably deserve it in this case.

But this isn't the point of discussions like these. It's always fine until something like Hitler happens and you happen to be jewish. You just can't know how the future will play out, and if your data is stored somewhere, it can be abused. VPNs promise to be a solution to this issue, and they apparently aren't. Which is a problem, even in a healthy democracy.

People like you pretending this isn't a problem, are a problem. It's the same argument as "I don't have anything to hide." Yes, maybe you don't have anything to hide today. Tomorrow? That might no longer be true. Take abortions in the US as a recent example.

> Is there any real-life situation in which this matters, though?

You’d be shocked at the number of people in regulated industries that thinks a VPN inherently makes them more secure. If you think your traffic exits in the US and it exits in Canada — or really anywhere that isn’t the US — that can cause problems with compliance, and possibly data domicile promises made to clients and regulators.

At minimum, not being able to rely on the provider that you are routing your client’s data through is a big deal.