> Unfortunately, because VPNs will have many requests being sent from one server, website hosts can recognize when a VPN is being used. A constant stream of requests coming from one computer’s IP address is, of course, unusual behavior.
> NordVPN claims to have found a way to make traffic from its service look normal, though admits that it may not always work perfectly. It also says the NordWhisper protocol may introduce more latency.
That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes. But then again this "journalist" might be a too typical one, one who doesn't know what they're talking about.
And on the other side of the block, a VPN user in a suppressive regime trying to connect to a regime-known VPN server will just get a spoofed "connection refused" from the regime's firewall. interestingly a P2P-system where they connect to a random home computer somewhere on the planet instead of known commercial VPN servers, plus a hard-to-detect protocol (pretend to be a game? Do games do P2P nowadays or do they always talk to a server?), might be able to get away with it.
I get the occasional request to NordVPN image assets beginning with `/nordvpn/media/` on my server. Apparently this is or was a way to find out if an IP address is acting as an exit node.
> That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes.
Why the fear? That would probably improve overall access to privacy/anonymity, and I would assume NordVPN would take any legal heat over this, not their users.
Other services used users' computers as exit nodes without clear disclosure. Users found out when services blocked their IP addresses. And why would you assume NordVPN would take any legal heat?
I mean, if this is the case, and their users aren't aware. If the users are aware, and want to run nordvpn equivalents of tor exit nodes, then I don't see a problem.
Steam has a feature for this where for supported games like Counter Strike 2 or Team Fortress 2, your connection will be routed through other players, or just people on your friends list depending on your settings.
Off the top of my head Warframe is massive and uses p2p while in most missions, Helldivers 2 was a huge launch last year with p2p, dead by daylight, a lot of indie multi-players like risk of rain 2. It's quite popular for coop style games where you need to worry less about cheating. They will use servers to create the matchmaking and then will pick the user with the strongest computer and network typically to actually host the game. I don't know of any games that do p2p asset transfer anymore
Is a person running an exit node responsible for the requests coming out of that node? Or will it just make for a very awkward conversations with the authorities if someone requests CP or terrorist paraphernalia via your exit node?
I’m not aware of specific case law, but there has been an ongoing case regarding a Tor Exit Node and copyright infringement that suggest the exit node hoster is not legally responsible for the data, at least in terms of copyright infringement. Who know about other actions
>>> and one fears they'd use other users' computers as exit nodes
>> This is already standard practice for commercial VPN providers
> I know those freebie VPNs do that, but many commercial providers are still sane.
True. There are free VPN apps that rope their users into a residential proxy net. The combined userbase is sold to bad actors as a residential proxy service.
This is not what major VPN providers like Mullvad, OVPN or even Nord do.
The first two have a good reputation. Nord, not so much. However, for all it's faults, Nord is no bad actor - they're not in the same category as a ResProxy seller.
I'm a user of Mullvad, I can get configurations for Wireguard and OpenVpn through my dashboard. This eliminates the possibility of being used as an exit node as I can read the wg config and see exactly what it does. I think other providers should do the same with their systems. It allows for high flexibility.
The vpn NordVPN is backed by USA to return decryption and then decryption for the USA to turn around and send results. All PCs have SSL Decryption available via the US Government... Thus, they have all results which they can decrypt. My PC has Bitdefender that does the same thing. Install their software and view encryption. You will see the encryption is deencryption/middle man/reencryption.
Long story short, NordVPC is the USA monitoring individual suspect connections.
I forgot the name but 10 years ago there was a popular free vpn extension for browsers that let each user exit by the other users ip and you could choose the location with a click.
But behind that free service, the model was to provide an expensive service to companies needing high frequency testing or scraping (sometime illegal) with multiple ips and locations. I got a trial for 1 week after a visio with them, it was complicated to setup, but it felt like exploiting unknowing free users.
Reading the comments here, it's clear that many have a less than favorable view of NordVPN. With that said, what VPN provider would readers here recommend? I don't know if there is a consensus for a "good VPN provider" that respects privacy, etc or if they are all shitty in one way or another.
They make an effort to store as little customer info as possible, including getting rid of subscriptions to reduce payment information they have to keep [1]. Despite subscriptions being a great way of getting consistent revenue.
As well as card, they allow payment in cash, crypto and quite a few others.
They have open source clients and are one of few providers with an official client on F-Droid.
They don't try to lock you in for years. It's €5 per month no matter how long you pay for.
They have regular external audits. [2]
If you read their website you'll find they focus on privacy rather than 'watching TV while you're on holiday'. [3][4]
Mozilla use Mullvad for Firefox VPN. Tailscale have partnered with Mullvad. [5]
Also many people forget its not just the VPN, its the combination of the VPN and your browser. There are many ways to unmask you even if the provider does everything right. They can't protect against attacks like dom battery monitoring, complex fingerprinting, UDP timing attacks, etc... read the Mullvad audit for more details. They cite the need to enable DAITA by default as a shortcoming. https://www.x41-dsec.de/static/reports/X41-Mullvad-Audit-Pub...
You can even buy them from Amazon. The cards don't have any sort of exposed code to scan when it gets sold to activate it like other gift cards. Nothing on them makes one identifiable from another until you scratch it off.
While not empirical proof I typically distrust anything that has massive marketing budgets. Nord seems to sponsor every Tom, Dick, and Harry on YouTube to push their product and, as we've seen from many other unmasked operations that do that (Honey, Established Titles), that doesn't bode well.
I don't use Mullvad, but I've never seen them run ads directly, and they've gotten exposure via word of mouth very effectively.
Is there any technical description of this protocol somewhere? Nord blog[1] (I presume, the original source) is not too heavy on details either. Granted, the company may not want to release _all_ details but quick skim of the TFA reads like it's some form of pixie dust that will bring us to the promised land.
I already have to because many places I frequent (hotels, airports/planes, random shops) block not only UDP (so no Wireguard), but also OpenVPN explicitly.
I really wish Apple and Google would run VPNs. Then, given their markets are so large, they couldn't be blocked by anyone that wanted customers/eyeballs.
You'd think "Privacy First" Apple would do this.
HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
This is the last thing I would want. Hypothetical, but not totally unlikely scenario: I live in Florida. I use a Google VPN service to access Pornhub. The Florida AG decides to subpoena Google to see who's been using a VPN to watch porn. Of course Google bends over and provides the data. The AG finds that I've been looking at porn, so now I'm a criminal. Google suspends my account(s) because I've violated their TOS (criminal activity). I just lost access to GMail and I'm never gonna get it back because that's how Google rolls. In this scenario, if I had used an independent VPN service (not Google or Apple), perhaps, my VPN service would've been cancelled, but that's it.
Yeah but apple gave in to Chinese government and all their server in China are under monitoring of the CCP, the party have keys to decrypt every bit of data that goes through them, Chinese icloud private relay included.
That's like when apple still refuses after years to fix the airdrop protocol so that Chinese police forces can't find anymore who sent what file to who. Since 2022, Chinese police forces openly brag about the fact they can retrieve the identity of people who spread unallowed propaganda through airdrop in crowded area.
Good guy apple for pretending to do the right stuff but no one should rely on them.
I don't see how this could prevent unsafe sites leaking credentials (Assuming unsecure == No TLS) as unencrypted data will be sent through the exit node to the web server. It does however help for wifi snooping.
>HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
I have showdead enabled in my profile and I sometimes see new users that are shadowbanned (i.e. their posts/comments are automatically "dead"). If it's not spam or low quality, I'll vouch for them.
you have gained a rep enough to not be ghost banned somehow.
the ghost banning makes it hard to make a temp account to whistle blow. And, even if you weren't whistle blowing bit making legit comment, it won't appear until you pass that threshold of not being shadowbanned, at which point your comment is worthless since it's days or weeks later
I'm assuming if you are getting let's you are in violation of TOS you agreed to.
Advocacy aside, the solution is to not. I know a lot of people can't pick another provider but at the same time they probably didn't need what they were torrenting...
Now do I think what I do with my internet is my problem and my ISP can go f themselves. Yes, but I'm also in the privileged position to have many options and quite a few have the "its your internet connection, we will inform you about throttling if we have a technical reason, also if the police asks we are compelled by law to do x"
A VPN does not solve your problem and isn't advocacy, it's at best bootlegging.
Some are, but not all. That’s why you do your research and pick reputable services. I’ve been a happy user of Mullvad & protonvpn for years. They’ve had ample opportunities to mitm me, but I reckon if it hasn’t happened by now it probably won’t
For the average person? Sure. For someone trying to access region blocked content? No. For someone trying to torrent files? No. For someone trying to do... uh... hacker things? No.
VPNs have their uses. The vast majority of people don't need VPNs, but some people do find a use for them.
> Unfortunately, because VPNs will have many requests being sent from one server, website hosts can recognize when a VPN is being used. A constant stream of requests coming from one computer’s IP address is, of course, unusual behavior.
> NordVPN claims to have found a way to make traffic from its service look normal, though admits that it may not always work perfectly. It also says the NordWhisper protocol may introduce more latency.
That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes. But then again this "journalist" might be a too typical one, one who doesn't know what they're talking about.
And on the other side of the block, a VPN user in a suppressive regime trying to connect to a regime-known VPN server will just get a spoofed "connection refused" from the regime's firewall. interestingly a P2P-system where they connect to a random home computer somewhere on the planet instead of known commercial VPN servers, plus a hard-to-detect protocol (pretend to be a game? Do games do P2P nowadays or do they always talk to a server?), might be able to get away with it.
Anyway, the page doesn't give much detail either: https://nordvpn.com/blog/nordwhisper-protocol/
I get the occasional request to NordVPN image assets beginning with `/nordvpn/media/` on my server. Apparently this is or was a way to find out if an IP address is acting as an exit node.
> That reads like they're wheel-reinventing Tor, and one fears they'd use other users' computers as exit nodes.
Why the fear? That would probably improve overall access to privacy/anonymity, and I would assume NordVPN would take any legal heat over this, not their users.
Other services used users' computers as exit nodes without clear disclosure. Users found out when services blocked their IP addresses. And why would you assume NordVPN would take any legal heat?
I mean, if this is the case, and their users aren't aware. If the users are aware, and want to run nordvpn equivalents of tor exit nodes, then I don't see a problem.
I think it more likely they’re just repackaging XTLS/VMess with domain fronting, or one of those other heavily obfuscated techniques.
But yeah who knows, zero detail.
Plenty of popular games still do p2p
Really? Can you give some examples? Just for multiplayer or for large asset transfer?
Steam has a feature for this where for supported games like Counter Strike 2 or Team Fortress 2, your connection will be routed through other players, or just people on your friends list depending on your settings.
Off the top of my mind as a big game GTA V runs P2P, I think most games that aren't competitive do, only using servers for matchmaking
I was going to respond that most games from the PS3/360 era used p2p but I don't know about recent ones. But GTA5 was a PS3/360 game.
Off the top of my head Warframe is massive and uses p2p while in most missions, Helldivers 2 was a huge launch last year with p2p, dead by daylight, a lot of indie multi-players like risk of rain 2. It's quite popular for coop style games where you need to worry less about cheating. They will use servers to create the matchmaking and then will pick the user with the strongest computer and network typically to actually host the game. I don't know of any games that do p2p asset transfer anymore
> and one fears they'd use other users' computers as exit nodes
This is already standard practice for commercial VPN providers, and is one of ten thousand reasons you should never use one for any reason ever.
Is a person running an exit node responsible for the requests coming out of that node? Or will it just make for a very awkward conversations with the authorities if someone requests CP or terrorist paraphernalia via your exit node?
I’m not aware of specific case law, but there has been an ongoing case regarding a Tor Exit Node and copyright infringement that suggest the exit node hoster is not legally responsible for the data, at least in terms of copyright infringement. Who know about other actions
https://torrentfreak.com/tor-exit-node-operator-dodges-bulle...
Aah, yet more bullshit on the Internet. Source?
I know those freebie VPNs do that, but many commercial providers are still sane.
>>> and one fears they'd use other users' computers as exit nodes
>> This is already standard practice for commercial VPN providers
> I know those freebie VPNs do that, but many commercial providers are still sane.
True. There are free VPN apps that rope their users into a residential proxy net. The combined userbase is sold to bad actors as a residential proxy service.
This is not what major VPN providers like Mullvad, OVPN or even Nord do.
The first two have a good reputation. Nord, not so much. However, for all it's faults, Nord is no bad actor - they're not in the same category as a ResProxy seller.
I'm a user of Mullvad, I can get configurations for Wireguard and OpenVpn through my dashboard. This eliminates the possibility of being used as an exit node as I can read the wg config and see exactly what it does. I think other providers should do the same with their systems. It allows for high flexibility.
Well, if you just run OpenVPN, I suppose that you're using the conventional algorithm.
Have any others? I haven't seen such pushback on using a VPN before, so I'm curious.
This is nonsense. VPNs would be long out of business if this was true.
[dead]
The vpn NordVPN is backed by USA to return decryption and then decryption for the USA to turn around and send results. All PCs have SSL Decryption available via the US Government... Thus, they have all results which they can decrypt. My PC has Bitdefender that does the same thing. Install their software and view encryption. You will see the encryption is deencryption/middle man/reencryption.
Long story short, NordVPC is the USA monitoring individual suspect connections.
I forgot the name but 10 years ago there was a popular free vpn extension for browsers that let each user exit by the other users ip and you could choose the location with a click.
But behind that free service, the model was to provide an expensive service to companies needing high frequency testing or scraping (sometime illegal) with multiple ips and locations. I got a trial for 1 week after a visio with them, it was complicated to setup, but it felt like exploiting unknowing free users.
Reading the comments here, it's clear that many have a less than favorable view of NordVPN. With that said, what VPN provider would readers here recommend? I don't know if there is a consensus for a "good VPN provider" that respects privacy, etc or if they are all shitty in one way or another.
Mullvad are the 'good VPN provider'.
They make an effort to store as little customer info as possible, including getting rid of subscriptions to reduce payment information they have to keep [1]. Despite subscriptions being a great way of getting consistent revenue.
As well as card, they allow payment in cash, crypto and quite a few others.
They have open source clients and are one of few providers with an official client on F-Droid.
They don't try to lock you in for years. It's €5 per month no matter how long you pay for.
They have regular external audits. [2]
If you read their website you'll find they focus on privacy rather than 'watching TV while you're on holiday'. [3][4]
Mozilla use Mullvad for Firefox VPN. Tailscale have partnered with Mullvad. [5]
[1] https://mullvad.net/en/blog/were-removing-the-option-to-crea... [2] https://mullvad.net/en/blog/tag/audits [3] https://mullvad.net/en/why-privacy-matters [4] https://mullvad.net/en/chatcontrol [5] https://mullvad.net/en/help/partnerships-and-resellers
Also many people forget its not just the VPN, its the combination of the VPN and your browser. There are many ways to unmask you even if the provider does everything right. They can't protect against attacks like dom battery monitoring, complex fingerprinting, UDP timing attacks, etc... read the Mullvad audit for more details. They cite the need to enable DAITA by default as a shortcoming. https://www.x41-dsec.de/static/reports/X41-Mullvad-Audit-Pub...
Mullvad is the best setup ive seen, with the most accessible interface, and recently audited.
The ability to pay with cash in the mail and login with just a generated ID is great.
All VPNs require trust however.
And in some countries you can buy a scratch card if you don't want to use cryptocurrency or risk sending cash in the mail.
You can even buy them from Amazon. The cards don't have any sort of exposed code to scan when it gets sold to activate it like other gift cards. Nothing on them makes one identifiable from another until you scratch it off.
Mullvad or OVPN. The latter kept ThePirateBay safe for years.
Mullvad
mullvad.net usually gets really high praise. I am not a user, but if i was looking for a vpn service, that's what I would personally get.
Mullvad
NordVPN probably makes more selling user data than subscriptions for its VPN service. It’s a huge scam
> NordVPN probably makes more selling user data than subscriptions for its VPN service. It’s a huge scam
What is the evidence? Is Deloitte part of the scam?[1]
[1] https://cybernews.com/news/deloitte-verifies-nordvpn-no-logs...
While not empirical proof I typically distrust anything that has massive marketing budgets. Nord seems to sponsor every Tom, Dick, and Harry on YouTube to push their product and, as we've seen from many other unmasked operations that do that (Honey, Established Titles), that doesn't bode well.
I don't use Mullvad, but I've never seen them run ads directly, and they've gotten exposure via word of mouth very effectively.
No idea in this case, but often, Deloitte is!
See, e.g, https://www.justice.gov/opa/pr/deloitte-touche-agrees-pay-14...
https://news.bloomberglaw.com/ip-law/deloitte-sued-over-clai...
https://www.ndtv.com/india-news/deloitte-clears-nigerian-fir...
https://www.cohenmilstein.com/case-study/ibew-local-98-pensi...
This is a random sampling, there is plenty more.
Is there any technical description of this protocol somewhere? Nord blog[1] (I presume, the original source) is not too heavy on details either. Granted, the company may not want to release _all_ details but quick skim of the TFA reads like it's some form of pixie dust that will bring us to the promised land.
[1]: https://nordvpn.com/blog/nordwhisper-protocol/
I wonder if it's analagous to spread spectrum[1] with radio comms.
[1] https://en.wikipedia.org/wiki/Spread_spectrum
Such protocols have been used in China for a long time: v2ray, trojan, xray-core reality, etc
My hope is that we never have to use them in the west
I already have to because many places I frequent (hotels, airports/planes, random shops) block not only UDP (so no Wireguard), but also OpenVPN explicitly.
I really wish Apple and Google would run VPNs. Then, given their markets are so large, they couldn't be blocked by anyone that wanted customers/eyeballs.
You'd think "Privacy First" Apple would do this.
HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
This is the last thing I would want. Hypothetical, but not totally unlikely scenario: I live in Florida. I use a Google VPN service to access Pornhub. The Florida AG decides to subpoena Google to see who's been using a VPN to watch porn. Of course Google bends over and provides the data. The AG finds that I've been looking at porn, so now I'm a criminal. Google suspends my account(s) because I've violated their TOS (criminal activity). I just lost access to GMail and I'm never gonna get it back because that's how Google rolls. In this scenario, if I had used an independent VPN service (not Google or Apple), perhaps, my VPN service would've been cancelled, but that's it.
Ironically, Google _does_ run a VPN, which of course they announced last year that they are shutting down: https://9to5google.com/2024/04/11/google-one-vpn-discontinue...
They do, sort of; iCloud Private Relay. Details: https://support.apple.com/en-gb/102602
Yeah but apple gave in to Chinese government and all their server in China are under monitoring of the CCP, the party have keys to decrypt every bit of data that goes through them, Chinese icloud private relay included.
That's like when apple still refuses after years to fix the airdrop protocol so that Chinese police forces can't find anymore who sent what file to who. Since 2022, Chinese police forces openly brag about the fact they can retrieve the identity of people who spread unallowed propaganda through airdrop in crowded area.
Good guy apple for pretending to do the right stuff but no one should rely on them.
Like a VPN except tied to your location, financials, cloud storage and devices! Great!
Ya its less for anonymity and more to prevent unsecure sites and wifi from leaking credentials
I don't see how this could prevent unsafe sites leaking credentials (Assuming unsecure == No TLS) as unencrypted data will be sent through the exit node to the web server. It does however help for wifi snooping.
We might as well reinvent the internet, and let each internet node anonymize IP addresses.
>HN blocks (ghost blocks) VPNs. Make a new account from a VPN. Post. Open a private/incognito window. Load up the thread. Your comment won't appear. Give it few days. It never appears. It only appears for you when you're logged in.
Wow is that true?
I have showdead enabled in my profile and I sometimes see new users that are shadowbanned (i.e. their posts/comments are automatically "dead"). If it's not spam or low quality, I'll vouch for them.
As a test: I am always on a vpn
Here I am also.
you have gained a rep enough to not be ghost banned somehow.
the ghost banning makes it hard to make a temp account to whistle blow. And, even if you weren't whistle blowing bit making legit comment, it won't appear until you pass that threshold of not being shadowbanned, at which point your comment is worthless since it's days or weeks later
VPNs are snake oil, don’t trust a word they say
tell that to the people who get letters from their isp threatening to cancel service for downloading torrents
vpns have their use case, they're definitely not snake oil
I'm assuming if you are getting let's you are in violation of TOS you agreed to.
Advocacy aside, the solution is to not. I know a lot of people can't pick another provider but at the same time they probably didn't need what they were torrenting...
Now do I think what I do with my internet is my problem and my ISP can go f themselves. Yes, but I'm also in the privileged position to have many options and quite a few have the "its your internet connection, we will inform you about throttling if we have a technical reason, also if the police asks we are compelled by law to do x"
A VPN does not solve your problem and isn't advocacy, it's at best bootlegging.
I think you will find that the real answer is not so simple.
I really wished such dogmatism was not so rampant in the technical world.
"As a rule, strong feelings about issues do not emerge from deep understanding." -Sloman and Fernbach
Some are, but not all. That’s why you do your research and pick reputable services. I’ve been a happy user of Mullvad & protonvpn for years. They’ve had ample opportunities to mitm me, but I reckon if it hasn’t happened by now it probably won’t
What makes you think it hasn't happened?
How do you know it hasn't. ;)
airvpn is also good. but it's true that most of vpn are just snake oil, to steal user data.
For the average person? Sure. For someone trying to access region blocked content? No. For someone trying to torrent files? No. For someone trying to do... uh... hacker things? No.
VPNs have their uses. The vast majority of people don't need VPNs, but some people do find a use for them.
Sending traffic from many IPv6 addresses perhaps?
Do note IPv6 is still not supported everywhere yet.
NordVPN continues to give chrome incognito vibes.