> However, the worst case situation is that they lie about not tracking users and then they get hit with a LEO request they bow down to.
That's within reason though. A VPN is another ISP afterall, so they have to 'bow down' to law enforcement requests. What LEAs can get depends on how zero knowledge the VPN setup is. OVPN[0] for example has been 'court tested' and Mullvad had nothing to give to authorities[1] since they don't collect it in the first place (apart from payment metadata).
I'm not affiliated with OVPN or Mullvad, just a happy paying customer.
A VPN is not an ISP, at least as Canadian law (currently) is concerned. ISPs are required to store IP assignment logs, VPNs are not. Additionally, VPNs (in Canada) cannot be compelled to log users.
Source: Our law firm (I'm from Windscribe), and first hand experience with RCMP.
It's only "reasonable" if the subpoena comes from a court in the country the VPN is headquartered in. And just like you said, what LE can get depends on how the VPN is setup. If it's no-logs, anonymous payment, randomly generated user ID's, and servers not allowing dumping of the connections, there isn't much to give to the law at all.
This is good! I will use this as a reference to share with friends and colleagues who ask me about XYZ VPN.
I think something that is missing in the network of connections is Mozilla VPN. From what I understand, they are just a re-brand of Mullvad.
There are other providers not listed, but finding a good VPN provider is kind of like finding a good watering hole--you don't want to spread the word too widely, else bad-actors come and pollute it.
I didn't realize how many media companies own VPN companies.
I'm the author of the map and I'll get those updates on there now, the Mozilla node was actually hidden (as I need to update the corp info) and there's other corrections I'm making now.
If you have any other suggestions I'm more than happy to look into them and start getting them updated. This has been a passion project of my own for the past few years so I'm really grateful for any other feedback.
Since you are the author of the map, it would be nice to also include the Windscribe relationship with Rescloud, which is one of their current residential ips providers whose CEO was cofounder of WeVPN.
An update to the 2022 VPN affiliate relationship map. A handy reference for who is owned by who - including their status or whether they're actually part of a bigger corporation.
Used to be a customer of ExpressVPN but after the acquisition, it no longer worked properly in China. Mullvad somehow survives despite their server IP ranges being public
Contrary to popular belief, IP blocking isn't the most common way VPNs are blocked these days. Additionally, GFW isn't the same in all of China. Different networks, different cities, have different filtering policies and rule sets. Same as in Russia now.
The GFW is extremely sophisticated in what it blocks and how it blocks it. I have seen it block otherwise random traffic based on packet sizes, packet patterns, stream concurrency, stream duration. It will allow connections, then probe the remote endpoint and disconnect if the probe detects banned services. It will track relationships between endpoints (e.g. blocking one resulting in traffic to another). Traffic that looks off /looks off/ and the GFW will block it -- and looking off may not be the kind of encryption or protocol, but simply how many people are using it from where and for how long.
The toughest part about working around the GFW is its consistency. Its effectiveness can vary by hour, day, political wind, etc. It can vary by what network you are on or the route your traffic takes to leave the country. The GFW isn't perfect, but it is just good enough that you give up trying.
And then every once in a while you get a news report about some VPN user getting arrested, so you get that level of paranoia, too.
I used to find it worked here and there for me (Shanghai Telecom, 4/5G was OK. Home didn't work). Shadowsocks worked well for me but then got janky - ended up using a local VPN for gaming and Windscribe for general browsing. For 3 sweet months I could run a AWS node and relay through that with awesome speeds but then that broke too. Ended up just with a residential IP and that solved everything til I left.
There is of course times like when the Two Sessions are in order and nothing worked.
I’m currently connecting directly to the Singapore server via WireGuard. Not even from the app, just from network manager on Linux. I do have xray and Trojan set up just in case
While the no-logs policies of many of these providers is mentioned in their EULAs, there's never a mention of paid access to NetFlow data, which can be used to link public flows to the IP addresses of users.
Is this a thing? I recall hearing about it around two years ago.
Something along the lines of "ISPs Give 'Netflow Data' To Third Parties, Who Sell It Without User Awareness Or Consent" [0] or "How Data Brokers Sell Access to the Backbone of the Internet" [1]
Very interesting! I'm curious why there is there is a typical relationship between vpn companies and media companies, by common subsidiary ownership or otherwise. I don't really follow the logic here, is it just because the media company can promote their partnered vpn? Or is there some other reason?
It is /exactly/ because the media company can promote its partnered VPN. A huge driver of user signups in the commodity personal VPN space is affiliate referrals, and usually those affiliate sites are "review" or "how-to" sites. While the affiliate relationship is usually stated, it implies that the site makes money off the referral. In a lot of cases, the site actually makes its money by preferred placement of the VPN provider on their site. A VPN company often even writes or edits the content for the site.
If you're a VPN company, it's actually cheaper for you to own the sites and populate them with your own product than it is to pay a site for placement, especially if you own four or five VPN brands. Heck, sometimes, they don't even acquire sites. They just start them and spend money to get them to rank well.
I don't trust review sites in general (even if they don't contain paid recommendations, they still rank by which affiliate will net them more money), but I /really/ don't trust sites that cover or rank VPN providers. Personal VPNs as they are pitched to consumers are just shy of snake-oil, and almost all the content written that touts them is revenue driven.
Background: I previously helped start and worked for a VPN provider.
Affiliate campaigns! So basically you'll see in review articles for everything a link with a ton of fluff and tracking in it.
Say you want a new pair of headphones. You'll probably do something like this.
1. Search Google & look for forum/reddit threads talking about specific brands.
2. Look for those brands for further reviews, feedback, and price comparisons.
3. You will come across a review that has links to the "best price".
4. By clicking that link if you purchase that product then, or within 15-30 days (depends on the affiliate agreement) the affiliate will earn commission.
That's why big corps work with media companies. They make hundreds of thousands per month via affiliate commissions alone.
This induces a large amount of biases as media sites always recommend their affiliates over non-affiliates.
This is a major reason why I don't do affiliate links outside of Amazon for anything I mention (I add tracking links sometimes if a company sponsors a video and requests I use one of their tracked URLs, but I won't do affiliate links for any entity I work with). It creates perverse incentives, especially if one of the services generates a lot of revenue for a channel/publication.
If there's a relationship with a vendor—especially in articles that review and compare different services—it should be obvious what that relationship is. Online tech publications and review websites are some of the worst offenders these days.
VPNmentor, a VPN review site, was acquired by Kape "Technologies" for 150M.
PrivateInternetAccess, a major VPN service was acquired by the same company for 95M.
A VPN review site is worth more than most VPN services it promotes due to insane $CPA they pay to these types of sites, that masquerade as "security exports" while in reality ran by marketing people.
there isn't that much technical differentiation. If you have a hundred companies selling the same commoditized service the only way for you to make any money is through some sort of brand or customer acquisition. On a pure product case VPN providers have essentially competed each other to the cost of production.
I'm surprised that no one has said anything about the fact that this is put out by a VPN company!
I also could not find their name on the map. It doesn't mean that it's not there, I just couldn't find them. Please correct me if I'm wrong.
The only thing I find a VPN useful for is torrenting w/o your ISP knowing. In my case, I use Surfshark for torrenting so that Comcast can't send me any of those pesky letters.
Windscribe is on the map with one connected node: their DNS service Control D. I know it seems a bit hypocritical and untrustworthy since it is written by a VPN company, but Windscribe is generally regarded as trustworthy, privacy oriented, and not deceiving customers for money [0]. Companies such as Windscribe, Mullvad, IVPN, and Proton are better in almost all cases than something like Surfshark because they minimize the risk of your personal info falling into the wrong hands. Unlike those proprietary companies that will turn over your full browsing history in a heartbeat when in court, companies like Windscribe will have nothing to turn over in the first place. I use Windscribe all the time personally because even if sites profile me, I dislike the fact that they can know the city in which I love just from connecting to the site, so there are a few other benefits.
> I also could not find their name on the map. It doesn't mean that it's not there, I just couldn't find them. Please correct me if I'm wrong.
They're there, in the top-right next to Mullvad, as they're also self-funded. Seemingly connected to "Control D" as it's a DNS service with focus on privacy built by them.
Also, from their "Ethics" page:
> Windscribe is entirely self funded. We don't have any VC's breathing down our necks and telling us what to do.
Thanks for pointing that out! It turns out that the latest update to qBittorrent started binding to all available adapters. I just set it to only use my VPN's adapter and all seems to be fine now. Thanks again!
Also, does anyone know of a privacy conscious VPN provider that currently supports port forwarding? One of the only provider's I know of right now is ovpn.com and I cannot vouch for their privacy practices.
That's a big reason why I went with them. I did a ton of research to see where I felt most comfortable but ultimately went with IVPN because of how transparent they seemed about who they were and what they could/couldn't do. Mullvad was my second choice but at 3 years at a time IVPN was more cost effective. I usually connect via the NY, NJ, and IL gateways and get good speeds. I've got a 500/500 line and pretty consistently get in the 400's each way.
I think at best this can just help some people break through their cult-like fealty to whichever VPN provider their favorite trusted youtuber happened to introduce them to
because the VPN concept has limitations. It doesn't matter if the favorite VPN has proof of stonewalling a court case at some point in time, any other point in time it can be undermined and you wouldn't know until its too late....
it relies purely on trust and your use case. but if your use case ever expands to something law enforcement would be interested in, the VPN concept relies on too much trust
Man, fighting "all or nothing" thinking is a lifelong endeavor.
There are several reasons to have a VPN, and the VPN logging connections is a detriment to some of those.
Reasons include:
* Evading geo-blocking to appear from one country or another
* Evading profiling by websites by laundering your public IP address with others
* Evading privacy invasion by ISPs that most definitely use data for ad/tracking purposes and definitely have logs for law enforcement
* Doing things that could attract interest from law enforcement
The last bullet is the only one affected by logging at the VPN. In this case, the question is which entity do you want to have your traffic? Someone with a reputation for privacy to uphold, or ATT?
Anyone want to tl;dr what the best one is? The map doesn't load for me and the full map isn't the greatest thing to navigate... Would much prefer just text.
It depends what you want. The chart doesn't really say which are the best, just which are undisputedly shady.
#1 undisputed champion for security, privacy, and anonymity is almost certainly Mullvad. Note however that Mullvad servers tend to get flagged and blocked by services pretty quickly.
Mozilla VPN (which you can turn on easily in Firefox) is just a thin shell around Mullvad. The ease of use could make it worth it for some people but you'll generally be better off just using Mullvad directly.
Windscribe (the publishers of this list) have their own VPN. I can't speak to how good it is but they of course don't list anything bad about themselves.
ProtonVPN is pretty decent (I can get 150mbps up/down on most servers) especially if you already use their email service. This chart links over to a discussion of some allegations made against Proton by a rival VPN company. The TLDR of that discussion was that those allegations don't really hold any water (which is further influenced by the fact all those allegations now run to dead links).
So my personal experience would lead me to say to use Mullvad if you need to be truly and certainly private & anonymous but to use ProtonVPN if you want to be "safe enough" but also still get access to streaming sites, etc
Mullvad is my heavy lifter (well worth the monthly fee, even on months when I never actually boot it up), but I've used Windscribe in the past and thought it was pretty decent.
Back then they had a free tier where you could use a certain amount of data free of charge, and "create your own plan" tiers where you could mix and match various features at various prices. They might still have them now.
It depends on what you're doing but the ones in green to the top right are independents but IVACY recently have suffered an issue. If you have issues with the corporate owners you can avoid them by seeing who the parent is and who they own.
"SentinelLabs researchers have discovered that a Chinese APT group known as Bronze Starlight has been signing off malware with a valid certificate. This certificate is used by Ivacy VPN, and the hackers' target is the gambling industry in Southeast Asia."
I did this for years (OpenVPN then Wireguard, run from a simple Docker container), but it's increasingly a losing battle - so many services, especially in the streaming video space, just blacklist all requests from IP ranges associated with VPS providers such as AWS.
Depends on your usecases, but accessing streaming services in another country is a big one for a lot of people. I've since given up self hosting a VPN for accessing region blocked video content.
If its just to secure access when using untrusted connections while traveling, self hosting a VPN such as Wireguard at home is a nice option as you get the benefit of your own domestic IP, as well secure access to your own LAN. Good use for a Raspberry Pi or similar, total lifetime spend will likely be less than 6-8 months of a paid VPN subscription.
I just had a look at the map to see what they say about a few well-known VPN providers like Mullvad and Express VPN. In the description for the latter the mapmakers claim that people like Ben Shapiro and Candace Ownens (two conservative commentators, one an orthodox Jew, the other a black woman of Nigerian/Caribbean descent) are "far-right misinformation specialists" which means I have to take the rest of their claims with a sizeable amount of salt as being biased and ideologically tainted. Stupid really since it certainly makes sense to expose the snake-oil salesmen peddling VPNs.
Because your ISP is probably selling your browsing history to the highest bidder, and there are a legion of data brokers out there collating every scrap of information they can get their hands on to build profiles about you.
To everyone who shrugs, and says they have nothing to hide, Would you feel comfortable wearing a T shirt in public that went into grim detail about everything you'd rather keep private, are insecure about, or might open you up to discrimination? Would you be willing to wear that to a job interview? To your bank when getting a loan?
A chance for a better route. When I connect directly to Hetzner's storage boxes I generally get about 10 Mbps. When I go through a local VPN I get about ten times that.
1. Nobody does gets those in Eastern Europe
2. This is a GDPR violation
3. If you have to hide something from your government then you should probably use something better than a commercial VPN.
4. Corporate internet usage is tied to your corporate account and the use of a non-sanctioned VPN is a massive red flag.
I usually wireguard through home to keep public wifi from sniffing, as well as so my phone can use my pihole for dns instead of the mobile network's dns.
> However, the worst case situation is that they lie about not tracking users and then they get hit with a LEO request they bow down to.
That's within reason though. A VPN is another ISP afterall, so they have to 'bow down' to law enforcement requests. What LEAs can get depends on how zero knowledge the VPN setup is. OVPN[0] for example has been 'court tested' and Mullvad had nothing to give to authorities[1] since they don't collect it in the first place (apart from payment metadata).
I'm not affiliated with OVPN or Mullvad, just a happy paying customer.
[0] https://www.ovpn.com/en/blog/ovpn-wins-court-order
[1] https://mullvad.net/en/blog/2023/4/20/mullvad-vpn-was-subjec...
A VPN is not an ISP, at least as Canadian law (currently) is concerned. ISPs are required to store IP assignment logs, VPNs are not. Additionally, VPNs (in Canada) cannot be compelled to log users.
Source: Our law firm (I'm from Windscribe), and first hand experience with RCMP.
[flagged]
1 reply →
"OVPN acquired by Pango, parent company of Hotspot Shield: what does it mean for users?"
https://alternativeto.net/news/2023/5/ovpn-acquired-by-pango...
Article updated 2023 https://blog.windscribe.com/the-vpn-relationship-map-2023/
It's only "reasonable" if the subpoena comes from a court in the country the VPN is headquartered in. And just like you said, what LE can get depends on how the VPN is setup. If it's no-logs, anonymous payment, randomly generated user ID's, and servers not allowing dumping of the connections, there isn't much to give to the law at all.
This is good! I will use this as a reference to share with friends and colleagues who ask me about XYZ VPN.
I think something that is missing in the network of connections is Mozilla VPN. From what I understand, they are just a re-brand of Mullvad.
There are other providers not listed, but finding a good VPN provider is kind of like finding a good watering hole--you don't want to spread the word too widely, else bad-actors come and pollute it.
I didn't realize how many media companies own VPN companies.
I'm the author of the map and I'll get those updates on there now, the Mozilla node was actually hidden (as I need to update the corp info) and there's other corrections I'm making now.
If you have any other suggestions I'm more than happy to look into them and start getting them updated. This has been a passion project of my own for the past few years so I'm really grateful for any other feedback.
I find the map software a usability nightmare and had to give up on it. Cute but crap. I'd much prefer the data in a table that I can just... read.
Since you are the author of the map, it would be nice to also include the Windscribe relationship with Rescloud, which is one of their current residential ips providers whose CEO was cofounder of WeVPN.
Also, https://brave.com/brave-and-guardian/
1 reply →
I don't know if it was edited since your comment, but Mozilla VPN is in there (with an arrow pointing to Mullvad)
An update to the 2022 VPN affiliate relationship map. A handy reference for who is owned by who - including their status or whether they're actually part of a bigger corporation.
The reference article for the map itself with key updates & findings: https://blog.windscribe.com/the-vpn-relationship-map-2023/
Used to be a customer of ExpressVPN but after the acquisition, it no longer worked properly in China. Mullvad somehow survives despite their server IP ranges being public
Contrary to popular belief, IP blocking isn't the most common way VPNs are blocked these days. Additionally, GFW isn't the same in all of China. Different networks, different cities, have different filtering policies and rule sets. Same as in Russia now.
I'm surprised Mullvad works in China. Do you have to use obfuscation software (shadowsocks, etc)? The GFW blocks WireGuard, right?
> The GFW blocks WireGuard, right?
The GFW is extremely sophisticated in what it blocks and how it blocks it. I have seen it block otherwise random traffic based on packet sizes, packet patterns, stream concurrency, stream duration. It will allow connections, then probe the remote endpoint and disconnect if the probe detects banned services. It will track relationships between endpoints (e.g. blocking one resulting in traffic to another). Traffic that looks off /looks off/ and the GFW will block it -- and looking off may not be the kind of encryption or protocol, but simply how many people are using it from where and for how long.
The toughest part about working around the GFW is its consistency. Its effectiveness can vary by hour, day, political wind, etc. It can vary by what network you are on or the route your traffic takes to leave the country. The GFW isn't perfect, but it is just good enough that you give up trying.
And then every once in a while you get a news report about some VPN user getting arrested, so you get that level of paranoia, too.
I used to find it worked here and there for me (Shanghai Telecom, 4/5G was OK. Home didn't work). Shadowsocks worked well for me but then got janky - ended up using a local VPN for gaming and Windscribe for general browsing. For 3 sweet months I could run a AWS node and relay through that with awesome speeds but then that broke too. Ended up just with a residential IP and that solved everything til I left.
There is of course times like when the Two Sessions are in order and nothing worked.
4 replies →
>The GFW blocks WireGuard, right?
~1-2 years ago: yes Currently: I don't know.
I worked for a web company and we were getting reports that our websites looked wrong/bad/messed up from within China.
So we needed an IP within China to confirm.
1st attempt: SOCKS proxy = worked, and confirmed that GFW or something was screwing up our content. (simple SSH tunnel)
2nd attempt: Wireguard = could not establish a connection to wireguard server hosted on same ISP/co-lo in China as the socks proxy.
3rd attempt: Windows RDS = worked
We ended up using RDS as that was easier for our testers to use. (despite the training I offered)
I’m currently connecting directly to the Singapore server via WireGuard. Not even from the app, just from network manager on Linux. I do have xray and Trojan set up just in case
> surprised Mullvad works in China.
It doesn’t. At least on few tests I did
While the no-logs policies of many of these providers is mentioned in their EULAs, there's never a mention of paid access to NetFlow data, which can be used to link public flows to the IP addresses of users.
Is this a thing? I recall hearing about it around two years ago.
Something along the lines of "ISPs Give 'Netflow Data' To Third Parties, Who Sell It Without User Awareness Or Consent" [0] or "How Data Brokers Sell Access to the Backbone of the Internet" [1]
[0] https://old.reddit.com/r/privacy/comments/pbdvp3/isps_give_n...
[1] https://www.vice.com/en/article/jg84yy/data-brokers-netflow-...
Very interesting! I'm curious why there is there is a typical relationship between vpn companies and media companies, by common subsidiary ownership or otherwise. I don't really follow the logic here, is it just because the media company can promote their partnered vpn? Or is there some other reason?
It is /exactly/ because the media company can promote its partnered VPN. A huge driver of user signups in the commodity personal VPN space is affiliate referrals, and usually those affiliate sites are "review" or "how-to" sites. While the affiliate relationship is usually stated, it implies that the site makes money off the referral. In a lot of cases, the site actually makes its money by preferred placement of the VPN provider on their site. A VPN company often even writes or edits the content for the site.
If you're a VPN company, it's actually cheaper for you to own the sites and populate them with your own product than it is to pay a site for placement, especially if you own four or five VPN brands. Heck, sometimes, they don't even acquire sites. They just start them and spend money to get them to rank well.
I don't trust review sites in general (even if they don't contain paid recommendations, they still rank by which affiliate will net them more money), but I /really/ don't trust sites that cover or rank VPN providers. Personal VPNs as they are pitched to consumers are just shy of snake-oil, and almost all the content written that touts them is revenue driven.
Background: I previously helped start and worked for a VPN provider.
Affiliate campaigns! So basically you'll see in review articles for everything a link with a ton of fluff and tracking in it.
Say you want a new pair of headphones. You'll probably do something like this.
1. Search Google & look for forum/reddit threads talking about specific brands.
2. Look for those brands for further reviews, feedback, and price comparisons.
3. You will come across a review that has links to the "best price".
4. By clicking that link if you purchase that product then, or within 15-30 days (depends on the affiliate agreement) the affiliate will earn commission.
That's why big corps work with media companies. They make hundreds of thousands per month via affiliate commissions alone.
This induces a large amount of biases as media sites always recommend their affiliates over non-affiliates.
This is a major reason why I don't do affiliate links outside of Amazon for anything I mention (I add tracking links sometimes if a company sponsors a video and requests I use one of their tracked URLs, but I won't do affiliate links for any entity I work with). It creates perverse incentives, especially if one of the services generates a lot of revenue for a channel/publication.
If there's a relationship with a vendor—especially in articles that review and compare different services—it should be obvious what that relationship is. Online tech publications and review websites are some of the worst offenders these days.
VPNmentor, a VPN review site, was acquired by Kape "Technologies" for 150M.
PrivateInternetAccess, a major VPN service was acquired by the same company for 95M.
A VPN review site is worth more than most VPN services it promotes due to insane $CPA they pay to these types of sites, that masquerade as "security exports" while in reality ran by marketing people.
Look at their staff: https://www.vpnmentor.com/about-us/
Every "favorite" VPN is a property they own, except for the sole NordVPN guy.
there isn't that much technical differentiation. If you have a hundred companies selling the same commoditized service the only way for you to make any money is through some sort of brand or customer acquisition. On a pure product case VPN providers have essentially competed each other to the cost of production.
I'm surprised that no one has said anything about the fact that this is put out by a VPN company!
I also could not find their name on the map. It doesn't mean that it's not there, I just couldn't find them. Please correct me if I'm wrong.
The only thing I find a VPN useful for is torrenting w/o your ISP knowing. In my case, I use Surfshark for torrenting so that Comcast can't send me any of those pesky letters.
Windscribe is on the map with one connected node: their DNS service Control D. I know it seems a bit hypocritical and untrustworthy since it is written by a VPN company, but Windscribe is generally regarded as trustworthy, privacy oriented, and not deceiving customers for money [0]. Companies such as Windscribe, Mullvad, IVPN, and Proton are better in almost all cases than something like Surfshark because they minimize the risk of your personal info falling into the wrong hands. Unlike those proprietary companies that will turn over your full browsing history in a heartbeat when in court, companies like Windscribe will have nothing to turn over in the first place. I use Windscribe all the time personally because even if sites profile me, I dislike the fact that they can know the city in which I love just from connecting to the site, so there are a few other benefits.
[0] https://windscribe.com/ethics (audits and other general sources over YouTube and privacy forums confirm this)
> I also could not find their name on the map. It doesn't mean that it's not there, I just couldn't find them. Please correct me if I'm wrong.
They're there, in the top-right next to Mullvad, as they're also self-funded. Seemingly connected to "Control D" as it's a DNS service with focus on privacy built by them.
Also, from their "Ethics" page:
> Windscribe is entirely self funded. We don't have any VC's breathing down our necks and telling us what to do.
https://windscribe.com/ethics
> w/o your ISP knowing
I'd be more concerned about everyone else: https://iknowwhatyoudownload.com
Thanks for pointing that out! It turns out that the latest update to qBittorrent started binding to all available adapters. I just set it to only use my VPN's adapter and all seems to be fine now. Thanks again!
edit: https://www.reddit.com/r/qBittorrent/comments/14bzdct/psa_qb...
I love that website! The other people sharing my vpn end point have some great ideas for content to check out.
I don't torrent stuff at all and my IP was there.
1 reply →
Top right my guy, with the same treatment as others.
There's 100% a difference between a billion dollar corporate owner vs indies. As well as the amount of spend that goes into affiliate marketing.
Direct link to the full map: https://kumu.io/sobeyharker/vpn-relationships#vpn-company-re...
Also, does anyone know of a privacy conscious VPN provider that currently supports port forwarding? One of the only provider's I know of right now is ovpn.com and I cannot vouch for their privacy practices.
Looks like Njalla's VPN[1] is missing, I'm not sure if they have their own servers but it seems more than likely
[1] https://njal.la/vpn/
Happy to see my VPN of choice, IVPN, out there with no affiliations coming out of it.
IVPN are studs of the industry, no doubt. Very serious folk working hard on sticking to their privacy principles - rare today for sure!
That's a big reason why I went with them. I did a ton of research to see where I felt most comfortable but ultimately went with IVPN because of how transparent they seemed about who they were and what they could/couldn't do. Mullvad was my second choice but at 3 years at a time IVPN was more cost effective. I usually connect via the NY, NJ, and IL gateways and get good speeds. I've got a 500/500 line and pretty consistently get in the 400's each way.
That’s good to hear as a mullvad user. They’re amazing, but often the only player recommended in the space.
1 reply →
I think at best this can just help some people break through their cult-like fealty to whichever VPN provider their favorite trusted youtuber happened to introduce them to
because the VPN concept has limitations. It doesn't matter if the favorite VPN has proof of stonewalling a court case at some point in time, any other point in time it can be undermined and you wouldn't know until its too late....
it relies purely on trust and your use case. but if your use case ever expands to something law enforcement would be interested in, the VPN concept relies on too much trust
Another one that can be thrown in is Namecheap's VPN which is whitelabel "wlvpn"
and speedtest vpn == ipvanish
mozilla/firefox vpn == mullvad
There are other good vpns not listed in there, which is good, so they remain that way.
Aren’t VPNs much less useful unless they’re proven no-log VPN?
I remember going down the rabbit hole and people online were skeptical unless the company had a proven FBI raid with no logs taken, haha.
Man, fighting "all or nothing" thinking is a lifelong endeavor.
There are several reasons to have a VPN, and the VPN logging connections is a detriment to some of those.
Reasons include:
* Evading geo-blocking to appear from one country or another
* Evading profiling by websites by laundering your public IP address with others
* Evading privacy invasion by ISPs that most definitely use data for ad/tracking purposes and definitely have logs for law enforcement
* Doing things that could attract interest from law enforcement
The last bullet is the only one affected by logging at the VPN. In this case, the question is which entity do you want to have your traffic? Someone with a reputation for privacy to uphold, or ATT?
Wild guess is most vpn users use that to circumvent geo-blocking of video streaming.
They couldn't care less about logs, they spend their time on instagram, whatsapp, tiktok, discord...
> Aren’t VPNs much less useful unless they’re proven no-log VPN?
That's basically saying that every VPN is "much less useful" as there is no 100% way of proving that it's no-log.
There were a few I recall (years ago, can't remember their name) that got raided by the FBI and it showed they had nothing to give the feds.
1 reply →
If no-log is a priority, you need Tor, not a VPN.
Depending on where you live - the fact that you use Tor can be used against you.
1 reply →
I'm getting a cert error, anyone else?
Your network probably intercepts TLS, are you on a work/school network?
No I'm at home, behind a pi-hole tho, but that shouldn't mess the cert up?
How does my grandma do her own research under these circumstances?
Asks her good sonny boy for help
I like the idea that their grandmother has a zero-trust relationship with them regarding tech lol
Anyone want to tl;dr what the best one is? The map doesn't load for me and the full map isn't the greatest thing to navigate... Would much prefer just text.
It depends what you want. The chart doesn't really say which are the best, just which are undisputedly shady.
#1 undisputed champion for security, privacy, and anonymity is almost certainly Mullvad. Note however that Mullvad servers tend to get flagged and blocked by services pretty quickly.
Mozilla VPN (which you can turn on easily in Firefox) is just a thin shell around Mullvad. The ease of use could make it worth it for some people but you'll generally be better off just using Mullvad directly.
Windscribe (the publishers of this list) have their own VPN. I can't speak to how good it is but they of course don't list anything bad about themselves.
ProtonVPN is pretty decent (I can get 150mbps up/down on most servers) especially if you already use their email service. This chart links over to a discussion of some allegations made against Proton by a rival VPN company. The TLDR of that discussion was that those allegations don't really hold any water (which is further influenced by the fact all those allegations now run to dead links).
So my personal experience would lead me to say to use Mullvad if you need to be truly and certainly private & anonymous but to use ProtonVPN if you want to be "safe enough" but also still get access to streaming sites, etc
This list isn't about "dirt" but rather connections between companies and organizations. Windscribe is independent, and 100% privately owned.
Source: Me, as a co-founder.
If you want dirt on us, you can find it on our blog, written by me. https://blog.windscribe.com/ukrainian-server-seizure-a-comme...
3 replies →
Mullvad is my heavy lifter (well worth the monthly fee, even on months when I never actually boot it up), but I've used Windscribe in the past and thought it was pretty decent.
Back then they had a free tier where you could use a certain amount of data free of charge, and "create your own plan" tiers where you could mix and match various features at various prices. They might still have them now.
1 reply →
It depends on what you're doing but the ones in green to the top right are independents but IVACY recently have suffered an issue. If you have issues with the corporate owners you can avoid them by seeing who the parent is and who they own.
"SentinelLabs researchers have discovered that a Chinese APT group known as Bronze Starlight has been signing off malware with a valid certificate. This certificate is used by Ivacy VPN, and the hackers' target is the gambling industry in Southeast Asia."
Honestly, what's your use case?
If I wasn't using https://one.google.com/about/vpn I'd probably set up my own VPN box on AWS.
> I'd probably set up my own VPN box on AWS.
I did this for years (OpenVPN then Wireguard, run from a simple Docker container), but it's increasingly a losing battle - so many services, especially in the streaming video space, just blacklist all requests from IP ranges associated with VPS providers such as AWS.
Depends on your usecases, but accessing streaming services in another country is a big one for a lot of people. I've since given up self hosting a VPN for accessing region blocked video content.
If its just to secure access when using untrusted connections while traveling, self hosting a VPN such as Wireguard at home is a nice option as you get the benefit of your own domestic IP, as well secure access to your own LAN. Good use for a Raspberry Pi or similar, total lifetime spend will likely be less than 6-8 months of a paid VPN subscription.
1 reply →
Can you do the same for politicians?
Always been a fan of the simple suggestion we just Nascar up these folks: https://honestgil.com/nascar
sort of; proper political donations can be looked up https://www.opensecrets.org/members-of-congress
Those are just the over the table tip of the iceberg ones...
3 replies →
That is a project I would definitely pay to support it!
all paths lead to Kevin Bacon
I just had a look at the map to see what they say about a few well-known VPN providers like Mullvad and Express VPN. In the description for the latter the mapmakers claim that people like Ben Shapiro and Candace Ownens (two conservative commentators, one an orthodox Jew, the other a black woman of Nigerian/Caribbean descent) are "far-right misinformation specialists" which means I have to take the rest of their claims with a sizeable amount of salt as being biased and ideologically tainted. Stupid really since it certainly makes sense to expose the snake-oil salesmen peddling VPNs.
Why would I even want to use a VPN in the first place?
Hide your DNS queries and SNI from your network admin mom, as you browse pornhub.com
Also, Azerbaijanian Netflix is real hot these days.
Because your ISP is probably selling your browsing history to the highest bidder, and there are a legion of data brokers out there collating every scrap of information they can get their hands on to build profiles about you.
To everyone who shrugs, and says they have nothing to hide, Would you feel comfortable wearing a T shirt in public that went into grim detail about everything you'd rather keep private, are insecure about, or might open you up to discrimination? Would you be willing to wear that to a job interview? To your bank when getting a loan?
> Because your ISP is probably selling your browsing history to the highest bidder
That is unlikely in the EU. It would be a gross GDPR violation.
A chance for a better route. When I connect directly to Hetzner's storage boxes I generally get about 10 Mbps. When I go through a local VPN I get about ten times that.
In no particular order:
1. To pirate content without getting sent threat letters or being sued
2. To prevent your ISP or the wifi access point or anyone else from seeing which domains you are connecting to and selling that data
3. To prevent government surveillance or blocking
4. To bypass corporate or institutional firewall rules
5. To prevent packet sniffers from snooping on public wifi
6. To prevent your parents, spouse, or relatives from seeing your browsing habbits in router logs
7. To access geo-locked content on streaming services
1. To pirate some content which isn't relevant for 99.9999% of the population yet still protected by Disney law
1. Nobody does gets those in Eastern Europe 2. This is a GDPR violation 3. If you have to hide something from your government then you should probably use something better than a commercial VPN. 4. Corporate internet usage is tied to your corporate account and the use of a non-sanctioned VPN is a massive red flag.
I usually wireguard through home to keep public wifi from sniffing, as well as so my phone can use my pihole for dns instead of the mobile network's dns.