*** VPN Thread ***

Anybody have their own VPN server in the cloud? I spun up an AWS micro instance the other day so that my "public wifi browsing" didn't end up going through my home connection and instead goes through Amazon. Has worked well so far and have added a cheeky extra tunnel to TigerVPN to remove some geographical restrictions.
 
On the subject of Nord has anyone got it bypassing geo-locked UK content on Android TV? I have to turn it off if I want Netflix or iPlayer. Their app only switches between 2 and 3 servers that I've noticed as well. If I want a specific server I have to manually search for it and it automatically connects to a P2P server. Their app works fine for accessing UK content on my Android phone.

I tried downloading their config files and using OpenVPN instead of their app but Netflix and iPlayer detected I was behind proxy.
 
Most of the review sites that had Nord VPN listed are now removing it. Twitter is full of this Drama. Every year one vpn provider takes the fall.

PS: I am glad I never went with them. They always had security issues. One incident happened last year as well. That was a breach too.
 
No one answers my question above, does it really matter for those just wanting to view geo-locked content or hide their online activity ‘from the man’?

I can understand if you partake in dodgy activities online or tunnelling out of locked down countries but for everyone else?
 
b0rn2sk8 said:
No one answers my question above, does it really matter for those just wanting to view geo-locked content or hide their online activity ‘from the man’?
I can understand if you partake in dodgy activities online or tunnelling out of locked down countries but for everyone else?
Click to expand...

The purpose of using the VPN is irrelevant. It's how comfortable you feel using a service which has recently been exploited. There is nothing to say that it's been compromised once so it won't happen again and then whomever does that won't intercept your data.

Then again, potentially any VPN provider could be compromised at any point and your data intercepted. I'd go with someone I trusted and had a good reputation.
 
Steveocee said:
The purpose of using the VPN is irrelevant. It's how comfortable you feel using a service which has recently been exploited. There is nothing to say that it's been compromised once so it won't happen again and then whomever does that won't intercept your data.

Then again, potentially any VPN provider could be compromised at any point and your data intercepted. I'd go with someone I trusted and had a good reputation.
Click to expand...

Isn't that the point, how do you know any of them are trust worthy? During the same period both TorGuard and VikingVPN admitted were both 'hacked'.

Pretty much every major service on the internet has been 'hacked' at some point. When they are not leaking your data they are mining the hell out of it for their own gain. Following the trustworthy logic you just can't be online at all.

Almost all of these commercially based VPN services are pretty shady by their very nature, as are many of their customers. They are designed to hide the true end user from law enforcement, litigators (representing media companies), media companies themselves, ISP's and advertisers.
 
Avalon said:
But they’ve promised they’ll encrypt the disk’s on all new rented servers they set-up from shady 3rd parties :D
Click to expand...

Oh, well that's OK then... :D (They shouldn't be using disks at all!)

b0rn2sk8 said:
Isn't that the point, how do you know any of them are trust worthy? During the same period both TorGuard and VikingVPN admitted were both 'hacked'.

Pretty much every major service on the internet has been 'hacked' at some point. When they are not leaking your data they are mining the hell out of it for their own gain. Following the trustworthy logic you just can't be online at all.

Almost all of these commercially based VPN services are pretty shady by their very nature, as are many of their customers. They are designed to hide the true end user from law enforcement, litigators (representing media companies), media companies themselves, ISP's and advertisers.
Click to expand...

Plenty of shady groups (many of them ultimately Chinese), with flash marketing and a few thousand VPS from equally shady third parties, sell 'VPN' service. Only a handful of companies do things properly. For example, and following on from my reply to Avalon above, AzireVPN:
  • Buy in their own bare metal hardware servers (Supermicro) and switches (Juniper).
  • Do not install any hard disks, and remove any and all permanent storage medium (and optical drives) that exist.
  • Set the machines to boot only using pxe and from their own in-house root server only.
  • Said pxe image is a RAMdisk instance of Debian preconfigured with the VPN server details, with no user or root access possible. As such, servers run RAM-only with no way to access either the VPN servers or the underlying OS, whether physically or over SSH. Such means of accessing the server simply don't exist - the only way to change the server's parameters is to boot from a new pxe image with the desired changes. Servers reboot periodically to wipe existing states, and any info held in RAM. All logs (http, wg, openvpn) are pointed at /dev/null. The WireGuard service runs a custom made 'rootkit' (written for them by Jason Donenfeld, the author of WireGuard itself) to lock out even root and Azire's entire staff from seeing what's happening with the service (eg users connected, IPs, traffic).
  • Seal up all IO ports (VGA, serial, COM, HDMI, whatever) with strong glue that would physically and irreparably damage the port if removal is attempted.
  • Have senior staff personally fly the servers to trusted, audited data centre and install the bare metal servers and switches on an owned, locked rack.
  • Connect 10Gbps or 40Gbps per node as per requirements for that locale.
  • Fire up and allow users to connect.
  • ???
  • Profit.
Compare that to NordVPN et al. renting a few thousand VPS from God-knows-who, many of which don't even physically reside in the country they say they do. There are only a small handful of VPN companies I 'trust' (within the defined threat-model of using a third party to provide infrastructure services). AzireVPN, AirVPN, ProtonVPN and vpn.ac are among them. All are run by security professionals and have a small number of physical servers under direct ownership and control.

[Edit: This is where Nord/Viking/TorGuard fell down. Using a 'virtual server' provided by a random third party allowed that third party to leave the management interface of the server enabled. This is carte blanche above-root access for any malicious party. Game over.]

You talk of companies being 'hacked' as though it's an inevitability. While running multiple complex, buggy web-facing services like CMS it's easier for someone to find a way to compromise the system and escalate their privileges or perform overflow, MITM, DoS or other attacks. When running something as focused and simple as a VPN server, it's really not hard to make yourself essentially impregnable. If you do it properly. Something like an OpenBSD base install with openvpn or iked(8), protected by pf, is not something that's ever going to be compromised, and good luck trying.
 
Can you actually get a refund from Nord? I doubt it...

As others have pointed out, it doesnt matter what the hack was..all that matters is that the hack occured and the response was **** poor.

What's actually a good budget friendly vpn? Proton and the like are hella expensive
 
iamtheoneneo said:
Can you actually get a refund from Nord? I doubt it...

As others have pointed out, it doesnt matter what the hack was..all that matters is that the hack occured and the response was **** poor.

What's actually a good budget friendly vpn? Proton and the like are hella expensive
Click to expand...

Yes, Nord have confirmed they’ll offer refunds to anyone who asks. I would suggest you do. What’s your use case for the VPN and what’s your local setup? PM me, don’t write it publicly.
 
b0rn2sk8 said:
Almost all of these commercially based VPN services are pretty shady by their very nature, as are many of their customers. They are designed to hide the true end user from law enforcement, litigators (representing media companies), media companies themselves, ISP's and advertisers.
Click to expand...

If only we could all still live in such blissful ignorance. If you’d said this a few years ago, i’d have largely agreed, back then you needed ‘reasonable grounds’ and judicial oversight was required to approve such requests. Now I have direct personal experience of how low (bordering on nonexistent) the threshold to access someone’s browsing history is and both direct and indirect experience of how certain organisations now routinely seek to weaponise it’s use.

Simply put, use a VPN. If you don’t think you need to use a VPN, you do. We now live in a world where privacy unless you do something wrong can’t be assumed and anything you post or search for can be taken out of context to be used against you to support whatever narrative fits whoever is looking at it’s agenda.
 
You must log in or register to reply here.
Back
Top Bottom