Alphapuggle PieFedEXPOSING The Billion Dollar SECRET VPN Companies Are Hiding
dumnezerowww.youtube.com/watch?v=1opKW6X88og
If you're using a VPN to stay safe, this will anger you.
You were told a VPN would shield you. Protect your data. Keep you anonymous. But what if the tool you downloaded for privacy was literally designed to watch you?
This video uncovers the full story behind the most dangerous VPN ever made—used by Facebook to spy on teenagers—and how today’s most trusted VPNs are following the same exact blueprint.
If you’ve ever felt unsure about who to trust online, this video will give you the receipts, the checklist, and the countermeasures you actually need.
Inside this video, you’ll learn:
• How Facebook turned a “privacy app” into a surveillance weapon
• The Israeli cyber intel unit behind Onavo and why it matters
• What Project Ghostbusters did to break HTTPS encryption
• Why 20+ top VPNs are secretly owned by spyware vendors
• The real story behind ExpressVPN, Kape Technologies, and fake “independent” review sites
• The 7-point checklist every VPN must pass to be trusted
• Better tools to protect yourself: DoH, hardened Firefox, Tor, browser isolation, and more
29 Comments
Comments from other communities
Tl;dw: Most (not all) vpn companies come from ad brokers that spy on you. If you see a vpn being sponsorized by streamers with discount codes: they are selling your data.
Mullvad and proton are safe to use.
Well that was a predictable outcome of commercial vpns. The "protect your data from isps" line never really answered the "what about the VPN provider" question.
otterWasn't there some recent BS w/ Proton, though? (It's been a rough week, but I'm pretty sure that wasn't a fever dream? ...Pretty sure.)
Yeah, but i t was related to their CEO's political views, not the VPN's quality.
Afaik (and also according to the video itself), proton remains, together with iVPN and mullvad, one of the vpn's that you can still trust. At least for now.
I don't understand the purpose of these services. I don't use VPN to access someone else's network. I use it to access my own. They're doing the exact opposite of what you'd want.
You use a vpn to (hopefully) keep some privacy. To bypass geoblocks, to not let a state spy on you, to access webpages that are blocked in your country, to screw an ISP that is throttling your connection..:
In general, there are lots of use cases for a trusted vpn that are not illegal. The problem with many vpn's is that they offer "privacy" when they are spying on you.
Any commercial entity will allow the state to spy users.
Using somebody else's vpn is only useful for getting geoblocked content. If you want actual protection from the government you need it running on your own hardware and configured with a dead man's switch.
Not true. I've been pirating for almost a decade from my VPN. One time it crashed and keep seeding, I got 108 notices from ISP.
Fixed the issue by binding my nic to the app, never had issues again.
I'm honestly shocked that you get the sort of individual here in Lemmy that doesn't understand the difference between a commercial company; and DHS, DoJ, JTAC, DGSI, etc.
Please read my comment again and tell me why you think torrenting might make you an enemy of the state. God damnit it's hard keeping lemmings on topic.
And I'm sure the government hasn't complelled them to do anything in the background. The absence of logs doesn't mean shit, it's easy to ship them to whomever and never touch a disk.
It's not healthy being this paranoid. You're not being hunted by the government.
The whole point of using a VPN for privacy is because you are paranoid of your isp and government
Move that goal post a bit more. It's clear you haven't read up on how it's used all the time.
to not let a state spy on you
I'm not saying I or the average person on this forum needs to use these measures. The average person isn't hiding data or capable of hiding from the state completely. But do not advertise a commercial VPN as a tool to remain private from the state. It is a worthless tool unless the person on the other end is going to jail for you.
Ek-Hou-Van-BraaiThe only use I see of these VPN's are for pretending you're in a different country.
Like if you're in the UK and want to visit some spicy websites without sending them a picture of your face.
Or simply for hiding your IP when torrenting. Bouncing things off of your home network is fine for hiding your activity when using public WiFi… But it won’t do a goddamned thing to protect you when you’re torrenting at home. Plenty of people have ISPs and/or governments that care a lot about what they torrent. So using a VPN is a very easy way to avoid those bright red “we’re going to shut off your service if you keep torrenting. Also, we gave your IP to the copyright owners and you’re being sued” letters.
AzzuYou're in Germany. If you do something illegal like downloading a movie and the police gets your IP during it, they can request your ISP to reveal your identity and charge you with a crime.
If you use a VPN, your IP is the IP of the VPN company, and they'll say "we have no idea which of our users did that request, they all use the same IP".
Aren't VPN:s subject to exactly the same laws as ISP:s? My ISP only records precisely as much as the law requires and throws it away as soon as permitted.
Yep but your VPN wouldn't be in Germany obviously, but in a country with less strict laws on which information have to be kept.
To do business in the EU, surely they still must follow EU regulations even if they're seated in another country. Just like with the cookie warnings that the entire world has had to adapt to.
A_Random_Idiotthe entire world didnt have to adapt to them, the EU has no regulatory power over websites operated outside the EU, but most websites just simply found it easier to do so, because of the fear that not doing so might turn visitors away, and to sites that do comply.
Just like how USB-C has become the universal charger connector for phones.. its not because the EU demanded it for the world, they just demanded it for their markets, and rather than create phones with USB-C for the EuroZone, and other phones for a different charger for the rest of the world.. they just push out USB-C for everything everywhere as a cost savings (for them, compared to having to run a second line for a different charger)
I find that hard to believe. There are several US websites that have blocked the EU entirely because they don't want to spend resources on following EU regulations. If what you say is true it would be more beneficial for them to just not do anything. Getting fewer EU visitors is better than getting none at all.
real_squidsIt's almost like a way to sell a proxy service to a new audience, so many people only use it for geoblocking and think it's all there is to it, kinda sad
It's to hide your location, access more grey areas your ISP may not like. Find one that keeps no logs like Torguard.
I think the only choices left are mullvad and njalla.
Not a concern troll, but I saw some images of advertising of mullvad recently, as in IRL ads. I kinda remember NordVPN spiralling down after that. I don't think that's a good sign.
ohshit604iVPN miraculously dodged every major headline, shout out to these folks.
A VPN is not a privacy tool. Any VPN being sold on the claim that it protects your personal data is lying.
Yes a VPN can help, but simply using one does almost nothing, by itself, to protect your privacy.
Would you care to expand upon this point? I know that a VPN is not going to protect me from everything, but "almost nothing" seems harsh.
I would like to know more.
I can take a stab at this.
So let's talk Internet traffic first. When you go to a website, your device first has to do a DNS lookup to find out the IP address that corresponds to youtube.com. The DNS server sees your IP address and probably logs that request, and that it has responded. Next, your browser attempts to connect to the IP, get a response from youtube, and render it.
If this was back in the day, youtube would probably let you connect with an unencrypted connection -
http://youtube.com/, but pretty much everyone uses https these days (SSL encryption).Encryption is basically just a way to secure a connection from eves droppers (namely, your Internet service provider/government). But the end points of the encrypted communication (in the example above, your device and youtube) is decrypted at your browser and at their servers. All your ISP can see is the DNS lookup (assuming you are using their DNS servers, or that you aren't doing something like DNS over HTTPS - encrypted lookups), after that all the youtube traffic is encrypted so your ISP just sees a bunch of data going to a specific IP address.
So what does a VPN get you?
Well, now your source IP when you reach youtube isn't your phone or your home in Ohio, it's wherever that VPN terminates. This is probably the best use for VPNs - to get around region locks.
Your local ISP only sees the DNS request, then a bunch of encrypted traffic (same as before).
But critically, the VPN owner can log every single bit of unencrypted traffic that passes through. Also, they can link your behavior to a paying account via username/password and payment methods (not great for privacy). They effectively fill the role of your original eves dropper - your ISP.
So what did using a VPN actually do?
The only other thing I'd say is that VPNs + torrents can may e protect you from DMCA take down notices. It'll be that VPN termination IP that shows up in trackers, not your ISP provided IP.
I think I'm dramatically overestimating normal people's understanding of computers.
I know a VPN isn't a cloaking device. I just want my ISP to not know what I'm looking up, and my website top not know where I am located.
A VPN will help with the first, but probably not the second item.
GeoIP lookups will get fooled by VPNs, but that's not the only way to figure out where you're located. A browser leaks a ton of information that can be used to validate your location, and public VPN endpoints are fairly well known (that's why you can see YouTube/Netflix blocking known VPN egresses.
Knowing I'm using a VPN is not the same as knowing where I'm using it from.
The browser thing is bloody irritating, though.
Yeah the whole reason I started using a VPN was because the United States government made it legal for Internet service providers to sell our browsing data, and I am forced to use Comcast due to a monopoly in my area on broadband Internet, and I want to give them as little profit as possible.
Also web tracking is not stopped in any way by VPN.
People buy a VPN, log into Facebook and Google and expect to browse privatly...
You just move your trust from your ISP to the VPN.
For many, that might be a sensible choice though. It also moves trust from Google to the VPN as well.
It's all a question of threat model. If you are a government or megacorp whistleblower, don't use NordVPN. If you want to get around regional restrictions and general tracking, VPNs are nice.
It's kind of like if you hired me to browse the internet for you.
Am I gonna protect your privacy?
If you don't trust me - random guy - why trust VPN company - with vested financial interest in collecting and selling your data?
Not to mention browser issues.
Really comes up against what you want to protect yourself.
it can be a privacy tool , its not a anonymous tool.
Pooling connections does really mess with fingerprinting though
This is literally exactly what the video explains from 10:30 on.
(Edit: autocorrect)
Except the video took 10 whole minutes to get there and probably wasted more than 2 sentences describing the problem.
I hate videos that could just be a 2-minute read.
The video is about a whole lot more than just that. I found it quite info dense and appreciate that someone posted it here
Tl,DR
Bad scammy vpn are terrible and kape / nord are terrible same for the norton owned vpn.
In Mullvad I trust
I’m not in a place I can watch this now so anyone got TLDR if they recommended any good ones ( and feedback if this video itself is scammy or just shilling for some company)
lol
Marketing team. We don’t log
Sysops team. We log
Mullvad doesn't log AFAIK
VPN originally meant 'virtual PRIVATE network'. And it is still used that way, where security matters.
Virtual private network meaning it connects someone's private resources into a virtual network not accessible to anyone else.
The 'VPN services' you are talking here about are quite different. They use the same technology, just to tunnel traffic through a third party server. Third party - that is opposite to 'private'.
I do use VPN a lot, but to securely connect my devices over untrusted network (internet). But in this case I control both ends of the VPN tunnel. Or my employer controls that for my work traffic. That is the legitimate use of VPN.
The other 'VPNs' are just 'foreign IP as a service'. Still useful, but I have they being called VPNs and advertised as a privacy solution.
Very good point.
Really, these are just ISP endpoint selectors... they're not really a P2P VPN
Surprisingly good video with thorough details and good advice. I say surprising because ive seen more than a few talking-head style youtube tech presenters that are all fluff surrounding what's ultimately an ad, and no valuable content.
I wanted to add that i think AirVPN is worth adding to her list of good providers. Her list was: ProtonVPN, Mullvad, IVPN.
One red flag in that they do not independently audit the no logs claim, the reasoning seems that they downplay the value of it and say the cost-benefit is not there for them. A server audit is never truly independent (the VPN provider is the playing client of the auditor). They do however pay for independent pen tests and bug bounties.
So according to her checklist of red flags and requirements of a good VPN AirVPN has one red flag and meets all other requirements - this is the same level of qualification (or better) than the other VPN providers she did advocate for.
Eg: ProtonVPN does allow free users, that's a red flag on her criteria.
I would also say that VPNs are not a monolith and that they have niches. If you just want to download torrents and not risk a corporation emailing you a summons, AirVPN is a great choice.
If you're a political dissident or reporter aiming for guarantees of privacy then ProtonVPN is a great choice.
I have some issues with proton but I feel like the free tier thing doesn't really apply to them since they provide other services and use it as a loss leader to get people onto their ecosystem. Their business model is fundamentality different from other "free" vpns because their trying to build essentially an alternative to the Google suite
Their absolutely atrocious record with what they claim to be open source apps is a much bigger issue imo
Agree on that it may be an exception for Proton with your reasoning.
I've heard this before about Proton's issues with releasing source code in timely manner or at all but didn't know much about it so I just looked up more info; it seems at least their VPN client does have all the source code publicly available though (for each OS it's available on). Whereas they do have holes elsewhere in unprovided code for various Proton service clients.
TL;DR, The Lobotomites are getting what they deserved.
That's why I don't use a VPN company. I use Google VPN.
No slimy VPN data slurper getting my skinny.
Might as well not even use one lmao