Which vpn was no-log-but-logging? I was shopping around for an alternative after mullvad blocked port forwarding, but it seems like no one else is as trustworthy. Not that I need it for my “attempt to port forward smash ultimate from within crummy hospital internet” purposes, but hey, principle of the thing and all that.
I am all-but-certain that NordVPN doesn't. I am in possession of records from a recent police investigation in which law enforcement subpoenaed NordVPN and the company replied, essentially, that they had no information connecting a particular IP address, at a specific date and time, to any specific user.
(I am a reporter who covers law enforcement and crime.)
Exact examples are hard to find in the press. One that comes to mind is from a Belgian Telco company that was internally hacked by an employee hiding behind NordVPN. Nord when approached by the telco responded with the usual no logs, but after the telco involved the Interpol, logs were given and the attacker doxxed.
This article (edited multiple times!) is not evidence of anything, let alone Nord co-operating with law enforcement to log customer data.
> Exact examples are hard to find in the press.
You said there are countless examples of Nord logging user data, why are you backtracking now?
> One that comes to mind is from a Belgian Telco company that was internally hacked by an employee hiding behind NordVPN. Nord when approached by the telco responded with the usual no logs, but after the telco involved the Interpol, logs were given and the attacker doxxed.
>This article (edited multiple times!) is not evidence of anything, let alone Nord co-operating with law enforcement to log customer data.
Not sure what is not clear from this:
“We will comply with lawful requests as long as they are delivered according to all the laws and regulations," NordVPN says. "We are a company that protects the security and privacy of our customers, but we operate according to laws and regulations.”
Why you don't find articles googling is that Nord puts a lot of effort in removing or burring it (google their dispute with TorGuard). Same what they tried to do with the breach in 2018, they half-ass disclosed at least 6 months later after being known to them. (at a point in time the breach already leaked)
Example I gave was a talk in a hacker conference, with no recording (common request for hacker conference talks).
> Not sure what is not clear from this: “We will comply with lawful requests as long as they are delivered according to all the laws and regulations," NordVPN says. "We are a company that protects the security and privacy of our customers, but we operate according to laws and regulations.”
This is obviously true for every VPN company that intends to keep operating. And in itself is not evidence of anything.
If all the links were taken down, how come no one saved a copy on wayback machine because the burden of proof is on you to provide these backups every time you make such allegations. Otherwise I'll just assume you are just being disingenuous.
Then that is a service then which might be safe for people who's opponents are the police. But some people also worry about threats from the obscenely rich, from their own intelligence agencies, from foreign intelligence agencies, from organized crime, and/or from popular mob outrage.
Your experience doesn't indicate the safety of the service against those other threats, and not only may they not be correlated but they may be anti-correlated. E.g. I bet both CIA and mob run VPN services are really good at saying no to the police.
The fundamental thought that drives my opinion on this subject is this:
We already know for a fact that some state actors do broad scale full take surveillance of the internet. VPN services are even more attractive to monitor because the users are somewhat self-selecting as people who have something to hide, more intel bang per megabit monitored. Without surveilling VPNs these entities would have a blindspot in their expensive internet monitoring machine, so its important just for completeness sake. The VPN provider game is also a much lower barrier to entry, smaller players that don't have the power to push around AT&T can get in on it. Russia, for example, isn't in that much of a position to engage in world wide telecom monitoring (except perhaps that one fiber that goes through sibera and has really low latency between europe and china)-- but they sure can stand up some VPNs and get the worlds traffic to come to them.
Plus, if you run a VPN service people will pay you to run their secret data through you. It's a profit center even before you get to the potential revenue streams from abusing your position. Perhaps it becomes so profitable that you'd prefer to protect it and so you minimize your abuse, but the optimal amount of abuse will pretty much never be zero.
So, If you're the head of a clandestine service or serious organized crime group and you haven't launched at least one VPN service you should be immediately fired for grave incompetence.
The best reason to not run one would just be that you've already infiltrated many existing ones through operatives and backdoored hardware.
And also the heat you take running these services is much easier to deal with if you have 'connections' either of the run-by-a-TLA sort or the we-have-blackmail-material-and-can-break-your-fingers sort. And corrupt VPNs have a whole extra potential revenue/benefit source so they can afford to under-price any honest competition.
Given that, we should expect that many VPNs are honeypots. Probably not all of them, but by their very nature it should be hard to impossible to tell which.
This sounds somewhat hard to believe. If the description of events is accurate, this would be superb marketing for the VPN provider. Why would they not talk about it publicly?
It's obviously an unsubstantiated statement, but given all the concrete information on the MOs of alphabet agencies, it seems like a reasonable bet. If they haven't done one of those things, they probably just haven't gotten around to it yet.
Room 641A is located in the SBC Communications building at 611 Folsom
Street, San Francisco, three floors of which were occupied by AT&T before
SBC purchased AT&T. The room was referred to in internal AT&T documents as
the SG3 [Study Group 3] Secure Room.
The room measures about 24 by 48 feet (7.3 by 14.6 m) and contains several
racks of equipment [...].
The oddly detailed description along with the badly lit photo makes this read like an SCP entry.
Is it that wild? There are a few questions we have to ask
1. Do these agencies have the motivation to do the above? I think the answer here is an obvious yes to everyone
2. Do these agencies have the technical ability to hack the VPNs, the finances to pay them for access, or some other reasonable measure to coerce compliance?
If 1 and 2 are both true, then the OP claim is also certainly true.
Given that 1 is true, I don’t think it’s “wild” to claim that these agencies cannot satisfy 2. In fact I’d say given the historical record, the more wild claim is that the CIA/NSA etc is incapable of satisfying #2.
It's a crime. Maintaining continual access to every major vpn provider increases the probability of getting caught breaking the law towards one while continually risking the methods required to acquire such access each time your implant is discovered.
If you are using unknown exploits not passed on to relevant software projects each discovery further risks said exploit being discovered then used against us individuals and enterprise.
It is a potentially very high cost for mediocre gain as criminals can turn to more secure methods leaving you with a lot of data on whose hiding piracy from their ISP but little of actual value.
Meanwhile you can direct attack targets any other ways when they are likely to have actual intelligence instead of hoping they log into nord VPN.
In brief speculation is incredibly likely to be based on bad logic and should probably attend more to actual know.
Eg most people aren't important enough to directly target. Uncle Sam probably knows the entire contents of your Gmail but not what you do via nord VPN. At such time as you become an international drug lord your privacy is likely to fall apart when Sam starts serving providers who do business with you.
The Interpol literally took over a darknet market (Dream) using stolen admin credentials and continued to run the site for months to gather intelligence on vendors and buyers. Not the same thing but if LE is willing to operate a major illegal drug trafficking operation then surely hacking a few VPN companies doesn't seem impossible.
Great example however unlike constantly hacking all VPN providers this is potentially deemed legal kind of like under cover cops doing controlled buys to trace drug networks. Also unlike hacking all the VPNS. It's also pretty high benefit for a very finite and controllable risk.
What crime is it for the NSA/CIA, who are explicitly tasked by the government with gathering intelligence on foreign agencies, to hack say Mullwad, a Swedish entity? That’s like saying it’s a murder for the police to shoot someone who has hostages. I mean yes it’s the same action, but when it’s been deemed justified by the government, it’s not really a crime in the same way.
A crime in Sweden perhaps. Who will Sweden charge? Do they even have names for individual employees?
It’s also a “crime” to sell false and compromised products to customers yet CryptoAG existed for decades.
> At such time as you become an international drug lord your privacy is likely to fall apart when Sam starts serving providers who do business with you.
Then you’re simply agreeing under point 2, I.e they have they ability to coerce cooperation when desired
This is really the unfortunate truth. >90% of global ISP's not only collect but also sell netflow metadata commercially. Nanosecond timestamps, packet sizes, source IPs, destination IP's. Doesn't matter what VPN provider you use, whether you're using Tor, how many residential proxies you're routing through via a complex proxychains config... commercial entities can correlate virtually all of it.
Team Cymru is one such buyer of bulk netflow metadata from ISP's (and their upstream providers) around the globe, who do all of the correlation work on their side, and then sell it, under product names like Pure Signal Recon (formerly Augury)... including to law enforcement agencies and the US military...
There are also no laws dictating that ISP's must disclose whether or not they are selling that information, and they have no commercial incentive to choose to honestly disclose that they do.
If your adversary is NSA/FBI/US Army, or any other deep-pocketed nation-state-level adversaries who Team Cymru is willing to sell to, the safest assumption is that there is absolutely nothing you can do to obscure the origin of your traffic with 100% certainty.
Let's say you are using an ISP to connect to a VPN provider.
That VPN provider does what most of them do and SNATs multiple customers connections to a single exit public IP.
How can they correlate the encrypted wireguard data from my ISP connection to the VPN provider and then from the VPN provider to the final endpoint (say, ProtonMail)?
There is a known traffic pattern for a GET request to Protonmail - size of the initial request, # of subsequent requests (for subresources, like CSS, JS, images, etc), and size of those requests, as well as size of those responses.
There is a known overhead for encapsulating these requests in an OpenVPN or WireGuard tunnel.
So even without looking at the contents of the traffic at all, the metadata your ISP collects can easily reveal that you sent outbound traffic and received inbound traffic that had a high statistical correlation with the expected traffic flow of a request to Protonmail encapsulated within a Wireguard tunnel, to a known VPN node, and then a (known) number of milliseconds before that VPN's upstream provider also made a request that perfectly matched the expected packet flow of Protonmail. If you have visibility into the traffic netflow of both your ISP and the VPN's upstream provider, consider yourself confidently unmasked.
The initial fingerprinting laid firm groundwork for your adversary to suspect you went to protonmail, and then the network behavior of the first destination machine you connected to simply offered confirmation of that.
Hell. Is that amount of global correlation even possible? What if I route through 7 countries? Surely the data of every single ISP on earth cannot be collected in the hands of a single entity?
Btw I2P provides imho decent amount of protection for timing and packet sniffing attacks.
You are correct that not every single ISP sells this data, but for reference, back when Team Cymru's 'Pure Signal Recon' product was advertised under the name 'Augury', Team Cymru claimed that data sources included "90% of global ISPs". They currently claim to be ingesting and processing neflow metadata from over 200 billion (with a b) connections per DAY.
So in theory, yes, route through enough ISP's, and you may eventually hit one along the way who isn't selling that data.
That said, to my knowledge, no ISPs are required to disclose whether or not they sell metadata, and as profit-oriented corporations, have no incentive to be honest about that if asked.
So it's something of a gamble to assume you can definitely find a path through n ISPs where at least one of them does not sell netflow metadata.
Which VPNs do you find effective for the second purpose? My small experience of using VPNs is that you just end up suffering from the poor reputation of your exit IPs, which rarely stay secret for long. So you end up blocked or at least frequently CAPTCHA'd on sites that wouldn't have blocked your own IP, and I imagine those that are doing geoblocking have a big blacklist of VPN IPs (I know BBC iPlayer does)
I rarely have the need, I use mullvad, and it works for those occasions. But I don’t need to circumvent any serious blocks, most of the time it’s just something being US-only or "not EU", and neither of those sites care much if you circumvent it.
