The Business of VPNs

I had been running ExpressVPN a year ago but didn't like the connection time so I disabled it and went for NordVPN. After reading the article I deleted everything that had ExpressVPN on it.

Regarding NordVPN: https://www.theverge.com/2019/10/21/20925065/nordvpn-server-breach-vpn-traffic-exposed-encryption

I just don’t see how anyone can tell which of these are safe.

I thought the idea was to be reasonably anonymous so those sniffing your traffic had a more difficult time putting together a profile. A directed attack on a VPN by one player could end up providing them a history dump that includes everything about a session that could also include info that identifies you, but the size of a dump for just one VPN location for just a few days would be MASSIVE, right? Sort of like the undated resignation letters Huey Long allegedly made folks sign, perhaps (who knows what “secrets” of your internet life live in a dump that could be sold soon) you’ve got something personally damming somewhere, but Google and Amazon aren’t 100% sure it’s you and probably will never see it.

TL;DR - Isn’t this lack of “safety” a completely different game than simply wanting to interact digitally with extra anonymity? And the latter is why you use a vpn, right?

Not to defend PIA specifically, but I find it interesting that they have been around for a long time, are pretty renowned for their no-logging policy, and yet no one in the Apple-Centric podcast / blog / media community ever talked about them (and they're supposed to be aware of tech, right?), unless it's recently to criticise them, and the whole VPN industry, now that Apple is offering a VPN-Like service. Also of note that most VPN providers haven't advertised with Apple-centric media influencers until recently.

It's somewhat amusing to see Google, who literally spies on everything that happens on their platforms as their revenue model, calling out someone else for being "spyware".

As for why use a VPN if web security is so good? Primarily, it's to shield your internet connection from your own ISP.

Try living in a country where the laws require your ISP to store your entire internet connection's metadata history, which is available without a court order, by both governmental, and non-governmental organisations, down to your local suburb's council, or animal-protection charities with prosecutorial powers. Or, where any employee of any company (and Apple has employees here) can be compelled to provide security compromises to a company's products to facilitate government access, with significant jail terms for refusing to comply, and resigning to "avoid the problem" is considered non-compliance.

>As for why use a VPN if web security is so good? Primarily, it's to shield your internet connection from your own ISP.

Yes, but now the tricky question becomes: can you trust your VPN provider more than your ISP? Or perhaps even less?

@someone I mentioned PIA twice in 2015, used the product myself, and have been covering both sides of the VPN issue since long before iCloud Private Relay. My point is not that VPNs are bad but that the situation isn’t as simple as it’s often portrayed, and whether the tradeoffs make sense for you depends on your particular situation.

If you need true anonymity with high performance, check out https://njal.la/vpn/ - they're based in Sweden where they're not required to keep logs, and thus won't.

@Soren I can trust my VPN provider, who doesn't maintain a physical business presence in my country, more than I trust my federal government, and federal police service. My VPN's business is worth more to them than my net worth, and if they break their word to one client, they break it to all of them.

A government has no substantial competition - it's not like you can elect a different country to manage your own, merely a different team in the sporting game of politics, who rely on the same federal policing and security apparatus, and largely have a greater affinity and loyalty to those they politically oppose, than they do to the electorate.