I think his evidence for being a honeypot is speculative at best. The more likely explanation is that it's simply a mediocre VPN service bolstered by fake reviews and marketing money. Snake oil is so much cheaper to produce than something actually nefarious.
In my limited experience, they have added a lot of servers in the last year. I've stopped using it, but my friends who still have it for streaming seem very happy with the speeds.
With the right marketing, I think VPN businesses are kinda like gyms. That would be a more innocent reason why marketing spend is high.
While you are correct that the "evidence" is speculative, I've long thought that the seemingly coordinated push to get avg. people to use VPNs was suspicious. Additionally, when I articles and comments rationalizing why one company is better than another, I see a lot of holes in what's said. For example, people don't seem to understand that registering (basing) a company in one place doesn't preclude it from operating elsewhere.
Another thing, most people, including me, don't know who the owners and operators of these companies are. I see lots of comments about wanting to avoid gov't surveillance and the like, but w/o knowing the deets on the owners and operators, people could be just making the surveillance easier; same is to be said for those trying to avoid giving the data to their ISP (maybe the ISP owns all or a stake in one's VPN).
So, I think that RR's advice in one of his/her articles about avoiding all of them is probably fair, although considered impractical for the average person @ this point.
Well, to clarify, I'm referring to RR's advice not to use any of the consumer-level services. And since, as far as I know, they are all fee-based 'tools', I don't see why one can't not use them.
As always, I'm happy to have someone correct any flaws in either of my posts here.
>Here is a honeypot VPN would do. Does NordVPN Meet Every Checkpoint?
>Need a BIG Company to Back it Up
I'm not sure why that's a requisite for a honeypot. Why contract a company to do it rather than doing it in-house? It's one more loose end to take care of and one more source for leaks.
> “Fake” Product Consumers Want
> Invest Into Product to make Good Honeypot
it's consistent with the fact it's a honeypot, but it's also equally consistent with the fact that it's a business that wants to grow by any means necessary. besides, I'm seeing plenty of nordvpn advertisements on mainstream youtube channels, and according to this article, CNN. if nordvpn is a honeypot, who is their audience? you're probably going to end up with 90% squeaky clean people (in terms of online activity), and 10% weed buyers.
>Use “Security” Features to Gather Data
this is nonsensical as well. why go about this in a detectable way (kill switch failing all the time), when you can passively monitor the connection (very easy to make it 100% undetectable), then follow up using parallel construction?
Using an untrusted VPN to do something like tunnel an HTTPS connection to get around geo-blocking makes sense.
Using a paid VPN to protect ones privacy, has never made any sense to me. The vast majority of those companies I've seen are sketchy as can be. A VPN is just about perfectly situated to track users - possibly better than even the ISP since the VPN provider doesn't have to contend with a NAT device obscuring the number of actual users. Combine that opportunity, with the fact that many VPN providers have minimal name recognition - in case of bad press, spend $10 on a new domain name - and are competing on price with what appear must be small margins. What would really surprise me would be a report that proved that the vast majority of paid VPN providers aren't up to some funny business. Yet, someone VPNs have a reputation of being a mechanism to protect privacy.
The problem here is a lack of critical mass. IME, most people don't care about any of this. I recently tried to explain to my classmates why "free" apps are typically not free; they basically got mad @ me for doing so. And this, is generally factored into a business model by anyone slightly scrupulous.
So, and I've not done this myself (yet), the options are: lower your standards to those of the unwashed masses; or 2) become the service provider yourself (hopefully w/ a group of like-minded individuals).
Of course, #2 will be somewhat difficult because there's a lot behind-the-scenes non-technical stuff that goes into 1) forming and sustaining a company; and 2) bringing a thriving product to market.
That said, you could try to fork #2, and instead of bringing your solution to the broad market, roll fight-club style and hope that obscurity guarantees its security/functionality. This, truthfully, is probably the best and most feasible option for the avg. person/people. (Sadly)
I wish there were some independent organizations, with the trust and respect that organizations like the EFF and ACLU have earned, that would regularly audit services like VPNs, Duck Duck Go, FastMail, and ProtonMail to make sure that they're really respecting privacy.
No PIA review/mention, though. They are a big provider.
I used to be on NordVPN but after two years they went south. Very happy with PIA today (I just need to appear in another country, so no fancy or serious (personal safety) needs)
There was also a guy who compiled a very comprehensive list of VPNs (with plenty of interesting information) but I cannot locate it right now (I remember it was in a Google Spreadsheets document)
I'm actually going to work on the NordVPN project in a month or so.
As far as I know and from what I've seen I can tell you that its a legit company with legit products and is only aiming to do good.
It was started by two friends, without any investors and to this day it still is absolutely independent and run by the same two guys
Then tell them to pay for an independent security review. That their nodes work as they say they do, they actually delete logs, etc. It would be worth more for their positive publicity than only paying loads for marketing - as they are doing...
This Jobs' quote makes sense, but I don't think it is applicable in the sense that the article used it for, as it's nowhere near monopoly:
“When you have a monopoly on the market, it’s not the product people that make the company make more money. It’s the sales and marketing people that get promoted, and they end up running the company. The product people get driven out of the decisions, and the company forgets what it means to make great products. The people running these companies have no conception of a good product between a bad product. They have no feeling in their hearts for wanting to help the customers.”
23 comments
[ 3.3 ms ] story [ 59.8 ms ] threadWith the right marketing, I think VPN businesses are kinda like gyms. That would be a more innocent reason why marketing spend is high.
Another thing, most people, including me, don't know who the owners and operators of these companies are. I see lots of comments about wanting to avoid gov't surveillance and the like, but w/o knowing the deets on the owners and operators, people could be just making the surveillance easier; same is to be said for those trying to avoid giving the data to their ISP (maybe the ISP owns all or a stake in one's VPN).
So, I think that RR's advice in one of his/her articles about avoiding all of them is probably fair, although considered impractical for the average person @ this point.
As always, I'm happy to have someone correct any flaws in either of my posts here.
>Need a BIG Company to Back it Up
I'm not sure why that's a requisite for a honeypot. Why contract a company to do it rather than doing it in-house? It's one more loose end to take care of and one more source for leaks.
> “Fake” Product Consumers Want
> Invest Into Product to make Good Honeypot
it's consistent with the fact it's a honeypot, but it's also equally consistent with the fact that it's a business that wants to grow by any means necessary. besides, I'm seeing plenty of nordvpn advertisements on mainstream youtube channels, and according to this article, CNN. if nordvpn is a honeypot, who is their audience? you're probably going to end up with 90% squeaky clean people (in terms of online activity), and 10% weed buyers.
>Use “Security” Features to Gather Data
this is nonsensical as well. why go about this in a detectable way (kill switch failing all the time), when you can passively monitor the connection (very easy to make it 100% undetectable), then follow up using parallel construction?
Using an untrusted VPN to do something like tunnel an HTTPS connection to get around geo-blocking makes sense.
Using a paid VPN to protect ones privacy, has never made any sense to me. The vast majority of those companies I've seen are sketchy as can be. A VPN is just about perfectly situated to track users - possibly better than even the ISP since the VPN provider doesn't have to contend with a NAT device obscuring the number of actual users. Combine that opportunity, with the fact that many VPN providers have minimal name recognition - in case of bad press, spend $10 on a new domain name - and are competing on price with what appear must be small margins. What would really surprise me would be a report that proved that the vast majority of paid VPN providers aren't up to some funny business. Yet, someone VPNs have a reputation of being a mechanism to protect privacy.
meanwhile, if comcast/spectrum is injecting ads or monetizing your browsing history, you have no recourse. what are you going to do, switch ISPs?
So, and I've not done this myself (yet), the options are: lower your standards to those of the unwashed masses; or 2) become the service provider yourself (hopefully w/ a group of like-minded individuals).
Of course, #2 will be somewhat difficult because there's a lot behind-the-scenes non-technical stuff that goes into 1) forming and sustaining a company; and 2) bringing a thriving product to market.
That said, you could try to fork #2, and instead of bringing your solution to the broad market, roll fight-club style and hope that obscurity guarantees its security/functionality. This, truthfully, is probably the best and most feasible option for the avg. person/people. (Sadly)
I used to be on NordVPN but after two years they went south. Very happy with PIA today (I just need to appear in another country, so no fancy or serious (personal safety) needs)
There was also a guy who compiled a very comprehensive list of VPNs (with plenty of interesting information) but I cannot locate it right now (I remember it was in a Google Spreadsheets document)
https://thatoneprivacysite.net/2016/09/03/nordvpn-review/
As far as I know and from what I've seen I can tell you that its a legit company with legit products and is only aiming to do good. It was started by two friends, without any investors and to this day it still is absolutely independent and run by the same two guys
“When you have a monopoly on the market, it’s not the product people that make the company make more money. It’s the sales and marketing people that get promoted, and they end up running the company. The product people get driven out of the decisions, and the company forgets what it means to make great products. The people running these companies have no conception of a good product between a bad product. They have no feeling in their hearts for wanting to help the customers.”